How to deploy OpenStack using OpenStack-Ansible with Open vSwitch instead of Linux Bridge, covering ML2 plugin configuration, network bridge setup, and DVR.

OpenStack Ansible with Open vSwitch

OpenStack-Ansible (OSA) is the official Ansible-based deployment tool for OpenStack. By default OSA uses Linux Bridge for Neutron networking, but Open vSwitch (OVS) provides better performance and supports advanced features like DPDK and hardware offload. This guide shows how to deploy OpenStack 2024.2 Dalmatian using OSA with OVS.

Why Open vSwitch?

Feature	Linux Bridge	Open vSwitch
VXLAN/GRE tunnels	Yes	Yes
DPDK support	No	Yes
Flow-based forwarding	No	Yes
Hardware offload	Limited	Yes (SmartNIC)
OpenFlow support	No	Yes
Port mirroring	Limited	Yes

Prerequisites

Requirement	Details
Deployment host	Ubuntu 22.04 with Ansible
Target hosts	1 infra, 1+ compute, 1 network node (minimum)
Networking	Management, tunnel, storage, and external network interfaces
OS	Ubuntu 22.04 LTS on all targets

Step 1: Clone OSA

On the deployment host:

git clone -b 2024.2 https://opendev.org/openstack/openstack-ansible /opt/openstack-ansible
cd /opt/openstack-ansible
scripts/bootstrap-ansible.sh

Step 2: Prepare Configuration

Copy the example configuration:

cp -r /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy

Step 3: Configure Networking for OVS

The key file is /etc/openstack_deploy/user_variables.yml. Add the OVS-specific settings:

# Neutron plugin and agent
neutron_plugin_type: ml2.ovs
neutron_ml2_drivers_type: "flat,vlan,vxlan"
neutron_ml2_mechanism_drivers: openvswitch

# OVS agent configuration
neutron_agent_mode: dvr_snat  # or 'legacy' if not using DVR
neutron_l2_population: true

# Tunnel type
neutron_tunnel_types: vxlan
neutron_tunnel_address: "{{ tunnel_address }}"

# Provider network mappings
neutron_provider_networks:
  network_flat_networks: "flat"
  network_mappings: "flat:br-provider"
  network_types: "vxlan,flat"
  network_vxlan_ranges: "1:1000"

Step 4: Configure Host Networking

Edit /etc/openstack_deploy/openstack_user_config.yml to define networks:

cidr_networks:
  management: 172.29.236.0/22
  tunnel: 172.29.240.0/22
  storage: 172.29.244.0/22

used_ips:
  - "172.29.236.1,172.29.236.50"
  - "172.29.240.1,172.29.240.50"
  - "172.29.244.1,172.29.244.50"

global_overrides:
  tunnel_bridge: br-tun
  management_bridge: br-mgmt
  provider_networks:
    - network:
        container_bridge: br-mgmt
        container_type: veth
        container_interface: eth1
        ip_from_q: management
        type: raw
        group_binds:
          - all_containers
          - hosts
    - network:
        container_bridge: br-vxlan
        container_type: veth
        container_interface: eth10
        ip_from_q: tunnel
        type: vxlan
        range: "1:1000"
        net_name: vxlan
        group_binds:
          - neutron_openvswitch_agent
    - network:
        container_bridge: br-provider
        container_type: veth
        container_interface: eth12
        host_bind_override: ens224
        type: flat
        net_name: flat
        group_binds:
          - neutron_openvswitch_agent

Step 5: Configure the Target Host Network Bridges

On each target host, configure /etc/netplan/01-netcfg.yaml:

network:
  version: 2
  ethernets:
    ens192:
      addresses: [172.29.236.11/22]
    ens224:
      dhcp4: no
    ens256:
      addresses: [172.29.240.11/22]
  bridges:
    br-mgmt:
      interfaces: [ens192]
      addresses: [172.29.236.11/22]
    br-provider:
      interfaces: [ens224]
      dhcp4: no

Step 6: Run the Playbooks

cd /opt/openstack-ansible

# Prepare hosts
openstack-ansible playbooks/setup-hosts.yml

# Deploy infrastructure (MariaDB, RabbitMQ, Memcached)
openstack-ansible playbooks/setup-infrastructure.yml

# Deploy OpenStack services
openstack-ansible playbooks/setup-openstack.yml

The full deployment takes 1–3 hours depending on the number of nodes.

Step 7: Verify OVS Configuration

SSH into a compute node and check OVS:

sudo ovs-vsctl show
sudo ovs-ofctl dump-flows br-tun | head

Verify Neutron agents:

openstack network agent list

You should see Open vSwitch agent entries for each compute and network node.

Step 8: Create a Test Network

openstack network create --provider-network-type vxlan test-net
openstack subnet create --network test-net \
  --subnet-range 192.168.100.0/24 test-subnet
openstack router create test-router
openstack router add subnet test-router test-subnet

Troubleshooting

Issue	Fix
OVS agent not starting	Check OVS is installed: `sudo ovs-vsctl --version`
No VXLAN tunnels	Verify `local_ip` resolves and tunnel network is up
Deployment fails at Neutron	Check `user_variables.yml` for typos in OVS config
VMs cannot reach external	Verify `br-provider` has the correct physical interface

Summary

OpenStack-Ansible with OVS gives you a production-grade deployment with advanced networking features like DPDK and hardware offload. The key is setting neutron_plugin_type: ml2.ovs and configuring the provider network bridges correctly.

OpenStack Ansible with OpenVSwitch