Menu Close
Settings Close

Language and Page Formatting Options

Chapter 16. Deploying routed provider networks

16.1. Advantages of routed provider networks

In Red Hat OpenStack Platform, operators can create routed provider networks (RPNs). RPNs are typically used in edge deployments, and rely on multiple layer 2 network segments instead of traditional networks that have only one segment.

RPNs simplify the cloud for end users because they see only one network. For cloud operators, RPNs deliver scalabilty and fault tolerance. For example, if a major error occurs, only one segment is impacted instead of the entire network failing.

Before routed provider networks (RPNs), operators typically had to choose from one of the following architectures:

  • A single, large layer 2 network
  • Multiple, smaller layer 2 networks

Single, large layer 2 networks become complex when scaling and reduce fault tolerance (increase failure domains).

Multiple, smaller layer 2 networks scale better and shrink failure domains, but can introduce complexity for end users.

Starting with Red Hat OpenStack Platform 16.1.1 and later, you can deploy RPNs using the ML2/OVS or the SR-IOV mechanism drivers.

16.2. Fundamentals of routed provider networks

The association between a segment and a subnet distinguishes a routed provider network (RPN) from other types of networks. Each network segment requires at least one subnet that explicitly belongs to that segment. The OpenStack Networking service (neutron) enforces that either zero or all subnets on a particular network associate with a segment. For example, attempting to create a subnet without a segment on a network containing subnets with segments generates an error.

With RPNs, the IP addresses available to virtual machine (VM) instances depend on the segment of the network available on the particular compute node. The Networking service port can be associated with only one network segment.

Similar to conventional networking, layer 2 (switching) handles transit of traffic between ports on the same network segment and layer 3 (routing) handles transit of traffic between segments.

The Networking service does not provide layer 3 services between segments. Instead, it relies on physical network infrastructure to route subnets. Thus, both the Networking service and physical network infrastructure must contain configuration for routed provider networks, similar to conventional provider networks.

Because the Compute service (nova) scheduler is not network segment aware, when you deploy RPNs, you must map each leaf or rack segment or DCN edge site to a Compute service host-aggregate or availability zone.

If you require a DHCP-metadata service, you must define an availability zone for each edge site or network segment, to ensure that the local DHCP agent is deployed.

16.3. Limitations of routed provider networks

Routed provider networks (RPNs) are not supported by all mechanism drivers and there are restrictions with the Compute service scheduler and other software as noted in the following list:

  • Routed provider networks are supported only by the ML2/OVS and SR-IOV mechanism drivers.

    Open Virtual Network (OVN) is not supported.

  • OVS-DPDK (without DHCP) support for remote and edge deployments is in Technology Preview in Red Hat OpenStack Platform 16.1.4 and later.
  • North-south routing with central SNAT or a floating IP is not supported.
  • When using SR-IOV or PCI pass-through, physical network (physnet) names must be the same in central and remote sites or segments. You cannot reuse segment IDs.
  • The Compute service (nova) scheduler is not segment-aware. (You must map each segment or edge site to a Compute host-aggregate or availability zone.) Currently, there are only two VM instance boot options available:

    • Boot using port-id and no IP address, specifying Compute availability zone (segment or edge site).
    • Boot using network-id, specifying the Compute availability zone (segment or edge site).
  • Cold or live migration works only when you specify the destination Compute availability zone (segment or edge site).

16.4. Preparing for a routed provider network

There are several tasks that you must perform before you can create a routed provider network in Red Hat OpenStack Platform (RHOSP).

Procedure

  1. Within a network, use a unique physical network name for each segment. This enables reuse of the same segmentation details between subnets.

    For example, use the same VLAN ID across all segments of a particular provider network.

  2. Implement routing between segments.

    Each subnet on a segment must contain the gateway address of the router interface on that particular subnet.

    Table 16.1. Sample segments for routing

    SegmentVersionAddressesGateway

    segment1

    4

    203.0.113.0/24

    203.0.113.1

    segment1

    6

    fd00:203:0:113::/64

    fd00:203:0:113::1

    segment2

    4

    198.51.100.0/24

    198.51.100.1

    segment2

    6

    fd00:198:51:100::/64

    fd00:198:51:100::1

  3. Map segments to compute nodes.

    Routed provider networks imply that compute nodes reside on different segments. Ensure that every compute host in a router provider network has direct connectivity to one of its segments.

