Chapter 3. Configuring routed spine-leaf in the undercloud

This section describes a use case about how to configure the undercloud to accommodate routed spine-leaf with composable networks.

3.1. Configuring the spine leaf provisioning networks

To configure the provisioning networks for your spine leaf infrastructure, edit the undercloud.conf file and set the relevant parameters included in the following procedure.


  1. Log in to the undercloud as the stack user.
  2. If you do not already have an undercloud.conf file, copy the sample template file:

    [stack@director ~]$ cp /usr/share/python-tripleoclient/undercloud.conf.sample ~/undercloud.conf
  3. Edit the undercloud.conf file.
  4. Set the following values in the [DEFAULT] section:

    1. Set local_ip to the undercloud IP on leaf0:

      local_ip =
    2. Set undercloud_public_host to the externally facing IP address of the undercloud:

      undercloud_public_host =
    3. Set undercloud_admin_host to the administration IP address of the undercloud. This IP address is usually on leaf0:

      undercloud_admin_host =
    4. Set local_interface to the interface to bridge for the local network:

      local_interface = eth1
    5. Set enable_routed_networks to true:

      enable_routed_networks = true
    6. Define your list of subnets using the subnets parameter. Define one subnet for each L2 segment in the routed spine and leaf:

      subnets = leaf0,leaf1,leaf2
    7. Specify the subnet associated with the physical L2 segment local to the undercloud using the local_subnet parameter:

      local_subnet = leaf0
    8. Set the value of undercloud_nameservers.

      undercloud_nameservers =,

      You can find the current IP addresses of the DNS servers that are used for the undercloud nameserver by looking in /etc/resolv.conf.

  5. Create a new section for each subnet that you define in the subnets parameter:

    cidr =
    dhcp_start =
    dhcp_end =
    inspection_iprange =,
    gateway =
    masquerade = False
    cidr =
    dhcp_start =
    dhcp_end =
    inspection_iprange =,
    gateway =
    masquerade = False
    cidr =
    dhcp_start =
    dhcp_end =
    inspection_iprange =,
    gateway =
    masquerade = False
  6. Save the undercloud.conf file.
  7. Run the undercloud installation command:

    [stack@director ~]$ openstack undercloud install

This configuration creates three subnets on the provisioning network or control plane. The overcloud uses each network to provision systems within each respective leaf.

To ensure proper relay of DHCP requests to the undercloud, you might need to configure a DHCP relay.

3.2. Configuring a DHCP relay

You run the DHCP relay service on a switch, router, or server that is connected to the remote network segment you want to forward the requests from.


Do not run the DHCP relay service on the undercloud.

The undercloud uses two DHCP servers on the provisioning network:

  • An introspection DHCP server.
  • A provisioning DHCP server.

You must configure the DHCP relay to forward DHCP requests to both DHCP servers on the undercloud.

You can use UDP broadcast with devices that support it to relay DHCP requests to the L2 network segment where the undercloud provisioning network is connected. Alternatively, you can use UDP unicast, which relays DHCP requests to specific IP addresses.


Configuration of DHCP relay on specific device types is beyond the scope of this document. As a reference, this document provides a DHCP relay configuration example using the implementation in ISC DHCP software. For more information, see manual page dhcrelay(8).


DHCP option 79 is required for some relays, particularly relays that serve DHCPv6 addresses, and relays that do not pass on the originating MAC address. For more information, see RFC6939.

Broadcast DHCP relay

This method relays DHCP requests using UDP broadcast traffic onto the L2 network segment where the DHCP server or servers reside. All devices on the network segment receive the broadcast traffic. When using UDP broadcast, both DHCP servers on the undercloud receive the relayed DHCP request. Depending on the implementation, you can configure this by specifying either the interface or IP network address:

Specify an interface that is connected to the L2 network segment where the DHCP requests are relayed.
IP network address
Specify the network address of the IP network where the DHCP requests are relayed.

Unicast DHCP relay

This method relays DHCP requests using UDP unicast traffic to specific DHCP servers. When you use UDP unicast, you must configure the device that provides the DHCP relay to relay DHCP requests to both the IP address that is assigned to the interface used for introspection on the undercloud and the IP address of the network namespace that the OpenStack Networking (neutron) service creates to host the DHCP service for the ctlplane network.

