Configure network trunking in projects¶
Available since MOSK 25.1 TechPreview
This tutorial provides step-by-step instructions on how to use the Neutron Trunk extension in your project infrastructure. By following this guide, you will learn how to configure trunk ports in OpenStack Neutron, enabling efficient network segmentation and traffic management.
Overview¶
The Neutron Trunk extension allows a single virtual machine (VM) to connect to multiple networks using a single port. This is achieved by designating one port as the parent port, which handles untagged IP packets, while additional subports receive tagged packets through the IEEE 802.1Q VLAN protocol.
The Neutron Trunk extension is enabled by default.
Environment description¶
This tutorial uses a predefined environment setup, illustrated in the following diagram:
In this environment, we have three virtual machines (VMs) and two networks with one subnet in each. These subnets have different address pools:
VM1 is connected to
net_Athroughport_A(standard port, no trunking)VM2 is connected to
net_Bthroughport_B(standard port, no trunking)VM3 is connected to both
net_Aandnet_Busing a trunk port:The primary port is attached to
net_AA subport is attached to
net_Bwith VLAN ID100.
All VMs have public network access through floating IP addresses, allowing remote management through SSH.
Preconfigure the environment¶
Before running the setup commands, ensure that your OpenStack project has
a keypair named test_key available.
To quickly set up the environment, use the following commands:
openstack network create mgmt_net
openstack subnet create mgmt_subnet --network mgmt_net --subnet-range 192.0.2.0/24 --allocation-pool start=192.0.2.2,end=192.0.2.20
openstack router create mgmt_router
openstack router set mgmt_router --external-gateway public
openstack router add subnet mgmt_router mgmt_subnet
openstack security group create test_sg
openstack security group rule create test_sg --remote-ip 0.0.0.0/0
for i in {1..3}; do \
openstack port create --network mgmt_net --fixed-ip subnet=mgmt_subnet,ip-address=192.0.2.2${i} --security-group test_sg mgmt_port${i}; \
openstack floating ip create --port mgmt_port${i} public; \
openstack server create --image Ubuntu-18.04 --flavor m1.tiny_test --key-name test_key --port mgmt_port${i} vm${i}; \
done
openstack network create net_A
openstack subnet create subnet_A --network net_A --subnet-range 192.10.0.0/24 --allocation-pool start=192.10.0.2,end=192.10.0.20
openstack network create net_B
openstack subnet create subnet_B --network net_B --subnet-range 10.0.10.0/24 --allocation-pool start=10.0.10.2,end=10.0.10.20
openstack port create --network net_A --fixed-ip subnet=subnet_A,ip-address=192.10.0.100 --security-group test_sg port_A
openstack port create --network net_B --fixed-ip subnet=subnet_B,ip-address=10.0.10.100 --security-group test_sg port_B
openstack server add port vm1 port_A
openstack server add port vm2 port_B
Now, let’s create trunk ports and test how it works.
Configure Neutron trunk ports¶
Create ports for the trunk:
openstack port create \ --network net_A \ --fixed-ip subnet=subnet_A,ip-address=192.10.0.120 \ trunk_port port_mac=$(openstack port show trunk_port -c mac_address -f value) openstack port create \ --network net_B \ --mac-address ${port_mac} \ --fixed-ip subnet=subnet_B,ip-address=10.0.10.120 \ trunk_subport
Example of a positive system response:
+-------------------------+-------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+-------------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | binding_vif_type | unbound | | binding_vnic_type | normal | | fixed_ips | ip_address='192.10.0.120', subnet_id='aefc3ce5-8b53-41b0-a97a-887e9f78832b' | | id | 224fc881-e897-4d75-8b9f-0e02544fe3a0 | | mac_address | fa:16:3e:40:09:af | | name | trunk_port | | network_id | 02108a2b-7cf2-4ef4-88f6-d8a101e4d688 | | revision_number | 1 | | status | DOWN | | trunk_details | None | +-------------------------+-------------------------------------------------------------------------------------------------------+ +-------------------------+----------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+----------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | binding_vif_type | unbound | | binding_vnic_type | normal | | fixed_ips | ip_address='10.0.10.120', subnet_id='161e3165-e411-4675-921f-875b4004ba0f' | | id | 6dc57f5e-4448-4a9d-ba13-64d96951caaa | | mac_address | fa:16:3e:40:09:af | | name | trunk_subport | | network_id | 66e13174-bead-4560-bf22-620c6df59eef | | revision_number | 1 | | status | DOWN | | trunk_details | None | +-------------------------+----------------------------------------------------------------------------------------------------+
Note
We create
trunk_subportusing the same MAC address as its parenttrunk_port. Neutron developers recommend this approach to avoid issues with ARP spoof protection and the native OVS firewall driver.Create the trunk:
openstack network trunk create \ --parent-port trunk_port \ --subport port=trunk_subport,segmentation-type=vlan,segmentation-id=100 \ trunk_test
Example of a positive system response:
