9. Distributed Virtual Routers
by James Denton
Learning OpenStack Networking (Neutron) - Second Edition
- Learning OpenStack Networking (Neutron) Second Edition
- Table of Contents
- Learning OpenStack Networking (Neutron) Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Preparing the Network for OpenStack
- 2. Installing OpenStack
- System requirements
- Initial network configuration
- Initial steps
- Installing OpenStack
- Summary
- 3. Installing Neutron
- 4. Building a Virtual Switching Infrastructure
- Virtual network devices
- Network types supported by Neutron
- Choosing a plugin and driver
- Visualizing traffic flow when using LinuxBridge
- Visualizing the traffic flow when using Open vSwitch
- Configuring the ML2 networking plugin
- Configuring the LinuxBridge driver and agent
- Configuring the Open vSwitch driver and agent
- Summary
- 5. Creating Networks with Neutron
- Network management
- Neutron ports
- Attaching instances to networks
- Exploring how instances get their addresses
- Exploring how instances retrieve their metadata
- Summary
- 6. Managing Security Groups
- Security groups in OpenStack
- An introduction to iptables
- Working with security groups
- Managing security groups in the CLI
- Creating security groups in the CLI
- Deleting security groups in the CLI
- Listing security groups in the CLI
- Showing the details of a security group in the CLI
- Updating security groups in the CLI
- Creating security group rules in the CLI
- Deleting security group rules in the CLI
- Listing security group rules in the CLI
- Showing the details of a security group rule in the CLI
- Applying security groups to instances and ports in the CLI
- Removing security groups from instances and ports in the CLI
- Managing security groups in the CLI
- Implementing security group rules
- Working with security groups in the dashboard
- Disabling port security
- Summary
- 7. Creating Standalone Routers with Neutron
- Routing traffic in a cloud
- Installing and configuring the Neutron L3 agent
- Router management in the CLI
- Creating routers in the CLI
- Working with router interfaces in the CLI
- Listing the interfaces attached to routers
- Deleting internal interfaces
- Clearing the gateway interface
- Listing routers in the CLI
- Displaying router attributes in the CLI
- Updating router attributes in the CLI
- Deleting routers in the CLI
- Network address translation
- Floating IP management
- Demonstrating traffic flow from an instance to the Internet
- Setting the foundation
- Creating an external provider network
- Creating a Neutron router
- Attaching the router to the external network
- Testing gateway connectivity
- Creating an internal network
- Attaching the router to the internal network
- Creating instances
- Verifying instance connectivity
- Observing default NAT behavior
- Assigning floating IPs
- Reassigning floating IPs
- Router management in the dashboard
- Summary
- 8. Router Redundancy Using VRRP
- 9. Distributed Virtual Routers
- Distributing routers across the cloud
- Installing and configuring Neutron components
- Routing east-west traffic between instances
- Centralized SNAT
- Floating IPs through distributed virtual routers
- Summary
- 10. Load Balancing Traffic to Instances
- Fundamentals of load balancing
- Integrating load balancers into the network
- Installing LBaaS
- Load balancer management in the CLI
- Building a load balancer
- Load balancer management in the dashboard
- Summary
- 11. Firewall as a Service
- Enabling FWaaS
- Firewall Management in the CLI
- Managing firewall rules
- Managing firewall policies
- Creating a firewall policy in the CLI
- Deleting a firewall policy in the CLI
- Listing firewall policies in the CLI
- Showing the details of a firewall policy in the CLI
- Updating a firewall policy in the CLI
- Inserting rules into firewall policies in the CLI
- Removing rules from firewall policies in the CLI
- Managing firewalls
- Creating a firewall rule
- Creating a firewall policy
- Creating a firewall
- Demonstrating traffic flow through a firewall
- Summary
- 12. Virtual Private Network as a Service
- A. Additional Neutron Commands
- B. Virtualizing the Environment
- Index
Prior to the introduction of Neutron in the Folsom release of OpenStack, all network management was built into the Nova API and was known as nova-network. Nova-network remains an alternative to Neutron, although the networking models and functionality provided by it are limited when compared to the advanced features offered by Neutron. Despite its advanced feature set, up until the Juno release, Neutron was unable to replicate one of the most common networking scenarios available with nova-network: FlatDHCP with multi-host.
The multi-host functionality of nova-network offers high availability of networking by limiting the single points of failure to individual compute nodes rather than single network nodes or L2/L3 agents. High availability using distributed virtual routers borrows many concepts from the nova-network multi-host model while retaining support for many of the networking features provided by Neutron.
Much like nova-network does with its multi-host functionality, Neutron can distribute a virtual router across compute nodes in an effort to isolate the failure domain to a particular compute node rather than a traditional network node. By eliminating a centralized layer 3 agent, the routing that was performed on a single node is now handled by the compute nodes themselves.
Legacy routing using a centralized network node resembles the following diagram:
Figure 9.1
In the legacy model, traffic from the blue virtual machine to the red virtual machine on a different network would traverse a centralized network node hosting the router. If the node hosting the router were to fail, traffic between the instances and external networks, or the instances themselves, would be dropped.
In this chapter, I will discuss the following:
- Installing and configuring additional L3 agents
- Demonstrating the creation and management of a distributed virtual router
- Routing between networks behind the same router
- Outbound connectivity using SNAT
- Inbound and outbound connectivity using floating IPs
-
No Comment