Macvtap メカニズムドライバー

Macvtap メカニズムドライバー

The Macvtap mechanism driver for the ML2 plug-in generally increases network performance of instances.

Consider the following attributes of this mechanism driver to determine practicality in your environment:

  • Supports only instance ports. Ports for DHCP and layer-3 (routing) services must use another mechanism driver such as Linux bridge or Open vSwitch (OVS).
  • Supports only untagged (flat) and tagged (VLAN) networks.
  • Lacks support for security groups including basic (sanity) and anti-spoofing rules.
  • Lacks support for layer-3 high-availability mechanisms such as Virtual Router Redundancy Protocol (VRRP) and Distributed Virtual Routing (DVR).
  • コンピュートリソースだけが macvtap 経由で接続できます。 DHCP、ルーターなどの他のリソースの接続には対応していません。したがって、コントローラーノードでは OVS エージェントか Linux ブリッジエージェントを VLAN かフラットモードで動かします。

  • Instance migration requires the same values for the physical_interface_mapping configuration option on each compute node. For more information, see https://bugs.launchpad.net/neutron/+bug/1550400.

前提

You can add this mechanism driver to an existing environment using either the Linux bridge or OVS mechanism drivers with only provider networks or provider and self-service networks. You can change the configuration of existing compute nodes or add compute nodes with the Macvtap mechanism driver. The example configuration assumes addition of compute nodes with the Macvtap mechanism driver to the Linux bridge: セルフサービスネットワーク or Open vSwitch: Self-service networks deployment examples.

Add one or more compute nodes with the following components:

  • Three network interfaces: management, provider, and overlay.
  • OpenStack Networking Macvtap layer-2 agent and any dependencies.

注釈

To support integration with the deployment examples, this content configures the Macvtap mechanism driver to use the overlay network for untagged (flat) or tagged (VLAN) networks in addition to overlay networks such as VXLAN. Your physical network infrastructure must support VLAN (802.1q) tagging on the overlay network.

アーキテクチャー

The Macvtap mechanism driver only applies to compute nodes. Otherwise, the environment resembles the prerequisite deployment example.

Macvtap mechanism driver - compute node components Macvtap mechanism driver - compute node connectivity

設定例

Use the following example configuration as a template to add support for the Macvtap mechanism driver to an existing operational environment.

コントローラーノード

  1. ml2_conf.ini ファイル:

    • Add macvtap to mechanism drivers.

      [ml2]
      mechanism_drivers = macvtap
      
    • Configure network mappings.

      注釈

      Use of macvtap is arbitrary. Only the self-service deployment examples require VLAN ID ranges. Replace VLAN_ID_START and VLAN_ID_END with appropriate numerical values.

  2. Restart the following services:

    • サーバー

ネットワークノード

変更なし。

コンピュートノード

  1. Install the Networking service Macvtap layer-2 agent.

  2. In the neutron.conf file, configure common options:

    [DEFAULT]
    core_plugin = ml2
    auth_strategy = keystone
    rpc_backend = rabbit
    notify_nova_on_port_status_changes = true
    notify_nova_on_port_data_changes = true
    
    [database]
    ...
    
    [keystone_authtoken]
    ...
    
    [oslo_messaging_rabbit]
    ...
    
    [nova]
    ...
    

    See the Installation Guide for your OpenStack release to obtain the appropriate configuration for the [database], [keystone_authtoken], [oslo_messaging_rabbit], and [nova] sections.

  3. In the macvtap_agent.ini file, configure the layer-2 agent.

    [macvtap]
    physical_interface_mappings = macvtap:MACVTAP_INTERFACE
    
    [securitygroup]
    firewall_driver = noop
    

    Replace MACVTAP_INTERFACE with the name of the underlying interface that handles Macvtap mechanism driver interfaces. If using a prerequisite deployment example, replace MACVTAP_INTERFACE with the name of the underlying interface that handles overlay networks. For example, eth1.

  4. 以下のサービスを実行します。

    • macvtap エージェント

サービスの動作検証

  1. 管理プロジェクトのクレデンシャルを読み込みます。

  2. エージェントが存在し、動作していることを確認します。

    $ neutron agent-list
    +--------------------------------------+---------------+----------+-------------------+-------+----------------+---------------------------+
    | id                                   | agent_type    | host     | availability_zone | alive | admin_state_up | binary                |
    +--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
    | 7af923a4-8be6-11e6-afc3-3762f3c3cf6e | Macvtap agent | compute1 |                   | :-)   | True           | neutron-macvtap-agent |
    | 80af6934-8be6-11e6-a046-7b842f93bb23 | Macvtap agent | compute2 |                   | :-)   | True           | neutron-macvtap-agent |
    +--------------------------------------+---------------+----------+-------------------+-------+----------------+---------------------------+
    

初期ネットワークの作成

This mechanism driver simply changes the virtual network interface driver for instances. Thus, you can reference the Create initial networks content for the prerequisite deployment example.

ネットワーク動作の検証

This mechanism driver simply changes the virtual network interface driver for instances. Thus, you can reference the Verify network operation content for the prerequisite deployment example.

Network traffic flow

This mechanism driver simply removes the Linux bridge handling security groups on the compute nodes. Thus, you can reference the network traffic flow scenarios for the prerequisite deployment example.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.