    Table 16.2. Sample segment to Compute node mappings

    HostRackPhysical network

    compute0001

    rack 1

    segment 1

    compute0002

    rack 1

    segment 1

    compute0101

    rack 2

    segment 2

    compute0102

    rack 2

    segment 2

    compute0102

    rack 2

    segment 2

  4. Deploy at least one DHCP agent per segment.

    Unlike conventional provider networks, a DHCP agent cannot support more than one segment within a network. Deploy DHCP agents on the compute nodes containing the segments rather than on the network nodes to reduce the node count.

    Table 16.3. Sample DCHP agent per segment mapping

    HostRackPhysical network

    network0001

    rack 1

    segment 1

    network0002

    rack 1

    segment 1

    You deploy a DCHP agent and a Networking service metadata agent on the Compute nodes by using a custom roles file.

    Here is an example:

    ###############################################################################
    # Role: ComputeSriov                                                          #
    ###############################################################################
    - name: ComputeSriov
      description: |
        Compute SR-IOV Role
      CountDefault: 1
      networks:
        External:
          subnet: external_subnet
        InternalApi:
          subnet: internal_api_subnet
        Tenant:
          subnet: tenant_subnet
        Storage:
          subnet: storage_subnet
      RoleParametersDefault:
        TunedProfileName: "cpu-partitioning"
      update_serial: 25
      ServicesDefault:
        - OS::TripleO::Services::Aide
        - OS::TripleO::Services::AuditD
        - OS::TripleO::Services::BootParams
        - OS::TripleO::Services::CACerts
    ...
        - OS::TripleO::Services::NeutronDhcpAgent
        - OS::TripleO::Services::NeutronMetadataAgent
    ...

    In a custom environment file, add the following key-value pair:

    parameter_defaults:
        ....
        NeutronEnableIsolatedMetadata: 'True'
        ....
  5. Ensure that the RHOSP Placement service, the python3-osc-placement package, is installed on the undercloud.

    This package is available on the undercloud in RHOSP 16.1.6 and later. For earlier versions of RHOSP you must install the package manually. To check which version of RHOSP you are running, enter the following command on the undercloud:

    $ cat /etc/rhosp-release
    Red Hat OpenStack Platform release 16.1.5 GA (Train)

    To install the Placement service, log in to the undercloud as root, and run this command:

    # yum install python3-osc-placement

Additional resources

16.5. Creating a routed provider network

Routed provider networks (RPNs) simplify the Red Hat OpenStack Platform (RHOSP) cloud for end users because they see only one network. For cloud operators, RPNs deliver scalabilty and fault tolerance.

When you perform this procedure, you create an RPN with two network segments. Each segment contains one IPv4 subnet and one IPv6 subnet.

Prerequisites

  • Complete the steps in xref:prepare-routed-prov-network_deploy-routed-prov-networks.

Procedure

  1. Create a VLAN provider network that includes a default segment.

    In this example, the VLAN provider network is named multisegment1 and uses a physical network called provider1 and a VLAN whose ID is 128:

    Example

    $ openstack network create --share --provider-physical-network provider1 \
      --provider-network-type vlan --provider-segment 128 multisegment1

    Sample output

    +---------------------------+--------------------------------------+
    | Field                     | Value                                |
    +---------------------------+--------------------------------------+
    | admin_state_up            | UP                                   |
    | id                        | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 |
    | ipv4_address_scope        | None                                 |
    | ipv6_address_scope        | None                                 |
    | l2_adjacency              | True                                 |
    | mtu                       | 1500                                 |
    | name                      | multisegment1                        |
    | port_security_enabled     | True                                 |
    | provider:network_type     | vlan                                 |
    | provider:physical_network | provider1                            |
    | provider:segmentation_id  | 128                                  |
    | revision_number           | 1                                    |
    | router:external           | Internal                             |
    | shared                    | True                                 |
    | status                    | ACTIVE                               |
    | subnets                   |                                      |
    | tags                      | []                                   |
    +---------------------------+--------------------------------------+

  2. Rename the default network segment to segment1.

    1. Obtain the segment ID:

      $ openstack network segment list --network multisegment1

      Sample output

      +--------------------------------------+----------+--------------------------------------+--------------+---------+
      | ID                                   | Name     | Network                              | Network Type | Segment |
      +--------------------------------------+----------+--------------------------------------+--------------+---------+
      | 43e16869-ad31-48e4-87ce-acf756709e18 | None     | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 | vlan         | 128     |
      +--------------------------------------+----------+--------------------------------------+--------------+---------+

    2. Using the segment ID, rename the network segment to segment1:

      $ openstack network segment set --name segment1 43e16869-ad31-48e4-87ce-acf756709e18
  3. Create a second segment on the provider network.

