Post is actually step by step procedure of creating DVR system working with two external networks been built via flat network provider. Question which several times was raised up at ask.openstack.org, however was not addressed properly.
************************************************************************************
1. Setup Controller/Network + Compute ML2&OVS&VXLAN via answer-file
************************************************************************************
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_MANILA_INSTALL=n
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
CONFIG_SAHARA_INSTALL=n
CONFIG_HEAT_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=n
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137
CONFIG_NETWORK_HOSTS=192.169.142.127
CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=n
CONFIG_USE_SUBNETS=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAME=
CONFIG_STORAGE_HOST=192.169.142.127
CONFIG_SAHARA_HOST=192.169.142.127
CONFIG_USE_EPEL=y
CONFIG_REPO=
CONFIG_ENABLE_RDO_TESTING=n
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
CONFIG_SSL_CERT_DIR=~/packstackca/
CONFIG_SSL_CACERT_SELFSIGN=y
CONFIG_SELFSIGN_CACERT_SUBJECT_C=--
CONFIG_SELFSIGN_CACERT_SUBJECT_ST=State
CONFIG_SELFSIGN_CACERT_SUBJECT_L=City
CONFIG_SELFSIGN_CACERT_SUBJECT_O=openstack
CONFIG_SELFSIGN_CACERT_SUBJECT_OU=packstack
CONFIG_SELFSIGN_CACERT_SUBJECT_CN=ip-192-169-142-127.ip.secureserver.net
CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL=admin@ip-192-169-142-127.ip.secureserver.net
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=7207ae344ed04957
CONFIG_KEYSTONE_DB_PW=abcae16b785245c3
CONFIG_KEYSTONE_DB_PURGE_ENABLE=True
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=3ad2de159f9649afb0c342ba57e637d9
CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=7049f834927e4468
CONFIG_KEYSTONE_DEMO_PW=bf737b785cfa4398
CONFIG_KEYSTONE_API_VERSION=v2.0
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
CONFIG_KEYSTONE_LDAP_URL=ldap://192.169.142.127
CONFIG_KEYSTONE_LDAP_USER_DN=
CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
CONFIG_KEYSTONE_LDAP_SUFFIX=
CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
CONFIG_KEYSTONE_LDAP_USER_FILTER=
CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_USE_TLS=n
CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
CONFIG_GLANCE_DB_PW=41264fc52ffd4fe8
CONFIG_GLANCE_KS_PW=f6a9398960534797
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=5ac08c6d09ba4b69
CONFIG_CINDER_DB_PURGE_ENABLE=True
CONFIG_CINDER_KS_PW=c8cb1ecb8c2b4f6f
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=5G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES=
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
CONFIG_MANILA_BACKEND=generic
CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
CONFIG_MANILA_NETAPP_LOGIN=admin
CONFIG_MANILA_NETAPP_PASSWORD=
CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_MANILA_NETAPP_SERVER_PORT=443
CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
CONFIG_MANILA_NETAPP_VSERVER=
CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
CONFIG_MANILA_NETWORK_TYPE=neutron
CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
CONFIG_MANILA_GLUSTERFS_SERVERS=
CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN=
CONFIG_MANILA_GLUSTERFS_TARGET=
CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE=
CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE=gluster
CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP=
CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
CONFIG_NOVA_DB_PURGE_ENABLE=True
CONFIG_NOVA_DB_PW=1e1b5aeeeaf342a8
CONFIG_NOVA_KS_PW=d9583177a2444f06
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
CONFIG_VNC_SSL_CERT=
CONFIG_VNC_SSL_KEY=
CONFIG_NOVA_COMPUTE_PRIVIF=
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=808e36e154bd4cee
CONFIG_NEUTRON_DB_PW=0e2b927a21b44737
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_METADATA_PW=a965cd23ed2f4502
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_VPNAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan,flat
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1001:2000
CONFIG_NEUTRON_ML2_VXLAN_GROUP=239.1.1.2
CONFIG_NEUTRON_ML2_VNI_RANGES=1001:2000
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_HORIZON_SECRET_KEY=a25b5ece9db24e2aba8d3a2b4d908ca5
CONFIG_HORIZON_SSL_CERT=
CONFIG_HORIZON_SSL_KEY=
CONFIG_HORIZON_SSL_CACERT=
CONFIG_SWIFT_KS_PW=8f75bfd461234c30
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=a60aacbedde7429a
CONFIG_SWIFT_STORAGE_SIZE=2G
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=976496a551b94296
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_IMAGE_NAME=cirros
CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
CONFIG_PROVISION_IMAGE_FORMAT=qcow2
