Ubuntu 16.04
Sponsored Link

OpenStack Newton : Neutron Network(VXLAN)
2016/11/17
 
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure VXLAN type of provider networking on here.
Before it, Configure basic settings on Control Node, Network Node, Compute Node.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.

                                        |
  +-------------+                  +----+----+
  | Name Server |                  | Gateway |
  +------+------+                  +----+----+
         |10.0.0.10                     |10.0.0.1
         |                              |
         +------------+-----------------+------------------------+
         |            |                 |                        |
         |            |                 |              10.0.0.200-10.0.0.254
     eth0|10.0.0.30   |        10.0.0.50| eth0          +--------+-------+
+--------+---------+  |     +-----------+----------+    | Virtual Router |
| [ Control Node ] |  |     |   [ Network Node ]   |    +--------+-------+
|     Keystone     |  |     |       DHCP Agent     |       192.168.100.1
|      Glance      |  |     |       L3 Agent       |eth1         |            192.168.100.0/24
|     Nova API     |  |     |       L2 Agent       |             |           +-----------------+
|  Neutron Server  |  |     |    Metadata Agent    |             |       +---| Virtual Machine |
+------------------+  |     +----------------------+             |       |   +-----------------+
                      |                                          |       |   +-----------------+
                      |     +----------------------+             +-------+---| Virtual Machine |
                      | eth0|   [ Compute Node ]   |eth1                 |   +-----------------+
                      +-----|     Nova Compute     |                     |   +-----------------+
                   10.0.0.51|       L2 Agent       |                     |---| Virtual Machine |
                            +----------------------+                     |   +-----------------+
                                                                         |   +-----------------+
                                                                         +---| Virtual Machine |
                                                                             +-----------------+
[1] Change settings on Control Node.
root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value for tenant_network_types

tenant_network_types =
vxlan
# line 154: add

[ml2_type_flat]
flat_networks = physnet1
# line 208: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@dlp ~(keystone)#
systemctl restart neutron-server

[2] Change settings on Network Node.
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value for tenant_network_types

tenant_network_types =
vxlan
# line 154: add

[ml2_type_flat]
flat_networks = physnet1
# line 208: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# line 133: add

[linux_bridge]
physical_interface_mappings = physnet1:eth1
# line 169: add

[vxlan]
enable_vxlan = True
l2_population = True
# line 102: add

[agent]
prevent_arp_spoofing = True
root@network:~#
vi /etc/neutron/dhcp_agent.ini
# line 83: add

dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
root@network:~#
vi /etc/neutron/dnsmasq-neutron.conf
# create new

dhcp-option-force=26,1450
root@network:~#
for service in l3-agent dhcp-agent metadata-agent linuxbridge-agent; do
systemctl restart neutron-$service
done

[3] Change settings on Compute Node.
root@node01:~#
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf

root@node01:~#
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf

root@node01:~#
sysctl -p

root@node01:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value for tenant_network_types

tenant_network_types =
vxlan
# line 154: add

[ml2_type_flat]
flat_networks = physnet1
# line 208: add

[ml2_type_vxlan]
vni_ranges = 1:1000
root@node01:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# line 133: add

[linux_bridge]
physical_interface_mappings = physnet1:eth1
# line 169: add

[vxlan]
enable_vxlan = True
l2_population = True
# line 102: add

[agent]
prevent_arp_spoofing = True
root@node01:~#
systemctl restart neutron-linuxbridge-agent

[4] Create a Virtual router. It's OK to work on any node. (This example is on Control Node)
# create a virtual router

root@dlp ~(keystone)#
neutron router-create router01

Created a new router:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| created_at              | 2016-11-18T08:18:51Z                 |
| description             |                                      |
| distributed             | False                                |
| external_gateway_info   |                                      |
| flavor_id               |                                      |
| ha                      | False                                |
| id                      | 74b567a8-62ca-4c5e-aad1-123489ca59c3 |
| name                    | router01                             |
| project_id              | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| revision_number         | 2                                    |
| routes                  |                                      |
| status                  | ACTIVE                               |
| tenant_id               | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at              | 2016-11-18T08:18:51Z                 |
+-------------------------+--------------------------------------+

root@dlp ~(keystone)#
Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'`

[5] Create internal network and associate with the router above.
# create internal network

root@dlp ~(keystone)#
neutron net-create int_net --provider:network_type vxlan

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2016-11-18T08:19:14Z                 |
| description               |                                      |
| id                        | 75e0a881-d371-4dcf-8d65-3a412d28e9a7 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1450                                 |
| name                      | int_net                              |
| port_security_enabled     | True                                 |
| project_id                | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 10                                   |
| revision_number           | 3                                    |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at                | 2016-11-18T08:19:14Z                 |
+---------------------------+--------------------------------------+

# create subnet in the internal network

root@dlp ~(keystone)#
neutron subnet-create \
--gateway 192.168.100.1 --dns-nameserver 10.0.0.1 int_net 192.168.100.0/24

