Ubuntu 14.04
Sponsored Link

OpenStack Liberty : Neutron Network (VXLAN)
2015/12/27
 
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure VXLAN type of provider networking on here. Before it, Configure basic settings on Control Node, Network Node, Compute Node.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.

                                        |
  +-------------+                  +----+----+
  | Name Server |                  | Gateway |
  +------+------+                  +----+----+
         |10.0.0.10                     |10.0.0.1
         |                              |
         +------------+-----------------+------------------------+
         |            |                 |                        |
         |            |                 |              10.0.0.200-10.0.0.254
     eth0|10.0.0.30   |        10.0.0.50| eth0          +--------+-------+
+--------+---------+  |     +-----------+----------+    | Virtual Router |
| [ Control Node ] |  |     |   [ Network Node ]   |    +--------+-------+
|     Keystone     |  |     |       DHCP Agent     |       192.168.100.1
|      Glance      |  |     |       L3 Agent       |eth1         |            192.168.100.0/24
|     Nova API     |  |     |       L2 Agent       |             |           +-----------------+
|  Neutron Server  |  |     |    Metadata Agent    |             |       +---| Virtual Machine |
+------------------+  |     +----------------------+             |       |   +-----------------+
                      |                                          |       |   +-----------------+
                      |     +----------------------+             +-------+---| Virtual Machine |
                      | eth0|   [ Compute Node ]   |eth1                 |   +-----------------+
                      +-----|     Nova Compute     |                     |   +-----------------+
                   10.0.0.51|       L2 Agent       |                     |---| Virtual Machine |
                            +----------------------+                     |   +-----------------+
                                                                         |   +-----------------+
                                                                         +---| Virtual Machine |
                                                                             +-----------------+
[1] Change settings on Control Node.
root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# near line 8: add value in tenant_network_types

tenant_network_types =
vxlan
# near line 66: add

[ml2_type_flat]
flat_networks = physnet1
# near line 89: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@dlp ~(keystone)#
initctl restart neutron-server

[2] Change settings on Network Node.
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# near line 8: add value in tenant_network_types

tenant_network_types =
vxlan
# near line 66: add

[ml2_type_flat]
flat_networks = physnet1
# near line 89: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# line 2: add

[linux_bridge]
physical_interface_mappings = vlan:eth0,physnet1:eth1
# near line 14: add (specify local IP address for local_ip)

[vxlan]
enable_vxlan = True
local_ip = 10.0.0.50
l2_population = True
# line 48: add

[agent]
prevent_arp_spoofing = True
root@network:~#
vi /etc/neutron/dhcp_agent.ini
# near line 75: add

dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
root@network:~#
vi /etc/neutron/dnsmasq-neutron.conf
# create new

dhcp-option-force=26,1450
root@network:~#
for service in l3-agent dhcp-agent metadata-agent plugin-linuxbridge-agent; do
initctl restart neutron-$service
done

[3] Change settings on Compute Node.
root@node01:~#
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf

root@node01:~#
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf

root@node01:~#
sysctl -p

root@node01:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# near line 8: add value in tenant_network_types

tenant_network_types =
vxlan
# near line 66: add

[ml2_type_flat]
flat_networks = physnet1
# near line 89: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@node01:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# line 2: add

[linux_bridge]
physical_interface_mappings = vlan:eth0
# near line 14: add (specify local IP address for local_ip)

[vxlan]
enable_vxlan = True
local_ip = 10.0.0.51
l2_population = True
# near line 48: add

[agent]
prevent_arp_spoofing = True
root@node01:~#
initctl restart neutron-plugin-linuxbridge-agent

[4] Create a Virtual router. It's OK to work on any node. (This example is on Control Node)
# create a virtual router

root@dlp ~(keystone)#
neutron router-create router01

Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| distributed           | False                                |
| external_gateway_info |                                      |
| ha                    | False                                |
| id                    | 267273d2-2509-4824-96e9-6ed879896abb |
| name                  | router01                             |
| routes                |                                      |
| status                | ACTIVE                               |
| tenant_id             | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+-----------------------+--------------------------------------+

root@dlp ~(keystone)#
Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'`

[5] Create internal network and associate with the router above.
# create internal network

root@dlp ~(keystone)#
tenantID=`openstack project list | grep service | awk '{print $2}'`

root@dlp ~(keystone)#
neutron net-create int_net --tenant-id $tenantID --provider:network_type vxlan