CONFIG_PROVISION_IMAGE_SSH_USER=cirros
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_OVS_BRIDGE=n
CONFIG_CEILOMETER_SECRET=19ae0e7430174349
CONFIG_CEILOMETER_KS_PW=337b08d4b3a44753
CONFIG_CEILOMETER_COORDINATION_BACKEND=redis
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_REDIS_MASTER_HOST=192.169.142.127
CONFIG_REDIS_PORT=6379
CONFIG_REDIS_HA=n
CONFIG_REDIS_SLAVE_HOSTS=
CONFIG_REDIS_SENTINEL_HOSTS=
CONFIG_REDIS_SENTINEL_CONTACT_HOST=
CONFIG_REDIS_SENTINEL_PORT=26379
CONFIG_REDIS_SENTINEL_QUORUM=2
CONFIG_REDIS_MASTER_NAME=mymaster
CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_NOVA_USER=trove
CONFIG_TROVE_NOVA_TENANT=services
CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
CONFIG_NAGIOS_PW=PW_PLACEHOLDER
************************************************************************************
Four VNICs on each node MGMT (eth0) , VTEPS (eth1), EXT
Interfaces (eth2,eth3 )
************************************************************************************
Interfaces eth2,eth3 are attached to VMs via libvirt subnets :-
[root@fedora23wks ~]# cat external1.xml
<network>
<name>external1</name>
<uuid>d0a7964b-f93d-40c2-b749-b609aed52cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr4' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='10.10.10.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.10.2' end='10.10.10.254' />
</dhcp>
</ip>
</network>
[root@fedora23wks ~]# cat external2.xml
<network>
<name>external2</name>
<uuid>d0a7964b-f93d-40c2-b749-b609aed52cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr5' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='10.10.50.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.50.2' end='10.10.50.254' />
</dhcp>
</ip>
</network>
# virsh net-define external1.xml
# virsh net-start external1
# virsh net-autostart external1
# virsh net-define external2.xml
# virsh net-start external2
# virsh net-autostart external2
************************************************
Management network created via
************************************************
[root@fedora23wks ~]# cat openstackvms.xml
<network>
<name>openstackvms</name>
<uuid>d0e9964a-f91a-40c0-b769-a609aee41bf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr1' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='192.169.142.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.169.142.2' end='192.169.142.254' />
</dhcp>
</ip>
</network>
***********************************************
VTEPS network created via
***********************************************
[root@fedora23wks ~]# cat vteps.xml
<network>
<name>vteps</name>
<uuid>d2e9965b-f92c-40c1-b749-b609aed42cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr2' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='12.0.0.1' netmask='255.255.255.0'>
<dhcp>
<range start='12.0.0.1' end='12.0.0.254' />
</dhcp>
</ip>
</network>
*******************************************
Creating two flat networks as admin
*******************************************
# neutron net-create public1 --provider:network_type flat --provider:physical_network physnet1 --router:external --shared
# neutron net-create public2 --provider:network_type flat --provider:physical_network physnet2 --router:external --shared
# neutron subnet-create --gateway 10.10.10.1 --allocation-pool start=10.10.10.100,end=10.10.10.150 --disable-dhcp --name public1_subnet public1 10.10.10.0/24
# neutron subnet-create --gateway 10.10.50.1 --allocation-pool start=10.10.50.100,end=10.10.50.150 --disable-dhcp --name public2_subnet public2 10.10.50.0/24
***********************************************************************
On all nodes l3_agent.ini && openvswitch_agent.ini should
have highlighted entries
************************************************************************
[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini
[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
external_network_bridge =
gateway_external_network_id =
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = dvr_snat
#on compute
# agent_mode =dvr
[AGENT]
[root@ip-192-169-142-127 ml2(keystone_admin)]# cat openvswitch_agent.ini
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip =12.0.0.127
network_vlan_ranges = physnet1,physnet2
bridge_mappings =physnet1:br-ex,physnet2:br-ex1
enable_tunneling=True
[agent]
polling_interval = 2
tunnel_types =vxlan
vxlan_udp_port =4789
l2_population = True
arp_responder = True
prevent_arp_spoofing = True
enable_distributed_routing = True
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
********************************************************************************
When updates above committed on all nodes && `openstack-service restart
neutron` also has been run , configure ifcfg-* files on all nodes as shown bellow.