Created a new subnet:
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| allocation_pools  | {"start": "192.168.100.2", "end": "192.168.100.254"} |
| cidr              | 192.168.100.0/24                                     |
| created_at        | 2016-11-18T08:19:44Z                                 |
| description       |                                                      |
| dns_nameservers   | 10.0.0.10                                            |
| enable_dhcp       | True                                                 |
| gateway_ip        | 192.168.100.1                                        |
| host_routes       |                                                      |
| id                | 28daf4f0-3076-4976-aa82-5d489f5370a4                 |
| ip_version        | 4                                                    |
| ipv6_address_mode |                                                      |
| ipv6_ra_mode      |                                                      |
| name              |                                                      |
| network_id        | 75e0a881-d371-4dcf-8d65-3a412d28e9a7                 |
| project_id        | 1b8227c2c89e4f1cbcbbb9f6060b0416                     |
| revision_number   | 2                                                    |
| service_types     |                                                      |
| subnetpool_id     |                                                      |
| tenant_id         | 1b8227c2c89e4f1cbcbbb9f6060b0416                     |
| updated_at        | 2016-11-18T08:19:45Z                                 |
+-------------------+------------------------------------------------------+

root@dlp ~(keystone)#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above

root@dlp ~(keystone)#
neutron router-interface-add $Router_ID $Int_Subnet_ID

Added interface 40952b9d-74ba-47f1-b8ed-9333678c72e7 to router 74b567a8-62ca-4c5e-aad1-123489ca59c3.
[6] Create external network and associate with the router above.
# create external network

root@dlp ~(keystone)#
neutron net-create ext_net --router:external True --provider:physical_network physnet1 --provider:network_type flat

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2016-11-18T08:20:37Z                 |
| description               |                                      |
| id                        | 05e48f19-b637-4a0f-829f-d25739cfcefe |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| is_default                | False                                |
| mtu                       | 1500                                 |
| name                      | ext_net                              |
| port_security_enabled     | True                                 |
| project_id                | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| revision_number           | 3                                    |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at                | 2016-11-18T08:20:37Z                 |
+---------------------------+--------------------------------------+

# create subnet in external network

root@dlp ~(keystone)#
neutron subnet-create ext_net \
--allocation-pool start=10.0.0.200,end=10.0.0.254 \
--gateway 10.0.0.1 --dns-nameserver 10.0.0.1 10.0.0.0/24 --disable-dhcp

Created a new subnet:
+-------------------+----------------------------------------------+
| Field             | Value                                        |
+-------------------+----------------------------------------------+
| allocation_pools  | {"start": "10.0.0.200", "end": "10.0.0.254"} |
| cidr              | 10.0.0.0/24                                  |
| created_at        | 2016-11-18T08:21:06Z                         |
| description       |                                              |
| dns_nameservers   | 10.0.0.10                                    |
| enable_dhcp       | False                                        |
| gateway_ip        | 10.0.0.1                                     |
| host_routes       |                                              |
| id                | 1587abf4-a271-42a2-97eb-538f864e104b         |
| ip_version        | 4                                            |
| ipv6_address_mode |                                              |
| ipv6_ra_mode      |                                              |
| name              |                                              |
| network_id        | 05e48f19-b637-4a0f-829f-d25739cfcefe         |
| project_id        | 1b8227c2c89e4f1cbcbbb9f6060b0416             |
| revision_number   | 2                                            |
| service_types     |                                              |
| subnetpool_id     |                                              |
| tenant_id         | 1b8227c2c89e4f1cbcbbb9f6060b0416             |
| updated_at        | 2016-11-18T08:21:06Z                         |
+-------------------+----------------------------------------------+

root@dlp ~(keystone)#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'`

# set gateway to the router above

root@dlp ~(keystone)#
neutron router-gateway-set $Router_ID $Ext_Net_ID

Set gateway for router 74b567a8-62ca-4c5e-aad1-123489ca59c3
[7] Create and start Virtual machine Instance.
root@dlp ~(keystone)#
Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'`

root@dlp ~(keystone)#
openstack image list

+--------------------------------------+------------+--------+
| ID                                   | Name       | Status |
+--------------------------------------+------------+--------+
| 7d0cf100-6017-448c-9a6b-5bcf20d93f73 | Ubuntu1604 | active |
+--------------------------------------+------------+--------+

root@dlp ~(keystone)#
openstack server create --flavor m1.small --image Ubuntu1604 --security-group default --nic net-id=$Int_Net_ID Ubuntu_1604

root@dlp ~(keystone)#
openstack server list

+--------------------+-------------+--------+---------------------+------------+
| ID                 | Name        | Status | Networks            | Image Name |
+--------------------+-------------+--------+---------------------+------------+
| 94afe31b-659b-4f61 | Ubuntu_1604 | ACTIVE | int_net=192.168.100 | Ubuntu1604 |
| -bfd4-380bf440b510 |             |        | .9                  |            |
+--------------------+-------------+--------+---------------------+------------+
[8] Assign floating IP address to the Instance above.
root@dlp ~(keystone)#
neutron floatingip-create ext_net

Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| created_at          | 2016-11-18T08:24:58Z                 |
| description         |                                      |
| fixed_ip_address    |                                      |
| floating_ip_address | 10.0.0.207                           |
| floating_network_id | 05e48f19-b637-4a0f-829f-d25739cfcefe |
| id                  | 453fa175-d787-4020-8bc9-c6247d67c41a |
| port_id             |                                      |
| project_id          | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| revision_number     | 1                                    |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at          | 2016-11-18T08:24:58Z                 |
+---------------------+--------------------------------------+

root@dlp ~(keystone)#
Device_ID=`nova list | grep Ubuntu_1604 | awk '{ print $2 }'`

root@dlp ~(keystone)#
Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.9 | awk '{ print $2 }'`

root@dlp ~(keystone)#
Floating_ID=`neutron floatingip-list | grep 10.0.0.207 | awk '{ print $2 }'`

root@dlp ~(keystone)#
neutron floatingip-associate $Floating_ID $Port_ID

Associated floating IP 453fa175-d787-4020-8bc9-c6247d67c41a
# confirm settings

root@dlp ~(keystone)#
neutron floatingip-show $Floating_ID

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| created_at          | 2016-11-18T08:24:58Z                 |
| description         |                                      |
| fixed_ip_address    | 192.168.100.9                        |
| floating_ip_address | 10.0.0.207                           |
| floating_network_id | 05e48f19-b637-4a0f-829f-d25739cfcefe |
| id                  | 453fa175-d787-4020-8bc9-c6247d67c41a |
| port_id             | 817fd310-8f94-4389-9d46-26ad370bb632 |
| project_id          | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| revision_number     | 2                                    |
| router_id           | 74b567a8-62ca-4c5e-aad1-123489ca59c3 |
| status              | ACTIVE                               |
| tenant_id           | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at          | 2016-11-18T08:25:53Z                 |
+---------------------+--------------------------------------+
[9] Configure security settings like follows to access with SSH and ICMP.
# permit ICMP

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol icmp default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2016-11-18T07:18:26Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 6580784f-03d5-441e-ba73-44347edf231c |
| port_range_max    |                                      |
| port_range_min    |                                      |
| project_id        | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| protocol          | icmp                                 |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| revision_number   | 1                                    |
| security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed |
| tenant_id         | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at        | 2016-11-18T07:18:26Z                 |
+-------------------+--------------------------------------+

# permit SSH

root@dlp ~(keystone)#
neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| created_at        | 2016-11-18T07:18:41Z                 |
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 832fea91-92cd-4da2-9a00-a6f2ff4881d6 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| project_id        | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| revision_number   | 1                                    |
| security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed |
| tenant_id         | 1b8227c2c89e4f1cbcbbb9f6060b0416     |
| updated_at        | 2016-11-18T07:18:41Z                 |
+-------------------+--------------------------------------+

root@dlp ~(keystone)#
neutron security-group-rule-list

+------------+----------------+-----------+-----------+---------------+---------------+
| id         | security_group | direction | ethertype | port/protocol | remote        |
+------------+----------------+-----------+-----------+---------------+---------------+
| 14bcbec0-3 | default        | ingress   | IPv4      | any           | default       |
| 8e6-44df-8 |                |           |           |               | (group)       |
| 211-d8d61d |                |           |           |               |               |
| 97697a     |                |           |           |               |               |
| 26fcb8ad-  | default        | ingress   | IPv6      | any           | default       |
| f6de-4264  |                |           |           |               | (group)       |
| -988f-b996 |                |           |           |               |               |
| f70976bb   |                |           |           |               |               |
| 3a3ca4b0-4 | default        | egress    | IPv6      | any           | any           |
| dba-4704-8 |                |           |           |               |               |
| 0e8-8df82c |                |           |           |               |               |
| 4a560f     |                |           |           |               |               |
| 5a553435-3 | default        | egress    | IPv4      | any           | any           |
| 059-4602-9 |                |           |           |               |               |
| 626-833fbb |                |           |           |               |               |
| 7e2d79     |                |           |           |               |               |
| 6580784f-  | default        | ingress   | IPv4      | icmp          | any           |
| 03d5-441e- |                |           |           |               |               |
| ba73-44347 |                |           |           |               |               |
| edf231c    |                |           |           |               |               |
| 832fea91   | default        | ingress   | IPv4      | 22/tcp        | any           |
| -92cd-4da2 |                |           |           |               |               |
| -9a00-a6f2 |                |           |           |               |               |
| ff4881d6   |                |           |           |               |               |
+------------+----------------+-----------+-----------+---------------+---------------+
[10] It's possible to login to the Instance to connect to the IP address with SSH like follows.
root@dlp ~(keystone)#
ssh ubuntu@10.0.0.207

The authenticity of host '10.0.0.207 (10.0.0.207)' can't be established.
ECDSA key fingerprint is SHA256:SjUVkYJif0xlnfbcL5C3fmkZNcHQW7NCmRkLNGl6uiM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.207' (ECDSA) to the list of known hosts.
ubuntu@10.0.0.207's password:
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
Last login: Fri Nov 18 10:36:51 2016
ubuntu@localhost:~$    
# just logined
 
Tweet