    In this example, the network segment uses a physical network called provider2 and a VLAN whose ID is 129:

    Example

    $ openstack network segment create --physical-network provider2 \
      --network-type vlan --segment 129 --network multisegment1 segment2

    Sample output

    +------------------+--------------------------------------+
    | Field            | Value                                |
    +------------------+--------------------------------------+
    | description      | None                                 |
    | headers          |                                      |
    | id               | 053b7925-9a89-4489-9992-e164c8cc8763 |
    | name             | segment2                             |
    | network_id       | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 |
    | network_type     | vlan                                 |
    | physical_network | provider2                            |
    | revision_number  | 1                                    |
    | segmentation_id  | 129                                  |
    | tags             | []                                   |
    +------------------+--------------------------------------+

  4. Verify that the network contains the segment1 and segment2 segments:

    $ openstack network segment list --network multisegment1

    Sample output

    +--------------------------------------+----------+--------------------------------------+--------------+---------+
    | ID                                   | Name     | Network                              | Network Type | Segment |
    +--------------------------------------+----------+--------------------------------------+--------------+---------+
    | 053b7925-9a89-4489-9992-e164c8cc8763 | segment2 | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 | vlan         | 129     |
    | 43e16869-ad31-48e4-87ce-acf756709e18 | segment1 | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 | vlan         | 128     |
    +--------------------------------------+----------+--------------------------------------+--------------+---------+

  5. Create one IPv4 subnet and one IPv6 subnet on the segment1 segment.

    In this example, the IPv4 subnet uses 203.0.113.0/24:

    Example

    $ openstack subnet create \
      --network multisegment1 --network-segment segment1 \
      --ip-version 4 --subnet-range 203.0.113.0/24 \
      multisegment1-segment1-v4

    Sample output

    +-------------------+--------------------------------------+
    | Field             | Value                                |
    +-------------------+--------------------------------------+
    | allocation_pools  | 203.0.113.2-203.0.113.254            |
    | cidr              | 203.0.113.0/24                       |
    | enable_dhcp       | True                                 |
    | gateway_ip        | 203.0.113.1                          |
    | id                | c428797a-6f8e-4cb1-b394-c404318a2762 |
    | ip_version        | 4                                    |
    | name              | multisegment1-segment1-v4            |
    | network_id        | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 |
    | revision_number   | 1                                    |
    | segment_id        | 43e16869-ad31-48e4-87ce-acf756709e18 |
    | tags              | []                                   |
    +-------------------+--------------------------------------+

    In this example, the IPv6 subnet uses fd00:203:0:113::/64:

    Example

    $ openstack subnet create \
      --network multisegment1 --network-segment segment1 \
      --ip-version 6 --subnet-range fd00:203:0:113::/64 \
      --ipv6-address-mode slaac multisegment1-segment1-v6

    Sample output

    +-------------------+------------------------------------------------------+
    | Field             | Value                                                |
    +-------------------+------------------------------------------------------+
    | allocation_pools  | fd00:203:0:113::2-fd00:203:0:113:ffff:ffff:ffff:ffff |
    | cidr              | fd00:203:0:113::/64                                  |
    | enable_dhcp       | True                                                 |
    | gateway_ip        | fd00:203:0:113::1                                    |
    | id                | e41cb069-9902-4c01-9e1c-268c8252256a                 |
    | ip_version        | 6                                                    |
    | ipv6_address_mode | slaac                                                |
    | ipv6_ra_mode      | None                                                 |
    | name              | multisegment1-segment1-v6                            |
    | network_id        | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9                 |
    | revision_number   | 1                                                    |
    | segment_id        | 43e16869-ad31-48e4-87ce-acf756709e18                 |
    | tags              | []                                                   |
    +-------------------+------------------------------------------------------+

    Note

    By default, IPv6 subnets on provider networks rely on physical network infrastructure for stateless address autoconfiguration (SLAAC) and router advertisement.