Sequence of steps is important to allow service network successful restart.
********************************************************************************
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-br-ex
DEVICE="br-ex"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-br-ex1
DEVICE="br-ex1"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex1
DEVICETYPE="ovs"
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-eth2
DEVICE="eth2"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-eth3
DEVICE="eth3"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex1
NM_CONTROLLED=no
IPV6INIT=no
*******************************************************************************
Now start two OVS bridges and two OVS ports ( eth2 belongs public1,
eth3 belongs public2 ) via script start.sh
*******************************************************************************
#!/bin/bash -x
chkconfig network on ;
systemctl stop NetworkManager ;
systemctl disable NetworkManager ;
service network restart
When done tune DVR configs per "RDO Liberty DVR Neutron workflow on CentOS 7.2" https://www.linux.com/community/blogs/133-general-linux/859376-rdo-liberty-rc2-dvr-neutron-workflow-on-centos-71
and restart nodes. Make sure VXLAN tunnels are present.
*****************
Verification
*****************
[root@ip-192-169-142-137 network-scripts]# ovs-vsctl show
cf8aca0d-1b18-4b88-8bdd-b5bdc5196176
Bridge "br-ex1"
Port "phy-br-ex1" <==== veth pair
Interface "phy-br-ex1"
type: patch
options: {peer="int-br-ex1"}
Port "eth3"
Interface "eth3"
Port "br-ex1"
Interface "br-ex1"
type: internal
Bridge br-int
fail_mode: secure
Port "qr-a0a7d1ec-ad"
tag: 3
Interface "qr-a0a7d1ec-ad"
type: internal
Port "qvob03fdb03-fc"
tag: 3
Interface "qvob03fdb03-fc"
Port int-br-ex
Interface int-br-ex <===== veth pair
type: patch
options: {peer=phy-br-ex}
Port "fg-7b5266a1-03" <==== outgoing interface of fip-namespace1
tag: 4
Interface "fg-7b5266a1-03"
type: internal
Port br-int
Interface br-int
type: internal
Port "qvoc7a65c42-82"
tag: 1
Interface "qvoc7a65c42-82"
Port "qr-034141ad-ae"
tag: 1 Interface "qr-034141ad-ae"
type: internal
Port "fg-cfd8afb9-fe" <==== outgoing interface of fip-namespace2
tag: 2
Interface "fg-cfd8afb9-fe"
type: internal
Port "int-br-ex1"
Interface "int-br-ex1" <==== veth pair
type: patch
options: {peer="phy-br-ex1"}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port "vxlan-0c00007f"
Interface "vxlan-0c00007f"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="12.0.0.137", out_key=flow, remote_ip="12.0.0.127"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex <==== veth pair
type: patch
options: {peer=int-br-ex}
Port "eth2"
Interface "eth2"
ovs_version: "2.4.0"
***************************
Compute Node
***************************
[root@ip-192-169-142-137 ~]# ip netns
fip-393c5f85-e34a-4b0a-b5fc-582e464e9403
qrouter-7e33b300-104c-4415-bfbe-c212e4a45424
fip-15494dea-f35d-4572-a49c-9e8231cb9559
qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0
[root@ip-192-169-142-137 ~]# ip netns exec fip-393c5f85-e34a-4b0a-b5fc-582e464e9403 ip route
default via 10.10.10.1 dev fg-7b5266a1-03
10.10.10.0/24 dev fg-7b5266a1-03 proto kernel scope link src 10.10.10.102
10.10.10.101 via 169.254.31.238 dev fpr-7e33b300-1
169.254.31.238/31 dev fpr-7e33b300-1 proto kernel scope link src 169.254.31.239
[root@ip-192-169-142-137 ~]# ip netns exec fip-15494dea-f35d-4572-a49c-9e8231cb9559 ip route
default via 10.10.50.1 dev fg-cfd8afb9-fe
10.10.50.0/24 dev fg-cfd8afb9-fe proto kernel scope link src 10.10.50.102
10.10.50.101 via 169.254.31.28 dev fpr-83d7e1b2-1
169.254.31.28/31 dev fpr-83d7e1b2-1 proto kernel scope link src 169.254.31.29
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-7e33b300-104c-4415-bfbe-c212e4a45424 ip route
