- Learning OpenStack Networking (Neutron) Second Edition
- Table of Contents
- Learning OpenStack Networking (Neutron) Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Preparing the Network for OpenStack
- 2. Installing OpenStack
- System requirements
- Initial network configuration
- Initial steps
- Installing OpenStack
- Summary
- 3. Installing Neutron
- 4. Building a Virtual Switching Infrastructure
- Virtual network devices
- Network types supported by Neutron
- Choosing a plugin and driver
- Visualizing traffic flow when using LinuxBridge
- Visualizing the traffic flow when using Open vSwitch
- Configuring the ML2 networking plugin
- Configuring the LinuxBridge driver and agent
- Configuring the Open vSwitch driver and agent
- Summary
- 5. Creating Networks with Neutron
- Network management
- Neutron ports
- Attaching instances to networks
- Exploring how instances get their addresses
- Exploring how instances retrieve their metadata
- Summary
- 6. Managing Security Groups
- Security groups in OpenStack
- An introduction to iptables
- Working with security groups
- Managing security groups in the CLI
- Creating security groups in the CLI
- Deleting security groups in the CLI
- Listing security groups in the CLI
- Showing the details of a security group in the CLI
- Updating security groups in the CLI
- Creating security group rules in the CLI
- Deleting security group rules in the CLI
- Listing security group rules in the CLI
- Showing the details of a security group rule in the CLI
- Applying security groups to instances and ports in the CLI
- Removing security groups from instances and ports in the CLI
- Managing security groups in the CLI
- Implementing security group rules
- Working with security groups in the dashboard
- Disabling port security
- Summary
- 7. Creating Standalone Routers with Neutron
- Routing traffic in a cloud
- Installing and configuring the Neutron L3 agent
- Router management in the CLI
- Creating routers in the CLI
- Working with router interfaces in the CLI
- Listing the interfaces attached to routers
- Deleting internal interfaces
- Clearing the gateway interface
- Listing routers in the CLI
- Displaying router attributes in the CLI
- Updating router attributes in the CLI
- Deleting routers in the CLI
- Network address translation
- Floating IP management
- Demonstrating traffic flow from an instance to the Internet
- Setting the foundation
- Creating an external provider network
- Creating a Neutron router
- Attaching the router to the external network
- Testing gateway connectivity
- Creating an internal network
- Attaching the router to the internal network
- Creating instances
- Verifying instance connectivity
- Observing default NAT behavior
- Assigning floating IPs
- Reassigning floating IPs
- Router management in the dashboard
- Summary
- 8. Router Redundancy Using VRRP
- 9. Distributed Virtual Routers
- Distributing routers across the cloud
- Installing and configuring Neutron components
- Routing east-west traffic between instances
- Centralized SNAT
- Floating IPs through distributed virtual routers
- Summary
- 10. Load Balancing Traffic to Instances
- Fundamentals of load balancing
- Integrating load balancers into the network
- Installing LBaaS
- Load balancer management in the CLI
- Building a load balancer
- Load balancer management in the dashboard
- Summary
- 11. Firewall as a Service
- Enabling FWaaS
- Firewall Management in the CLI
- Managing firewall rules
- Managing firewall policies
- Creating a firewall policy in the CLI
- Deleting a firewall policy in the CLI
- Listing firewall policies in the CLI
- Showing the details of a firewall policy in the CLI
- Updating a firewall policy in the CLI
- Inserting rules into firewall policies in the CLI
- Removing rules from firewall policies in the CLI
- Managing firewalls
- Creating a firewall rule
- Creating a firewall policy
- Creating a firewall
- Demonstrating traffic flow through a firewall
- Summary
- 12. Virtual Private Network as a Service
- A. Additional Neutron Commands
- B. Virtualizing the Environment
- Index
A port in Neutron is a logical connection of a virtual network interface to a subnet. Ports can be associated with virtual machine instances, DHCP servers, routers, firewalls, load balancers, and more. Ports can even be created simply to reserve IP addresses from a subnet. Neutron stores port relationships in the Neutron database and uses this information to build switching connections at the physical or virtual switch layer through the networking plugin and agent.
To retrieve a list of all Neutron ports, use the Neutron port-list command, as shown in the following screenshot:
Figure 5.26
Use the Neutron port-show command to see the details of a particular port:
Figure 5.27
The port pictured in Figure 5.27 is owned by an interface used within a DHCP namespace. The network_id field reveals the network to be 3282acdf-85d1-47ea-b734-f5625cfca027, otherwise known as the MyFlatNetwork network, which was created earlier in this chapter.
Use the ip netns exec command to execute ip addr within the DHCP namespace to list its interfaces and their details:
Figure 5.28
In the DHCP namespace, the interface's MAC address corresponds to the port's mac_address field, while the name of the interface corresponds to the first 10 characters of the Neutron port UUID:
Figure 5.29
By creating a Neutron port manually, users have the ability to specify a particular fixed IP address, MAC address, security group, and more.
To create a port, use the Neutron port-create command, as follows:
usage: neutron port-create [--tenant-id TENANT_ID] [--name NAME] [--fixed-ip subnet_id=SUBNET,ip_address=IP_ADDR] [--device-id DEVICE_ID] [--device-owner DEVICE_OWNER] [--admin-state-down] [--mac-address MAC_ADDRESS] [--security-group SECURITY_GROUP | --no-security-groups] [--extra-dhcp-opt EXTRA_DHCP_OPTS] NETWORK
Once created, the port can then be associated with a virtual machine instance or other virtual network device or can simply be used to reserve an IP address in a subnet.
-
No Comment