Hi,
The OVN setup tutorial is great and I want to go one step further to setup a physical network dedicated for shared use by OVN networks. But to my surprise I can’t find any instruction or tutorial on subject of physical network setup.
Any info or pointer on this topic is appreciated.
Thanks
Robert Li
Hi,
You can use as a minimum:
lxc network create <name> \
parent=<physical interface>
ipv4.gateway=n.n.n.n/24 #uplink gateway address and subnet size
ipv4.ovn.ranges=n.n.n.n-n.n.n.n # Range of addresses that LXD should use to allocate to OVN gateways on uplink network
Yes, basically I follow the same steps but the instance can’t reach host IP and Internet.
create physical uplink network:
lxc network create phys --type=physical \
parent=enp0s9 \
ipv4.gateway=192.0.2.1/24 \
ipv6.gateway=2001:db8:1:1::1/64 \
ipv4.ovn.ranges=192.0.2.10-192.0.2.19 \
ipv4.routes=198.52.100.0/24 \
ipv6.routes=2001:db8:1:2::/64 \
dns.nameservers=192.168.1.1
Create OVN network that links to phys network:
lxc network create ovn1 --type=ovn network=phys \
ipv4.address=198.52.100.1/24 \
ipv6.address=2001:db8:1:2::1/64 \
ipv4.nat=true \
ipv6.nat=true
Here is the show result of OVN1:
$ lxc network show ovn1
config:
bridge.mtu: "1450"
ipv4.address: 198.52.100.1/24
ipv4.nat: "true"
ipv6.address: 2001:db8:1:2::1/64
ipv6.nat: "true"
network: phys
volatile.network.ipv4.address: 192.0.2.10
volatile.network.ipv6.address: 2001:db8:1:1:216:3eff:fe70:b1a4
description: ""
name: ovn1
type: ovn
used_by:
- /1.0/instances/u2
The instance u2 can get DHCP IP 198.52.100.2 from OVN1 network. it can ping 192.52.100.1 which I believe it is OVS route’s internal IP. But inside instance I can’t ping OVN external IP 192.0.2.10, host ip: 192.168.56.20, and Internet IP: 8.8.8.8.
Finally here is the ovn-vsctl output:
# ovs-vsctl show
cfdac91d-a98c-4b03-a195-62f477030a08
Bridge br-int
fail_mode: secure
Port veth621a288d
Interface veth621a288d
Port br-int
Interface br-int
type: internal
Port vethada5185a
Interface vethada5185a
Port patch-br-int-to-lxd-net21-ls-ext-lsp-provider
Interface patch-br-int-to-lxd-net21-ls-ext-lsp-provider
type: patch
options: {peer=patch-lxd-net21-ls-ext-lsp-provider-to-br-int}
Port patch-br-int-to-lxd-net7-ls-ext-lsp-provider
Interface patch-br-int-to-lxd-net7-ls-ext-lsp-provider
type: patch
options: {peer=patch-lxd-net7-ls-ext-lsp-provider-to-br-int}
Bridge lxdovn20
Port enp0s9
Interface enp0s9
Port lxdovn20
Interface lxdovn20
type: internal
Port patch-lxd-net21-ls-ext-lsp-provider-to-br-int
Interface patch-lxd-net21-ls-ext-lsp-provider-to-br-int
type: patch
options: {peer=patch-br-int-to-lxd-net21-ls-ext-lsp-provider}
Bridge lxdovn9
Port patch-lxd-net7-ls-ext-lsp-provider-to-br-int
Interface patch-lxd-net7-ls-ext-lsp-provider-to-br-int
type: patch
options: {peer=patch-br-int-to-lxd-net7-ls-ext-lsp-provider}
Port lxdovn9
Interface lxdovn9
type: internal
Port lxdovn9b
Interface lxdovn9b
ovs_version: "2.13.3"
The same setup with lxdbr1 works fine. This is a single node setup. I also run into same situation with 5 node bare-metal setup.
Thanks,
Robert
Hi @tomp , could you help to take a look at my setup and shed some light on how I can fix to make it worked?
thanks
Can you ping 192.0.2.10 from the external uplink network (i.e can the external network reach the OVN router’s external address on the physical network)?
To be honest, I don’t know what are required to the physical uplink. So I set 192.0.2.1/24 to the uplink interface (enp0s9), this way this IP is reachable at host side. And the routing table have 192.0.2.0/24 be routed through 192.0.2.1/24.
With the above setup, I can’t ping 192.0.2.10 from both host side and inside container. tcpdump -i enp0s9 -vv ether host <ovn_router mac-address> from host side can’t see any packets from ovn router.
If you’re using a physical network interface as the uplink then you should not assign an IP to the interface, as that will not work. The physical interface will be connected to an OVS bridge by LXD for use with connecting OVN networks to the uplink network.
You need to make sure that the details you are using with the physical network are correct for the external network on that interface (i,e that the gateway and subnet info is correct).
You should then check that the OVN router’s external address (lxc network get ovn1 volatile.network.ipv4.address) is pingable from a device on the external network.
@tomp thanks for the updates.
I recreated both physical uplink and OVN network with below commands:
lxc network create uplink --type=physical \
parent=enp0s9 \
ipv4.gateway=192.168.84.1/24 \
ipv6.gateway=2001:db8:1:1::1/64 \
ipv4.ovn.ranges=192.168.84.101-192.168.84.105 \ ipv4.routes=198.52.100.0/24 \
ipv6.routes=2001:db8:1:2::/64 \
dns.nameservers=192.168.1.1
lxc network create ovn1 --type=ovn \
network=uplink \
ipv4.address=198.52.100.1/24 \
ipv6.address=2001:db8:1:2::1/64 \
ipv4.nat=false \
ipv6.nat=false
The 192.168.84.0/24 is a uplink network the physical NIC located. After container is started, lxc network get ovn1 volatile.network.ipv4.address shows the OVN1 is assigned 192.168.84.101. But still ping this IP from external network does not work.
I am not sure if this is limited by the host-only network feature of VirtualBox I used on my laptop. And I don’t have free wired physical uplink in lab to let me try more. So probably for now bridge is the only choice.
Thanks
Yes very likely as LXD will create an OVS bridge and connect the physical uplink port enp0s9 to it, so the OVN router will use its own MAC address on the uplink network. If the network filters that traffic out that would explain why it doesn’t work.