openstack neutron tutorial
TRANSCRIPT
![Page 1: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/1.jpg)
OpenStack NetworkingHands-On Tutorial
Kyle Mestery (@mestery)Mark McClain (@gtwmm)
![Page 2: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/2.jpg)
● Quick OpenStack and Neutron Overview● Neutron Deployment Overview● Hands-On With Neutron
○ Networks and Subnets○ Routers and L3 constructs○ LBaaS○ VPNaaS
Agenda
![Page 3: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/3.jpg)
OpenStack and Neutron Overview
![Page 4: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/4.jpg)
About OpenStack● Open Source project founded in 2010● 1,786 Unique Developers during Kilo● A growing ecosystem of projects
○ With a new governance model!● Production Ready● Latest Release 2015.1 - Kilo (11th Release)● Apache 2 Licensed
![Page 5: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/5.jpg)
OpenStack
![Page 6: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/6.jpg)
What does the user see?
![Page 7: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/7.jpg)
What is Neutron?● Provides “networking as a service”● Provides Rich Topologies● Technology Agnostic● Extensible● Advanced Services Support
○ LBaaS, VPNaaS, FWaaS
![Page 8: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/8.jpg)
Neutron Design Goals● Unified API● Small Core● Pluggable Open Architecture● Extensible● Growing ecosystem (Neutron as a platform)
![Page 9: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/9.jpg)
Abstractions
![Page 10: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/10.jpg)
Basic Deployment
![Page 11: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/11.jpg)
Neutron Installation Tips
![Page 12: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/12.jpg)
Types of Network Traffic● Management
○ Internal communication between services● API
○ Exposes OpenStack APIs to users of the cloud● Guest
○ A network dedicated to instance traffic● External
○ Provides Neutron routers with network access
![Page 13: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/13.jpg)
Single NIC Setup
VMVMVM
br-int
br-tun
br-eth0 eth0
overlay networks
mgmt and API
external
![Page 14: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/14.jpg)
Multi-Nic Setup
VMVMVM
br-int
br-tun
br-eth1 eth1
overlay networks
mgmt and API
external
eth0 eth0
![Page 15: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/15.jpg)
Bonded NIC Setup
VMVMVM
br-int
br-tun
br-bond0
eth1overlay networks
mgmt and API
external
eth0
bond0
![Page 16: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/16.jpg)
What Type Of Neutron Network To Use
![Page 17: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/17.jpg)
Neutron Provider Network Setup
Compute Host
Compute Host
Compute Host
Provider VLAN 100
Provider VLAN 200
![Page 18: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/18.jpg)
When To Use Provider Networks?
● Mapping Neutron install into existing network environment
● Small number of tenants● Want to perform routing with existing
routers (physical or virtual)● Little or no interest in floating IPs
![Page 19: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/19.jpg)
Neutron With Overlays (and L2 gateways!)
Compute Host
Compute Host
Compute Host
Network Node
Underlay Network
L2 Gateway Node
L2 Gateway node handles translating between overlay networks to VLAN networks
Network node handles L3 routing N/S, and SNAT when used with DVR
DVR routes E/W traffic and performs DNAT locally
![Page 20: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/20.jpg)
When To Use Neutron With Overlays?
● Large number of tenant networks● Floating IPs central to installation
![Page 21: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/21.jpg)
Neutron Tutorial
![Page 22: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/22.jpg)
Thank you to our sponsor!
