>> On 9/11/2013 3:29 AM, Geraint Jones wrote:
>> We are using "tenant_network_type = gre"
>> 2.) The network node load is never under 3.5 – 4. This seems to be the case
>> if we are doing 10mbit or 800mbit.
>> 3.) Network performance is unpredictable at best.
> From: Xin Zhao [xz...@bnl.gov]
> I have a similar question. We are considering to upgrade to grizzly using
> OVS/vlan model, if I understand the doc correctly,
> all the external traffic and internal intra-virtual network traffic go
> through the network host, which makes the network host a
> single point of failure, and high loaded. So my question is, how people deal
> with this bottleneck in network node? Is it possible
> to deploy multiple network nodes, or using other plugin, like OpenFlow, is
> the solution ?
Hi,
Using VLANs should be less of a problem load-wise since it can use
tcp-offloading on the NIC.
GRE tunnels cannot do this.
All traffic will go through the l3-agent.
You can have multiple l3 agents but only one l3 agent per network can be active
at the time so this is a SPOF.
There was a plan to have multiple l3 agents per network for Grizzly but that
never made it.
I looked at the Havana bug fixes but it *seems* that the functionality is still
not there yet.
Until there is a HA option for the l3 agent you will have to create your own
way of providing HA:
1) Use Pacemaker to provide HA for the l3-agent
2) Use your normal (HA) router: since you are going to use VLANs you can create
those interfaces on your router.
If you have full control over network creation you can just create a config
manually / script it.
If you do not have full control (e.g. allowing 3rd party's to create their
own networking) you would have to integrate your router with Neutron
( Not sure if there are 3rd party router drivers already implemented, would
be nice if someone could give some clarity on this.
I would like Vyatta support :)
3) Patch what ever needs access to your machines directly into the a VLAN the
Openstack machine has so you do not need to route traffic.
e.g. patch your load-balancer directly into the VLAN of your webservers.
You probably still need a router / l3-agent to access the machine for
management but that becomes way less critical if the production traffic does
not hit it.
We are currently using 3 and will look into 1 & 2 after the Havana release. (if
the l3-agent is still not possible with HA.)
Cheers,
Robert van Leeuwen
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