  6. Create one IPv4 subnet and one IPv6 subnet on the segment2 segment.

    In this example, the IPv4 subnet uses 198.51.100.0/24:

    Example

    $ openstack subnet create \
      --network multisegment1 --network-segment segment2 \
      --ip-version 4 --subnet-range 198.51.100.0/24 \
      multisegment1-segment2-v4

    Sample output

    +-------------------+--------------------------------------+
    | Field             | Value                                |
    +-------------------+--------------------------------------+
    | allocation_pools  | 198.51.100.2-198.51.100.254          |
    | cidr              | 198.51.100.0/24                      |
    | enable_dhcp       | True                                 |
    | gateway_ip        | 198.51.100.1                         |
    | id                | 242755c2-f5fd-4e7d-bd7a-342ca95e50b2 |
    | ip_version        | 4                                    |
    | name              | multisegment1-segment2-v4            |
    | network_id        | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 |
    | revision_number   | 1                                    |
    | segment_id        | 053b7925-9a89-4489-9992-e164c8cc8763 |
    | tags              | []                                   |
    +-------------------+--------------------------------------+

    In this example, the IPv6 subnet uses fd00:198:51:100::/64:

    Example

    $ openstack subnet create \
      --network multisegment1 --network-segment segment2 \
      --ip-version 6 --subnet-range fd00:198:51:100::/64 \
      --ipv6-address-mode slaac multisegment1-segment2-v6

    Sample output

    +-------------------+--------------------------------------------------------+
    | Field             | Value                                                  |
    +-------------------+--------------------------------------------------------+
    | allocation_pools  | fd00:198:51:100::2-fd00:198:51:100:ffff:ffff:ffff:ffff |
    | cidr              | fd00:198:51:100::/64                                   |
    | enable_dhcp       | True                                                   |
    | gateway_ip        | fd00:198:51:100::1                                     |
    | id                | b884c40e-9cfe-4d1b-a085-0a15488e9441                   |
    | ip_version        | 6                                                      |
    | ipv6_address_mode | slaac                                                  |
    | ipv6_ra_mode      | None                                                   |
    | name              | multisegment1-segment2-v6                              |
    | network_id        | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9                   |
    | revision_number   | 1                                                      |
    | segment_id        | 053b7925-9a89-4489-9992-e164c8cc8763                   |
    | tags              | []                                                     |
    +-------------------+--------------------------------------------------------+

Verification

  1. Verify that each IPv4 subnet associates with at least one DHCP agent:

    $ openstack network agent list --agent-type dhcp --network multisegment1

    Sample output

    +--------------------------------------+------------+-------------+-------------------+-------+-------+--------------------+
    | ID                                   | Agent Type | Host        | Availability Zone | Alive | State | Binary             |
    +--------------------------------------+------------+-------------+-------------------+-------+-------+--------------------+
    | c904ed10-922c-4c1a-84fd-d928abaf8f55 | DHCP agent | compute0001 | nova              | :-)   | UP    | neutron-dhcp-agent |
    | e0b22cc0-d2a6-4f1c-b17c-27558e20b454 | DHCP agent | compute0101 | nova              | :-)   | UP    | neutron-dhcp-agent |
    +--------------------------------------+------------+-------------+-------------------+-------+-------+--------------------+

  2. Verify that inventories were created for each segment IPv4 subnet in the Compute service placement API.

    Run this command for all segment IDs:

    $ SEGMENT_ID=053b7925-9a89-4489-9992-e164c8cc8763
    $ openstack resource provider inventory list $SEGMENT_ID

    Sample output

    In this sample output, only one of the segments is shown:

    +----------------+------------------+----------+----------+-----------+----------+-------+
    | resource_class | allocation_ratio | max_unit | reserved | step_size | min_unit | total |
    +----------------+------------------+----------+----------+-----------+----------+-------+
    | IPV4_ADDRESS   |              1.0 |        1 |        2 |         1 |        1 |    30 |
    +----------------+------------------+----------+----------+-----------+----------+-------+
  3. Verify that host aggregates were created for each segment in the Compute service:

    $ openstack aggregate list

    Sample output

    In this example, only one of the segments is shown:

    +----+---------------------------------------------------------+-------------------+
    | Id | Name                                                    | Availability Zone |
    +----+---------------------------------------------------------+-------------------+
    | 10 | Neutron segment id 053b7925-9a89-4489-9992-e164c8cc8763 | None              |
    +----+---------------------------------------------------------+-------------------+
  4. Launch one or more instances. Each instance obtains IP addresses according to the segment it uses on the particular compute node.

