[ovs-discuss] Complex, for me at least, setup with multiple hosts

Grant Taylor gtaylor at tnetconsulting.net
Mon Sep 10 00:48:53 UTC 2018


On 09/09/2018 02:12 PM, Vassilis Aretakis wrote:
> I have a LAN which is accessible by 3 servers. I would like to allow 
> specific internet hosts to use this lan.

Okay.

> Because I want ot have multiple links and All hosts to receive multicast 
> etc. I thought of using multiple openvswitches on the hosts which has 
> access to this lan, and use also VXLAN to make a mesh network (MAybe I 
> am thinking wrong).

I don't know if I would call what I'm thinking of as a mesh per say. 
Certainly wouldn't call it a full mesh.

It sounds like you want to create an OvS on each of the three servers, 
each with eth1 as a member port, and a OvS on each of the VMs.  Then add 
OvS VTEPs between:

  - Server1 & VM1
  - Server1 & VM2
  - Server2 & VM1
  - Server2 & VM2
  - Server3 & VM1
  - Server3 & VM2

I think you want to NOT have VTEPs between the servers or the VMs.

It's my understanding that your goal / motivation is to get multicast 
traffic from the private LAN to the VMs.  Correct?

I think that you are going to want to do /something/ to prevent loops. 
I think the minimum is STP.  Hopefully the private LAN switch is the 
root.  I'm guessing that STP will pick one of the links between the 
servers and each VM as the forwarding link and put the links to the 
other servers into a blocking state.

I'm sure there are other things you can do with SDN to prevent the 
looping too.

That should extend the broadcast domain from the private LAN to the VMs.

I don't know what or how multicast will effect this.

> When I began with building this with double GRE tunnels I ended up 
> causing a mess instead of me Mesh.

Okay.

> If you see the diagram example, I tried to make VM1 and VM2 to be able 
> to access PRIVATE LAN, but I failed.
> would you have a suggested setup? in order to pass traffic using SRV1/2/3?


        Private LAN
       ---+--- - - -
          |
+--+--+--+---+--+--+
|  |  | eth1 |  |  |
|  |  +------+  |  |
|  |            |  |
|  |    br0     |  |
|  |            |  |
|  |  +------+  |  |
|  |  | vm1  +---------+
|  +--+------+--+  |   :
|                  |   :
|     Server1      |   :
|                  |   :
|     +------+     |   :
|     | eth0 |     |   :
+-----+--+---+-----+   :
          |             V
       ---+--- - - -    X
        Internet        L
       ---+--- - - -    A
          |             N
+-----+--+---+-----+   :
|     | eth0 |     |   :
|     +------+     |   :
|                  |   :
|       VM1        |   :
|                  |   :
|  +--+------+--+  |   :
|  |  | s1   +---------+
|  |  +------+  |  |
|  |            |  |
|  |    br0     |  |
|  |            |  |
+--+------------+--+

Server1:vm1 and VM1:s1 are the interconnected VTEPs.

Obviously the OvSs on the systems would have additional VXLAN 
connections as described above.

That would make br0 on VM1 be an extension of the Private LAN.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180909/a28dbb07/attachment.p7s>


More information about the discuss mailing list