Ubuntu 14.04
Sponsored Link

OpenStack Liberty : Neutron Network (FLAT)
2015/12/27
 
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure FLAT type of provider networking on here. Before it, Configure basic settings on Control Node, Network Node, Compute Node.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.

                                        |
  +-------------+                  +----+----+
  | Name Server |                  | Gateway |
  +------+------+                  +----+----+
         |10.0.0.10                     |10.0.0.1
         |                              |
         +------------+-----------------+------------------+
         |            |                 |                  |     10.0.0.200-10.0.0.250
     eth0|10.0.0.30   |             eth0|10.0.0.50         |         +-----------------+
+--------+---------+  |     +-----------+----------+       |     +---| Virtual Machine |
| [ Control Node ] |  |     |   [ Network Node ]   |       |     |   +-----------------+
|     Keystone     |  |     |       DHCP Agent     |       |     |   +-----------------+
|      Glance      |  |     |       L3 Agent       |eth1   |     |---| Virtual Machine |
|     Nova API     |  |     |       L2 Agent       |       |     |   +-----------------+
|  Neutron Server  |  |     |    Metadata Agent    |       |     |   +-----------------+
+------------------+  |     +----------------------+       +-----+---| Virtual Machine |
                      |                                          |   +-----------------+
                      |     +----------------------+             |   +-----------------+
                      | eth0|   [ Compute Node ]   |             |---| Virtual Machine |
                      +-----|     Nova Compute     |eth1         |   +-----------------+
                   10.0.0.51|       L2 Agent       |             |   +-----------------+
                            +----------------------+             +---| Virtual Machine |
                                                                     +-----------------+

[1] Change settings like follows on both Network Node and Compute Node.
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# near line 66: add

[ml2_type_flat]
flat_networks = physnet1
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# line 2: add

[linux_bridge]
physical_interface_mappings = physnet1:eth1
root@network:~#
initctl restart neutron-plugin-linuxbridge-agent

[2] Create network. It's OK to work on any node. (This example is on Control Node)
root@dlp ~(keystone)#
tenantID=`openstack project list | grep service | awk '{print $2}'`
# create network named "sharednet1"

root@dlp ~(keystone)#
neutron net-create --tenant-id $tenantID sharednet1 \
--shared --provider:network_type flat --provider:physical_network physnet1

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 440891ad-4d07-4536-90f1-f871d85d8eb7 |
| mtu                       | 0                                    |
| name                      | sharednet1                           |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | ba3f5997c2474c13b36e6f6bc47a264c     |
+---------------------------+--------------------------------------+

# create subnet "10.0.0.0/24" in "sharednet1"

root@dlp ~(keystone)#
neutron subnet-create \
--tenant-id $tenantID --gateway 10.0.0.1 --dns-nameserver 10.0.0.1 \
--allocation-pool start=10.0.0.200,end=10.0.0.250 sharednet1 10.0.0.0/24

Created a new subnet:
+-------------------+----------------------------------------------+
| Field             | Value                                        |
+-------------------+----------------------------------------------+
| allocation_pools  | {"start": "10.0.0.200", "end": "10.0.0.250"} |
| cidr              | 10.0.0.0/24                                  |
| dns_nameservers   | 10.0.0.1                                     |
| enable_dhcp       | True                                         |
| gateway_ip        | 10.0.0.1                                     |
| host_routes       |                                              |
| id                | f135f571-9494-4c22-b84a-957bf4c52a6a         |
| ip_version        | 4                                            |
| ipv6_address_mode |                                              |
| ipv6_ra_mode      |                                              |
| name              |                                              |
| network_id        | 440891ad-4d07-4536-90f1-f871d85d8eb7         |
| subnetpool_id     |                                              |
| tenant_id         | ba3f5997c2474c13b36e6f6bc47a264c             |
+-------------------+----------------------------------------------+

# confirm settings

root@dlp ~(keystone)#
neutron net-list

+--------------------------------------+------------+--------------------------------------------------+
| id                                   | name       | subnets                                          |
+--------------------------------------+------------+--------------------------------------------------+
| 440891ad-4d07-4536-90f1-f871d85d8eb7 | sharednet1 | f135f571-9494-4c22-b84a-957bf4c52a6a 10.0.0.0/24 |
+--------------------------------------+------------+--------------------------------------------------+
[3] Create and start a Virtual machine Instance with the network just created above.
root@dlp ~(keystone)#
netID=`neutron net-list | grep sharednet1 | awk '{print $2}'`

root@dlp ~(keystone)#
nova image-list

+--------------------------------------+------------+--------+--------+
| ID                                   | Name       | Status | Server |
+--------------------------------------+------------+--------+--------+
| f29a589b-595a-4f0c-bbce-f6f3537f2a7c | Ubuntu1404 | ACTIVE |        |
+--------------------------------------+------------+--------+--------+

root@dlp ~(keystone)#
nova boot --flavor 2 --image Ubuntu1404 --security_group default --nic net-id=$netID Ubuntu_1404
root@dlp ~(keystone)#
nova list

+-----------+-------------+--------+------------+-------------+-----------------------+
| ID        | Name        | Status | Task State | Power State | Networks              |
+-----------+-------------+--------+------------+-------------+-----------------------+
| df1aafb6- | Ubuntu_1404 | ACTIVE | -          | Running     | sharednet1=10.0.0.201 |
+-----------+-------------+--------+------------+-------------+-----------------------+
[4] Configure security settings like follows to access with SSH and ICMP.
# permit ICMP

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol icmp default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eb5f5557-397b-4662-aa28-a85e67a6d5c1 |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          | icmp                                 |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | 29cb0389-e33a-4e65-9db5-6e3e18901a07 |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+-------------------+--------------------------------------+

# permit SSH

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 96c37376-3cd2-4499-abb0-cb6efc0702fd |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | 29cb0389-e33a-4e65-9db5-6e3e18901a07 |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+-------------------+--------------------------------------+

root@dlp ~(keystone)#
neutron security-group-rule-list

+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| id                                   | security_group | direction | ethertype | protocol/port | remote          |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| 67c6be2e-640f-4c3b-9b46-367366c0afeb | default        | ingress   | IPv4      | any           | default (group) |
| 96c37376-3cd2-4499-abb0-cb6efc0702fd | default        | ingress   | IPv4      | 22/tcp        | any             |
| a3779b4e-2042-4264-b8d0-3d3ffb5c6fec | default        | ingress   | IPv6      | any           | default (group) |
| d8566bc8-46ac-4118-adca-2dd0b3d61893 | default        | egress    | IPv6      | any           | any             |
| eb5f5557-397b-4662-aa28-a85e67a6d5c1 | default        | ingress   | IPv4      | icmp          | any             |
| ee3585ff-23fb-42db-baa7-c3271bdd8c77 | default        | egress    | IPv4      | any           | any             |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
[5] Login to Instance.
root@dlp ~(keystone)#
ssh trusty@10.0.0.201

The authenticity of host '10.0.0.201 (10.0.0.201)' can't be established.
ECDSA key fingerprint is 16:b5:42:59:1c:f1:9f:0f:fa:2b:27:70:7b:c3:44:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.201' (ECDSA) to the list of known hosts.
trusty@10.0.0.201's password:
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-74-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

0 packages can be updated.
0 updates are security updates.

Last login: Mon Dec 28 22:43:11 2015
trusty@ubuntu:~$    
# just logined
 
Tweet