OpenStack Neutron Tutorial
- 1. OpenStack Networking Hands-On Tutorial Kyle Mestery (@mestery) Mark McClain (@gtwmm)
- 2. ● Quick OpenStack and Neutron Overview ● Neutron Deployment Overview ● Hands-On With Neutron ○ Networks and Subnets ○ Routers and L3 constructs ○ LBaaS ○ VPNaaS Agenda
- 3. OpenStack and Neutron Overview
- 4. About OpenStack ● Open Source project founded in 2010 ● 1,786 Unique Developers during Kilo ● A growing ecosystem of projects ○ With a new governance model! ● Production Ready ● Latest Release 2015.1 - Kilo (11th Release) ● Apache 2 Licensed
- 5. OpenStack
- 6. What does the user see?
- 7. What is Neutron? ● Provides “networking as a service” ● Provides Rich Topologies ● Technology Agnostic ● Extensible ● Advanced Services Support ○ LBaaS, VPNaaS, FWaaS
- 8. Neutron Design Goals ● Unified API ● Small Core ● Pluggable Open Architecture ● Extensible ● Growing ecosystem (Neutron as a platform)
- 9. Abstractions
- 10. Basic Deployment
- 12. Types of Network Traffic ● Management ○ Internal communication between services ● API ○ Exposes OpenStack APIs to users of the cloud ● Guest ○ A network dedicated to instance traffic ● External ○ Provides Neutron routers with network access
- 13. Single NIC Setup VM VM VM br-int br-tun br-eth0 eth0 overlay networks mgmt and API external
- 14. Multi-Nic Setup VM VM VM br-int br-tun br-eth1 eth1 overlay networks mgmt and API external eth0 eth0
- 15. Bonded NIC Setup VM VM VM br-int br-tun br-bond0 eth1 overlay networks mgmt and API external eth0 bond0
- 16. What Type Of Neutron Network To Use
- 17. Neutron Provider Network Setup Compute Host Compute Host Compute Host Provider VLAN 100 Provider VLAN 200
- 18. When To Use Provider Networks? ● Mapping Neutron install into existing network environment ● Small number of tenants ● Want to perform routing with existing routers (physical or virtual) ● Little or no interest in floating IPs
- 19. Neutron With Overlays (and L2 gateways!) Compute Host Compute Host Compute Host Network Node Underlay Network L2 Gateway Node L2 Gateway node handles translating between overlay networks to VLAN networks Network node handles L3 routing N/S, and SNAT when used with DVR DVR routes E/W traffic and performs DNAT locally
- 20. When To Use Neutron With Overlays? ● Large number of tenant networks ● Floating IPs central to installation
- 21. Neutron Tutorial
- 22. Thank you to our sponsor! ● Two options for gaining access to provided VMs ○ Join “tutorial” wifi network (password openstackneutron) ○ OR ○ ssh into the jumphost as “[email protected]” ● Username/password for VMs: onug / ONUG2015
- 23. Components used in the tutorial All-In-One Control/Compute Node (Ubuntu 14.04.1) nova glance keystone neutron neutron l2 neutron l3 metadata dhcp Open vSwitch rabbitmq
- 24. Tutorial Assumptions ● You are using a devstack install on a cloud VM provided by Dreamhost ● The Tutorial uses the Kilo release of OpenStack
- 25. Neutron Networks and Subnets In this section, we’ll cover basic Neutron operations around networks, ports and subnets
- 26. Neutron Network Types ● local networks ● provider networks ● overlay networks
- 27. Neutron local networks ● local networks are created locally on the host ○ traffic is local on the node it is created on ● DHCP and metadata may not work with local networks ● Useful for complex technologies where you want to keep some traffic local to a small number of VMs on a host
- 28. Create a local network neutron net-create --provider:network_type=local onug_local
- 29. Neutron provider networks ● Useful when using a small number of tenants and you want to share networks created by the admin ● Assumes L3 routing handled in existing infrastructure
- 30. Creating a provider network neutron net-create --provider:network_type=vlan --provider: physical_network=physnet1 --provider:segmentation_id=200 --shared onug_vlan_network
- 31. Tenant overlay networks ● Useful for installations with a large number of tenants ● Allows tenants to create rich network layouts ● Allows for overlapping, shared IP address spaces ● Can utilize floating IPs for remote access ● Utilize L2 gateways to bridge to VLAN networks
- 32. Create an overlay network neutron net-create onug_overlay
- 33. Neutron subnets ● Subnets are the main L3 resource in Neutron ● Subnets can be IPv4 or IPv6 ● Planning ahead for your subnets is important ○ Note: Pluggable IPAM will be available in Liberty, and allow for integration with existing IPAM solutions you may have
- 34. Creating a subnet neutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 -- gateway=192.168.100.1 --allocation-pool start=192.168.100.2,end=192.168.100.254 --dns- nameservers 8.8.8.8 8.8.4.4
- 35. Quick Detour: Neutron Ports Port created for DHCP agent from previous port
- 36. Neutron Ports and Namespaces The DHCP port created previously looks like this on the host itself
- 37. Neutron Routers We’ll cover Neutron routers, floating IPs, and building complex topologies with them
- 38. Neutron Routers: Overview ● Neutron routers are per-tenant ○ Admin can create routers for tenants ● Neutron routers support both IPv4 and IPv6 ● Neutron routers can route traffic between internal and external networks ● Neutron routers can also route traffic between internal networks
- 40. Create a router neutron router-create onug_router
- 41. Neutron router ports Neutron router Internal interface Gateway interfaceThis interface is attached to a local subnet This interface is attached to an upstream device to provide external connectivity
- 43. Neutron With Distributed Routers!
