Difference between revisions of "Neutron/TrunkPort"
< Neutron
(→Network dump) |
(→Links) |
||
(32 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
== Overview == | == Overview == | ||
Line 9: | Line 7: | ||
* since Newton: Linux Bridge [https://github.com/openstack/neutron/tree/9.1.1/neutron/services/trunk/drivers/linuxbridge (src)], | * since Newton: Linux Bridge [https://github.com/openstack/neutron/tree/9.1.1/neutron/services/trunk/drivers/linuxbridge (src)], | ||
* since Newton: OVN [https://github.com/openstack/networking-ovn/blob/1.0.0/networking_ovn/ml2/trunk_driver.py (src)], | * since Newton: OVN [https://github.com/openstack/networking-ovn/blob/1.0.0/networking_ovn/ml2/trunk_driver.py (src)], | ||
− | * since Ocata: OpenDaylight ( | + | * since Ocata? / Carbon: OpenDaylight (src: [https://review.openstack.org/421895 networking-odl], [https://git.opendaylight.org/gerrit/50615 odl]), and |
* since Ocata: VMWare NSX [https://github.com/openstack/vmware-nsx/tree/master/vmware_nsx/services/trunk (src)]. | * since Ocata: VMWare NSX [https://github.com/openstack/vmware-nsx/tree/master/vmware_nsx/services/trunk (src)]. | ||
* since Pike: Ironic [https://bugs.launchpad.net/neutron/+bug/1648129 (rfe)]. | * since Pike: Ironic [https://bugs.launchpad.net/neutron/+bug/1648129 (rfe)]. | ||
+ | * since Pike: Dragonflow [https://review.openstack.org/#/c/438683/ (src)] [https://review.openstack.org/#/c/437486/ (spec)] | ||
+ | * since ?: Cisco-Nexus [https://review.openstack.org/474364 (src)] | ||
+ | * since Rocky: baremetal trunks on Arista [https://review.openstack.org/563784 (src)] | ||
There's further support | There's further support | ||
* since Pike: [https://blueprints.launchpad.net/heat/+spec/support-trunk-port in Heat] | * since Pike: [https://blueprints.launchpad.net/heat/+spec/support-trunk-port in Heat] | ||
− | * | + | * since Queens: [https://blueprints.launchpad.net/horizon/+spec/neutron-trunk-ui in Horizon] |
+ | |||
+ | == Introduction == | ||
+ | |||
+ | * Introductory Presentation from the Sydney Summit, 2017 November | ||
+ | ** [https://www.youtube.com/watch?v=c3JmWgrnfKI video (youtube.com)] | ||
+ | ** [https://docs.google.com/presentation/d/1LgGJBWODar7hUGxN84xP_JTF5QSB6JovFJMAunjb9No/view slides (docs.google.com)] | ||
+ | * Introductory [http://www.jimmdenton.com/neutron-trunks blog post (jimmdenton.com)] by James Denton | ||
== Documentation == | == Documentation == | ||
* OpenStack Networking Guide | * OpenStack Networking Guide | ||
+ | ** [https://github.com/openstack/neutron/blob/master/doc/source/admin/config-trunking.rst latest] | ||
+ | ** [https://docs.openstack.org/neutron/pike/admin/config-trunking.html pike] | ||
** [http://docs.openstack.org/ocata/networking-guide/config-trunking.html ocata] | ** [http://docs.openstack.org/ocata/networking-guide/config-trunking.html ocata] | ||
− | ** [https://github.com/openstack/ | + | * Heat |
− | * | + | ** [https://docs.openstack.org/heat/latest/template_guide/openstack.html#OS::Neutron::Trunk template guide] |
− | ** [ | + | ** [https://github.com/openstack/heat-templates/blob/master/hot/neutron/instance_trunk_port.yaml example template] |
+ | * Design Documents | ||
+ | ** [http://specs.openstack.org/openstack/neutron-specs/specs/newton/vlan-aware-vms.html neutron spec] | ||
=== API Reference === | === API Reference === | ||
Line 41: | Line 53: | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
− | ! CLI verb | + | ! CLI verb |
! HTTP method | ! HTTP method | ||
! URL | ! URL | ||
! CLI verb (as in the spec, obsolete) | ! CLI verb (as in the spec, obsolete) | ||
|- | |- | ||
− | | network trunk create | + | | openstack network trunk create |
| POST | | POST | ||
| /v2.0/trunks | | /v2.0/trunks | ||
| trunk-create | | trunk-create | ||
|- | |- | ||
− | | network trunk delete | + | | openstack network trunk delete |
| DELETE | | DELETE | ||
| /v2.0/trunks/$trunk_id | | /v2.0/trunks/$trunk_id | ||
| trunk-delete | | trunk-delete | ||
|- | |- | ||
− | | network trunk list | + | | openstack network trunk list |
| GET | | GET | ||
| /v2.0/trunks | | /v2.0/trunks | ||
| trunk-list | | trunk-list | ||
|- | |- | ||
− | | network trunk show | + | | openstack network trunk show |
| GET | | GET | ||
| /v2.0/trunks/$trunk_id | | /v2.0/trunks/$trunk_id | ||
| trunk-show | | trunk-show | ||
|- | |- | ||
− | | network trunk set | + | | openstack network trunk set |
| PUT | | PUT | ||
| /v2.0/trunks/$trunk_id | | /v2.0/trunks/$trunk_id | ||
| trunk-update | | trunk-update | ||
|- | |- | ||
− | | network trunk set --subport | + | | openstack network trunk set --subport |
| PUT | | PUT | ||
| /v2.0/trunks/$trunk_id/add_subports | | /v2.0/trunks/$trunk_id/add_subports | ||
| trunk-subport-add | | trunk-subport-add | ||
|- | |- | ||
− | | network trunk unset --subport | + | | openstack network trunk unset --subport |
| PUT | | PUT | ||
| /v2.0/trunks/$trunk_id/remove_subports | | /v2.0/trunks/$trunk_id/remove_subports | ||
| trunk-subport-delete | | trunk-subport-delete | ||
|- | |- | ||
− | | network subport list | + | | openstack network subport list |
| GET | | GET | ||
| /v2.0/trunks/$trunk_id/get_subports | | /v2.0/trunks/$trunk_id/get_subports | ||
Line 87: | Line 99: | ||
|} | |} | ||
− | == CLI usage | + | == CLI usage examples == |
+ | |||
+ | === Basic === | ||
<pre> | <pre> | ||
Line 100: | Line 114: | ||
openstack port create --network net0 port0 # will become a parent port | openstack port create --network net0 port0 # will become a parent port | ||
− | # As of | + | # As of pike there's no standard automation to tell the guest OS the MAC addresses of child ports. So |
# | # | ||
# # (a) either create child ports having the same MAC address as the parent port | # # (a) either create child ports having the same MAC address as the parent port | ||
# # (remember, they are on different networks), | # # (remember, they are on different networks), | ||
− | # # NOTE This approach | + | # # NOTE This approach was affected by a bug of the openvswitch firewall driver: |
− | # # https://bugs.launchpad.net/neutron/+bug/1626010 | + | # # https://bugs.launchpad.net/neutron/+bug/1626010 # the fix made the Pike release |
# openstack port create --network ... parent-port | # openstack port create --network ... parent-port | ||
# parent_mac="$( openstack port show parent-port | awk '/ mac_address / { print $4 }' )" | # parent_mac="$( openstack port show parent-port | awk '/ mac_address / { print $4 }' )" | ||
Line 188: | Line 202: | ||
openstack network delete net2 net1 net0 | openstack network delete net2 net1 net0 | ||
</pre> | </pre> | ||
+ | |||
+ | === Inherit the provider network's segmentation details === | ||
+ | |||
+ | When the switch is incapable of remapping (tag pop-push) you may want to expose the provider network's segmentation details (think of Ironic): | ||
