- Learning OpenStack Networking (Neutron) Second Edition
- Table of Contents
- Learning OpenStack Networking (Neutron) Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Preparing the Network for OpenStack
- 2. Installing OpenStack
- System requirements
- Initial network configuration
- Initial steps
- Installing OpenStack
- Summary
- 3. Installing Neutron
- 4. Building a Virtual Switching Infrastructure
- Virtual network devices
- Network types supported by Neutron
- Choosing a plugin and driver
- Visualizing traffic flow when using LinuxBridge
- Visualizing the traffic flow when using Open vSwitch
- Configuring the ML2 networking plugin
- Configuring the LinuxBridge driver and agent
- Configuring the Open vSwitch driver and agent
- Summary
- 5. Creating Networks with Neutron
- Network management
- Neutron ports
- Attaching instances to networks
- Exploring how instances get their addresses
- Exploring how instances retrieve their metadata
- Summary
- 6. Managing Security Groups
- Security groups in OpenStack
- An introduction to iptables
- Working with security groups
- Managing security groups in the CLI
- Creating security groups in the CLI
- Deleting security groups in the CLI
- Listing security groups in the CLI
- Showing the details of a security group in the CLI
- Updating security groups in the CLI
- Creating security group rules in the CLI
- Deleting security group rules in the CLI
- Listing security group rules in the CLI
- Showing the details of a security group rule in the CLI
- Applying security groups to instances and ports in the CLI
- Removing security groups from instances and ports in the CLI
- Managing security groups in the CLI
- Implementing security group rules
- Working with security groups in the dashboard
- Disabling port security
- Summary
- 7. Creating Standalone Routers with Neutron
- Routing traffic in a cloud
- Installing and configuring the Neutron L3 agent
- Router management in the CLI
- Creating routers in the CLI
- Working with router interfaces in the CLI
- Listing the interfaces attached to routers
- Deleting internal interfaces
- Clearing the gateway interface
- Listing routers in the CLI
- Displaying router attributes in the CLI
- Updating router attributes in the CLI
- Deleting routers in the CLI
- Network address translation
- Floating IP management
- Demonstrating traffic flow from an instance to the Internet
- Setting the foundation
- Creating an external provider network
- Creating a Neutron router
- Attaching the router to the external network
- Testing gateway connectivity
- Creating an internal network
- Attaching the router to the internal network
- Creating instances
- Verifying instance connectivity
- Observing default NAT behavior
- Assigning floating IPs
- Reassigning floating IPs
- Router management in the dashboard
- Summary
- 8. Router Redundancy Using VRRP
- 9. Distributed Virtual Routers
- Distributing routers across the cloud
- Installing and configuring Neutron components
- Routing east-west traffic between instances
- Centralized SNAT
- Floating IPs through distributed virtual routers
- Summary
- 10. Load Balancing Traffic to Instances
- Fundamentals of load balancing
- Integrating load balancers into the network
- Installing LBaaS
- Load balancer management in the CLI
- Building a load balancer
- Load balancer management in the dashboard
- Summary
- 11. Firewall as a Service
- Enabling FWaaS
- Firewall Management in the CLI
- Managing firewall rules
- Managing firewall policies
- Creating a firewall policy in the CLI
- Deleting a firewall policy in the CLI
- Listing firewall policies in the CLI
- Showing the details of a firewall policy in the CLI
- Updating a firewall policy in the CLI
- Inserting rules into firewall policies in the CLI
- Removing rules from firewall policies in the CLI
- Managing firewalls
- Creating a firewall rule
- Creating a firewall policy
- Creating a firewall
- Demonstrating traffic flow through a firewall
- Summary
- 12. Virtual Private Network as a Service
- A. Additional Neutron Commands
- B. Virtualizing the Environment
- Index
FWaaS enables users to create and manage firewalls that provide layer 3 and layer 4 filtering at the perimeter of tenant networks connected to Neutron routers. The reference driver uses iptables to implement firewalling within router namespaces. FWaaS is often used as a compliment to security groups as it currently lacks some functionality that security groups provide—most notably, the ability to specify the direction of traffic that should be filtered.
FWaaS saw major improvements in the Kilo release and will continue to improve in releases to come. As of Kilo, FWaaS remains in an experimental status and is not recommended for production use. Be sure to reference the OpenStack Neutron Networking guide found at the following URL for up-to-date changes and examples for topics covered in this chapter and others:
http://docs.openstack.org/networking-guide/
In the next chapter, we will explore another advanced Neutron service known as Virtual Private Network as a Service, or VPNaaS. VPNaaS provides users with the ability to build site-to-site IPSec tunnels that provide encryption and authentication of tenant traffic behind Neutron routers.
-
No Comment