+-------------------+-------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------------------------------------+ | id | d98b39e6-44a9-4885-a99f-e0bfd346e4cb | | is_admin_state_up | True | | name | trunk_test | | port_id | 224fc881-e897-4d75-8b9f-0e02544fe3a0 | | revision_number | 0 | | status | DOWN | | sub_ports | port_id='6dc57f5e-4448-4a9d-ba13-64d96951caaa', segmentation_id='100', segmentation_type='vlan' | | tags | [] | +-------------------+-------------------------------------------------------------------------------------------------+
Add
trunk_portto the VM3. You can use thetrunk_portname or ID oftrunk_testas a port value when you add it to the VM:openstack server add port vm3 trunk_port
Verify the status of the ports:
openstack port list --network net_A openstack port list --network net_B
Example of a positive system response:
+--------------------------------------+------------+-------------------+-----------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------------+-------------------+-----------------------------------------------------------------------------+--------+ | 224fc881-e897-4d75-8b9f-0e02544fe3a0 | trunk_port | fa:16:3e:40:09:af | ip_address='192.10.0.120', subnet_id='aefc3ce5-8b53-41b0-a97a-887e9f78832b' | ACTIVE | | 94a4133d-1ee9-4e66-b7c8-0fbf45f71670 | port_A | fa:16:3e:60:dc:5f | ip_address='192.10.0.100', subnet_id='aefc3ce5-8b53-41b0-a97a-887e9f78832b' | ACTIVE | +--------------------------------------+------------+-------------------+-----------------------------------------------------------------------------+--------+ +--------------------------------------+---------------+-------------------+----------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+---------------+-------------------+----------------------------------------------------------------------------+--------+ | 6dc57f5e-4448-4a9d-ba13-64d96951caaa | trunk_subport | fa:16:3e:40:09:af | ip_address='10.0.10.120', subnet_id='161e3165-e411-4675-921f-875b4004ba0f' | ACTIVE | | bc19ce85-387a-4f30-bf01-3c8251c9c8c9 | port_B | fa:16:3e:62:27:66 | ip_address='10.0.10.100', subnet_id='161e3165-e411-4675-921f-875b4004ba0f' | ACTIVE | +--------------------------------------+---------------+-------------------+----------------------------------------------------------------------------+--------+
Verify the trunk status:
openstack network trunk show trunk_test
Example of a positive system response:
+-------------------+-------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------------------------------------------------------------+ | id | d98b39e6-44a9-4885-a99f-e0bfd346e4cb | | is_admin_state_up | True | | name | trunk_test | | port_id | 224fc881-e897-4d75-8b9f-0e02544fe3a0 | | project_id | 86ff0f08f36d46a592f6273ba417ea54 | | revision_number | 2 | | status | ACTIVE | | sub_ports | port_id='6dc57f5e-4448-4a9d-ba13-64d96951caaa', segmentation_id='100', segmentation_type='vlan' | | tags | [] | +-------------------+-------------------------------------------------------------------------------------------------+
Verify the VM status:
openstack server list
Example of a positive system response:
+--------------------------------------+------+--------+-------------------------------------------------------+--------------+--------------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+------+--------+-------------------------------------------------------+--------------+--------------+ | 604ebbb1-8c2c-4087-b231-528df7ba5d33 | vm3 | ACTIVE | mgmt_net=10.11.12.134, 192.0.2.23; net_A=192.10.0.120 | Ubuntu-18.04 | m1.tiny_test | | 3de1061b-18aa-4bf7-806f-28c4309de592 | vm2 | ACTIVE | mgmt_net=10.11.12.118, 192.0.2.22; net_B=10.0.10.100 | Ubuntu-18.04 | m1.tiny_test | | a94fe384-9de4-4d75-8b39-2b22d6855f8f | vm1 | ACTIVE | mgmt_net=10.11.12.100, 192.0.2.21; net_A=192.10.0.100 | Ubuntu-18.04 | m1.tiny_test | +--------------------------------------+------+--------+-------------------------------------------------------+--------------+--------------+
Configure IP addresses for new interfaces on the VMs:
On VM1:
ip link ip addr add 192.10.0.100/24 dev ens8 ip link set ens8 up
On VM2:
ip link ip addr add 10.0.10.100/24 dev ens8 ip link set ens8 up
For VM3 we also need to create the VLAN device to receive packets from
trunk_subport. In this example, the configured interface is namedens8:ip link ip link add link ens8 name ens8.100 type vlan id 100 ip addr add 192.10.0.120/24 dev ens8 ip addr add 10.0.10.120/24 dev ens8.100 ip link set ens8 up
Note
In our setup, VMs are running on Ubuntu. If you use another operating system, set the IP addresses correspondingly.
Verify that VM3 can ping VM1 and VM2 through its trunk port:
root@vm3:~# ping -w1 -c1 192.10.0.100 PING 192.10.0.100 (192.10.0.100) 56(84) bytes of data. 64 bytes from 192.10.0.100: icmp_seq=1 ttl=64 time=2.69 ms --- 192.10.0.100 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.696/2.696/2.696/0.000 ms root@vm3:~# ping -w1 -c1 10.0.10.100 PING 10.0.10.100 (10.0.10.100) 56(84) bytes of data. 64 bytes from 10.0.10.100: icmp_seq=1 ttl=64 time=5.46 ms --- 10.0.10.100 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.465/5.465/5.465/0.000 ms
By following this tutorial, you have successfully configured a trunk port in
OpenStack Neutron. VM3 can now communicate with both net_A and net_B
through a single interface using VLAN segmentation. This setup enables
efficient network management and reduces the number of required ports,
simplifying your infrastructure.
For further customization, refer to the official OpenStack Neutron documentation on trunk port configurations.