openstack/neutron
Code Issues Proposed changes

Replace Linux Bridge with Open vSwitch in installation docs

Browse Source 
This patch replaces the Linux Bridge references with Open vSwitch in
the installation manuals.

Closes-Bug: #1996772
Change-Id: Ib63daad7fac52e1e10dca2e98add01d5ee7635a3
This commit is contained in:
Rodolfo Alonso Hernandez 2022-11-13 09:17:41 +01:00
parent a358bb802b
commit c6a83988ea
21 changed files with 226 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/install/common/get-started-networking.rst
View File

@ -19,7 +19,7 @@ OpenStack Networking plug-ins and agents
vendor and technologies used in the particular cloud. OpenStack
Networking ships with plug-ins and agents for Cisco virtual and
physical switches, NEC OpenFlow products, Open vSwitch, Linux
bridging, and the VMware NSX product.
bridging, Open Virtual Network (OVN) and the VMware NSX product.
The common agents are L3 (layer 3), DHCP (dynamic host IP
addressing), and a plug-in agent.

8
doc/source/install/compute-install-obs.rst
View File

@ -12,7 +12,7 @@ Install the components
.. code-block:: console
# zypper install --no-recommends \
openstack-neutron-linuxbridge-agent bridge-utils
openstack-neutron-openvswitch-agent bridge-utils
.. end
@ -162,13 +162,13 @@ Finalize installation
.. end
#. Start the Linux Bridge agent and configure it to start when the
#. Start the Open vSwitch agent and configure it to start when the
system boots:
.. code-block:: console
# systemctl enable openstack-neutron-linuxbridge-agent.service
# systemctl start openstack-neutron-linuxbridge-agent.service
# systemctl enable openstack-neutron-openvswitch-agent.service
# systemctl start openstack-neutron-openvswitch-agent.service
.. end

36
doc/source/install/compute-install-option1-obs.rst
View File

@ -3,23 +3,23 @@ Networking Option 1: Provider networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -27,31 +27,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-obs`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

36
doc/source/install/compute-install-option1-rdo.rst
View File

@ -3,23 +3,23 @@ Networking Option 1: Provider networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -27,31 +27,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-rdo`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

36
doc/source/install/compute-install-option1-ubuntu.rst
View File

@ -3,23 +3,23 @@ Networking Option 1: Provider networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -27,31 +27,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-ubuntu`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

35
doc/source/install/compute-install-option2-obs.rst
View File

@ -3,23 +3,23 @@ Networking Option 2: Self-service networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -27,15 +27,14 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-obs`
for more information.
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
* In the ``[vxlan]`` section, configure the IP address of the physical
network interface that handles overlay networks and enable layer-2
population:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -49,20 +48,22 @@ networking infrastructure for instances and handles security groups.
:doc:`environment-networking-obs` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

39
doc/source/install/compute-install-option2-rdo.rst
View File

@ -3,39 +3,38 @@ Networking Option 2: Self-service networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
provider physical network interface. See :doc:`environment-networking-rdo`
provider physical network interface. See :doc:`environment-networking-obs`
for more information.
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
* In the ``[vxlan]`` section, configure the IP address of the physical
network interface that handles overlay networks and enable layer-2
population:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -46,23 +45,25 @@ networking infrastructure for instances and handles security groups.
example architecture uses the management interface to tunnel traffic to
the other nodes. Therefore, replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with
the management IP address of the compute node. See
:doc:`environment-networking-rdo` for more information.
:doc:`environment-networking-obs` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

39
doc/source/install/compute-install-option2-ubuntu.rst
View File

@ -3,39 +3,38 @@ Networking Option 2: Self-service networks
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
The Open vSwitch agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
provider physical network interface. See :doc:`environment-networking-ubuntu`
provider physical network interface. See :doc:`environment-networking-obs`
for more information.
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
* In the ``[vxlan]`` section, configure the IP address of the physical
network interface that handles overlay networks and enable layer-2
population:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -46,23 +45,25 @@ networking infrastructure for instances and handles security groups.
example architecture uses the management interface to tunnel traffic to
the other nodes. Therefore, replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with
the management IP address of the compute node. See
:doc:`environment-networking-ubuntu` for more information.
:doc:`environment-networking-obs` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini

6
doc/source/install/compute-install-rdo.rst
View File

@ -14,7 +14,7 @@ Install the components
.. code-block:: console
# yum install openstack-neutron-linuxbridge ebtables ipset
# yum install openstack-neutron-openvswitch
.. end
@ -157,8 +157,8 @@ Finalize installation
.. code-block:: console
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
# systemctl enable neutron-openvswitch-agent.service
# systemctl start neutron-openvswitch-agent.service
.. end

4
doc/source/install/compute-install-ubuntu.rst
View File

@ -9,7 +9,7 @@ Install the components
.. code-block:: console
# apt install neutron-linuxbridge-agent
# apt install neutron-openvswitch-agent
.. end
@ -154,7 +154,7 @@ Finalize installation
.. code-block:: console
# service neutron-linuxbridge-agent restart
# service neutron-openvswitch-agent restart
.. end

4
doc/source/install/controller-install-obs.rst
View File

@ -304,11 +304,11 @@ Finalize installation
.. code-block:: console
# systemctl enable openstack-neutron.service \
openstack-neutron-linuxbridge-agent.service \
openstack-neutron-openvswitch-agent.service \
openstack-neutron-dhcp-agent.service \
openstack-neutron-metadata-agent.service
# systemctl start openstack-neutron.service \
openstack-neutron-linuxbridge-agent.service \
openstack-neutron-openvswitch-agent.service \
openstack-neutron-dhcp-agent.service \
openstack-neutron-metadata-agent.service

52
doc/source/install/controller-install-option1-obs.rst
View File

@ -10,7 +10,7 @@ Install the components
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
openstack-neutron-server openstack-neutron-openvswitch-agent \
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent \
bridge-utils
@ -184,7 +184,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge
mechanism_drivers = openvswitch
.. end
@ -216,35 +216,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -252,31 +240,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-obs`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -306,7 +286,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

52
doc/source/install/controller-install-option1-rdo.rst
View File

@ -10,7 +10,7 @@ Install the components
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
openstack-neutron-openvswitch
.. end
@ -182,7 +182,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge
mechanism_drivers = openvswitch
.. end
@ -214,35 +214,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -250,31 +238,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-rdo`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -304,7 +284,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

52
doc/source/install/controller-install-option1-ubuntu.rst
View File

@ -10,7 +10,7 @@ Install the components
.. code-block:: console
# apt install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-openvswitch-agent neutron-dhcp-agent \
neutron-metadata-agent
.. end
@ -183,7 +183,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge
mechanism_drivers = openvswitch
.. end
@ -215,35 +215,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -251,31 +239,23 @@ networking infrastructure for instances and handles security groups.
provider physical network interface. See :doc:`environment-networking-ubuntu`
for more information.
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = false
.. end
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -305,7 +285,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

55
doc/source/install/controller-install-option2-obs.rst
View File

@ -12,7 +12,7 @@ Install the components
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
openstack-neutron-server openstack-neutron-openvswitch-agent \
openstack-neutron-l3-agent openstack-neutron-dhcp-agent \
openstack-neutron-metadata-agent bridge-utils dnsmasq
@ -183,7 +183,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
mechanism_drivers = openvswitch,l2population
.. end
@ -192,10 +192,6 @@ and switching) virtual networking infrastructure for instances.
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
.. note::
The Linux bridge agent only supports VXLAN overlay networks.
* In the ``[ml2]`` section, enable the port security extension driver:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
@ -231,35 +227,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -271,11 +255,10 @@ networking infrastructure for instances and handles security groups.
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -289,20 +272,22 @@ networking infrastructure for instances and handles security groups.
:doc:`environment-networking-obs` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -324,14 +309,14 @@ self-service virtual networks.
* Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver:
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver:
.. path /etc/neutron/l3_agent.ini
.. code-block:: ini
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
.. end
@ -343,7 +328,7 @@ The DHCP agent provides DHCP services for virtual networks.
* Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on provider
networks can access metadata over the network:
@ -352,7 +337,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

51
doc/source/install/controller-install-option2-rdo.rst
View File

@ -11,7 +11,7 @@ Install the components
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
openstack-neutron-openvswitch ebtables
.. end
@ -181,7 +181,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
mechanism_drivers = openvswitch,l2population
.. end
@ -229,35 +229,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -269,11 +257,10 @@ networking infrastructure for instances and handles security groups.
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -287,20 +274,22 @@ networking infrastructure for instances and handles security groups.
:doc:`environment-networking-rdo` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -322,14 +311,14 @@ self-service virtual networks.
* Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver:
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver:
.. path /etc/neutron/l3_agent.ini
.. code-block:: ini
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
.. end
@ -341,7 +330,7 @@ The DHCP agent provides DHCP services for virtual networks.
* Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on provider
networks can access metadata over the network:
@ -350,7 +339,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