70.0.0.0/24 dev qr-a0a7d1ec-ad proto kernel scope link src 70.0.0.1
169.254.31.238/31 dev rfp-7e33b300-1 proto kernel scope link src 169.254.31.238
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0 ip route
50.0.0.0/24 dev qr-034141ad-ae proto kernel scope link src 50.0.0.1
169.254.31.28/31 dev rfp-83d7e1b2-1 proto kernel scope link src 169.254.31.28
[root@ip-192-169-142-137 ~]# ip netns exec fip-393c5f85-e34a-4b0a-b5fc-582e464e9403 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.239/31 scope global fpr-7e33b300-1
inet6 fe80::6016:cfff:fed9:74c2/64 scope link
inet 10.10.10.102/24 brd 10.10.10.255 scope global fg-7b5266a1-03
inet6 fe80::f816:3eff:fe8d:431d/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec fip-15494dea-f35d-4572-a49c-9e8231cb9559 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.29/31 scope global fpr-83d7e1b2-1
inet6 fe80::d8b1:1bff:fe28:264/64 scope link
inet 10.10.50.102/24 brd 10.10.50.255 scope global fg-cfd8afb9-fe
inet6 fe80::f816:3eff:feb5:cb7a/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-7e33b300-104c-4415-bfbe-c212e4a45424 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.238/31 scope global rfp-7e33b300-1
inet 10.10.10.101/32 brd 10.10.10.101 scope global rfp-7e33b300-1
inet 10.10.10.103/32 brd 10.10.10.103 scope global rfp-7e33b300-1
inet6 fe80::f6:d3ff:fecf:a5d5/64 scope link
inet 70.0.0.1/24 brd 70.0.0.255 scope global qr-a0a7d1ec-ad
inet6 fe80::f816:3eff:fe80:34a7/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.28/31 scope global rfp-83d7e1b2-1
inet 10.10.50.103/32 brd 10.10.50.103 scope global rfp-83d7e1b2-1
inet 10.10.50.101/32 brd 10.10.50.101 scope global rfp-83d7e1b2-1
inet6 fe80::4c90:16ff:fe74:ec6d/64 scope link
inet 50.0.0.1/24 brd 50.0.0.255 scope global qr-034141ad-ae
inet6 fe80::f816:3eff:feae:1104/64 scope link
Three node deployment
References
1. http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/
2. http://www.linux.com/community/blogs/133-general-linux/874900-running-dvr-with-external-network-provider-flat-on-centos-72-rdo-liberty/
************************************************************************************
1. Setup Controller/Network + Compute ML2&OVS&VXLAN via answer-file
************************************************************************************
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_MANILA_INSTALL=n
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
CONFIG_SAHARA_INSTALL=n
CONFIG_HEAT_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=n
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137
CONFIG_NETWORK_HOSTS=192.169.142.127
CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=n
CONFIG_USE_SUBNETS=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAME=
CONFIG_STORAGE_HOST=192.169.142.127
CONFIG_SAHARA_HOST=192.169.142.127
CONFIG_USE_EPEL=y
CONFIG_REPO=
CONFIG_ENABLE_RDO_TESTING=n
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
CONFIG_SSL_CERT_DIR=~/packstackca/
CONFIG_SSL_CACERT_SELFSIGN=y
CONFIG_SELFSIGN_CACERT_SUBJECT_C=--
CONFIG_SELFSIGN_CACERT_SUBJECT_ST=State
CONFIG_SELFSIGN_CACERT_SUBJECT_L=City
CONFIG_SELFSIGN_CACERT_SUBJECT_O=openstack
CONFIG_SELFSIGN_CACERT_SUBJECT_OU=packstack
CONFIG_SELFSIGN_CACERT_SUBJECT_CN=ip-192-169-142-127.ip.secureserver.net
CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL=admin@ip-192-169-142-127.ip.secureserver.net
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=7207ae344ed04957
CONFIG_KEYSTONE_DB_PW=abcae16b785245c3
CONFIG_KEYSTONE_DB_PURGE_ENABLE=True
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=3ad2de159f9649afb0c342ba57e637d9
CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=7049f834927e4468
CONFIG_KEYSTONE_DEMO_PW=bf737b785cfa4398
CONFIG_KEYSTONE_API_VERSION=v2.0
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