● Two options for gaining access to provided VMs○ Join “tutorial” wifi network (password openstackneutron)○ OR○ ssh into the jumphost as “[email protected]”
● Username/password for VMs: onug / ONUG2015
![Page 23: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/23.jpg)
Components used in the tutorial
All-In-One Control/Compute Node (Ubuntu 14.04.1)
nova
glance
keystone
neutron
neutron l2
neutron l3
metadata
dhcp
Open vSwitch
rabbitmq
![Page 24: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/24.jpg)
Tutorial Assumptions● You are using a devstack install on a cloud
VM provided by Dreamhost● The Tutorial uses the Kilo release of
OpenStack
![Page 25: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/25.jpg)
Neutron Networks and Subnets
In this section, we’ll cover basic Neutron operations around networks, ports and subnets
![Page 26: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/26.jpg)
Neutron Network Types● local networks● provider networks● overlay networks
![Page 27: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/27.jpg)
Neutron local networks● local networks are created locally on the host
○ traffic is local on the node it is created on● DHCP and metadata may not work with local
networks● Useful for complex technologies where you
want to keep some traffic local to a small number of VMs on a host
![Page 28: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/28.jpg)
Create a local networkneutron net-create --provider:network_type=local onug_local
![Page 29: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/29.jpg)
Neutron provider networks● Useful when using a small number of tenants
and you want to share networks created by the admin
● Assumes L3 routing handled in existing infrastructure
![Page 30: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/30.jpg)
Creating a provider networkneutron net-create --provider:network_type=vlan --provider:physical_network=physnet1 --provider:segmentation_id=200 --shared onug_vlan_network
![Page 31: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/31.jpg)
Tenant overlay networks● Useful for installations with a large number
of tenants● Allows tenants to create rich network layouts● Allows for overlapping, shared IP address
spaces● Can utilize floating IPs for remote access● Utilize L2 gateways to bridge to VLAN
networks
![Page 32: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/32.jpg)
Create an overlay networkneutron net-create onug_overlay
![Page 33: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/33.jpg)
Neutron subnets● Subnets are the main L3 resource in Neutron● Subnets can be IPv4 or IPv6● Planning ahead for your subnets is
important○ Note: Pluggable IPAM will be available in Liberty,
and allow for integration with existing IPAM solutions you may have
![Page 34: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/34.jpg)
Creating a subnetneutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 --gateway=192.168.100.1 --allocation-pool start=192.168.100.2,end=192.168.100.254 --dns-nameservers 8.8.8.8 8.8.4.4
![Page 35: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/35.jpg)
Quick Detour: Neutron PortsPort created for DHCP agent from previous port
![Page 36: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/36.jpg)
Neutron Ports and Namespaces
The DHCP port created previously looks like this on the host itself
![Page 37: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/37.jpg)
Neutron RoutersWe’ll cover Neutron routers, floating IPs, and building complex topologies with them
![Page 38: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/38.jpg)
Neutron Routers: Overview● Neutron routers are per-tenant
○ Admin can create routers for tenants● Neutron routers support both IPv4 and IPv6● Neutron routers can route traffic between
internal and external networks● Neutron routers can also route traffic
between internal networks
![Page 39: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/39.jpg)
Neutron With Routers
![Page 40: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/40.jpg)
Create a routerneutron router-create onug_router
![Page 41: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/41.jpg)
Neutron router ports
Neutron router
Internal interface
Gateway interfaceThis interface is
attached to a local subnet
This interface is attached to an upstream device to provide external connectivity
![Page 42: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/42.jpg)
Distributed Routers!
![Page 43: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/43.jpg)
Neutron With Distributed Routers!
![Page 44: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/44.jpg)
Attaching router ports● Attach the internal router port
○ neutron router-interface-add 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a 68f34192-72d7-4e4d-82ae-b87410113a9a
● Attach the gateway port○ neutron router-gateway-set 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
dab3f1f7-7015-4439-b393-0ad75d2de536
![Page 45: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/45.jpg)
Verify your router portsneutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
![Page 46: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/46.jpg)
Launch An InstanceFind your image UUID and flavor ID
![Page 47: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/47.jpg)
Launch an Instance (cont.)Boot the instance attaching to your tenant created network
![Page 48: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/48.jpg)
Verify the Instance Is UpNote: We added a security group rule to allow ICMP packets.