- 44. Attaching router ports ● Attach the internal router port ○ neutron router-interface-add 87e8ca5c-7446-40d2-9973- b57c6a9f1b0a 68f34192-72d7-4e4d-82ae-b87410113a9a ● Attach the gateway port ○ neutron router-gateway-set 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a dab3f1f7-7015-4439-b393-0ad75d2de536
- 45. Verify your router ports neutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
- 46. Launch An Instance Find your image UUID and flavor ID
- 47. Launch an Instance (cont.) Boot the instance attaching to your tenant created network
- 48. Verify the Instance Is Up Note: We added a security group rule to allow ICMP packets.
- 49. Neutron NAT ● Neutron supports two types of NAT ○ one-to-one (with floating IPs) ○ one-to-many (without floating IPs) ● NAT and DVR ○ DVR supports decentralized DNAT but requires centralized SNAT
- 50. Create And Add a Floating IP
- 51. Neutron subnetpools ● Allow for creation of a range of address to be allocated to a pool ● Subnet allocation can now happen out of that range ● Instead of requiring specific addressing, can now utilize dynamic addressing from the pool
- 54. subnetpool: create subnet using pool
- 55. Neutron LBaaS We’ll walk through Neutron Load Balancing as a Service here, creating LBaaS constructs using the new for Kilo LBaaS V2 API
- 56. Neutron LBaaS V2 ● Neutron LBaaS V2 is new in Kilo ○ New API with different objects and attributes ○ http://developer.openstack.org/api-ref-networking- v2-ext.html#lbaas-v2.0 ● Lets give it a try!
- 57. Neutron LBaas V2 Tutorial ● Create 2 nova instances on onug_overlay network ● Setup security group rules to allow port 80 ● Run simple HTTP servers in those servers ● Create LBaaS constructs to balance HTTP requests across servers
- 58. Create 2 Nova Instances
- 59. Add security group rules
- 60. Spinup simple web servers
- 63. Create the pool
- 64. Add members
- 67. Neutron Open Source Backends
- 68. Open Source Options ● Dragonflow ● OpenContrail ● OpenDaylight ● OVN ● Announced today: Akanda
- 69. Dragonflow ● A fully distributed virtual router using OpenFlow and Open vSwitch ● Removes the use of namespaces on the host for DVR ○ Implementation utilizes straight OpenFlow
- 71. OpenContrail ● Extensible networking system designed for cloud networking and NFV ● Consists of two components: Controller and vRouter ○ Controller is logically centralized by physically distributed SDN controller ○ vRouter is a forwarding plane which runs in the hypervisor
- 72. OpenContrail Architecture OpenStack Nova OpenContrail Neutron Plugin Compute Node OpenStack Nova Agent vRouter Agent Contrail Node Configuration Node
- 73. OpenDaylight ● A community led, industry supported open source platform to support the adoption of SDN and NFV ● A platform to allow for many different APIs on both the north and south side
- 74. OpenDaylight Architecture OpenStack Nova OpenDaylight ML2 Driver Compute Node OpenStack Nova Agent Open vSwitch Compute Node OpenStack Nova Agent Open vSwitch
- 75. Open Virtual Networking (OVN) ● Compliments OVS by adding native support for virtual networking abstractions ○ L2 and L3 overlays, security groups, etc. ● Not a general purpose SDN controller ○ Focuses on L2/L3 networking ● Tight integration with OpenStack
- 76. OVN OpenStack OVN NB Database OVN ML2 Driver ovn-nbd OVN DB ovn-controller ovs-vswitchd ovsdb-server ovn-controller ovs-vswitchd ovsdb-server