Ovn networks without promisc support. possible?

rocket · May 4, 2023, 12:13am

I am trying to setup ovn and lxd at a colo where the network interface is not allowed to turn on promisc support. Hence it seems that network bridges are out of the question. I have requested a second nic that is attached to the vm that is on the public network.

Is it possible to use this second physical nic as part of the uplink network?

or is there a better way to achieve connectivity to these containers?

I was able to create an ovn overlay but it seems to not have inbound/outbound connectivity thats working at all.

I have a 3 node lxd cluster. that I am trying to support webservers and mailservers.

Thanks in advance.

rocket · May 4, 2023, 12:39am

Also another wrinkle the uplink network we were assigned is a /28
|Total Number of Hosts:|16|
|Number of Usable Hosts:|14|
|Subnet Mask:|255.255.255.240|
|Wildcard Mask:|0.0.0.15|

rocket · May 4, 2023, 2:44am

i am able to use the lxdfan network and get outbound traffic and update the container etc. I need to figure out a way to get ingress traffic into one of the fan containers and I could setup a haproxy or something to forward to other internal containers instead.

tomp · May 12, 2023, 1:07pm

LXD OVN networks create a virtual router connected to a shared L2 uplink network.
It works by connecting the specified uplink network interface to an Openvswitch Bridge, so promiscuous mode is a requirement I would say, as that uplink interface will need to receive traffic for all MAC addresses, not just its own.

See Step 5 in https://linuxcontainers.org/lxd/docs/master/howto/network_ovn_setup/#set-up-a-lxd-cluster-on-ovn for an example of creating an uplink network using an unused physical interface.