CONFIG_KEYSTONE_LDAP_URL=ldap://192.169.142.127
CONFIG_KEYSTONE_LDAP_USER_DN=
CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
CONFIG_KEYSTONE_LDAP_SUFFIX=
CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
CONFIG_KEYSTONE_LDAP_USER_FILTER=
CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_USE_TLS=n
CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
CONFIG_GLANCE_DB_PW=41264fc52ffd4fe8
CONFIG_GLANCE_KS_PW=f6a9398960534797
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=5ac08c6d09ba4b69
CONFIG_CINDER_DB_PURGE_ENABLE=True
CONFIG_CINDER_KS_PW=c8cb1ecb8c2b4f6f
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=5G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES=
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
CONFIG_MANILA_BACKEND=generic
CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
CONFIG_MANILA_NETAPP_LOGIN=admin
CONFIG_MANILA_NETAPP_PASSWORD=
CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_MANILA_NETAPP_SERVER_PORT=443
CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
CONFIG_MANILA_NETAPP_VSERVER=
CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
CONFIG_MANILA_NETWORK_TYPE=neutron
CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
CONFIG_MANILA_GLUSTERFS_SERVERS=
CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN=
CONFIG_MANILA_GLUSTERFS_TARGET=
CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE=
CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE=gluster
CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP=
CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
CONFIG_NOVA_DB_PURGE_ENABLE=True
CONFIG_NOVA_DB_PW=1e1b5aeeeaf342a8
CONFIG_NOVA_KS_PW=d9583177a2444f06
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
CONFIG_VNC_SSL_CERT=
CONFIG_VNC_SSL_KEY=
CONFIG_NOVA_COMPUTE_PRIVIF=
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=808e36e154bd4cee
CONFIG_NEUTRON_DB_PW=0e2b927a21b44737
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_METADATA_PW=a965cd23ed2f4502
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_VPNAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan,flat
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1001:2000
CONFIG_NEUTRON_ML2_VXLAN_GROUP=239.1.1.2
CONFIG_NEUTRON_ML2_VNI_RANGES=1001:2000
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_HORIZON_SECRET_KEY=a25b5ece9db24e2aba8d3a2b4d908ca5
CONFIG_HORIZON_SSL_CERT=
CONFIG_HORIZON_SSL_KEY=
CONFIG_HORIZON_SSL_CACERT=
CONFIG_SWIFT_KS_PW=8f75bfd461234c30
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=a60aacbedde7429a
CONFIG_SWIFT_STORAGE_SIZE=2G
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=976496a551b94296
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_IMAGE_NAME=cirros
CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
CONFIG_PROVISION_IMAGE_FORMAT=qcow2
CONFIG_PROVISION_IMAGE_SSH_USER=cirros
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_OVS_BRIDGE=n
CONFIG_CEILOMETER_SECRET=19ae0e7430174349
CONFIG_CEILOMETER_KS_PW=337b08d4b3a44753
CONFIG_CEILOMETER_COORDINATION_BACKEND=redis
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_REDIS_MASTER_HOST=192.169.142.127
CONFIG_REDIS_PORT=6379
CONFIG_REDIS_HA=n
CONFIG_REDIS_SLAVE_HOSTS=
CONFIG_REDIS_SENTINEL_HOSTS=
CONFIG_REDIS_SENTINEL_CONTACT_HOST=
CONFIG_REDIS_SENTINEL_PORT=26379
CONFIG_REDIS_SENTINEL_QUORUM=2
CONFIG_REDIS_MASTER_NAME=mymaster
CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_NOVA_USER=trove
CONFIG_TROVE_NOVA_TENANT=services
CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
CONFIG_NAGIOS_PW=PW_PLACEHOLDER
************************************************************************************
Four VNICs on each node MGMT (eth0) , VTEPS (eth1), EXT
Interfaces (eth2,eth3 )
************************************************************************************
Interfaces eth2,eth3 are attached to VMs via libvirt subnets :-
