Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by James Denton
Learning OpenStack Networking (Neutron) - Second Edition
Learning OpenStack Networking (Neutron) Second Edition
Table of Contents
Learning OpenStack Networking (Neutron) Second Edition
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Preparing the Network for OpenStack
What is OpenStack Networking?
Features of OpenStack Networking
Switching
Routing
Load balancing
Firewalling
Virtual private networks
Network functions virtualization
Preparing the physical infrastructure
Types of network traffic
Management network
API network
External network
Guest network
Physical server connections
Single interface
Multiple interfaces
Bonding
Separating services across nodes
Using a single controller node
Using a dedicated network node
Summary
2. Installing OpenStack
System requirements
Operating system requirements
Initial network configuration
Example networks
Interface configuration
Initial steps
Updating the system
Permissions
Configuring the OpenStack repository
Installing OpenStack utilities
Setting the hostnames
Installing and configuring Network Time Protocol
Upgrading the system
Installing OpenStack
Installing and configuring the MySQL database server
Installing and configuring the messaging server
Installing and configuring the identity service
Installing Keystone
Configuring the database
Configuring tokens and drivers
Configuring the Apache HTTP server
Download WSGI components
Define services and API endpoints in Keystone
Defining users, tenants, and roles in Keystone
Verifying the Keystone installation
Setting environment variables
Installing and configuring the image service
Configuring the database
Configuring authentication settings
Configuring additional settings
Defining the Glance service and API endpoints in Keystone
Verifying the Glance image service installation
Installing additional images
Installing and configuring the Compute service
Installing and configuring controller node components
Configuring the database
Configuring authentication settings
Additional controller tasks
Installing and configuring compute node components
Additional compute tasks
Verifying communication between services
Installing the OpenStack dashboard
Identifying the Keystone server
Configuring a default role
Reload Apache
Uninstalling the default Ubuntu theme (optional)
Testing connectivity to the dashboard
Summary
3. Installing Neutron
Basic networking elements in Neutron
Extending functionality with plugins
Modular Layer 2 plugin
Drivers
Type drivers
Mechanism drivers
ML2 architecture
Third-party support
Network namespaces
Installing and configuring Neutron services
Creating the Neutron database
Configuring the Neutron user, role, and endpoint in Keystone
Enabling packet forwarding
Configuring Neutron to use Keystone
Configuring Neutron to use a messaging service
Configuring Nova to utilize Neutron networking
Configuring Neutron to notify Nova
Configuring Neutron services
Starting neutron-server
Configuring the Neutron DHCP agent
Restarting the Neutron DHCP agent
Configuring the Neutron metadata agent
Restarting the Neutron metadata agent
Configuring the Neutron L3 agent
Configuring the Neutron LBaaS agent
Using the Neutron command-line interface
Summary
4. Building a Virtual Switching Infrastructure
Virtual network devices
Virtual network interfaces
Virtual network switches
Configuring the bridge interface
Overlay networks
Connectivity issues when using overlay networks
Network types supported by Neutron
Choosing a plugin and driver
Using the LinuxBridge driver
Using the Open vSwitch driver
Using the L2 population driver
Visualizing traffic flow when using LinuxBridge
VLAN
Flat
VXLAN
Local
Visualizing the traffic flow when using Open vSwitch
Identifying ports on the virtual switch
Identifying the VLANs associated with ports
Programming flow rules
Flow rules for VLANs
Flow rules for flat networks
Flow rules for local networks
Configuring the ML2 networking plugin
ML2 plugin configuration options
Type drivers
Mechanism drivers
Tenant network types
Flat networks
Network VLAN ranges
Tunnel ID ranges
VNI ranges
Firewall driver
Enable security group
Enable ipset
Configuring the LinuxBridge driver and agent
Installing the LinuxBridge agent
Configuring Nova to use LinuxBridge
Configuring the DHCP agent to use LinuxBridge
ML2 configuration options for LinuxBridge
Physical interface mappings
Enable VXLAN
L2 population
Local IP
Restarting services
Verifying LinuxBridge agents
Configuring the Open vSwitch driver and agent
Installing the Open vSwitch agent
Configuring Nova to use Open vSwitch
Configuring the DHCP agent to use Open vSwitch
ML2 configuration options for Open vSwitch
Bridge mappings
Configuring the bridges
Enable tunneling
Tunnel type
Integration bridge
Tunnel bridge
Local IP
Tunnel types
Restarting services to enable the Open vSwitch plugin
Verifying Open vSwitch agents
Summary
5. Creating Networks with Neutron
Network management
Provider and tenant networks
Managing networks in the CLI
Creating a flat network in the CLI
Creating a VLAN network in the CLI
Creating a local network in the CLI
Listing networks in the CLI
Showing network properties in the CLI
Updating networks in the CLI
Deleting networks in the CLI
Creating networks in the dashboard
Creating a network via the Admin tab as an administrator
Creating a network via the Project tab as a user
