OpenStack Newton : Neutron Network(VXLAN)
2016/11/17 |
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure VXLAN type of provider networking on here.
Furthermore, this example is based on the environment that Network Node and Compute Node have 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node. | +-------------+ +----+----+ | Name Server | | Gateway | +------+------+ +----+----+ |10.0.0.10 |10.0.0.1 | | +------------+-----------------+------------------------+ | | | | | | | 10.0.0.200-10.0.0.254 eth0|10.0.0.30 | 10.0.0.50| eth0 +--------+-------+ +--------+---------+ | +-----------+----------+ | Virtual Router | | [ Control Node ] | | | [ Network Node ] | +--------+-------+ | Keystone | | | DHCP Agent | 192.168.100.1 | Glance | | | L3 Agent |eth1 | 192.168.100.0/24 | Nova API | | | L2 Agent | | +-----------------+ | Neutron Server | | | Metadata Agent | | +---| Virtual Machine | +------------------+ | +----------------------+ | | +-----------------+ | | | +-----------------+ | +----------------------+ +-------+---| Virtual Machine | | eth0| [ Compute Node ] |eth1 | +-----------------+ +-----| Nova Compute | | +-----------------+ 10.0.0.51| L2 Agent | |---| Virtual Machine | +----------------------+ | +-----------------+ | +-----------------+ +---| Virtual Machine | +-----------------+ |
[1] | Change settings on Control Node. |
root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value for tenant_network_types tenant_network_types = vxlan
# line 154: add [ml2_type_flat]
flat_networks = physnet1
# line 208: add [ml2_type_vxlan]
vni_ranges = 1:1000
systemctl restart neutron-server |
[2] | Change settings on Network Node. |
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value for tenant_network_types tenant_network_types = vxlan
# line 154: add [ml2_type_flat]
flat_networks = physnet1
# line 208: add [ml2_type_vxlan]
vni_ranges = 1:1000
root@network:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini # line 133: add [linux_bridge]
physical_interface_mappings = physnet1:eth1
# line 169: add [vxlan]
enable_vxlan = True
l2_population = True # line 102: add [agent]
prevent_arp_spoofing = True
root@network:~#
vi /etc/neutron/dhcp_agent.ini # line 83: add
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
root@network:~#
vi /etc/neutron/dnsmasq-neutron.conf # create new
dhcp-option-force=26,1450
for service in l3-agent dhcp-agent metadata-agent linuxbridge-agent; do systemctl restart neutron-$service done |
[3] | Change settings on Compute Node. |
root@node01:~# echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf root@node01:~# echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf root@node01:~# sysctl -p
root@node01:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value for tenant_network_types tenant_network_types = vxlan
# line 154: add [ml2_type_flat]
flat_networks = physnet1
# line 208: add [ml2_type_vxlan]
vni_ranges = 1:1000
root@node01:~#
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini # line 133: add [linux_bridge]
physical_interface_mappings = physnet1:eth1
# line 169: add [vxlan]
enable_vxlan = True
l2_population = True # line 102: add [agent]
prevent_arp_spoofing = True
systemctl restart neutron-linuxbridge-agent |
[4] | Create a Virtual router. It's OK to work on any node. (This example is on Control Node) |
# create a virtual router root@dlp ~(keystone)# neutron router-create router01 Created a new router: +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-11-18T08:18:51Z | | description | | | distributed | False | | external_gateway_info | | | flavor_id | | | ha | False | | id | 74b567a8-62ca-4c5e-aad1-123489ca59c3 | | name | router01 | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | revision_number | 2 | | routes | | | status | ACTIVE | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:18:51Z | +-------------------------+--------------------------------------+root@dlp ~(keystone)# Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'` |
[5] | Create internal network and associate with the router above. |
