VLAN Based Network for OpenVswitch

VLAN Based Network for OpenVswitch

Posted on Jan 13, 2020 (0)

Configure VLAN based Network for OpenVSwitch


  • Configure the Neutron using Open vSwitch mechanism driver.
  • Configure Neutron to use VLAN type driver and configure to use VLAN range from 10-1200.
  • Create the Network dclessons-Network3 , type VLAN , ID 1100 along with subnet dclessons-subnet-3 for
  • Create a VM with same feature we created on LAB 1 and associate the Port named dclessons-port3 with the VM instance on network dclessons-Network3.
  • Now Verify the Virtual interface information on CLI in details.


Using OVS as the mechanism driver and VLAN type  requires changes to the ML2 plugin configuration file.

Open the Neutron ML2 plugin configuration file using your desired editor. For example, the command for nano  editor will be as follows:

[root@localhost ~(keystone_admin)]# sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini

Press Ctrl+W and put ml2 and put enter to search

In the [ml2] section of the file, configure ML2 to use OVS as the mechanism driver:

mechanism_drivers = openvswitch
type_drivers = vlan
tenant_network_types = vlan

Restart the Neutron and Open vSwitch services on the Controller and Network nodes of our setup, using the following commands:

[root@localhost ~(keystone_admin)]# sudo service neutron-server restart
[root@localhost ~(keystone_admin)]# sudo service openvswitch-switch restart
[root@localhost ~(keystone_admin)]# sudo service neutron-openvswitch-agent restart

And for VLAN range search the {ml2_type_vlan} and then edit the ranges from 10 to 1200.

Now create the dclessons-Network3 network and subnet dclessons-subnet3  for

In the left navigation menu, click on Admin | System | Networks.

Click on the + Create Network button to display the Create Network screen for the administrators. Provide all information as shown below.

Enter external as the value for Physical Network.

In the Segmentation ID field, enter a VLAN ID from the range that was configured for Neutron. Note that if you enter a VLAN ID that is already in use, the create network request will fail.

Now click on Create Network. Once the network creation succeeds, the network will show in the list. Note that this mechanism creates a Network without a subnet. Therefore, you will see that the Subnets Associated column is empty.

Click on the Network name of the newly created Network to view its details. You can see that the Segmentation ID that we entered has been used to create the Network:

Now click on create Subnet to enter the subnet information and submit.

Now create the port from CLI and put in in to network dclessons-Network3 by following command.

[root@localhost ~(keystone_admin)]# neutron port-create --name dclessons-port3 dclessons-Network3

[root@localhost ~(keystone_admin)]# neutron port-create --name dclessons-port3 dclessons-Network3

Now launch the Instance as per task with following command:

Note that ID of dclessons-port3 is:  2a9710f0-3d9b-416e-bdbb-d570c8116450 | dclessons-port3

[root@localhost ~(keystone_admin)]# nova boot --flavor m1.tiny --image cirros --nic port-id=2a9710f0-3d9b-416e-bdbb-d570c8116450 dclessons-vm3

[root@localhost ~(keystone_admin)]# nova boot --flavor m1.tiny --image cirros --nic port-id=2a9710f0-3d9b-416e-bdbb-d570c8116450 dclessons-vm3

Now go to Admin | Instance  and you can see that new instance is created and IP is allocated to it , you can also verify via taking console of the instance.

click on Admin | System | Networks. Click on the name of the Network to which the instance belongs. Note the Segmentation ID (VLAN ID), which is 1005  and click on port for port details and click on dclessons-port3.

Note down the ID of the Port starting with  2a9710f0

[root@localhost ~(keystone_admin)]# sudo ovs-vsctl show

You will see that  OVS port named "qvo2a9710f0-3d. As you can see, this port name matches the ID of the OpenStack port used for our virtual machine instance which port is port 5.

When OVS forwards the packets from our virtual machine to the outside world, it must tag it with the VLAN ID of 1005 (Segmentation ID). We can verify this using the ovs-ofctl dump-flows br-int command. This command prints all the network flow information for the specific Open vSwitch instance. See the following highlighted output:

[root@localhost ~(keystone_admin)]# sudo ovs-ofctl dump-flows br-int
cookie=0xa3cc83fe51a4f464, duration=5826.811s, table=0, n_packets=0, n_bytes=0, idle_age=5826, priority=10,icmp6,in_port=10,icmp_type=136 actions=resubmit(,24) cookie=0xa3cc83fe51a4f464, duration=5826.819s, table=0, n_packets=24, n_bytes=2534, idle_age=5693, priority=9,in_port=10 actions=resubmit(,25)
cookie=0xa3cc83fe51a4f464, duration=3068.885s, table=0, n_packets=0, n_bytes=0, idle_age=3068, priority=3,in_port=4,dl_vlan=1005 actions=mod_vlan_vid:5,NORMAL
cookie=0xa3cc83fe51a4f464, duration=2536.046s, table=0, n_packets=35, n_bytes=4219, idle_age=2170, priority=9,in_port=12 actions=resubmit(,25)

Now to check on virtual interface information for netwok node , here we have configured all compute , network and Controller node on one VM machine. To see that :

click on Admin | System | Networks. Click on the dclessons-Network 3 to view the details of the network to which the virtual machine instance belongs and in the details of the Network, we can see the Ports associated with this Network. The DHCP Port for the selected network is highlighted as follows:

Click on the Port name to view the DHCP Port Detail. Note that the DHCP IP address is  and the Port ID starts with fc436f85-77 as highlighted here:

Now run the following commands as given below:

[root@localhost ~(keystone_admin)]# ip netns

Note that ip netns command lists all the Linux namespaces created on the node. In our setup, we can see a namespace called qdhcp-4f83daa3-4375-428b-9040-51e303c84817

This name is generated by Neutron by adding qdhcp and the unique ID for the Network.

view the networking information and applications running in a namespace, we will need to start a command shell in the namespace. You can do this using the following command:

[root@localhost ~(keystone_admin)]# sudo ip netns exec qdhcp-4f83daa3-4375-428b-9040-51e303c84817 /bin/bash

Once this command is successful, you will get a new shell promptLet's type the following ifconfig command at the prompt:

we can see an interface called tapfc436f85-77. You will notice that fc436f85-77 matches the first few characters of the DHCP port ID that we noted

Neutron uses dnsmasq to provide DHCP services. We can confirm that the dnsmasq process is using the tapfc436f85-77 interface with the ps command as shown here:

[root@localhost ~(keystone_admin)]# ps -ef | grep dnsmasq
nobody 17077 1 0 11:28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/4f83daa3-4375-428b-9040-51e303c84817/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/4f83daa3-4375-428b-9040-51e303c84817/host --addn-hosts=/var/lib/neutron/dhcp/4f83daa3-4375-428b-9040-51e303c84817/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/4f83daa3-4375-428b-9040-51e303c84817/opts --dhcp-leasefile=/var/lib/neutron/dhcp/4f83daa3-4375-428b-9040-51e303c84817/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapfc436f85-77 --dhcp-range=set:tag0,,static,86400s --dhcp-option-force=option:mtu,1500 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal
root 25983 23933 0 12:41 pts/0 00:00:00 grep --color=auto dnsmasq


    You are will be the first.


Please login here to comment.