OpenStack NetworkingHands-On Tutorial
Kyle Mestery (@mestery)Mark McClain (@gtwmm)
● Quick OpenStack and Neutron Overview● Neutron Deployment Overview● Hands-On With Neutron
○ Networks and Subnets○ Routers and L3 constructs○ LBaaS○ VPNaaS
Agenda
OpenStack and Neutron Overview
About OpenStack● Open Source project founded in 2010● 1,786 Unique Developers during Kilo● A growing ecosystem of projects
○ With a new governance model!● Production Ready● Latest Release 2015.1 - Kilo (11th Release)● Apache 2 Licensed
OpenStack
What does the user see?
What is Neutron?● Provides “networking as a service”● Provides Rich Topologies● Technology Agnostic● Extensible● Advanced Services Support
○ LBaaS, VPNaaS, FWaaS
Neutron Design Goals● Unified API● Small Core● Pluggable Open Architecture● Extensible● Growing ecosystem (Neutron as a platform)
Abstractions
Basic Deployment
Neutron Installation Tips
Types of Network Traffic● Management
○ Internal communication between services● API
○ Exposes OpenStack APIs to users of the cloud● Guest
○ A network dedicated to instance traffic● External
○ Provides Neutron routers with network access
Single NIC Setup
VMVMVM
br-int
br-tun
br-eth0 eth0
overlay networks
mgmt and API
external
Multi-Nic Setup
VMVMVM
br-int
br-tun
br-eth1 eth1
overlay networks
mgmt and API
external
eth0 eth0
Bonded NIC Setup
VMVMVM
br-int
br-tun
br-bond0
eth1overlay networks
mgmt and API
external
eth0
bond0
What Type Of Neutron Network To Use
Neutron Provider Network Setup
Compute Host
Compute Host
Compute Host
Provider VLAN 100
Provider VLAN 200
When To Use Provider Networks?
● Mapping Neutron install into existing network environment
● Small number of tenants● Want to perform routing with existing
routers (physical or virtual)● Little or no interest in floating IPs
Neutron With Overlays (and L2 gateways!)
Compute Host
Compute Host
Compute Host
Network Node
Underlay Network
L2 Gateway Node
L2 Gateway node handles translating between overlay networks to VLAN networks
Network node handles L3 routing N/S, and SNAT when used with DVR
DVR routes E/W traffic and performs DNAT locally
When To Use Neutron With Overlays?
● Large number of tenant networks● Floating IPs central to installation
Neutron Tutorial
Thank you to our sponsor!
● Two options for gaining access to provided VMs○ Join “tutorial” wifi network (password openstackneutron)○ OR○ ssh into the jumphost as “[email protected]”
● Username/password for VMs: onug / ONUG2015
Components used in the tutorial
All-In-One Control/Compute Node (Ubuntu 14.04.1)
nova
glance
keystone
neutron
neutron l2
neutron l3
metadata
dhcp
Open vSwitch
rabbitmq
Tutorial Assumptions● You are using a devstack install on a cloud
VM provided by Dreamhost● The Tutorial uses the Kilo release of
OpenStack
Neutron Networks and Subnets
In this section, we’ll cover basic Neutron operations around networks, ports and subnets
Neutron Network Types● local networks● provider networks● overlay networks
Neutron local networks● local networks are created locally on the host
○ traffic is local on the node it is created on● DHCP and metadata may not work with local
networks● Useful for complex technologies where you
want to keep some traffic local to a small number of VMs on a host
Create a local networkneutron net-create --provider:network_type=local onug_local
Neutron provider networks● Useful when using a small number of tenants
and you want to share networks created by the admin
● Assumes L3 routing handled in existing infrastructure
Creating a provider networkneutron net-create --provider:network_type=vlan --provider:physical_network=physnet1 --provider:segmentation_id=200 --shared onug_vlan_network
Tenant overlay networks● Useful for installations with a large number
of tenants● Allows tenants to create rich network layouts● Allows for overlapping, shared IP address
spaces● Can utilize floating IPs for remote access● Utilize L2 gateways to bridge to VLAN
networks
Create an overlay networkneutron net-create onug_overlay
Neutron subnets● Subnets are the main L3 resource in Neutron● Subnets can be IPv4 or IPv6● Planning ahead for your subnets is
important○ Note: Pluggable IPAM will be available in Liberty,
and allow for integration with existing IPAM solutions you may have
Creating a subnetneutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 --gateway=192.168.100.1 --allocation-pool start=192.168.100.2,end=192.168.100.254 --dns-nameservers 8.8.8.8 8.8.4.4
Quick Detour: Neutron PortsPort created for DHCP agent from previous port
Neutron Ports and Namespaces
The DHCP port created previously looks like this on the host itself
Neutron RoutersWe’ll cover Neutron routers, floating IPs, and building complex topologies with them
Neutron Routers: Overview● Neutron routers are per-tenant
○ Admin can create routers for tenants● Neutron routers support both IPv4 and IPv6● Neutron routers can route traffic between
internal and external networks● Neutron routers can also route traffic
between internal networks
Neutron With Routers
Create a routerneutron router-create onug_router
Neutron router ports
Neutron router
Internal interface
Gateway interfaceThis interface is
attached to a local subnet
This interface is attached to an upstream device to provide external connectivity
Distributed Routers!
Neutron With Distributed Routers!
Attaching router ports● Attach the internal router port
○ neutron router-interface-add 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a 68f34192-72d7-4e4d-82ae-b87410113a9a
● Attach the gateway port○ neutron router-gateway-set 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
dab3f1f7-7015-4439-b393-0ad75d2de536
Verify your router portsneutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
Launch An InstanceFind your image UUID and flavor ID
Launch an Instance (cont.)Boot the instance attaching to your tenant created network
Verify the Instance Is UpNote: We added a security group rule to allow ICMP packets.
Neutron NAT● Neutron supports two types of NAT
○ one-to-one (with floating IPs)○ one-to-many (without floating IPs)
● NAT and DVR○ DVR supports decentralized DNAT but requires
centralized SNAT
Create And Add a Floating IP
Neutron subnetpools● Allow for creation of a range of address to be
allocated to a pool● Subnet allocation can now happen out of
that range● Instead of requiring specific addressing, can
now utilize dynamic addressing from the pool
subnetpool: create network
subnetpool: create subnetpool
subnetpool: create subnet using pool
Neutron LBaaSWe’ll walk through Neutron Load Balancing as a Service here, creating LBaaS constructs using the new for Kilo LBaaS V2 API
Neutron LBaaS V2● Neutron LBaaS V2 is new in Kilo
○ New API with different objects and attributes○ http://developer.openstack.org/api-ref-networking-
v2-ext.html#lbaas-v2.0● Lets give it a try!
Neutron LBaas V2 Tutorial● Create 2 nova instances on onug_overlay
network● Setup security group rules to allow port 80● Run simple HTTP servers in those servers● Create LBaaS constructs to balance HTTP
requests across servers
Create 2 Nova Instances
Add security group rules
Spinup simple web servers
Create some loadbalancers
Create the listener
Create the pool
Add members
Verify it’s working
Debugging Neutron
Neutron Open Source Backends
Open Source Options● Dragonflow● OpenContrail● OpenDaylight● OVN● Announced today: Akanda
Dragonflow● A fully distributed virtual router using
OpenFlow and Open vSwitch● Removes the use of namespaces on the host
for DVR○ Implementation utilizes straight OpenFlow
Dragonflow Architecture
OpenContrail● Extensible networking system designed for
cloud networking and NFV● Consists of two components: Controller and
vRouter○ Controller is logically centralized by physically
distributed SDN controller○ vRouter is a forwarding plane which runs in the
hypervisor
OpenContrail Architecture
OpenStack
NovaOpenContrail
Neutron Plugin
Compute Node
OpenStack Nova Agent
vRouter Agent
Contrail Node
Configuration Node
OpenDaylight● A community led, industry supported open
source platform to support the adoption of SDN and NFV
● A platform to allow for many different APIs on both the north and south side
OpenDaylight Architecture
OpenStack
Nova OpenDaylight ML2 Driver
Compute Node
OpenStack Nova Agent
Open vSwitchCompute Node
OpenStack Nova Agent
Open vSwitch
Open Virtual Networking (OVN)
● Compliments OVS by adding native support for virtual networking abstractions○ L2 and L3 overlays, security groups, etc.
● Not a general purpose SDN controller○ Focuses on L2/L3 networking
● Tight integration with OpenStack
OVNOpenStack
OVN NB Database
OVN ML2 Driver
ovn-nbd
OVN DB
ovn-controller
ovs-vswitchd ovsdb-server
ovn-controller
ovs-vswitchd ovsdb-server
Top Related