Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Configuring OVN gateways for a Red Hat OpenStack Services on OpenShift deployment

An OVN gateway connects the logical OpenStack tenant network to a physical external network. Many RHOSO environments have at least one OVN gateway and might have more than one physical external network and more than one OVN gateway.

Some environments do not include an OVN gateway. For example, an environment might not have an OVN gateway because connectivity is not required, because the environment does not use centralized floating IPs or routers and workloads directly connected to provider networks, or because some other connection method is used.

You can choose where OVN gateways are configured. OVN gateway location choices include the following:

Control plane
OVN gateways on RHOCP worker nodes that host the OpenStack controller services. Place the OVN gateway on a dedicated NIC whose sole purpose is to provide an interface to the OVN gateway.
Data plane
OVN gateways on dedicated Networker nodes on the data plane. For more information, see Configuring Networker nodes.

Control plane OVN gateways can be subject to more disruption than data plane OVN gateways.

You can place OVN gateways on dedicated NICs on the control plane nodes. This reduces the potential for interruption but requires an additional NIC.

Prerequisites

  • You have the oc command line tool installed on your workstation.
  • You are logged on to a workstation that has access to the RHOSO control plane as a user with cluster-admin privileges.
  • Each RHOCP worker node that hosts the RHOSO control plane has a NIC dedicated to an OVN gateway. Use the same NIC name for the dedicated NIC on each node. In addition, each worker node has at least the two NICs described in Red Hat OpenShift Container Platform cluster requirements.
  • Your OpenStackControlPlane custom resource (CR) file, openstack_control_plane.yaml, exists on your workstation.

Procedure

  1. Open the OpenStackControlPlane CR definition file, openstack_control_plane.yaml.

  2. Add the following ovnController configuration, including nicMappings, to the ovn service configuration: 

    apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
  name: openstack-control-plane
  namespace: openstack
spec:
...
  ovn:
    template:
      ovnController:
        networkAttachment: tenant
        nicMappings:
          <network_name: nic_name>
    • Replace <network_name> with the name of the physical provider network your gateway is on. This should match the value of the --provider-physical-network argument to the openstack network create command used to create the network. For example, datacentre.
    • Replace <nic_name> with the name of the NIC connecting to the gateway network, such as enp6s0.
    • Optional: Add additional <network_name>:<nic_name> pairs under nicMappings as required.

  3. Update the control plane: 

    $ oc apply -f openstack_control_plane.yaml -n openstack

    The ovn-operator creates the network attachment definitions, adds them to the pods, creates an external bridge, and configures external-ids:ovn-bridge-mappings. The setting external-ids:ovn-cms-options=enable-chassis-as-gw is configured by default.

  4. Wait until RHOCP creates the resources related to the OpenStackControlPlane CR. Run the following command to check the status: 

    $ oc get openstackcontrolplane -n openstack
NAME 						STATUS 	MESSAGE
openstack-control-plane 	Unknown 	Setup started

    The OpenStackControlPlane resources are created when the status is "Setup complete".

    Tip

    Append the -w option to the end of the get command to track deployment progress.

  5. Confirm that the control plane is deployed by reviewing the pods in the openstack namespace: 

    $ oc get pods -n openstack

    The control plane is deployed when all the pods are either completed or running. Verify that ovn-controller and ovn-controller-ovs pods are running, and that the number of running pods is equal to the number of OCP control plane nodes where OpenStack control plane services are running.

Verification

  1. Run a remote shell command on the OpenStackClient pod to confirm that the OVN Controller Gateway Agents are running on the control plane nodes: 

    $ oc rsh -n openstack openstackclient openstack network agent list
    Example output
    +--------------------------------------+------------------------------+---------+
| ID                                   | agent_type                   | host    |
+--------------------------------------+----------------------------------------+
| 5335c34d-9233-47bd-92f1-fc7503270783 | OVN Controller Gateway agent | ctrl0   |
| ff66288c-5a7c-41fb-ba54-6c781f95a81e | OVN Controller Gateway agent | ctrl1   |
| 5335c34d-9233-47bd-92f1-fc7503270783 | OVN Controller Gateway agent | ctrl2   |
+--------------------------------------+----------------------------------------+

You can configure a deployment with no control plane OVN gateways. For example, you configure data plane OVN gateways only, or you do not configure any OVN gateways.

Configuring a deployment with no control plane OVN gateways requires omitting the ovnController configuration from the control plane custom resource (CR).

Prerequisites

  • RHOSO 18.0.3 (Feature Release 1) or later.
  • You have the oc command line tool installed on your workstation.
  • You are logged on to a workstation that has access to the RHOSO control plane as a user with cluster-admin privileges.

Procedure

  1. Open your OpenStackControlPlane custom resource (CR) file, openstack_control_plane.yaml, on your workstation.

  2. If there is an ovnController section:

    1. Remove the ovnController section.

    2. Update the control plane: 

      $ oc apply -f openstack_control_plane.yaml -n openstack
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top