Using the Nova command-line client, instances can be attached to networks in a couple of ways. When first booted, instances can be attached to one or more networks using the nova boot command. Running instances can be attached to additional networks using the nova interface-attach command. Both methods are explained in the upcoming sections.
The following nova boot options provide a single network interface to an instance.
Users can specify a network identified by the network's UUID, as follows:
--nic net-id=<UUID of Neutron network>
In the preceding example, Nova interfaces with the Neutron API to create a port using the network ID provided by the user, and Neutron returns details of the port back to Nova for use by the instance.
As an alternative, users can specify a port identified by the port's UUID, as follows:
--nic port-id=<UUID of Neutron network>
In the preceding example, Neutron associates the instance with an existing port and sets the port's device_id attribute accordingly.
By passing the --nic switch multiple times, it is possible to provide multiple virtual interfaces to an instance that is attached to specified networks or ports. The interfaces within the instance may be enumerated as eth0, eth1, eth2, and so on, depending on the operating system.
The following nova boot command demonstrates the procedure of connecting an instance to multiple networks when first booting an instance:
# nova boot --flavor FLAVOR --image IMAGE --nic net-id=NETWORK1_UUID --nic net-id=NETWORK2_UUID --nic net-id=NETWORK3_UUID INSTANCE
Nova attaches instances to the virtual switch on the compute node with a virtual interface, or VIF. Each VIF has a corresponding Neutron port in the database. In the preceding example, the instance was connected to three different Neutron networks. When using the Open vSwitch driver, each VIF plugs into the integration bridge on the respective compute node hosting the instance. The virtual switch port is configured with a local VLAN ID that corresponds to the network associated with the Neutron port and VIF.
Note
When security groups are used, the OVS hybrid firewall driver utilizes Linux bridges for iptables support. The VIF may first plug into a Linux bridge (qbr) that connects to the integration bridge with a veth pair (qvo,qva). More information on this can be found in Chapter 6, Managing Security Groups.
When using the LinuxBridge driver, each VIF connects to a Linux bridge that corresponds to the associated network. Every network has a corresponding bridge that is used to segregate traffic.
Attaching multiple network interfaces to an instance is referred to as multihoming. When an instance is multihomed, neither Neutron nor the instance itself is aware of which network takes precedence over another. When attached networks and subnets have their own respective gateway addresses set, an instance's routing table can be populated with multiple default routes. This scenario can wreak havoc on the connectivity and routing behavior of an instance.
Note
Paravirtualized devices, including network and storage devices that use virtio drivers, are PCI devices. Virtual machine instances under KVM are currently limited to 32 total PCI devices. Some PCI devices are critical for operation, including the host bridge, the ISA/USB bridge, the graphics card, and the memory balloon device, leaving up to 28 PCI slots available for use. Every paravirtualized network or block device uses one slot. This means that users may have issues attempting to connect upwards of 20-25 networks to an instance depending on the characteristics of the instance.
There are times when it may be necessary to add an additional network interface to a running instance and have it connect to a network. Use cases may include the need to access other instances on an isolated backend network or communicate with physical devices on a flat or VLAN network. Using the nova interface-attach command, you can specify an existing port or create a new port based on specific network or IP requirements.
The nova interface-attach command syntax is as follows:
usage: nova interface-attach [--port-id <port_id>] [--net-id <net-id>] [--fixed-ip <fixed_ip>] INSTANCE
The --port-id option allows users to attach an existing Neutron port to an instance. The port must be one that is not currently associated with any other instance or resource.
The --net-id option allows users to attach a new interface to an instance from the specified network. A new port that has a unique MAC address and an IP from the specified network is created in Neutron. It is possible to attach an instance to the same network multiple times using multiple nova interface-attach commands.
The --fixed-ip option can be used in conjunction with the --net-id options and allows users to specify a particular IP address for use rather than the next available address in the subnet.
If no options are specified, Nova will attempt to attach an interface from an existing network. If more than one network exists, the following error will be observed:
Figure 5.30