+ | |||
+ | <pre> | ||
+ | openstack network create net0 --provider-network-type vlan --provider-physical-network test --provider-segment 100 | ||
+ | openstack network create net1 --provider-network-type vlan --provider-physical-network test --provider-segment 101 | ||
+ | openstack subnet create subnet0 --network net0 --subnet-range 10.0.4.0/24 | ||
+ | openstack subnet create subnet1 --network net1 --subnet-range 10.0.5.0/24 | ||
+ | openstack port create port0 --network net0 | ||
+ | openstack port create port1 --network net1 | ||
+ | openstack network trunk create trunk0 --parent-port port0 | ||
+ | openstack network trunk set trunk0 --subport port=port1,segmentation-type=inherit | ||
+ | openstack network subport list --trunk itrunk0 -f value -c 'Segmentation ID' # prints 101 | ||
+ | </pre> | ||
+ | |||
+ | <!-- | ||
+ | Beware that by default policies the provider network's segmentation details are admin-only, but (after inheriting) the trunk's segmentation are readable by non-admins. So only enable the trunk extension if you do not consider the segmentation details of your provider networks sensitive information. | ||
+ | --> | ||
== Drawings == | == Drawings == | ||
Line 202: | Line 236: | ||
<gallery mode="traditional" widths=240px> | <gallery mode="traditional" widths=240px> | ||
− | File:TrunkOvsModel.svg|example of trunk | + | File:TrunkOvsModel.svg|example of trunk Open vSwitch model |
+ | </gallery> | ||
+ | |||
+ | == Screenshots == | ||
+ | |||
+ | <gallery mode="traditional" widths=240px> | ||
+ | File:Trunk-panel.png|Horizon screenshot: Project/Network/Trunks panel | ||
+ | File:Trunk-detail.png|Horizon screenshot: Trunk detail | ||
+ | File:Trunk-create-subports.png|Horizon screenshot: Subport(s) selector step of create workflow | ||
</gallery> | </gallery> | ||
Line 230: | Line 272: | ||
* openvswitch vlan model | * openvswitch vlan model | ||
− | ** | + | ** https://opendev.org/openstack/neutron/src/commit/7d48bde722fecfa5efffb1c4e7018dab8b8d6366/doc/source/contributor/internals/openvswitch_agent.rst#tackling-the-network-trunking-use-case |
** https://etherpad.openstack.org/p/trunk-bridge-tagged-patch-ovs-firewall-experiment | ** https://etherpad.openstack.org/p/trunk-bridge-tagged-patch-ovs-firewall-experiment | ||
Line 245: | Line 287: | ||
** repo [https://github.com/openstack/heat openstack/heat] | ** repo [https://github.com/openstack/heat openstack/heat] | ||
*** heat/tests/openstack/neutron/test_neutron_trunk.py | *** heat/tests/openstack/neutron/test_neutron_trunk.py | ||
+ | *** heat_integrationtests/functional/test_create_update_neutron_trunk.py | ||
+ | ** repo [https://github.com/openstack/horizon openstack/horizon] | ||
+ | *** openstack_dashboard/static/app/core/trunks/**/*.spec.js | ||
+ | *** openstack_dashboard/test/api_tests/neutron_*.py | ||
* blueprints.launchpad.net | * blueprints.launchpad.net |
Latest revision as of 08:17, 10 September 2019
Contents
Overview
Neutron extension to access lots of neutron networks over a single vNIC as tagged/encapsulated traffic.
Implementations exist for
- since Newton: Open vSwitch (src),
- since Newton: Linux Bridge (src),
- since Newton: OVN (src),
- since Ocata? / Carbon: OpenDaylight (src: networking-odl, odl), and
- since Ocata: VMWare NSX (src).
- since Pike: Ironic (rfe).
