- Learning OpenStack Networking (Neutron) Second Edition
- Table of Contents
- Learning OpenStack Networking (Neutron) Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Preparing the Network for OpenStack
- 2. Installing OpenStack
- System requirements
- Initial network configuration
- Initial steps
- Installing OpenStack
- Summary
- 3. Installing Neutron
- 4. Building a Virtual Switching Infrastructure
- Virtual network devices
- Network types supported by Neutron
- Choosing a plugin and driver
- Visualizing traffic flow when using LinuxBridge
- Visualizing the traffic flow when using Open vSwitch
- Configuring the ML2 networking plugin
- Configuring the LinuxBridge driver and agent
- Configuring the Open vSwitch driver and agent
- Summary
- 5. Creating Networks with Neutron
- Network management
- Neutron ports
- Attaching instances to networks
- Exploring how instances get their addresses
- Exploring how instances retrieve their metadata
- Summary
- 6. Managing Security Groups
- Security groups in OpenStack
- An introduction to iptables
- Working with security groups
- Managing security groups in the CLI
- Creating security groups in the CLI
- Deleting security groups in the CLI
- Listing security groups in the CLI
- Showing the details of a security group in the CLI
- Updating security groups in the CLI
- Creating security group rules in the CLI
- Deleting security group rules in the CLI
- Listing security group rules in the CLI
- Showing the details of a security group rule in the CLI
- Applying security groups to instances and ports in the CLI
- Removing security groups from instances and ports in the CLI
- Managing security groups in the CLI
- Implementing security group rules
- Working with security groups in the dashboard
- Disabling port security
- Summary
- 7. Creating Standalone Routers with Neutron
- Routing traffic in a cloud
- Installing and configuring the Neutron L3 agent
- Router management in the CLI
- Creating routers in the CLI
- Working with router interfaces in the CLI
- Listing the interfaces attached to routers
- Deleting internal interfaces
- Clearing the gateway interface
- Listing routers in the CLI
- Displaying router attributes in the CLI
- Updating router attributes in the CLI
- Deleting routers in the CLI
- Network address translation
- Floating IP management
- Demonstrating traffic flow from an instance to the Internet
- Setting the foundation
- Creating an external provider network
- Creating a Neutron router
- Attaching the router to the external network
- Testing gateway connectivity
- Creating an internal network
- Attaching the router to the internal network
- Creating instances
- Verifying instance connectivity
- Observing default NAT behavior
- Assigning floating IPs
- Reassigning floating IPs
- Router management in the dashboard
- Summary
- 8. Router Redundancy Using VRRP
- 9. Distributed Virtual Routers
- Distributing routers across the cloud
- Installing and configuring Neutron components
- Routing east-west traffic between instances
- Centralized SNAT
- Floating IPs through distributed virtual routers
- Summary
- 10. Load Balancing Traffic to Instances
- Fundamentals of load balancing
- Integrating load balancers into the network
- Installing LBaaS
- Load balancer management in the CLI
- Building a load balancer
- Load balancer management in the dashboard
- Summary
- 11. Firewall as a Service
- Enabling FWaaS
- Firewall Management in the CLI
- Managing firewall rules
- Managing firewall policies
- Creating a firewall policy in the CLI
- Deleting a firewall policy in the CLI
- Listing firewall policies in the CLI
- Showing the details of a firewall policy in the CLI
- Updating a firewall policy in the CLI
- Inserting rules into firewall policies in the CLI
- Removing rules from firewall policies in the CLI
- Managing firewalls
- Creating a firewall rule
- Creating a firewall policy
- Creating a firewall
- Demonstrating traffic flow through a firewall
- Summary
- 12. Virtual Private Network as a Service
- A. Additional Neutron Commands
- B. Virtualizing the Environment
- Index
OpenStack Networking, also known as Neutron, provides a network Infrastructure as a Server (IaaS) platform to users of the cloud. In the last chapter, we installed some of the base services of OpenStack, including Keystone, Glance, and Nova. In this chapter, I will guide you through the installation of Neutron networking services on top of the OpenStack environment installed in the previous chapter.
Components to be installed include:
- Neutron API server
- Modular Layer 2 (ML2) plugin
- DHCP agent
- Metadata agent
By the end of this chapter, you will have a basic understanding of the function and operation of various Neutron plugins and agents, as well as a foundation on top of which a virtual switching infrastructure can be built.
Neutron constructs the virtual network using elements that are familiar to all system and network administrators, including networks, subnets, ports, routers, load balancers, and more.
Using version 2.0 of the core Neutron API, users can build a network foundation composed of the following entities:
- Network: A network is an isolated layer 2 broadcast domain. Typically reserved for the tenants that created them, networks could be shared among tenants if configured accordingly. The network is the core entity of the Neutron API. Subnets and ports must always be associated with a network.
- Subnet: A subnet is an IPv4 or IPv6 address block from which IP addresses can be assigned to virtual machine instances. Each subnet must have a CIDR and must be associated with a network. Multiple subnets can be associated with a single network and can be noncontiguous. A DHCP allocation range can be set for a subnet that limits the addresses provided to instances.
- Port: A port in Neutron represents a virtual switch port on a logical virtual switch. Virtual machine interfaces are mapped to Neutron ports, and the ports define both the MAC address and the IP address to be assigned to the interfaces plugged into them. Neutron port definitions are stored in the Neutron database, which is then used by the respective plugin agent to build and connect the virtual switching infrastructure.
Cloud operators and users alike can configure network topologies by creating and configuring networks and subnets, and then instruct services such as Nova to attach virtual devices to ports on these networks. Users can create multiple networks, subnets, and ports, but are limited to thresholds defined by per-tenant quotas set by the cloud administrator.
-
No Comment