The interface used for introspection is the one defined as inspection_interface in the undercloud.conf file. If you have not set this parameter, the default interface for the undercloud is br-ctlplane.


It is common to use the br-ctlplane interface for introspection. The IP address that you define as the local_ip in the undercloud.conf file is on the br-ctlplane interface.

The IP address allocated to the Neutron DHCP namespace is the first address available in the IP range that you configure for the local_subnet in the undercloud.conf file. The first address in the IP range is the one that you define as dhcp_start in the configuration. For example, is the IP address if you use the following configuration:

local_subnet = leaf0
subnets = leaf0,leaf1,leaf2

cidr =
dhcp_start =
dhcp_end =
inspection_iprange =,
gateway =
masquerade = False

The IP address for the DHCP namespace is automatically allocated. In most cases, this address is the first address in the IP range. To verify that this is the case, run the following commands on the undercloud:

$ openstack port list --device-owner network:dhcp -c "Fixed IP Addresses"
| Fixed IP Addresses                                                         |
| ip_address='', subnet_id='7526fbe3-f52a-4b39-a828-ec59f4ed12b2' |
$ openstack subnet show 7526fbe3-f52a-4b39-a828-ec59f4ed12b2 -c name
| Field | Value  |
| name  | leaf0  |

Example dhcrelay configuration

In the following examples, the dhcrelay command in the dhcp package uses the following configuration:

  • Interfaces to relay incoming DHCP request: eth1, eth2, and eth3.
  • Interface the undercloud DHCP servers on the network segment are connected to: eth0.
  • The DHCP server used for introspection is listening on IP address:
  • The DHCP server used for provisioning is listening on IP address

This results in the following dhcrelay command:

  • dhcrelay version 4.2.x:

    $ sudo dhcrelay -d --no-pid \
      -i eth0 -i eth1 -i eth2 -i eth3
  • dhcrelay version 4.3.x and later:

    $ sudo dhcrelay -d --no-pid \
      -iu eth0 -id eth1 -id eth2 -id eth3

Example Cisco IOS routing switch configuration

This example uses the following Cisco IOS configuration to perform the following tasks:

  • Configure a VLAN to use for the provisioning network.
  • Add the IP address of the leaf.
  • Forward UDP and BOOTP requests to the introspection DHCP server that listens on IP address:
  • Forward UDP and BOOTP requests to the provisioning DHCP server that listens on IP address
interface vlan 2
ip address
ip helper-address
ip helper-address

Now that you have configured the provisioning network, you can configure the remaining overcloud leaf networks.

3.3. Designating a role for leaf nodes

Each role in each leaf network requires a flavor and role assignment so that you can tag nodes into their respective leaf. Complete the following steps to create and assign each flavor to a role.


  1. Source the stackrc file:

    [stack@director ~]$ source ~/stackrc
  2. Retrieve a list of your nodes to identify their UUIDs:

    (undercloud)$ openstack baremetal node list
  3. Assign each bare metal node that you want to designate for a role with a custom resource class that identifies its leaf network and role.

    openstack baremetal node set \
     --resource-class baremetal.<ROLE> <node>
    • Replace <ROLE> with a name that identifies the role.
    • Replace <node> with the ID of the bare metal node.

      For example, enter the following command to tag a node with UUID 58c3d07e-24f2-48a7-bbb6-6843f0e8ee13 to the Compute role on Leaf2:

      (undercloud)$ openstack baremetal node set \
       --resource-class baremetal.COMPUTE-LEAF2 58c3d07e-24f2-48a7-bbb6-6843f0e8ee13
  4. Add each role to your overcloud-baremetal-deploy.yaml if it is not already defined.
  5. Define the resource class that you want to assign to the nodes for the role:

    - name: <role>
      count: 1
        resource_class: baremetal.<ROLE>
    • Replace <role> with the name of the role.
    • Replace <ROLE> with a name that identifies the role.
  6. In a baremetal-deploy.yaml file, define the resource class that you want to assign to the nodes for the role. Specify the role, profile, quantity, and associated networks that you are deploying:

