14:01:15 #startmeeting neutron_l3 14:01:17 Meeting started Wed Dec 2 14:01:15 2020 UTC and is due to finish in 60 minutes. The chair is liuyulong. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:18 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:01:20 The meeting name has been set to 'neutron_l3' 14:01:39 long time no see 14:03:46 Seems this will be another one persone meeting... 14:04:27 No announcement from me today, let's scan the bug list. 14:04:35 #topic Bugs 14:04:58 #link http://lists.openstack.org/pipermail/openstack-discuss/2020-November/018782.html 14:05:02 #link http://lists.openstack.org/pipermail/openstack-discuss/2020-November/019032.html 14:05:08 #link http://lists.openstack.org/pipermail/openstack-discuss/2020-November/019119.html 14:05:16 #link http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019154.html 14:05:52 First one: 14:05:53 #link https://bugs.launchpad.net/neutron/+bug/1903433 14:05:55 Launchpad bug 1903433 in neutron "The duplicate route in l3 router namespace results in North-South traffic breaking" [Medium,In progress] - Assigned to yangjianfeng (yangjianfeng) 14:06:44 The patch is done hereļ¼š 14:06:47 #link https://review.opendev.org/c/openstack/neutron/+/761829/ 14:07:06 Just start another recheck for it. 14:09:57 The input CIDR overlapping status will be checked between external subnet and user internal subnet. The unit test cases are really good to verify this. 14:11:03 Next 14:11:04 #link https://bugs.launchpad.net/neutron/+bug/1904564 14:11:06 Launchpad bug 1904564 in neutron "GRE tunnels over IPv6 are created in wrong way" [High,In progress] - Assigned to Slawek Kaplonski (slaweq) 14:12:31 I've not used gre for tunnels in our local cloud, but this is a valid bug. 14:14:04 More like a ovs-agent mis-configuration, it's worthy to fix IMO. 14:15:03 #link https://bugs.launchpad.net/neutron/+bug/1904436 14:15:05 Launchpad bug 1904436 in neutron ""gateway" option is not honored when creating a subnet with subnet pool" [Wishlist,New] 14:16:23 Our IPv6 subnets are created from a subnet pool, but we have not see such issue. I will check this in my local deployment. 14:17:30 But I wonder which IP the router internal gateway will set finally. 14:17:44 I will keep an eye on that. 14:18:58 Next one 14:18:59 #link https://bugs.launchpad.net/neutron/+bug/1905295 14:19:02 Launchpad bug 1905295 in neutron "[RFE] Allow multiple external gateways on a router" [Wishlist,New] - Assigned to Bence Romsics (bence-romsics) 14:20:30 hi liuyulong 14:20:39 This is a quite big proposal. 14:20:41 hi 14:20:54 I saw you mentioned this 14:20:59 Yes 14:21:21 I saw the comments in the LP bug. 14:21:52 I'm also bit a afraid this could be big, that's why I would like to limit the scope as much as possible 14:22:48 OK, so maybe we need some details on how to accomplish the traffic from VM to outside world, and vice versa. 14:23:12 by the way, does the use case make sense to you? 14:24:19 I'm not sure. I think we need some details about the "multiple external gateways". 14:24:47 What will this multiple external gateways use for? 14:25:16 basically I'd like to model a bgp+ecmp router 14:25:55 The multiple external gateways are independent of each other? Or it will work together to do north-south traffic? 14:26:39 their faults are independent, but traffic is balanced by ecmp 14:28:33 So, the router has multiple external gateways connected to multiple physical router in one single host? 14:29:04 yes, it does 14:29:37 Or the router will be scheduled to multiple hosts, each scheduled instance has different external gateway to different physical router? 14:29:50 I was trying to draw it in the RFE, but launchpad ate my ascii art 14:30:02 but this etherpad has a better drawing 14:30:06 https://etherpad.opendev.org/p/neutron-multiple-external-gateways 14:30:31 (I just used this to prepare the RFE, nothing new there, but the drawing is better) 14:31:14 Openning... 