- since Pike: Dragonflow (src) (spec)
- since ?: Cisco-Nexus (src)
- since Rocky: baremetal trunks on Arista (src)
There's further support
- since Pike: in Heat
- since Queens: in Horizon
Introduction
- Introductory Presentation from the Sydney Summit, 2017 November
- Introductory blog post (jimmdenton.com) by James Denton
Documentation
- OpenStack Networking Guide
- Heat
- Design Documents
API Reference
- read-write, extension=trunk
- read-only convenience, extension=trunk-details
Network dump
Dump of the API as released in Newton: https://etherpad.openstack.org/p/trunk-api-dump-newton
API-CLI mapping
CLI verb | HTTP method | URL | CLI verb (as in the spec, obsolete) |
---|---|---|---|
openstack network trunk create | POST | /v2.0/trunks | trunk-create |
openstack network trunk delete | DELETE | /v2.0/trunks/$trunk_id | trunk-delete |
openstack network trunk list | GET | /v2.0/trunks | trunk-list |
openstack network trunk show | GET | /v2.0/trunks/$trunk_id | trunk-show |
openstack network trunk set | PUT | /v2.0/trunks/$trunk_id | trunk-update |
openstack network trunk set --subport | PUT | /v2.0/trunks/$trunk_id/add_subports | trunk-subport-add |
openstack network trunk unset --subport | PUT | /v2.0/trunks/$trunk_id/remove_subports | trunk-subport-delete |
openstack network subport list | GET | /v2.0/trunks/$trunk_id/get_subports | trunk-subport-list |
CLI usage examples
Basic
# Business as usual. openstack network create net0 openstack network create net1 openstack network create net2 openstack subnet create --network net0 --subnet-range 10.0.4.0/24 subnet0 openstack subnet create --network net1 --subnet-range 10.0.5.0/24 subnet1 openstack subnet create --network net2 --subnet-range 10.0.6.0/24 subnet2 openstack port create --network net0 port0 # will become a parent port # As of pike there's no standard automation to tell the guest OS the MAC addresses of child ports. So # # # (a) either create child ports having the same MAC address as the parent port # # (remember, they are on different networks), # # NOTE This approach was affected by a bug of the openvswitch firewall driver: # # https://bugs.launchpad.net/neutron/+bug/1626010 # the fix made the Pike release # openstack port create --network ... parent-port # parent_mac="$( openstack port show parent-port | awk '/ mac_address / { print $4 }' )" # openstack port create --mac-address "$parent_mac" --network ... child-port # openstack network trunk create --parent-port parent-port trunk0 # openstack network trunk set --subport port=child-port,segmentation-type=vlan,segmentation-id=101 trunk0 # openstack server-create --nic port-id=parent-port ... --wait vm0 # ssh vm0 sudo ip link add link eth0 name eth0.101 type vlan id 101 # # eth0 and eth0.101 have the same MAC address # # # (b) or create the VLAN subinterfaces with MAC addresses as random-assigned by neutron. # openstack port create --network ... parent-port # openstack port create --network ... child-port # child_mac="$( openstack port show child-port | awk '/ mac_address / { print $4 }' )" # openstack network trunk create --parent-port parent-port trunk0 # openstack network trunk set --subport port=child-port,segmentation-type=vlan,segmentation-id=101 trunk0 # openstack server-create --nic port-id=parent-port ... --wait vm0 # ssh vm0 sudo ip link add link eth0 name eth0.101 address "$child_mac" type vlan id 101 # # eth0 and eth0.101 have different MAC addresses # # We follow option (a) here: parent_mac="$( openstack port show port0 | awk '/ mac_address / { print $4 }' )" openstack port create --network net1 --mac-address "$parent_mac" port1 # will become a child port: at trunk create time openstack port create --network net2 --mac-address "$parent_mac" port2 # will become a child port: later # Create a trunk using port0 as parent port (ie. turn port0 into a trunk port). openstack network trunk create --parent-port port0 trunk0 # A port can be part of one trunk only. # Error expected: Port UUID is currently in use and is not eligible for use as a parent port. openstack network trunk create --parent-port port0 trunk1 openstack network trunk list openstack network trunk show trunk0 openstack network trunk delete trunk0 # A trunk can be created with subports too. openstack network trunk create --parent-port port0 --subport port=port1,segmentation-type=vlan,segmentation-id=101 trunk0 openstack network trunk list openstack network trunk show trunk0 openstack network subport list --trunk trunk0 # Use an image with support for vlan interfaces. CirrOS will not cut it. # But see also: https://etherpad.openstack.org/p/cirros-respin # eg: sudo ip link add ... type vlan ... wget --timestamping --tries=1 https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img openstack