Starting with VMware Integrated OpenStack 4.0, you can configure dynamic routing for your provider and tenants.

You must first create a VXLAN external network that you later use as internal interface for your gateway edges.

Prerequisites

  • You must use NSX Data Center for vSphere as your virtual network provider.

Procedure

  1. Create IPv4 address scope for future tenant subnets and the external VXLAN network subnet.

    neutron address-scope-create scope_name 4

  2. Create a provider subnet pool.

    Replace scope_name with the name of the address scope that you created earlier.

    neutron subnetpool-create --pool-prefix 10.10.10.0/24 --default-prefixlen 24 provider_pool_name --address-scope scope_name

  3. Create a self-service subnet pool for tenant networks.

    Replace scope_name with the name of the address scope that you created earlier.

    neutron	subnetpool-create --pool-prefix 1.1.1.0/24 --default-prefixlen 26 selfservice	--address-scope scope_name --shared

  4. Create the external VXLAN network.

    The following command creates a new logical switch in NSX Data Center for vSphere.

    neutron net-create --provider:network_type vxlan --router:external external_VXLAN_network_name
  5. Create the external VXLAN subnet.

    Replace provider_pool_name with the name of the provider pool that you created earlier. Replace external_VXLAN_network_name with the name of the network that you created earlier.

    neutron subnet-create --no-gateway --name ext_vxlan_subnet_name --disable-dhcp --allocation-pool start=start_IP,end=end_IP --subnetpool provider_pool_name external_VXLAN_network_name NETWORK[CIDR]

  6. Create BGP peering gateway edges by using the nsxadmin utility.

    Gateway edges use the management network as external interface and the external network that you created as internal interface.

    nsxadmin -r bgp-gw-edge -o create --property name=name_GW-EDGE1 --property local-as=65001 --property external-iface=morefid:mgtnetwork --property internal-iface=morefid:internal_interface_network_GW-EDGE1
    
    nsxadmin -r bgp-gw-edge -o create --property name=name_GW-EDGE2 --property local-as=65001 --property external-iface=morefid:mgtnetwork --property internal-iface=morefid:internal_interface_network_GW-EDGE2
  7. Update the NSX Edges with BGP advertisement.

    Use the IDs of the edges that you created in the previous step.

    nsxadmin -r routing-redistribution-rule -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property learner-protocol=bgp --property learn-from=connected,bgp --property action=permit 
    
  8. Update the NSX Edges with BGP neighbors.

    Use the IDs of the edges that you created earlier.

    nsxadmin -r bgp-neighbour -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property ip-address=IP_physical_router1 --property remote-as=65000 --property password=BGP_password
    
    nsxadmin -r bgp-neighbour -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property ip-address=IP_physical_router2 --property remote-as=65000 --property password=BGP_password
    
    
  9. Update your physical routers.
    1. Set AS value to 65000.
    2. Set BGP neighbours to name_GW-EDGE1 and name_GW-EDGE2.
    3. Set to advertise itself as dynamic gateway.
  10. Create and configure the BGP Speaker.
    1. Create the BGP speaker.
      neutron bgp-speaker-create --local-as local_as_value name_bgp_speaker
      
    2. Create BGP peers.
      neutron bgp-peer-create --peer-ip internal_interface_network_GW-EDGE1 --remote-as 65001 --password BGP_password --auth-type md5 name_GW-EDGE1 --esg-id edge-ID_GW-EDGE1
      
      neutron bgp-peer-create --peer-ip internal_interface_network_GW-EDGE2 --remote-as 65001 --password BGP_password --auth-type md5 name_GW-EDGE2 --esg-id edge-ID_GW-EDGE2
    3. Add the BGP peer to the BGP speaker.
      neutron bgp-speaker-peer-add name_bgp_speaker name_GW-EDGE1 
      
      neutron bgp-speaker-peer-add name_bgp_speaker name_GW-EDGE2
      
    4. Associate the speaker with the VXLAN network.
      neutron bgp-speaker-network-add name_bgp_speaker external_VXLAN_network_name
  11. (Optional) Create BGP routers for tenants.

    Tenant users can create their BGP routers. The tenant user must be admin to configure a router without SNAT.

    1. Create two logical switches for a tenant and subnet pools for them.
      neutron net-create name_Tenant1_LS1
      
      neutron subnet-create --name name_network_Tenant1-LS1 name_Tenant1_LS1 --subnetpool selfservice
      
      neutron net-create name_Tenant1_LS2
      
      neutron subnet-create --name name_network_Tenant1-LS2 name_Tenant1_LS2 --subnetpool selfservice
      
    2. Create a router with BGP configuration.

      BGP works with all OpenStack Logical Routers form factors : shared , distributed , and exclusive.

      neutron router-create name_Tenant1-LR --router_type=exclusive
      
      neutron router-interface-add name_Tenant1-LR name_network_Tenant1-LS1
      
      neutron router-interface-add name_Tenant1-LR name_network_Tenant1-LS2
      
      neutron router-gateway-set name_Tenant1-LR --disable-snat external_VXLAN_network_name
      

Results

BGP dynamic routing is now configured on the provider side and tenants can also use it.