# create internal network root@dlp ~(keystone)# neutron net-create int_net --provider:network_type vxlan Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-11-18T08:19:14Z | | description | | | id | 75e0a881-d371-4dcf-8d65-3a412d28e9a7 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1450 | | name | int_net | | port_security_enabled | True | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | provider:network_type | vxlan | | provider:physical_network | | | provider:segmentation_id | 10 | | revision_number | 3 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:19:14Z | +---------------------------+--------------------------------------+ # create subnet in the internal network root@dlp ~(keystone)# neutron subnet-create \ --gateway 192.168.100.1 --dns-nameserver 10.0.0.1 int_net 192.168.100.0/24 Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.100.2", "end": "192.168.100.254"} | | cidr | 192.168.100.0/24 | | created_at | 2016-11-18T08:19:44Z | | description | | | dns_nameservers | 10.0.0.10 | | enable_dhcp | True | | gateway_ip | 192.168.100.1 | | host_routes | | | id | 28daf4f0-3076-4976-aa82-5d489f5370a4 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | | | network_id | 75e0a881-d371-4dcf-8d65-3a412d28e9a7 | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | revision_number | 2 | | service_types | | | subnetpool_id | | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:19:45Z | +-------------------+------------------------------------------------------+
root@dlp ~(keystone)#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above root@dlp ~(keystone)# neutron router-interface-add $Router_ID $Int_Subnet_ID Added interface 40952b9d-74ba-47f1-b8ed-9333678c72e7 to router 74b567a8-62ca-4c5e-aad1-123489ca59c3. |
[6] | Create external network and associate with the router above. |
# create external network root@dlp ~(keystone)# neutron net-create ext_net --router:external True --provider:physical_network physnet1 --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-11-18T08:20:37Z | | description | | | id | 05e48f19-b637-4a0f-829f-d25739cfcefe | | ipv4_address_scope | | | ipv6_address_scope | | | is_default | False | | mtu | 1500 | | name | ext_net | | port_security_enabled | True | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | provider:network_type | flat | | provider:physical_network | physnet1 | | provider:segmentation_id | | | revision_number | 3 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:20:37Z | +---------------------------+--------------------------------------+ # create subnet in external network root@dlp ~(keystone)# neutron subnet-create ext_net \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.1 10.0.0.0/24 --disable-dhcp Created a new subnet: +-------------------+----------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------+ | allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.254"} | | cidr | 10.0.0.0/24 | | created_at | 2016-11-18T08:21:06Z | | description | | | dns_nameservers | 10.0.0.10 | | enable_dhcp | False | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 1587abf4-a271-42a2-97eb-538f864e104b | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | | | network_id | 05e48f19-b637-4a0f-829f-d25739cfcefe | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | revision_number | 2 | | service_types | | | subnetpool_id | | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:21:06Z | +-------------------+----------------------------------------------+
root@dlp ~(keystone)#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'` # set gateway to the router above root@dlp ~(keystone)# neutron router-gateway-set $Router_ID $Ext_Net_ID Set gateway for router 74b567a8-62ca-4c5e-aad1-123489ca59c3 |
[7] | Create and start Virtual machine Instance. |
root@dlp ~(keystone)#
root@dlp ~(keystone)# Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'` openstack image list +--------------------------------------+------------+--------+ | ID | Name | Status | +--------------------------------------+------------+--------+ | 7d0cf100-6017-448c-9a6b-5bcf20d93f73 | Ubuntu1604 | active | +--------------------------------------+------------+--------+root@dlp ~(keystone)# openstack server create --flavor m1.small --image Ubuntu1604 --security-group default --nic net-id=$Int_Net_ID Ubuntu_1604 root@dlp ~(keystone)# openstack server list +--------------------+-------------+--------+---------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------+-------------+--------+---------------------+------------+ | 94afe31b-659b-4f61 | Ubuntu_1604 | ACTIVE | int_net=192.168.100 | Ubuntu1604 | | -bfd4-380bf440b510 | | | .9 | | +--------------------+-------------+--------+---------------------+------------+ |
[8] | Assign floating IP address to the Instance above. |