    - name: <role>
      count: 1
      hostname_format: <role>-%index%
        - playbook: bm-deploy-playbook.yaml
        resource_class: baremetal.<ROLE>
        profile: control
          - network: external
            subnet: external_subnet
          - network: internal_api
            subnet: internal_api_subnet01
          - network: storage
            subnet: storage_subnet01
          - network: storage_mgmt
            subnet: storage_mgmt_subnet01
          - network: tenant
            subnet: tenant_subnet01
          template: templates/multiple_nics/multiple_nics_dvr.j2
            - external
    • Replace <role> with the name of the role.
    • Replace <ROLE> with a name that identifies the role.


      You must create a baremetal-deploy.yaml environment file for every stack you are deploying, in /home/stack/<stack>.

3.4. Mapping bare metal node ports to control plane network segments

To enable deployment on a L3 routed network, you must configure the physical_network field on the bare metal ports. Each bare metal port is associated with a bare metal node in the OpenStack Bare Metal (ironic) service. The physical network names are the names that you include in the subnets option in the undercloud configuration.


The physical network name of the subnet specified as local_subnet in the undercloud.conf file is always named ctlplane.


  1. Source the stackrc file:

    $ source ~/stackrc
  2. Check the bare metal nodes:

    $ openstack baremetal node list
  3. Ensure that the bare metal nodes are either in enroll or manageable state. If the bare metal node is not in one of these states, the command that sets the physical_network property on the baremetal port fails. To set all nodes to manageable state, run the following command:

    $ for node in $(openstack baremetal node list -f value -c Name); do openstack baremetal node manage $node --wait; done
  4. Check which baremetal ports are associated with which baremetal node:

    $ openstack baremetal port list --node <node-uuid>
  5. Set the physical-network parameter for the ports. In the example below, three subnets are defined in the configuration: leaf0, leaf1, and leaf2. The local_subnet is leaf0. Because the physical network for the local_subnet is always ctlplane, the baremetal port connected to leaf0 uses ctlplane. The remaining ports use the other leaf names:

    $ openstack baremetal port set --physical-network ctlplane <port-uuid>
    $ openstack baremetal port set --physical-network leaf1 <port-uuid>
    $ openstack baremetal port set --physical-network leaf2 <port-uuid>
  6. Introspect the nodes before you deploy the overcloud. Include the --all-manageable and --provide options to set the nodes as available for deployment:

    $ openstack overcloud node introspect --all-manageable --provide

3.5. Adding a new leaf to a spine-leaf provisioning network

When increasing network capacity which can include adding new physical sites, you might need to add a new leaf and a corresponding subnet to your Red Hat OpenStack Platform spine-leaf provisioning network. When provisioning a leaf on the overcloud, the corresponding undercloud leaf is used.


  • Your RHOSP deployment uses a spine-leaf network topology.


  1. Log in to the undercloud host as the stack user.
  2. Source the stackrc undercloud credentials file:

    $ source ~/stackrc
  3. In the /home/stack/undercloud.conf file, do the following:

    1. Locate the subnets parameter, and add a new subnet for the leaf that you are adding.

      A subnet represents an L2 segment in the routed spine and leaf:


      In this example, a new subnet (leaf3) is added for the new leaf (leaf3):

      subnets = leaf0,leaf1,leaf2,leaf3
    2. Create a section for the subnet that you added.


      In this example, the section [leaf3] is added for the new subnet (leaf3):

      cidr =
      dhcp_start =
      dhcp_end =
      inspection_iprange =,
      gateway =
      masquerade = False
      cidr =
      dhcp_start =
      dhcp_end =
      inspection_iprange =,
      gateway =
      masquerade = False
      cidr =
      dhcp_start =
      dhcp_end =
      inspection_iprange =,
      gateway =
      masquerade = False
      cidr =
      dhcp_start =
      dhcp_end =
      inspection_iprange =,
      gateway =
      masquerade = False
  4. Save the undercloud.conf file.
  5. Reinstall your undercloud:

    $ openstack undercloud install
