Networking in OpenStack for non-networking people: Neutron, Open vSwitch and friends
-
Upload
dave-neary -
Category
Technology
-
view
37.822 -
download
1
Transcript of Networking in OpenStack for non-networking people: Neutron, Open vSwitch and friends
Networking in OpenStack for non-networking people: Neutron, OVS and friends
Dave [email protected] Source and StandardsRed Hat
AGENDA
Networking review: the OSI model
Networking in a virtual world
Neutron and OVS
Debugging and fixing networking issues
Networking: The OSI model
Layer 1
Layer 7
Networking: The OSI model
Layer 1
Layer 7
Cables
Switching
Routers
Hardware
Software
TCP/IP
SMTP
Switches and routers
Networking in a virtual world
CC BY from OpenStack Operations Guide:http://bit.ly/OpenStackNetworking
Networking in a virtual world: Open vSwitch
Networking in a virtual world: Open Daylight
Networking in a virtual world: Neutron
Abstracts away internals of switching and SDN provider
Provides high-level abstractions (router, subnet, network, gateway)
Law of Leaky Abstractions applies
Neutron: Creating a subnet
neutron router-create router1
neutron net-create net1
neutron subnet-create net1 172.17.0.0/24 --name subnet1
neutron router-interface-add router1 subnet1
Neutron: Attaching a public subnet
neutron net-create net2 --router-external=True
neutron subnet-create net2 192.168.0.0/24 --name subnet2 --enable_dhcp=False --allocation-pool start=192.168.0.32,end=192.168.0.63 --gateway=192.168.0.1
neutron router-gateway-set router1 net2
Neutron: Floating IPs
To connect from an external machine to an instance, you need a routable IP address
Floating IP addresses are public aliases for private IP addresses
They survive changes in private IPs, enable load balancing, etc.
Equivalent to Elastic IPs in AWS
Neutron: Floating IPs
neutron floatingip-create net2
neutron floatingip-list
neutron port-list
neutron floatingip-associate
Debugging network issues: Devices
ip a shows status of all physical and virtual devices
ovs-vsctl show shows interfaces and bridges in the virtual switch
ovs-dpctl show shows datapaths on the switch
Debugging network issues: Tracking packets
tcpdump is your friendtcpdump -n -i -w
Set interface to vnet device, instance eth0, bridge device, or host ethernet device to see where packets are not getting through
-i any for all interfaces
iptables -L to check iptables rules
Debugging network issues: Network namespaces
Network namespaces allow VLANs to share overlapping address space important for bigger deployments, and to provide multi-tenant networks
ip netns list lists all known network namespaces
ip netns exec route -nShows routing table inside specific namespace
Execute arbitrary commands (incl. ssh, ping)
Debugging networking issues: DHCP
Scenario: Instance is not getting IP address
Step 1: nova console-log DHCP request sent, no reply received
Step 2: Verify neutron-dhcp-agent is running
Step 3: Check host logs (/var/log/messages and /var/log/neutron/*)
Step 4: If host is not seeing DHCP traffic: tcpdump -i all | grep -i dhcp
Debugging networking issues: Access/routing
Scenario: I can't SSH into an instance
Step 1: Security groups: port 22 TCP & all ICMP allowed?
Step 2: Is floating IP address routable from client?route -n on client
Verify that public subnet in OpenStack is accessible from client (eg. for local LAN, that it matches 192.168.0.0/24)
Step 3: Bridges OK?
Debugging networking issues: Access/routing
Bridge issues:ovs-vsctl show is ethernet card attached to same bridge as public network?
neutron router show router1 are the private subnet and public subnet connected to the router?
ip netns exec ping - does the public network match the local LAN exactly?
ip netns exec route -n is traffic being correctly routed from the instance out?
Resources
OpenStack Network troubleshooting: http://bit.ly/OpenStackNetworking
OpenStack Networking: L3 workflow: http://bit.ly/L3Workflow
RDO Networking: http://bit.ly/RDONetworking
RDO: Neutron with an external network: http://bit.ly/RDONeutronExtNet
OpenStack Tales from the Crypt: http://bit.ly/OpenStackCrypt
QUESTIONS?
Click to edit the title text format
Click to edit the outline text format
DAVE NEARY
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level
Click to edit the title text format
Click to edit the outline text format
Click to edit the title text format
Click to edit the outline text format
RED HAT OPENSTACK | 2013
DOC144908-20130513r1