[root@fedora23wks ~]# cat external1.xml
<network>
<name>external1</name>
<uuid>d0a7964b-f93d-40c2-b749-b609aed52cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr4' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='10.10.10.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.10.2' end='10.10.10.254' />
</dhcp>
</ip>
</network>
[root@fedora23wks ~]# cat external2.xml
<network>
<name>external2</name>
<uuid>d0a7964b-f93d-40c2-b749-b609aed52cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr5' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='10.10.50.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.50.2' end='10.10.50.254' />
</dhcp>
</ip>
</network>
# virsh net-define external1.xml
# virsh net-start external1
# virsh net-autostart external1
# virsh net-define external2.xml
# virsh net-start external2
# virsh net-autostart external2
************************************************
Management network created via
************************************************
[root@fedora23wks ~]# cat openstackvms.xml
<network>
<name>openstackvms</name>
<uuid>d0e9964a-f91a-40c0-b769-a609aee41bf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr1' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='192.169.142.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.169.142.2' end='192.169.142.254' />
</dhcp>
</ip>
</network>
***********************************************
VTEPS network created via
***********************************************
[root@fedora23wks ~]# cat vteps.xml
<network>
<name>vteps</name>
<uuid>d2e9965b-f92c-40c1-b749-b609aed42cf2</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr2' stp='on' delay='0' />
<mac address='52:54:00:60:f8:6d'/>
<ip address='12.0.0.1' netmask='255.255.255.0'>
<dhcp>
<range start='12.0.0.1' end='12.0.0.254' />
</dhcp>
</ip>
</network>
*******************************************
Creating two flat networks as admin
*******************************************
# neutron net-create public1 --provider:network_type flat --provider:physical_network physnet1 --router:external --shared
# neutron net-create public2 --provider:network_type flat --provider:physical_network physnet2 --router:external --shared
# neutron subnet-create --gateway 10.10.10.1 --allocation-pool start=10.10.10.100,end=10.10.10.150 --disable-dhcp --name public1_subnet public1 10.10.10.0/24
# neutron subnet-create --gateway 10.10.50.1 --allocation-pool start=10.10.50.100,end=10.10.50.150 --disable-dhcp --name public2_subnet public2 10.10.50.0/24
***********************************************************************
On all nodes l3_agent.ini && openvswitch_agent.ini should
have highlighted entries
************************************************************************
[root@ip-192-169-142-127 neutron(keystone_admin)]# cat l3_agent.ini
[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
external_network_bridge =
gateway_external_network_id =
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = dvr_snat
#on compute
# agent_mode =dvr
[AGENT]
[root@ip-192-169-142-127 ml2(keystone_admin)]# cat openvswitch_agent.ini
[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip =12.0.0.127
network_vlan_ranges = physnet1,physnet2
bridge_mappings =physnet1:br-ex,physnet2:br-ex1
enable_tunneling=True
[agent]
polling_interval = 2
tunnel_types =vxlan
vxlan_udp_port =4789
l2_population = True
arp_responder = True
prevent_arp_spoofing = True
enable_distributed_routing = True
drop_flows_on_start=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
********************************************************************************
When updates above committed on all nodes && `openstack-service restart
neutron` also has been run , configure ifcfg-* files on all nodes as shown bellow.
