Working with Openstack metadata service when using OVN

#Metadata agent Running the agent

1neutron-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/neutron_ovn_metadata_agent.ini

Configure neutron_ovn_metadata_agent.ini.j2 on the compute node(s)

1[ovn]
2ovn_nb_connection=tcp:{{OVN Controller IP}}:6641
3ovn_sb_connection=tcp:{{OVN Controller IP}}:6642
4ovn_metadata_enabled = true

Configure neutron.conf on the Neutron server

1[ovn]
2ovn_metadata_enabled = true

Reading https://docs.openstack.org/networking-ovn/latest/admin/refarch/refarch.html - For a nice diagram on how the bits fit together

https://man7.org/linux/man-pages/man7/ovn-architecture.7.html - Some more in depth technical secrets hidden in this doc

https://patchwork.ozlabs.org/project/openvswitch/patch/1493118328-21311-1-git-send-email-dalvarez@redhat.com/

Specifically the example of local ports

  • One logical switch sw0 with 2 ports (p1, p2) and 1 localport (lp)
  • Two hypervisors: HV1 and HV2
  • p1 will be in HV1 (OVS port with external-id:iface-id="p1")
  • p2 will be in HV2 (OVS port with external-id:iface-id="p2")
  • lp will be in both (OVS port with external-id:iface-id="lp")
  • p1 should be able to reach p2 and viceversa
  • lp on HV1 should be able to reach p1 but not p2
  • lp on HV2 should be able to reach p2 but not p1
  1ovn-nbctl ls-add sw0
  2ovn-nbctl lsp-add sw0 p1
  3ovn-nbctl lsp-add sw0 p2
  4ovn-nbctl lsp-add sw0 lp
  5ovn-nbctl lsp-set-addresses p1 "00:00:00:aa:bb:10 10.0.1.10"
  6ovn-nbctl lsp-set-addresses p2 "00:00:00:aa:bb:20 10.0.1.20"
  7ovn-nbctl lsp-set-addresses lp "00:00:00:aa:bb:30 10.0.1.30"
  8ovn-nbctl lsp-set-type lp localport
  9
 10add_phys_port() {
 11name=$1
 12mac=$2
 13ip=$3
 14mask=$4
 15gw=$5
 16iface_id=$6
 17sudo ip netns add $name
 18sudo ovs-vsctl add-port br-int $name -- set interface $name
 19type=internal
 20sudo ip link set $name netns $name
 21sudo ip netns exec $name ip link set $name address $mac
 22sudo ip netns exec $name ip addr add $ip/$mask dev $name
 23sudo ip netns exec $name ip link set $name up
 24sudo ip netns exec $name ip route add default via $gw
 25sudo ovs-vsctl set Interface $name external_ids:iface-id=$iface_id
 26}
 27
 28# Add p1 to HV1, p2 to HV2 and localport to both
 29
 30# HV1
 31add_phys_port p1 00:00:00:aa:bb:10 10.0.1.10 24 10.0.1.1 p1
 32add_phys_port lp 00:00:00:aa:bb:30 10.0.1.30 24 10.0.1.1 lp
 33
 34$ sudo ip netns exec p1 ping -c 2 10.0.1.20
 35PING 10.0.1.20 (10.0.1.20) 56(84) bytes of data.
 3664 bytes from 10.0.1.20: icmp_seq=1 ttl=64 time=0.738 ms
 3764 bytes from 10.0.1.20: icmp_seq=2 ttl=64 time=0.502 ms
 38
 39--- 10.0.1.20 ping statistics ---
 402 packets transmitted, 2 received, 0% packet loss, time 1001ms
 41rtt min/avg/max/mdev = 0.502/0.620/0.738/0.118 ms
 42
 43$ sudo ip netns exec lp ping -c 2 10.0.1.10
 44PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
 4564 bytes from 10.0.1.10: icmp_seq=1 ttl=64 time=0.187 ms
 4664 bytes from 10.0.1.10: icmp_seq=2 ttl=64 time=0.032 ms
 47
 48--- 10.0.1.10 ping statistics ---
 492 packets transmitted, 2 received, 0% packet loss, time 999ms
 50rtt min/avg/max/mdev = 0.032/0.109/0.187/0.078 ms
 51
 52
 53$ sudo ip netns exec lp ping -c 2 10.0.1.20
 54PING 10.0.1.20 (10.0.1.20) 56(84) bytes of data.
 55
 56--- 10.0.1.20 ping statistics ---
 572 packets transmitted, 0 received, 100% packet loss, time 1000ms
 58
 59
 60$ sudo ovs-ofctl dump-flows br-int | grep table=32
 61cookie=0x0, duration=141.939s, table=32, n_packets=2, n_bytes=196,
 62idle_age=123, priority=150,reg14=0x3,reg15=0x2,metadata=0x7 actions=drop
 63cookie=0x0, duration=141.939s, table=32, n_packets=2, n_bytes=196,
 64idle_age=129, priority=100,reg15=0x2,metadata=0x7
 65actions=load:0x7->NXM_NX_TUN_ID[0..23],set_field:0x2->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:59
 66
 67
 68
 69# On HV2
 70
 71add_phys_port p2 00:00:00:aa:bb:20 10.0.1.20 24 10.0.1.1 p2
 72add_phys_port lp 00:00:00:aa:bb:30 10.0.1.30 24 10.0.1.1 lp
 73
 74$ sudo ip netns exec p2 ping -c 2 10.0.1.10
 75PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
 7664 bytes from 10.0.1.10: icmp_seq=1 ttl=64 time=0.810 ms
 7764 bytes from 10.0.1.10: icmp_seq=2 ttl=64 time=0.673 ms
 78
 79--- 10.0.1.10 ping statistics ---
 802 packets transmitted, 2 received, 0% packet loss, time 1000ms
 81rtt min/avg/max/mdev = 0.673/0.741/0.810/0.073 ms
 82
 83$ sudo ip netns exec lp ping -c 2 10.0.1.20
 84PING 10.0.1.20 (10.0.1.20) 56(84) bytes of data.
 8564 bytes from 10.0.1.20: icmp_seq=1 ttl=64 time=0.357 ms
 8664 bytes from 10.0.1.20: icmp_seq=2 ttl=64 time=0.062 ms
 87
 88--- 10.0.1.20 ping statistics ---
 892 packets transmitted, 2 received, 0% packet loss, time 1000ms
 90rtt min/avg/max/mdev = 0.062/0.209/0.357/0.148 ms
 91
 92$ sudo ip netns exec lp ping -c 2 10.0.1.10
 93PING 10.0.1.10 (10.0.1.10) 56(84) bytes of data.
 94
 95--- 10.0.1.10 ping statistics ---
 962 packets transmitted, 0 received, 100% packet loss, time 999ms
 97
 98$ sudo ovs-ofctl dump-flows br-int | grep table=32
 99cookie=0x0, duration=24.169s, table=32, n_packets=2, n_bytes=196,
100idle_age=12, priority=150,reg14=0x3,reg15=0x1,metadata=0x7 actions=drop
101cookie=0x0, duration=24.169s, table=32, n_packets=2, n_bytes=196,
102idle_age=14, priority=100,reg15=0x1,metadata=0x7
103actions=load:0x7->NXM_NX_TUN_ID[0..23],set_field:0x1->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:40
104