14:32:41 lines 28-48 14:32:42 Alright, if it is the first topology. Why not add all NICs to one bond to achive the high availibility? 14:33:31 And beyond that, the fault scope is still in one single host no matter how many external gateways. 14:34:19 I believe the people who came up with this design in my company don't like LACP recovery times in some situations 14:34:22 That means if the host is done, the entire traffic will go done (if you have HA, the failover will happen). 14:34:28 s/done/down 14:35:23 and some cases I believe they want ECMP not just between the 4 routers, but down to the compute host 14:37:21 In such situation, I will suggest user to enable the DVR : ) 14:37:24 Hi 14:37:29 #link https://github.com/gotostack/shanghai_ptg/blob/master/shanghai_neutron_ptg_topics_liuyulong.pdf 14:38:02 In shanghai PTG, I'd raised a ACTIVE-ACTIVE mode for router in a DNAT nodes. 14:39:34 That proposal will also use ECMP for the floating IPs routes. 14:40:10 regarding dvr, in telco we so far did not have much success selling that, the people in my company very much prefer dedicated hw networking equipment 14:40:39 lajoskatona, hi 14:41:39 rubasov, yes that could be true, the users sometimes require some dedicated hosts for netwoking because of some security concern. 14:42:00 liuyulong: Hi 14:42:09 and they'd like to model that design in neutron api 14:43:16 Allow me to elaborate the ACTIVE-ACTIVE DNAT topology,. 14:43:22 sure 14:43:59 When the user try to access one floating IP, the upstream physical router will have multiple next hop IP which direct to some scheduled Router namespace. 14:44:45 And in each router namespace, the iptables rules, route rules will work as centriliazed routers do. 14:45:52 okay, so southbound traffic is over ecmp 14:45:57 right? 14:46:00 And in the compute node, when the packet is back to the outside world 14:46:32 the ovs-agent will add some port group which is also something like ecmp to send the return packet back to the router namespace. 14:46:52 Due to all these traffic we take care are L3 only, 14:47:18 so the taffic can be send back to any router namespace no matter the hash rule is. 14:47:22 rubasov, yes 14:47:48 so northbound traffic is over LAG, maybe MLAG 14:48:16 I believe my people favor ECMP over MLAG for some reason 14:48:35 but I will need to go back to them to better understand their reasons for this 14:49:28 Hmmm, actually we do not care about the underlay topoloy. 14:50:34 In neutron's view, we can only assume there are some neutron virtual Routers and one Upstream physical router. 14:50:55 The upstream physical router has multiple path to a single distination. 14:51:45 We do not care about how many fabric the hosts are connected to the upstream router. 14:53:49 but don't I have to represent the links in my previous picture in lines 31-35 as neutron nets (used as external gw-s)? 14:54:38 I don't see how could I represent that as 1 neutron network 14:55:51 So this ACTIVE-ACTIVE DNAT topology is what you want? 14:56:40 If so, in the picture, you can just remove R4, and link R2 to R1, R1', R1'' etc. 14:56:54 Sorry 14:57:09 In the picture, you can just remove R4 and R2, and link R3 to R1, R1', R1'' etc. 14:57:50 The R1, R1', R1'' mean one single neutron router has multiple scheduled instance in different host. 14:58:02 All these R1 instances are ACTIVE. 14:58:11 I'm far from sure I fully understand the active-active, I will try to better understand your slides 14:58:39 They work together to surve the north-south traffice. 14:58:51 s/traffic 14:58:55 OK 15:00:00 but thank you for the questions, it helps to better formulate the use case (and see if it's valid) 15:00:36 #link https://m.pgb-fc.com/docs/en-us/netscaler/media/ns-cluster-ecmp-topology.png 15:00:59 Ignore all the IPs/protocls/words in this picture. 15:01:32 Something like that. 15:02:03 ok, time is up 15:02:17 #endmeeting