Subnets in Neutron
Creating subnets in the CLI
Creating a subnet in the CLI
Listing subnets in the CLI
Showing subnet properties in the CLI
Updating a subnet in the CLI
Creating subnets in the dashboard
Creating subnets via the Admin tab as an administrator
Creating subnets via the Project tab as a user
Neutron ports
Creating a port
Attaching instances to networks
Attaching instances to networks using nova boot
Attaching network interfaces
Detaching network interfaces
Exploring how instances get their addresses
Watching the DHCP lease cycle
Troubleshooting DHCP
Exploring how instances retrieve their metadata
The DHCP namespace
Adding a manual route to 169.254.169.254
Using DHCP to inject the route
Summary
6. Managing Security Groups
Security groups in OpenStack
An introduction to iptables
Using ipset
Working with security groups
Managing security groups in the CLI
Creating security groups in the CLI
Deleting security groups in the CLI
Listing security groups in the CLI
Showing the details of a security group in the CLI
Updating security groups in the CLI
Creating security group rules in the CLI
Deleting security group rules in the CLI
Listing security group rules in the CLI
Showing the details of a security group rule in the CLI
Applying security groups to instances and ports in the CLI
Removing security groups from instances and ports in the CLI
Implementing security group rules
Stepping through the chains
Working with security groups in the dashboard
Creating a security group
Managing security group rules
Applying security groups to instances
Disabling port security
Configuring Neutron
Issues with enabling the port security extension
Disabling port security for all ports on a network
Disabling port security on an individual port
Summary
7. Creating Standalone Routers with Neutron
Routing traffic in a cloud
Installing and configuring the Neutron L3 agent
Defining an interface driver
Setting the external bridge
Setting the external network
Enabling router namespace deletion
Enabling the metadata proxy
Setting the agent mode
Restarting the Neutron L3 agent
Router management in the CLI
Creating routers in the CLI
Working with router interfaces in the CLI
Attaching internal interfaces to routers
Attaching a gateway interface to a router
Listing the interfaces attached to routers
Deleting internal interfaces
Clearing the gateway interface
Listing routers in the CLI
Displaying router attributes in the CLI
Updating router attributes in the CLI
Deleting routers in the CLI
Network address translation
Floating IP addresses
Floating IP management
Creating floating IPs in the CLI
Associating floating IPs with ports in the CLI
Listing floating IPs in the CLI
Displaying the floating IP attributes in the CLI
Disassociating floating IPs in the CLI
Deleting floating IPs in the CLI
Demonstrating traffic flow from an instance to the Internet
Setting the foundation
Creating an external provider network
Creating a Neutron router
Attaching the router to the external network
Identifying the L3 agent and namespace
Testing gateway connectivity
Creating an internal network
Attaching the router to the internal network
Creating instances
Verifying instance connectivity
Observing default NAT behavior
Assigning floating IPs
Reassigning floating IPs
Router management in the dashboard
Creating a router in the dashboard
Attaching internal interfaces in the dashboard
Viewing the network topology in the dashboard
Associating floating IPs to instances in the dashboard
Disassociating floating IPs in the dashboard
Summary
8. Router Redundancy Using VRRP
Using keepalived and VRRP to provide redundancy
VRRP groups
VRRP priority
VRRP's working mode
Preemptive
Non-preemptive
VRRP timers
Advertisement interval timer
Preemption delay timer
Networking of highly available routers
A dedicated HA network
Limitations
The virtual IP
Determining the master router
Installing and configuring additional L3 agents
Defining an interface driver
Setting the external bridge
Enabling router namespace deletion
Setting the agent mode
Restarting the Neutron L3 agent
Configuring Neutron
Working with highly available routers
Creating highly available routers
Deleting highly available routers
Decomposing a highly available router
Examining the keepalived configuration
Executing a failover
Issues with failovers
Summary
9. Distributed Virtual Routers
Distributing routers across the cloud
Installing and configuring Neutron components
Installing additional L3 agents
Defining an interface driver
Enabling distributed mode
Setting the external bridge
Enabling router namespace deletion
Setting the agent mode
Configuring Neutron
Restarting the Neutron L3 and Open vSwitch agent
Managing distributed virtual routers
Creating distributed virtual routers
Routing east-west traffic between instances
Reviewing the topology
Plumbing it up
Distributing router ports
Making it work
Demonstrating traffic between instances
Centralized SNAT
Reviewing the topology
Using the routing policy database
Tracing a packet through the SNAT namespace
Floating IPs through distributed virtual routers
Introducing (yet) another namespace
Tracing a packet through the FIP namespace
Sending traffic from an instance with a floating IP
Returning traffic to the floating IP
Using proxy ARP
Summary
10. Load Balancing Traffic to Instances
Fundamentals of load balancing
Load balancing algorithms
