A common question when teaching the OpenStack class is, “How do I physically wire an openstack node?” After Google searching, you wind up more confused than you were before you started, but as it turns out, there are five steps involved in wiring up an OpenStack node.
1. Only two physical cables are needed
Run two cables between the node and Ethernet switch.
2. Bond the cables
In order to both double capacity and protect ourselves against a network interface failure, we will logically bond both Ethernet cables to appear as a single cable. We prefer to use bonding standards IEEE 802.3ad, or Linux “bond mode 4”. This is an active-active mechanism, so traffic will attempt to balance across both cables. If a cable fails, traffic will funnel through whichever cable is left running. The failover timing is around 100 – 200 ms. There is a caveat here, in that each individual flow will stick ton one of the two cables, based on the MAC address hash. This means no flow will ever exceed the speed of a single cable, but the aggregate flow will attempt to fill both links.
The boding configuration can be handled as seen in this Debian-style etc/network/interfaces file:
auto bond0 iface bond0 inet manual bond-mode 802.3ad bond-miimon 200 bond-slaves none up ip link set dev $IFACE up down ip link set dev $IFACE down # Bond Slave auto eth0 iface eth0 inet manual bond-master bond0 # Bond Slave auto eth1 iface eth1 inet manual bond-master bond0
3. Use VLAN
By using VLAN, we can break the single bond0 interface into logical sub interfaces. In our example, we need three interfaces: 1. Management
3. Provider Network (described here)
Here is an example of Debian style /etc/network/ interfaces that will create two new sub-interfaces:
# Management VLAN auto bond0.1600 iface bond0.1600 inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down # Provider VLAN auto bond0.1200 iface bond0.1200 inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down
A VLAN interface for VLAN 1600 can be created by adding the VLAN value as a dot suffix of the parent interface. Since the parent interface is bond0, a sub-interface that handles VLAN 1600 is aptly named bond0.1600.
We created another stanza for bond0.1200 to handle VLAN 1200.
Subinterfaces will strip the VLAN tag on egress and add the VLAN tag on ingress.
On the VLAN switch side, you must configure the Ethernet switch’s bonded interface to be an Ethernet trunk port and allow all vlans to pass that the node will require.
At this point, there will be three interfaces,
4. Create the necessary Network Function Virtualization
In order to attach many namespaces to the interfaces we created in step 3, we need to use bridges. So w will deploy three bridges, one for each logical interface. The code to create the bridges is as follows:
1. Create the management bridge.
`sudo ovs-vsctl add-br br-mgnt`
2. Attach the VLAN 1600 interface to management bridge
sudo ovs-vsctl add-port br-mgnt bond0.1600
3. Create the provider bridge
sudo ovs0vsctl add-br br-ex
4. Attach the VLAN 1200 interface to management bridge
sudo ovs-vsctl add-port br-ex bond0.1200
5. Create the VLAN bridge
sudo ovs-vsctl add-br br-vlan
6. Attach all VLANs (trunk) to the VLAN bridge
sudo ovs-vsctl add-port br-vlan bond0
At this point, the necessary connectivity is established to connect a VLAN-based OpenStack node.