Configuring the network

OpenStack-Ansible uses bridges to connect physical and logical network interfaces on the host to virtual network interfaces within containers. Target hosts need to be configured with the following network bridges:

Bridge name

Best configured on

With a static IP

br-mgmt

On every node

Always

br-storage

On every storage node

When component is deployed on metal

On every compute node

Always

br-vxlan

On every network node

When component is deployed on metal

On every compute node

Always

br-vlan

On every network node

Never

On every compute node

Never

For a detailed reference of how the host and container networking is implemented, refer to OpenStack-Ansible Reference Architecture, section Container Networking.

For use case examples, refer to User Guides.

Host network bridges information

  • LXC internal: lxcbr0

    The lxcbr0 bridge is required for LXC, but OpenStack-Ansible configures it automatically. It provides external (typically Internet) connectivity to containers with dnsmasq (DHCP/DNS) + NAT.

    This bridge does not directly attach to any physical or logical interfaces on the host because iptables handles connectivity. It attaches to eth0 in each container.

    The container network that the bridge attaches to is configurable in the openstack_user_config.yml file in the provider_networks dictionary.

  • Container management: br-mgmt

    The br-mgmt bridge provides management of and communication between the infrastructure and OpenStack services.

    The bridge attaches to a physical or logical interface, typically a bond0 VLAN subinterface. It also attaches to eth1 in each container.

    The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.

  • Storage: br-storage

    The br-storage bridge provides segregated access to Block Storage devices between OpenStack services and Block Storage devices.

    The bridge attaches to a physical or logical interface, typically a bond0 VLAN subinterface. It also attaches to eth2 in each associated container.

    The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.

  • OpenStack Networking tunnel: br-vxlan

    The br-vxlan interface is required if the environment is configured to allow projects to create virtual networks using VXLAN. It provides the interface for encapsulated virtual (VXLAN) tunnel network traffic.

    Note that br-vxlan is not required to be a bridge at all, a physical interface or a bond VLAN subinterface can be used directly and will be more efficient. The name br-vxlan is maintained here for consistency in the documentation and example configurations.

    The container network interface it attaches to is configurable in the openstack_user_config.yml file.

  • OpenStack Networking provider: br-vlan

    The br-vlan bridge is provides infrastructure for VLAN tagged or flat (no VLAN tag) networks.

    The bridge attaches to a physical or logical interface, typically bond1. It is not assigned an IP address because it handles only layer 2 connectivity.

    The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.