![Page 49: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/49.jpg)
Neutron NAT● Neutron supports two types of NAT
○ one-to-one (with floating IPs)○ one-to-many (without floating IPs)
● NAT and DVR○ DVR supports decentralized DNAT but requires
centralized SNAT
![Page 50: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/50.jpg)
Create And Add a Floating IP
![Page 51: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/51.jpg)
Neutron subnetpools● Allow for creation of a range of address to be
allocated to a pool● Subnet allocation can now happen out of
that range● Instead of requiring specific addressing, can
now utilize dynamic addressing from the pool
![Page 52: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/52.jpg)
subnetpool: create network
![Page 53: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/53.jpg)
subnetpool: create subnetpool
![Page 54: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/54.jpg)
subnetpool: create subnet using pool
![Page 55: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/55.jpg)
Neutron LBaaSWe’ll walk through Neutron Load Balancing as a Service here, creating LBaaS constructs using the new for Kilo LBaaS V2 API
![Page 56: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/56.jpg)
Neutron LBaaS V2● Neutron LBaaS V2 is new in Kilo
○ New API with different objects and attributes○ http://developer.openstack.org/api-ref-networking-
v2-ext.html#lbaas-v2.0● Lets give it a try!
![Page 57: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/57.jpg)
Neutron LBaas V2 Tutorial● Create 2 nova instances on onug_overlay
network● Setup security group rules to allow port 80● Run simple HTTP servers in those servers● Create LBaaS constructs to balance HTTP
requests across servers
![Page 58: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/58.jpg)
Create 2 Nova Instances
![Page 59: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/59.jpg)
Add security group rules
![Page 60: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/60.jpg)
Spinup simple web servers
![Page 61: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/61.jpg)
Create some loadbalancers
![Page 62: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/62.jpg)
Create the listener
![Page 63: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/63.jpg)
Create the pool
![Page 64: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/64.jpg)
Add members
![Page 65: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/65.jpg)
Verify it’s working
![Page 66: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/66.jpg)
Debugging Neutron
![Page 67: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/67.jpg)
Neutron Open Source Backends
![Page 68: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/68.jpg)
Open Source Options● Dragonflow● OpenContrail● OpenDaylight● OVN● Announced today: Akanda
![Page 69: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/69.jpg)
Dragonflow● A fully distributed virtual router using
OpenFlow and Open vSwitch● Removes the use of namespaces on the host
for DVR○ Implementation utilizes straight OpenFlow
![Page 70: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/70.jpg)
Dragonflow Architecture
![Page 71: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/71.jpg)
OpenContrail● Extensible networking system designed for
cloud networking and NFV● Consists of two components: Controller and
vRouter○ Controller is logically centralized by physically
distributed SDN controller○ vRouter is a forwarding plane which runs in the
hypervisor
![Page 72: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/72.jpg)
OpenContrail Architecture
OpenStack
NovaOpenContrail
Neutron Plugin
Compute Node
OpenStack Nova Agent
vRouter Agent
Contrail Node
Configuration Node
![Page 73: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/73.jpg)
OpenDaylight● A community led, industry supported open
source platform to support the adoption of SDN and NFV
● A platform to allow for many different APIs on both the north and south side
![Page 74: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/74.jpg)
OpenDaylight Architecture
OpenStack
Nova OpenDaylight ML2 Driver
Compute Node
OpenStack Nova Agent
Open vSwitchCompute Node
OpenStack Nova Agent
Open vSwitch
![Page 75: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/75.jpg)
Open Virtual Networking (OVN)
● Compliments OVS by adding native support for virtual networking abstractions○ L2 and L3 overlays, security groups, etc.
● Not a general purpose SDN controller○ Focuses on L2/L3 networking
● Tight integration with OpenStack
![Page 76: OpenStack Neutron Tutorial](https://reader033.vdocuments.net/reader033/viewer/2022052307/55b6e44dbb61eb63268b492b/html5/thumbnails/76.jpg)
OVNOpenStack
OVN NB Database
OVN ML2 Driver
ovn-nbd
OVN DB
ovn-controller
ovs-vswitchd ovsdb-server
ovn-controller
ovs-vswitchd ovsdb-server