root@dlp ~(keystone)# neutron floatingip-create ext_net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2016-11-18T08:24:58Z | | description | | | fixed_ip_address | | | floating_ip_address | 10.0.0.207 | | floating_network_id | 05e48f19-b637-4a0f-829f-d25739cfcefe | | id | 453fa175-d787-4020-8bc9-c6247d67c41a | | port_id | | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | revision_number | 1 | | router_id | | | status | DOWN | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:24:58Z | +---------------------+--------------------------------------+
root@dlp ~(keystone)#
Device_ID=`nova list | grep Ubuntu_1604 | awk '{ print $2 }'` root@dlp ~(keystone)# Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.9 | awk '{ print $2 }'` root@dlp ~(keystone)# Floating_ID=`neutron floatingip-list | grep 10.0.0.207 | awk '{ print $2 }'`
root@dlp ~(keystone)#
neutron floatingip-associate $Floating_ID $Port_ID Associated floating IP 453fa175-d787-4020-8bc9-c6247d67c41a # confirm settings root@dlp ~(keystone)# neutron floatingip-show $Floating_ID +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2016-11-18T08:24:58Z | | description | | | fixed_ip_address | 192.168.100.9 | | floating_ip_address | 10.0.0.207 | | floating_network_id | 05e48f19-b637-4a0f-829f-d25739cfcefe | | id | 453fa175-d787-4020-8bc9-c6247d67c41a | | port_id | 817fd310-8f94-4389-9d46-26ad370bb632 | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | revision_number | 2 | | router_id | 74b567a8-62ca-4c5e-aad1-123489ca59c3 | | status | ACTIVE | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T08:25:53Z | +---------------------+--------------------------------------+ |
[9] | Configure security settings like follows to access with SSH and ICMP. |
# permit ICMP root@dlp ~(keystone)# neutron security-group-rule-create --direction ingress --protocol icmp default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2016-11-18T07:18:26Z | | description | | | direction | ingress | | ethertype | IPv4 | | id | 6580784f-03d5-441e-ba73-44347edf231c | | port_range_max | | | port_range_min | | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | | | revision_number | 1 | | security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T07:18:26Z | +-------------------+--------------------------------------+ # permit SSH root@dlp ~(keystone)# neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2016-11-18T07:18:41Z | | description | | | direction | ingress | | ethertype | IPv4 | | id | 832fea91-92cd-4da2-9a00-a6f2ff4881d6 | | port_range_max | 22 | | port_range_min | 22 | | project_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | revision_number | 1 | | security_group_id | 6f9266c8-881f-42df-a071-5ee1858a28ed | | tenant_id | 1b8227c2c89e4f1cbcbbb9f6060b0416 | | updated_at | 2016-11-18T07:18:41Z | +-------------------+--------------------------------------+root@dlp ~(keystone)# neutron security-group-rule-list +------------+----------------+-----------+-----------+---------------+---------------+ | id | security_group | direction | ethertype | port/protocol | remote | +------------+----------------+-----------+-----------+---------------+---------------+ | 14bcbec0-3 | default | ingress | IPv4 | any | default | | 8e6-44df-8 | | | | | (group) | | 211-d8d61d | | | | | | | 97697a | | | | | | | 26fcb8ad- | default | ingress | IPv6 | any | default | | f6de-4264 | | | | | (group) | | -988f-b996 | | | | | | | f70976bb | | | | | | | 3a3ca4b0-4 | default | egress | IPv6 | any | any | | dba-4704-8 | | | | | | | 0e8-8df82c | | | | | | | 4a560f | | | | | | | 5a553435-3 | default | egress | IPv4 | any | any | | 059-4602-9 | | | | | | | 626-833fbb | | | | | | | 7e2d79 | | | | | | | 6580784f- | default | ingress | IPv4 | icmp | any | | 03d5-441e- | | | | | | | ba73-44347 | | | | | | | edf231c | | | | | | | 832fea91 | default | ingress | IPv4 | 22/tcp | any | | -92cd-4da2 | | | | | | | -9a00-a6f2 | | | | | | | ff4881d6 | | | | | | +------------+----------------+-----------+-----------+---------------+---------------+ |
[10] | It's possible to login to the Instance to connect to the IP address with SSH like follows. |
root@dlp ~(keystone)# ssh ubuntu@10.0.0.207
The authenticity of host '10.0.0.207 (10.0.0.207)' can't be established.
ECDSA key fingerprint is SHA256:SjUVkYJif0xlnfbcL5C3fmkZNcHQW7NCmRkLNGl6uiM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.207' (ECDSA) to the list of known hosts.
ubuntu@10.0.0.207's password:
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-47-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Fri Nov 18 10:36:51 2016
ubuntu@localhost:~$ # just logined
|