Enable BGP VPN¶
Consider this section as part of Deploy an OpenStack cluster.
The BGP VPN service is an extra OpenStack Neutron plugin that enables connection of OpenStack Virtual Private Networks with external VPN sites through either BGP/MPLS IP VPNs or E-VPN.
To enable the BGP VPN service:
Enable BGP VPN in the OsDpl custom resource through the
node specific overrides settings. For example:
spec: features: neutron: bgpvpn: enabled: true route_reflector: # Enable deploygin FRR route reflector enabled: true # Local AS number as_number: 64512 # List of subnets we allow to connect to # router reflector BGP neighbor_subnets: - 10.0.0.0/8 - 172.16.0.0/16 nodes: openstack-compute-node::enabled: features: neutron: bgpvpn: enabled: true
When the service is enabled, a route reflector is scheduled on nodes with
openstack-frrouting: enabled label. Mirantis recommends collocating
the route reflector nodes with the OpenStack controller nodes. By default, two
replicas are deployed.
Multiprotocol Label Switching over Generic Routing Encapsulation (MPLSoGRE) provides limited throughput up to 38 Mbps, as per Mirantis tests. To improve performance while sending data between VMs, you can switch the encapsulation type to VXLAN in the OsDpl custom resource:
spec: services: networking: neutron: values: conf: bagpipe_bgp: dataplane_driver_ipvpn: mpls_over_gre: "False" vxlan_encap: "True"