    Note

    If a fixed IP is specified by the user in the port create request, that particular IP is allocated immediately to the port. However, creating a port and passing it to an instance yields a different behavior than conventional networks. If the fixed IP is not specified on the port create request, the Networking service defers assignment of IP addresses to the port until the particular compute node becomes apparent. For example, when you run this command:

    $ openstack port create --network multisegment1 port1

    Sample output

    +-----------------------+--------------------------------------+
    | Field                 | Value                                |
    +-----------------------+--------------------------------------+
    | admin_state_up        | UP                                   |
    | binding_vnic_type     | normal                               |
    | id                    | 6181fb47-7a74-4add-9b6b-f9837c1c90c4 |
    | ip_allocation         | deferred                             |
    | mac_address           | fa:16:3e:34:de:9b                    |
    | name                  | port1                                |
    | network_id            | 6ab19caa-dda9-4b3d-abc4-5b8f435b98d9 |
    | port_security_enabled | True                                 |
    | revision_number       | 1                                    |
    | security_groups       | e4fcef0d-e2c5-40c3-a385-9c33ac9289c5 |
    | status                | DOWN                                 |
    | tags                  | []                                   |
    +-----------------------+--------------------------------------+

Additional resources

16.6. Migrating a non-routed network to a routed provider network

You can migrate a non-routed network to a routed provider network (RPN) by associating the subnet of the network with the ID of the network segment.

Prerequisites

  • The non-routed network you are migrating must contain only one segment and only one subnet.

    Important

    In non-routed provider networks that contain multiple subnets or network segments it is not possible to safely migrate to an RPN. In non-routed networks, addresses from the subnet allocation pools are assigned to ports without consideration of the network segment to which the port is bound.

Procedure

  1. For the network that is being migrated, obtain the ID of the current network segment.

    Example

    $ openstack network segment list --network my_network

    Sample output

    +--------------------------------------+------+--------------------------------------+--------------+---------+
    | ID                                   | Name | Network                              | Network Type | Segment |
    +--------------------------------------+------+--------------------------------------+--------------+---------+
    | 81e5453d-4c9f-43a5-8ddf-feaf3937e8c7 | None | 45e84575-2918-471c-95c0-018b961a2984 | flat         | None    |
    +--------------------------------------+------+--------------------------------------+--------------+---------+

  2. For the network that is being migrated, obtain the ID of the current subnet.

    Example

    $ openstack network segment list --network my_network

    Sample output

    +--------------------------------------+-----------+--------------------------------------+---------------+
    | ID                                   | Name      | Network                              | Subnet        |
    +--------------------------------------+-----------+--------------------------------------+---------------+
    | 71d931d2-0328-46ae-93bc-126caf794307 | my_subnet | 45e84575-2918-471c-95c0-018b961a2984 | 172.24.4.0/24 |
    +--------------------------------------+-----------+--------------------------------------+---------------+

  3. Verify that the current segment_id of the subnet has a value of None.

    Example

    $ openstack subnet show my_subnet --c segment_id

    Sample output

    +------------+-------+
    | Field      | Value |
    +------------+-------+
    | segment_id | None  |
    +------------+-------+

  4. Change the value of the subnet segment_id to the network segment ID.

    Here is an example:

    $ openstack subnet set --network-segment 81e5453d-4c9f-43a5-8ddf-feaf3937e8c7 my_subnet

Verification

  • Verify that the subnet is now associated with the desired network segment.

    Example

    $ openstack subnet show my_subnet --c segment_id

    Sample output

    +------------+--------------------------------------+
    | Field      | Value                                |
    +------------+--------------------------------------+
    | segment_id | 81e5453d-4c9f-43a5-8ddf-feaf3937e8c7 |
    +------------+--------------------------------------+

Additional resources