Monitoring
Session persistence
Integrating load balancers into the network
Network namespaces
Installing LBaaS
Configuring the Neutron LBaaS agent service
Defining an interface driver
Defining a device driver
Configuring Neutron
Defining a service plugin
Defining a service provider
Restarting the Neutron LBaaS agent and API service
Load balancer management in the CLI
Managing pools in the CLI
Creating a pool
Deleting a pool
Listing pools
Showing pool details
Showing pool statistics
Updating a pool
Listing pools associated with an agent
Managing pool members in the CLI
Creating pool members
Deleting pool members
Listing pool members
Showing pool member details
Updating a pool member
Managing health monitors in the CLI
Creating a health monitor
Deleting a health monitor
Associating a health monitor with a pool
Disassociating a health monitor from a pool
Listing health monitors
Showing health monitor details
Updating a health monitor
Managing virtual IPs in the CLI
Creating a virtual IP
Deleting a virtual IP
Listing virtual IPs
Showing virtual IP details
Updating a virtual IP
Building a load balancer
Creating a pool
Creating pool members
Creating a health monitor
Creating a virtual IP
The LBaaS network namespace
Confirming load balancer functionality
Observing health monitors
Connecting to the virtual IP externally
Load balancer management in the dashboard
Creating a pool in the dashboard
Creating pool members in the dashboard
Creating a virtual IP in the dashboard
Connecting to the virtual IP externally
Summary
11. Firewall as a Service
Enabling FWaaS
Configuring the firewall driver
Defining a device driver
Configuring Neutron
Defining a service plugin
Workarounds
Firewall Management in the CLI
Managing firewall rules
Creating a firewall rule in the CLI
Deleting a firewall rule in the CLI
Listing firewall rules in the CLI
Showing the details of a firewall rule in the CLI
Updating a firewall rule in the CLI
Managing firewall policies
Creating a firewall policy in the CLI
Deleting a firewall policy in the CLI
Listing firewall policies in the CLI
Showing the details of a firewall policy in the CLI
Updating a firewall policy in the CLI
Inserting rules into firewall policies in the CLI
Removing rules from firewall policies in the CLI
Managing firewalls
Creating a firewall in the CLI
Deleting a firewall in the CLI
Listing firewalls in the CLI
Showing the details of a firewall in the CLI
Updating a firewall in the CLI
Firewall management in the dashboard
Creating a firewall rule
Creating a firewall policy
Creating a firewall
Demonstrating traffic flow through a firewall
Examining the chains
Summary
12. Virtual Private Network as a Service
An overview of IPSec
Encapsulating Security Payload
Authentication Header
Security association
Modes
Tunnel mode
Transport mode
Internet Security Association and Key Management Protocol
Creating a secure tunnel
Initiation
IKE phase 1
IKE phase 2
Data transfer
Termination
Installing VPNaaS
Configuring the Neutron VPN agent service
Defining a device driver
Configuring Neutron
Defining a service plugin
Defining a service provider
Configuring AppArmor
Additional workarounds
Restarting the Neutron VPN agent service
VPN management in the CLI
Managing IKE policies
Creating an IKE policy in the CLI
Deleting an IKE policy in the CLI
Listing IKE policies in the CLI
Showing the details of an IKE policy in the CLI
Updating an IKE policy in the CLI
Managing IPSec policies
Creating an IPSec policy in the CLI
Deleting an IPSec policy in the CLI
Listing IPSec policies in the CLI
Showing the details of an IPSec policy in the CLI
Updating an IPSec policy in the CLI
Managing VPN services
Creating a VPN service in the CLI
Deleting a VPN service in the CLI
Listing VPN services in the CLI
Showing the details of a VPN service in the CLI
Updating a VPN service in the CLI
Managing IPSec connections
Creating a site-to-site connection in the CLI
Deleting a site-to-site connection in the CLI
Listing site-to-site connections in the CLI
Showing the details of a site-to-site connection in the CLI
Updating a site-to-site connection in the CLI
VPN management in the dashboard
Creating an IKE policy
Creating an IPSec policy
Creating a VPN service
Creating an IPSec site connection
A tale of two routers
Building a tunnel
Confirming connectivity
Summary
A. Additional Neutron Commands
Neutron extensions
Listing the Neutron API extensions
Showing the details of an API extension
Neutron agents
DHCP agents
L3 agents
LBaaS agents
Per-tenant quotas
Listing the current tenant quotas
Updating tenant quotas
Listing tenant quotas
Deleting tenant quotas
Cisco Nexus 1000V command reference
VMware NSX command reference
Nuage VSP command reference
L3 metering
The LBaaS v2 API
Summary
B. Virtualizing the Environment
Configuring VirtualBox networking
Configuring host-only networks
Creating a virtual machine
Configuring a virtual machine
Installing the Ubuntu operating system
Attaching the ISO to the virtual machine
Starting the virtual machine
Configuring virtual machine networking
Accessing the virtual machine
Configuring network interfaces
Accessing a virtual machine over SSH
Changes to the OpenStack installation
Changes to the Nova configuration
Changes to the Neutron configuration
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Table of Contents
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset