VLAN tags in OpenStack, Quantum & OVS

Building your own multi-host private cloud with OpenStack Essex release? Getting a vlan-enabled bridged network up and going can be a pain, especially if you have existing network infrastructure.

Our infrastructure assembled a network with VLAN tag 50. We aren't concerned with running separated, parallel VLANs, so it would be easier to just run everything on 50. (Getting used to Quantum now is also more future-proof than just running with a FlatDHCP model.)

When OpenStack (through its Quantum service, running on Open vSwitch) created a virtual instance, that instance's tap device would be inserted into the OVS network with an arbitrary (but fixed) vlan tag, preventing communication. What a pain!

There are two steps you can use to gain control back over your vlan tags. The first is to simply tweak the tags on ports controlled with Open vSwitch:

ovs-vsctl set Port br-int tag=50

This changes the vlan tag on port br-int to 50. The ports (and tags) on a particular physical host can be inspected with

ovs-vsctl show

This works great for existing ports, but doesn't help you with new ones. To fix that permanently, take a quick peek into the Quantum Open vSwitch plugin's associated database.

mysql> show tables;
+-----------------------+
| Tables_in_ovs_quantum |
+-----------------------+
| networks              |
| ports                 |
| vlan_bindings         |
+-----------------------+
3 rows in set (0.00 sec)

mysql> select * from vlan_bindings;
+---------+--------------------------------------+
| vlan_id | network_id                           |
+---------+--------------------------------------+
|       2 | 1648b94e-78f4-42b9-a951-93d09b9371bb |
+---------+--------------------------------------+
1 row in set (0.00 sec)

Aha. Tweak that vlan_id, and you're good to go:

mysql> update vlan_bindings set vlan_id = 50;
Query OK, 1 rows affected (0.02 sec)
Rows matched: 1  Changed: 1  Warnings: 0