Learning OpenStack,Networking (Neutron)电子书

Learning OpenStack Networking (Neutron)

Table of Contents

Learning OpenStack Networking (Neutron)

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Preparing the Network for OpenStack

What is OpenStack Networking?

Features of OpenStack Networking

Switching

Routing

Load balancing

Firewalling

Virtual private networks

Preparing the physical infrastructure

Types of network traffic

Management network

API network

External network

Guest network

Physical server connections

Single interface

Multiple interfaces

Bonding

Separating services across nodes

A single controller with one or more compute nodes

A single controller plus network node with one or more compute nodes

Summary

2. Installing OpenStack

System requirements

Operating system requirements

Initial network configuration

Interface configuration

Before you begin

Permissions

Configuring the OpenStack repository

Installing OpenStack utilities

Setting the hostnames

Disabling SELinux

Removing iptables rules

Installing and configuring Network Time Protocol

Upgrading the system

Installation of OpenStack

Installing and configuring the MySQL database server

Installing the MySQL database client

Installing and configuring the messaging server

Installing and configuring the Identity service

Defining users, tenants, and roles in Keystone

Define services and API endpoints in Keystone

Verify the Keystone installation

Setting environment variables

Installing and configuring the image service

Define the Glance service and API endpoints in Keystone

Verify the Glance image service installation

Installing and configuring the Compute service

Installing and configuring controller node components

Installing and configuring compute node components

Verify communication between services

Installing the OpenStack dashboard

Allowing connections to the dashboard

Identifying the Keystone server

Changing the listener address

Testing connectivity to the dashboard

Summary

3. Installing Neutron

Basic Neutron constructs

Overlapping networks using network namespaces

Extending network functions with plugins

Installing and configuring Neutron services

Creating the Neutron database

Configuring the Neutron user, role, and endpoint in Keystone

Enabling packet forwarding

Configuring Neutron to use Keystone

Configuring Neutron to use a messaging service

Configuring a root helper

Configuring Nova to utilize Neutron networking

Configuring Neutron services

Configuring neutron-server

Starting neutron-server

Configuring the Neutron DHCP agent

Starting the Neutron DHCP agent

Configuring the Neutron metadata agent

Configuring the Neutron L3 agent

Configuring the Neutron LBaaS agent

Using the Neutron command-line interface

Summary

4. Building a Virtual Switching Infrastructure

Providing layer 2 connectivity to instances

Virtual network interfaces

Bridging

Configuring the bridge interface

Types of networks in Neutron

Choosing a networking plugin

LinuxBridge

Internal network connections when using LinuxBridge

VLAN

Flat

Local

Open vSwitch

Internal network connections when using Open vSwitch

Identifying ports on the virtual switch

Identifying the local VLANs associated with ports

Programming flow rules

Flow rules for VLAN networks

Flow rules for flat networks

Flow rules for local networks

Configuring a layer 2 networking plugin

Configuring the LinuxBridge plugin

Configuring Nova to use LinuxBridge

Configuring the DHCP agent to use LinuxBridge

LinuxBridge plugin configuration options

Tenant network type

Physical interface mappings

Network VLAN ranges

Firewall driver

Restarting services

Configuring the Open vSwitch plugin

Configuring Neutron to use Open vSwitch

Configuring Nova to use Open vSwitch

Configuring the DHCP agent to use Open vSwitch

Open vSwitch plugin configuration options

Bridge mappings

Configuring the bridges

Tenant network type

Network VLAN ranges

Enable tunneling

Tunnel type

Tunnel ID ranges

Integration bridge

Tunnel bridge

Local IP

Configuring a virtual VLAN interface for overlay traffic

Firewall driver

Database

Restarting services to enable the Open vSwitch plugin

Summary

5. Creating Networks with Neutron

Network management

Managing networks in the CLI

Creating a flat network in the CLI

Creating a VLAN in the CLI

Creating a local network in the CLI

Listing networks in the CLI

Showing network properties in the CLI

Updating networks in the CLI

Deleting networks in the CLI

Creating networks in the dashboard

Using the Admin tab as an administrator

Using the Project tab as a user

Subnets in Neutron

Creating subnets in the CLI

Creating a subnet in the CLI

Listing subnets in the CLI

Showing subnet properties in the CLI

Updating a subnet in the CLI

Creating subnets in the dashboard

Using the Admin tab as an administrator

Using the Project tab as a user

Neutron ports

Attaching instances to networks

Attaching instances to networks using Nova boot

Attaching and detaching network interfaces

Adding secondary addresses to interfaces

Exploring how instances get their addresses

Exploring how instances retrieve their metadata

Router namespace

The DHCP namespace

Adding a manual route to 169.254.169.254

Using DHCP to inject the route

Summary

6. Creating Routers with Neutron

Configuring the Neutron L3 agent

Defining an interface driver

Setting the external network

Setting the external bridge