Sequence of steps is important to allow service network successful restart.
********************************************************************************
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-br-ex
DEVICE="br-ex"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-br-ex1
DEVICE="br-ex1"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex1
DEVICETYPE="ovs"
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-eth2
DEVICE="eth2"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no
[root@ip-192-169-142-137 network-scripts]# cat ifcfg-eth3
DEVICE="eth3"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex1
NM_CONTROLLED=no
IPV6INIT=no
*******************************************************************************
Now start two OVS bridges and two OVS ports ( eth2 belongs public1,
eth3 belongs public2 ) via script start.sh
*******************************************************************************
#!/bin/bash -x
chkconfig network on ;
systemctl stop NetworkManager ;
systemctl disable NetworkManager ;
service network restart
When done tune DVR configs per "RDO Liberty DVR Neutron workflow on CentOS 7.2" https://www.linux.com/community/blogs/133-general-linux/859376-rdo-liberty-rc2-dvr-neutron-workflow-on-centos-71
and restart nodes. Make sure VXLAN tunnels are present.
*****************
Verification
*****************
[root@ip-192-169-142-137 network-scripts]# ovs-vsctl show
cf8aca0d-1b18-4b88-8bdd-b5bdc5196176
Bridge "br-ex1"
Port "phy-br-ex1" <==== veth pair
Interface "phy-br-ex1"
type: patch
options: {peer="int-br-ex1"}
Port "eth3"
Interface "eth3"
Port "br-ex1"
Interface "br-ex1"
type: internal
Bridge br-int
fail_mode: secure
Port "qr-a0a7d1ec-ad"
tag: 3
Interface "qr-a0a7d1ec-ad"
type: internal
Port "qvob03fdb03-fc"
tag: 3
Interface "qvob03fdb03-fc"
Port int-br-ex
Interface int-br-ex <===== veth pair
type: patch
options: {peer=phy-br-ex}
Port "fg-7b5266a1-03" <==== outgoing interface of fip-namespace1
tag: 4
Interface "fg-7b5266a1-03"
type: internal
Port br-int
Interface br-int
type: internal
Port "qvoc7a65c42-82"
tag: 1
Interface "qvoc7a65c42-82"
Port "qr-034141ad-ae"
tag: 1 Interface "qr-034141ad-ae"
type: internal
Port "fg-cfd8afb9-fe" <==== outgoing interface of fip-namespace2
tag: 2
Interface "fg-cfd8afb9-fe"
type: internal
Port "int-br-ex1"
Interface "int-br-ex1" <==== veth pair
type: patch
options: {peer="phy-br-ex1"}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port "vxlan-0c00007f"
Interface "vxlan-0c00007f"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="12.0.0.137", out_key=flow, remote_ip="12.0.0.127"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex <==== veth pair
type: patch
options: {peer=int-br-ex}
Port "eth2"
Interface "eth2"
ovs_version: "2.4.0"
***************************
Compute Node
***************************
[root@ip-192-169-142-137 ~]# ip netns
fip-393c5f85-e34a-4b0a-b5fc-582e464e9403
qrouter-7e33b300-104c-4415-bfbe-c212e4a45424
fip-15494dea-f35d-4572-a49c-9e8231cb9559
qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0
[root@ip-192-169-142-137 ~]# ip netns exec fip-393c5f85-e34a-4b0a-b5fc-582e464e9403 ip route
default via 10.10.10.1 dev fg-7b5266a1-03
10.10.10.0/24 dev fg-7b5266a1-03 proto kernel scope link src 10.10.10.102
10.10.10.101 via 169.254.31.238 dev fpr-7e33b300-1
169.254.31.238/31 dev fpr-7e33b300-1 proto kernel scope link src 169.254.31.239
[root@ip-192-169-142-137 ~]# ip netns exec fip-15494dea-f35d-4572-a49c-9e8231cb9559 ip route
default via 10.10.50.1 dev fg-cfd8afb9-fe
10.10.50.0/24 dev fg-cfd8afb9-fe proto kernel scope link src 10.10.50.102
10.10.50.101 via 169.254.31.28 dev fpr-83d7e1b2-1
169.254.31.28/31 dev fpr-83d7e1b2-1 proto kernel scope link src 169.254.31.29
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-7e33b300-104c-4415-bfbe-c212e4a45424 ip route
70.0.0.0/24 dev qr-a0a7d1ec-ad proto kernel scope link src 70.0.0.1
169.254.31.238/31 dev rfp-7e33b300-1 proto kernel scope link src 169.254.31.238
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0 ip route
50.0.0.0/24 dev qr-034141ad-ae proto kernel scope link src 50.0.0.1
169.254.31.28/31 dev rfp-83d7e1b2-1 proto kernel scope link src 169.254.31.28
[root@ip-192-169-142-137 ~]# ip netns exec fip-393c5f85-e34a-4b0a-b5fc-582e464e9403 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.239/31 scope global fpr-7e33b300-1
inet6 fe80::6016:cfff:fed9:74c2/64 scope link
inet 10.10.10.102/24 brd 10.10.10.255 scope global fg-7b5266a1-03
inet6 fe80::f816:3eff:fe8d:431d/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec fip-15494dea-f35d-4572-a49c-9e8231cb9559 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.29/31 scope global fpr-83d7e1b2-1
inet6 fe80::d8b1:1bff:fe28:264/64 scope link
inet 10.10.50.102/24 brd 10.10.50.255 scope global fg-cfd8afb9-fe
inet6 fe80::f816:3eff:feb5:cb7a/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-7e33b300-104c-4415-bfbe-c212e4a45424 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.238/31 scope global rfp-7e33b300-1
inet 10.10.10.101/32 brd 10.10.10.101 scope global rfp-7e33b300-1
inet 10.10.10.103/32 brd 10.10.10.103 scope global rfp-7e33b300-1
inet6 fe80::f6:d3ff:fecf:a5d5/64 scope link
inet 70.0.0.1/24 brd 70.0.0.255 scope global qr-a0a7d1ec-ad
inet6 fe80::f816:3eff:fe80:34a7/64 scope link
[root@ip-192-169-142-137 ~]# ip netns exec qrouter-83d7e1b2-125b-4d62-8cd7-eaf3cffe39c0 ip a| grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 169.254.31.28/31 scope global rfp-83d7e1b2-1
inet 10.10.50.103/32 brd 10.10.50.103 scope global rfp-83d7e1b2-1
inet 10.10.50.101/32 brd 10.10.50.101 scope global rfp-83d7e1b2-1
inet6 fe80::4c90:16ff:fe74:ec6d/64 scope link
inet 50.0.0.1/24 brd 50.0.0.255 scope global qr-034141ad-ae
inet6 fe80::f816:3eff:feae:1104/64 scope link
Three node deployment
References
1. http://blog.oddbit.com/2014/05/28/multiple-external-networks-wit/
2. http://www.linux.com/community/blogs/133-general-linux/874900-running-dvr-with-external-network-provider-flat-on-centos-72-rdo-liberty/