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | c352c783-37d5-40c4-8e50-0d0d6e44fa21 |
| mtu                       | 0                                    |
| name                      | int_net                              |
| port_security_enabled     | True                                 |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 16                                   |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | ba3f5997c2474c13b36e6f6bc47a264c     |
+---------------------------+--------------------------------------+

# create subnet in the internal network

root@dlp ~(keystone)#
neutron subnet-create \
--gateway 192.168.100.1 --dns-nameserver 10.0.0.1 int_net 192.168.100.0/24

Created a new subnet:
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| allocation_pools  | {"start": "192.168.100.2", "end": "192.168.100.254"} |
| cidr              | 192.168.100.0/24                                     |
| dns_nameservers   | 10.0.0.1                                             |
| enable_dhcp       | True                                                 |
| gateway_ip        | 192.168.100.1                                        |
| host_routes       |                                                      |
| id                | 7e3e5878-b69b-427c-b24d-ac9cbdf284ce                 |
| ip_version        | 4                                                    |
| ipv6_address_mode |                                                      |
| ipv6_ra_mode      |                                                      |
| name              |                                                      |
| network_id        | c352c783-37d5-40c4-8e50-0d0d6e44fa21                 |
| subnetpool_id     |                                                      |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2                     |
+-------------------+------------------------------------------------------+

root@dlp ~(keystone)#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above

root@dlp ~(keystone)#
neutron router-interface-add $Router_ID $Int_Subnet_ID

Added interface 4c2fba63-b262-45ec-8043-11033446f5fa to router 267273d2-2509-4824-96e9-6ed879896abb.
[6] Create external network and associate with the router above.
# create external network

root@dlp ~(keystone)#
neutron net-create ext_net --router:external True --provider:physical_network physnet1 --provider:network_type flat

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | f1c05750-2dbe-4e9e-9b56-ca4107f54160 |
| mtu                       | 0                                    |
| name                      | ext_net                              |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+---------------------------+--------------------------------------+

# create subnet in external network

root@dlp ~(keystone)#
neutron subnet-create ext_net \
--allocation-pool start=10.0.0.200,end=10.0.0.254 \
--gateway 10.0.0.1 --dns-nameserver 10.0.0.1 10.0.0.0/24 --disable-dhcp

Created a new subnet:
+-------------------+----------------------------------------------+
| Field             | Value                                        |
+-------------------+----------------------------------------------+
| allocation_pools  | {"start": "10.0.0.200", "end": "10.0.0.254"} |
| cidr              | 10.0.0.0/24                                  |
| dns_nameservers   | 10.0.0.1                                     |
| enable_dhcp       | False                                        |
| gateway_ip        | 10.0.0.1                                     |
| host_routes       |                                              |
| id                | 30dee5b0-0504-4575-be0e-455ac25a68d4         |
| ip_version        | 4                                            |
| ipv6_address_mode |                                              |
| ipv6_ra_mode      |                                              |
| name              |                                              |
| network_id        | f1c05750-2dbe-4e9e-9b56-ca4107f54160         |
| subnetpool_id     |                                              |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2             |
+-------------------+----------------------------------------------+

root@dlp ~(keystone)#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'`

# set gateway to the router above

root@dlp ~(keystone)#
neutron router-gateway-set $Router_ID $Ext_Net_ID

Set gateway for router 267273d2-2509-4824-96e9-6ed879896abb
[7] Create and start Virtual machine Instance.
root@dlp ~(keystone)#
Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'`

root@dlp ~(keystone)#
nova image-list

+--------------------------------------+------------+--------+--------+
| ID                                   | Name       | Status | Server |
+--------------------------------------+------------+--------+--------+
| f29a589b-595a-4f0c-bbce-f6f3537f2a7c | Ubuntu1404 | ACTIVE |        |
+--------------------------------------+------------+--------+--------+