Enabling the metadata proxy

Starting the Neutron L3 agent

Router management in the CLI

Creating routers in the CLI

Working with router interfaces in the CLI

Attaching internal interfaces to routers

Attaching a gateway interface to a router

Listing interfaces attached to routers

Deleting internal interfaces

Clearing the gateway interface

Listing routers in the CLI

Displaying router attributes in the CLI

Updating router attributes in the CLI

Deleting routers in the CLI

Network Address Translation

Floating IP addresses

Floating IP Management

Creating floating IPs in the CLI

Associating floating IPs to ports in the CLI

Listing floating IPs in the CLI

Displaying floating IP attributes in the CLI

Disassociating floating IPs in the CLI

Deleting floating IPs in the CLI

Demonstrating traffic flow from instance to Internet

Setting the foundation

Creating an external provider network

Creating a Neutron router

Attaching the router to the external network

Testing gateway connectivity

Creating an internal network

Attaching the router to the internal network

Creating instances

Verifying instance connectivity

Observing default NAT behavior

Assigning floating IPs

Reassigning floating IPs

Router management in the dashboard

Creating a router in the dashboard

Attaching a gateway interface in the dashboard

Attaching internal interfaces in the dashboard

Viewing the network topology in the dashboard

Associating floating IPs to instances in the dashboard

Disassociating floating IPs in the dashboard

Summary

7. Load Balancing Traffic in Neutron

Fundamentals of load balancing

Load balancing algorithms

Monitoring

Session persistence

Integrating load balancers into the network

Network namespaces

Installing LBaaS

Configuring the Neutron LBaaS agent service

Define an interface driver

Define a device driver

Change the user group

Define a service plugin

Starting the Neutron LBaaS agent service

Enabling LBaaS in Horizon

Load balancer management in the CLI

Managing pools in the CLI

Creating a pool

Deleting a pool

Listing pools

Showing pool details

Showing pool statistics

Updating a pool

Listing pools associated with an agent

Managing pool members in the CLI

Creating pool members

Deleting pool members

Listing pool members

Showing pool member details

Updating a pool member

Managing health monitors in the CLI

Creating a health monitor

Deleting a health monitor

Associating a health monitor with a pool

Disassociating a health monitor from a pool

Listing health monitors

Showing health monitor details

Updating a health monitor

Managing virtual IPs in the CLI

Creating a virtual IP

Deleting a virtual IP

Listing virtual IPs

Showing virtual IP details

Updating a virtual IP

Building a load balancer

Creating a pool

Creating pool members

Creating a health monitor

Creating a virtual IP

The LBaaS network namespace

Confirming load balancer functionality

Observing health monitors

Connecting to the virtual IP externally

Load balancer management in the dashboard

Creating a pool in the dashboard

Creating pool members in the dashboard

Creating health monitors in the dashboard

Creating a virtual IP in the dashboard

Connecting to the virtual IP externally

Summary

8. Protecting Instances on the Network

Security groups in OpenStack

Firewall-as-a-service

Introducing iptables

Working with security groups

Managing security groups in the CLI

Creating security groups in the CLI

Deleting security groups in the CLI

Listing security groups in the CLI

Showing the details of a security group in the CLI

Updating security groups in the CLI

Creating security group rules in the CLI

Deleting security group rules in the CLI

Listing security group rules in the CLI

Showing the details of a security group rule in the CLI

Applying security groups to instances in the CLI

Implementing security group rules

Stepping through the chains

Working with security groups in the dashboard

Working with FWaaS

Preparing Neutron for FWaaS

Configuring the FWaaS driver

Defining a service plugin

Enabling FWaaS in the dashboard

Working with firewalls in the CLI

Creating a firewall rule in the CLI

Deleting a firewall rule in the CLI

Listing firewall rules in the CLI

Showing the details of a firewall rule in the CLI

Updating a firewall rule in the CLI

Creating a firewall policy in the CLI

Deleting a firewall policy in the CLI

Listing firewall policies in the CLI

Showing the details of a firewall policy in the CLI

Updating a firewall policy in the CLI

Inserting rules into firewall policies in the CLI

Removing rules from firewall policies in the CLI

Creating a firewall in the CLI

Deleting a firewall in the CLI

Listing firewalls in the CLI

Showing the details of a firewall in the CLI

Updating a firewall in the CLI

Working with firewalls in the dashboard

Firewall rules – behind the scenes

Stepping through the chains within the firewall

Summary

A. Additional Neutron Commands

Neutron extensions

Listing Neutron API extensions

Showing the details of an API extension

Virtual private networks

Per-tenant quotas

Listing the default quotas

Updating tenant quotas

Listing tenant quotas

Deleting tenant quotas

Cisco Nexus 1000V command reference

VMware/Nicera command reference

B. ML2 Configuration

Installing the ML2 plugin

Creating a database for ML2

Configuring Neutron to use ML2

Configuring service plugins

Configuring the ML2 plugin

Restarting Neutron services

Index