49
doc/source/install/controller-install-option2-ubuntu.rst
View File

@ -10,7 +10,7 @@ Install the components
.. code-block:: console
# apt install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
neutron-openvswitch-agent neutron-l3-agent neutron-dhcp-agent \
neutron-metadata-agent
.. end
@ -182,7 +182,7 @@ and switching) virtual networking infrastructure for instances.
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
mechanism_drivers = openvswitch,l2population
.. end
@ -230,35 +230,23 @@ and switching) virtual networking infrastructure for instances.
.. end
* In the ``[securitygroup]`` section, enable ipset to increase
efficiency of security group rules:
.. path /etc/neutron/plugins/ml2/ml2_conf.ini
.. code-block:: ini
[securitygroup]
# ...
enable_ipset = true
.. end
Configure the Linux bridge agent
Configure the Open vSwitch agent
--------------------------------
The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances and handles security groups.
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
* Edit the ``/etc/neutron/plugins/ml2/openvswitch_agent.ini`` file and
complete the following actions:
* In the ``[linux_bridge]`` section, map the provider virtual network to the
* In the ``[ovs]`` section, map the provider virtual network to the
provider physical network interface:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME
.. end
@ -274,7 +262,6 @@ networking infrastructure for instances and handles security groups.
.. code-block:: ini
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
@ -288,20 +275,22 @@ networking infrastructure for instances and handles security groups.
:doc:`environment-networking-ubuntu` for more information.
* In the ``[securitygroup]`` section, enable security groups and
configure the Linux bridge iptables firewall driver:
configure the Open vSwitch native or the hybrid iptables firewall driver:
.. path /etc/neutron/plugins/ml2/linuxbridge_agent.ini
.. path /etc/neutron/plugins/ml2/openvswitch_agent.ini
.. code-block:: ini
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
.. end
* Ensure your Linux operating system kernel supports network bridge filters
by verifying all the following ``sysctl`` values are set to ``1``:
* In the case of using the hybrid iptables firewall driver, ensure your
Linux operating system kernel supports network bridge filters by verifying
all the following ``sysctl`` values are set to ``1``:
.. code-block:: ini
@ -323,14 +312,14 @@ self-service virtual networks.
* Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver:
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver:
.. path /etc/neutron/l3_agent.ini
.. code-block:: ini
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
.. end
@ -342,7 +331,7 @@ The DHCP agent provides DHCP services for virtual networks.
* Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
* In the ``[DEFAULT]`` section, configure the Open vSwitch interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on provider
networks can access metadata over the network:
@ -351,7 +340,7 @@ The DHCP agent provides DHCP services for virtual networks.
[DEFAULT]
# ...
interface_driver = linuxbridge
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

4
doc/source/install/controller-install-rdo.rst
View File

@ -315,10 +315,10 @@ Finalize installation
.. code-block:: console
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-openvswitch-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-openvswitch-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
.. end

2
doc/source/install/controller-install-ubuntu.rst
View File

@ -305,7 +305,7 @@ Finalize installation
.. code-block:: console
# service neutron-server restart
# service neutron-linuxbridge-agent restart
# service neutron-openvswitch-agent restart
# service neutron-dhcp-agent restart
# service neutron-metadata-agent restart

4
doc/source/install/verify-option1.rst
View File

@ -12,8 +12,8 @@ Networking Option 1: Provider networks
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0400c2f6-4d3b-44bc-89fa-99093432f3bf | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 83cf853d-a2f2-450a-99d7-e9c6fc08f4c3 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
| ec302e51-6101-43cf-9f19-88a78613cbee | Linux bridge agent | compute | None | True | UP | neutron-linuxbridge-agent |
| fcb9bc6e-22b1-43bc-9054-272dd517d025 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
| ec302e51-6101-43cf-9f19-88a78613cbee | Open vSwitch agent | compute | None | True | UP | neutron-openvswitch-agent |
| fcb9bc6e-22b1-43bc-9054-272dd517d025 | Open vSwitch agent | controller | None | True | UP | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
.. end

4
doc/source/install/verify-option2.rst
View File

@ -11,8 +11,8 @@ Networking Option 2: Self-service networks
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Open vSwitch agent | controller | None | True | UP | neutron-openvswitch-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Open vSwitch agent | compute1 | None | True | UP | neutron-openvswitch-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+