root@dlp ~(keystone)#
nova boot --flavor 2 --image Ubuntu1404 --security_group default --nic net-id=$Int_Net_ID Ubuntu_1404

root@dlp ~(keystone)#
nova list

+-----------+-------------+--------+------------+-------------+-----------------------+
| ID        | Name        | Status | Task State | Power State | Networks              |
+-----------+-------------+--------+------------+-------------+-----------------------+
| a25ba5e7- | Ubuntu_1404 | ACTIVE | -          | Running     | int_net=192.168.100.3 |
+-----------+-------------+--------+------------+-------------+-----------------------+
[8] Assign floating IP address to the Instance above.
root@dlp ~(keystone)#
neutron floatingip-create ext_net

Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    |                                      |
| floating_ip_address | 10.0.0.201                           |
| floating_network_id | f1c05750-2dbe-4e9e-9b56-ca4107f54160 |
| id                  | 8b3abead-1695-4f11-8e62-3f18d160a776 |
| port_id             |                                      |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+---------------------+--------------------------------------+

root@dlp ~(keystone)#
Device_ID=`nova list | grep Ubuntu_1404 | awk '{ print $2 }'`

root@dlp ~(keystone)#
Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.3 | awk '{ print $2 }'`

root@dlp ~(keystone)#
Floating_ID=`neutron floatingip-list | grep 10.0.0.201 | awk '{ print $2 }'`

root@dlp ~(keystone)#
neutron floatingip-associate $Floating_ID $Port_ID

Associated floating IP 8b3abead-1695-4f11-8e62-3f18d160a776
# confirm settings

root@dlp ~(keystone)#
neutron floatingip-show $Floating_ID

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 192.168.100.3                        |
| floating_ip_address | 10.0.0.201                           |
| floating_network_id | f1c05750-2dbe-4e9e-9b56-ca4107f54160 |
| id                  | 8b3abead-1695-4f11-8e62-3f18d160a776 |
| port_id             | a80f5a55-3956-4f0a-9fa8-43ea5521c968 |
| router_id           | 267273d2-2509-4824-96e9-6ed879896abb |
| status              | ACTIVE                               |
| tenant_id           | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+---------------------+--------------------------------------+
[9] Configure security settings like follows to access with SSH and ICMP.
# permit ICMP

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol icmp default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | eb5f5557-397b-4662-aa28-a85e67a6d5c1 |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          | icmp                                 |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | 29cb0389-e33a-4e65-9db5-6e3e18901a07 |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+-------------------+--------------------------------------+

# permit SSH

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 96c37376-3cd2-4499-abb0-cb6efc0702fd |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | 29cb0389-e33a-4e65-9db5-6e3e18901a07 |
| tenant_id         | fa7d34414b8c45c4a2fdc29403fb5cd2     |
+-------------------+--------------------------------------+

root@dlp ~(keystone)#
neutron security-group-rule-list

+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| id                                   | security_group | direction | ethertype | protocol/port | remote          |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| 67c6be2e-640f-4c3b-9b46-367366c0afeb | default        | ingress   | IPv4      | any           | default (group) |
| 96c37376-3cd2-4499-abb0-cb6efc0702fd | default        | ingress   | IPv4      | 22/tcp        | any             |
| a3779b4e-2042-4264-b8d0-3d3ffb5c6fec | default        | ingress   | IPv6      | any           | default (group) |
| d8566bc8-46ac-4118-adca-2dd0b3d61893 | default        | egress    | IPv6      | any           | any             |
| eb5f5557-397b-4662-aa28-a85e67a6d5c1 | default        | ingress   | IPv4      | icmp          | any             |
| ee3585ff-23fb-42db-baa7-c3271bdd8c77 | default        | egress    | IPv4      | any           | any             |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
[10] It's possible to login to the Instance to connect to the IP address with SSH like follows.
root@dlp ~(keystone)#
ssh trusty@10.0.0.201

trusty@10.0.0.201's password:
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-74-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

0 packages can be updated.
0 updates are security updates.

Last login: Mon Dec 28 22:43:11 2015
trusty@ubuntu:~$    
# just logined
 
Tweet