image create --disk-format qcow2 --public --file trusty-server-cloudimg-amd64-disk1.img vlan-capable-image # The only vNIC in your instance corresponds to the parent port, so boot your instance with the parent port given. # Do not add child ports as NICs to 'nova boot / openstack server create'. openstack server create --flavor ds512M --image vlan-capable-image --nic port-id=port0 --wait vm0 # The typical cloud image will auto-configure the first NIC (eg. eth0) only and not the vlan interfaces (eg. eth0.VLAN-ID). ssh VM0-ADDRESS sudo ip link add link eth0 name eth0.101 type vlan id 101 # Error expected: Failed to add subports to trunk 'trunk0': Port UUID is in use by another trunk. openstack network trunk set --subport port=port1,segmentation-type=vlan,segmentation-id=999 trunk0 # Error expected: Failed to add subports to trunk 'trunk0': segmentation_type vlan and segmentation_id 101 already in use on trunk UUID. openstack network trunk set --subport port=port2,segmentation-type=vlan,segmentation-id=101 trunk0 # Add subports to a running instance. openstack network trunk set --subport port=port2,segmentation-type=vlan,segmentation-id=102 trunk0 openstack network trunk show trunk0 # Again you need to bring your subport vlan interfaces up. ssh VM0-ADDRESS sudo ip link add link eth0 name eth0.102 type vlan id 102 # Delete subports from a running instance. ssh VM0-ADDRESS sudo ip link delete dev eth0.102 openstack network trunk unset --subport port2 trunk0 # Cannot delete ports used as parent or subports. Delete the trunk first. # Error expected: FIXME HttpException: Conflict openstack port delete port0 # Error expected: FIXME HttpException: Conflict openstack port delete port1 # Clean up. openstack server delete vm0 openstack network trunk delete trunk0 openstack port delete port2 port1 port0 openstack network delete net2 net1 net0
Inherit the provider network's segmentation details
When the switch is incapable of remapping (tag pop-push) you may want to expose the provider network's segmentation details (think of Ironic):
openstack network create net0 --provider-network-type vlan --provider-physical-network test --provider-segment 100 openstack network create net1 --provider-network-type vlan --provider-physical-network test --provider-segment 101 openstack subnet create subnet0 --network net0 --subnet-range 10.0.4.0/24 openstack subnet create subnet1 --network net1 --subnet-range 10.0.5.0/24 openstack port create port0 --network net0 openstack port create port1 --network net1 openstack network trunk create trunk0 --parent-port port0 openstack network trunk set trunk0 --subport port=port1,segmentation-type=inherit openstack network subport list --trunk itrunk0 -f value -c 'Segmentation ID' # prints 101
Drawings
Screenshots
Performance / Scaling
- A separate wiki page documents some performance and scale measurments of the trunk API by Ericsson.
- See also this openstack-dev thread about measurements by the QE team of HPE.
Links
- related development
- bugs
- openvswitch vlan model
- tests
- repo openstack/neutron
- neutron/tests/unit/services/trunk/
- neutron/tests/functional/services/trunk/
- neutron/tests/fullstack/test_trunk.py
- neutron/tests/tempest/scenario/test_trunk.py
- neutron/tests/tempest/api/test_trunk.py
- neutron/tests/tempest/api/test_trunk_negative.py
- neutron/tests/tempest/api/test_trunk_details.py
- rally-jobs/plugins/trunk_scenario.py
- repo openstack/heat
- heat/tests/openstack/neutron/test_neutron_trunk.py
- heat_integrationtests/functional/test_create_update_neutron_trunk.py
- repo openstack/horizon
- openstack_dashboard/static/app/core/trunks/**/*.spec.js
- openstack_dashboard/test/api_tests/neutron_*.py
- repo openstack/neutron
- blueprints.launchpad.net
- neutron: bp/vlan-aware-vms
- nova: bp/neutron-ovs-bridge-name
- specs.openstack.org
- review.openstack.org
- neutron-spec
- v3, v4: neutron-specs/vlan-aware-vms
- v1, v2: neutron-specs/vlan-aware-vms
- neutron: project:openstack/neutron topic:bp/vlan-aware-vms
- nova: topic:bp/neutron-ovs-bridge-name
- python-neutronclient: project:openstack/python-neutronclient topic:bp/vlan-aware-vms
- tempest: project:openstack/tempest topic:bp/vlan-aware-vms
- neutron-spec
- obsolete blueprints/specs/code/etc.
- bp/trunk-port
- nova-specs/mitaka/trunk-port
- neutron-specs/liberty/vlan-aware-vms
- nova-specs/trunk-port
- project:openstack/nova topic:bp/trunk-port
- project:openstack/python-novaclient topic:bp/trunk-port
- break down of work items: v2 (etherpad.openstack.org)
- open design questions (etherpad.openstack.org)
- log of design decisions (etherpad.openstack.org)
- Mitaka Summit, Tokyo, 2015-10
- meeting etherpads
- irc meet @ 2015-11-18 00:00 (utc)
- etherpad of the trunk port contributors' meetup