OpenStack Icehouse : Neutron Networking#2
2014/05/23 |
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure simply flat networking.
Furthermore,
this example is based on the environment that Network Node has 3 network interfaces and alsp Compute Node has 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node. | +-------------+ +----+----+ | Name Server | | Gateway | +------+------+ +----+----+ |10.0.0.10 |10.0.0.1 | | +------------+-----------------+------------------------+ | | | | | | | 10.0.0.200-10.0.0.254 eth0|10.0.0.30 | 10.0.0.50| eth0 +--------+-------+ +--------+---------+ | +-----------+----------+ | Virtual Router | | [ Control Node ] | | | [ Network Node ] | +--------+-------+ | Keystone | | | DHCP Agent | 192.168.100.1 | Glance | | eth2| L3 Agent |eth1 | 192.168.100.0/24 | Nova API | | | L2 Agent | | +-----------------+ | Neutron Server | | | Metadata Agent | | +---| Virtual Machine | +------------------+ | +----------------------+ | | +-----------------+ | | | +-----------------+ | +----------------------+ +-------+---| Virtual Machine | | eth0| [ Compute Node ] |eth1 | +-----------------+ +-----| Nova Compute | | +-----------------+ 10.0.0.51| L2 Agent | |---| Virtual Machine | +----------------------+ | +-----------------+ | +-----------------+ +---| Virtual Machine | +-----------------+ |
[1] | Change settings like follows on Control Node. |
root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 36: add [ml2_type_vlan] network_vlan_ranges = physnet1:1000:2999
# add at the last line
[ovs]
tenant_network_type = vlan bridge_mappings = physnet1:br-eth1 service neutron-server restart neutron-server stop/waiting neutron-server start/running, process 4044 |
[2] | Change settings like follows on both Network Node and Compute Node. |
root@network:~# ovs-vsctl add-br br-eth1 # add a bridge root@network:~# ovs-vsctl add-port br-eth1 eth1 # add eth1 to the port of the bridge above
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 36: add [ml2_type_vlan] network_vlan_ranges = physnet1:1000:2999
# add at the last line
[ovs]
tenant_network_type = vlan bridge_mappings = physnet1:br-eth1 service neutron-plugin-openvswitch-agent restart neutron-plugin-openvswitch-agent stop/waiting neutron-plugin-openvswitch-agent start/running, process 1993 |
[3] | Create and define a bridge for external network on Network Node. |
root@network:~# ovs-vsctl add-br br-ext root@network:~# ovs-vsctl add-port br-ext eth2
root@network:~#
vi /etc/neutron/l3_agent.ini # line 47: add external_network_bridge = br-ext
service neutron-l3-agent restart neutron-l3-agent stop/waiting neutron-l3-agent start/running, process 2227 |
[4] | Create a Virtual router. It's OK to work on any node. (This example is on Control Node) |
# create a virtual router root@dlp ~(keystone)# neutron router-create router01 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | cbbdfe73-9bab-4c57-b5db-effd35a8d8a6 | | name | router01 | | status | ACTIVE | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +-----------------------+--------------------------------------+root@dlp ~(keystone)# Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'` |
[5] | Create internal network and associate with the router above. |
# create internal network root@dlp ~(keystone)# neutron net-create int_net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | efbaf2fc-cb84-4bfe-bc6a-48514748986f | | name | int_net | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1000 | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------------+--------------------------------------+ # create subnet in the internal network root@dlp ~(keystone)# neutron subnet-create \ --gateway 192.168.100.1 --dns-nameserver 10.0.0.10 int_net 192.168.100.0/24 Created a new subnet: +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.100.2", "end": "192.168.100.254"} | | cidr | 192.168.100.0/24 | | dns_nameservers | 10.0.0.10 | | enable_dhcp | True | | gateway_ip | 192.168.100.1 | | host_routes | | | id | d7da5b07-f780-45a8-a706-ed10a2cd1513 | | ip_version | 4 | | name | | | network_id | efbaf2fc-cb84-4bfe-bc6a-48514748986f | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +------------------+------------------------------------------------------+
root@dlp ~(keystone)#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above root@dlp ~(keystone)# neutron router-interface-add $Router_ID $Int_Subnet_ID Added interface f04f2566-6767-4506-8926-8a435b80d588 to router f4f52ce0-d9a0-441e-9a21-24a3d7966654. |
[6] | Create external network and associate with the router above. |
# create external network root@dlp ~(keystone)# neutron net-create ext_net --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | name | ext_net | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1001 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------------+--------------------------------------+ # create subnet in external network root@dlp ~(keystone)# neutron subnet-create ext_net \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.10 10.0.0.0/24 --disable-dhcp Created a new subnet: +------------------+----------------------------------------------+ | Field | Value | +------------------+----------------------------------------------+ | allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.254"} | | cidr | 10.0.0.0/24 | | dns_nameservers | 10.0.0.10 | | enable_dhcp | False | | gateway_ip | 10.0.0.1 | | host_routes | | | id | e1fe23f4-44d7-4f5b-b051-b4f8e0785101 | | ip_version | 4 | | name | | | network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +------------------+----------------------------------------------+
root@dlp ~(keystone)#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'` # set gateway to the router above root@dlp ~(keystone)# neutron router-gateway-set $Router_ID $Ext_Net_ID Set gateway for router f4f52ce0-d9a0-441e-9a21-24a3d7966654 |
[7] | Create and start Virtual machine Instance. |
root@dlp ~(keystone)#
root@dlp ~(keystone)# Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'` nova image-list +--------------------------------------+-------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+-------------+--------+--------+ | 98c7ba58-512f-4750-a0ff-3b892753f096 | Ubuntu14.04 | ACTIVE | | +--------------------------------------+-------------+--------+--------+root@dlp ~(keystone)# nova boot --flavor 2 --image Ubuntu14.04 --security_group default --nic net-id=$Int_Net_ID Ubuntu_Trusty root@dlp ~(keystone)# nova list +-----------+---------------+--------+------------+-------------+-----------------------+ | ID | Name | Status | Task State | Power State | Networks | +-----------+---------------+--------+------------+-------------+-----------------------+ | ff1046c2- | Ubuntu_Trusty | ACTIVE | - | Running | int_net=192.168.100.2 | +-----------+---------------+--------+------------+-------------+-----------------------+ |
[8] | Assign floating IP address to the Instance above. |
root@dlp ~(keystone)# neutron floatingip-create ext_net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 10.0.0.201 | | floating_network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | id | 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 | | port_id | | | router_id | | | status | DOWN | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------+--------------------------------------+
root@dlp ~(keystone)#
Device_ID=`nova list | grep Ubuntu_Trusty | awk '{ print $2 }'` root@dlp ~(keystone)# Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.2 | awk '{ print $2 }'` root@dlp ~(keystone)# Floating_ID=`neutron floatingip-list | grep 10.0.0.201 | awk '{ print $2 }'`
root@dlp ~(keystone)#
neutron floatingip-associate $Floating_ID $Port_ID Associated floatingip 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 # confirm settings root@dlp ~(keystone)# neutron floatingip-show $Floating_ID +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | 192.168.100.2 | | floating_ip_address | 10.0.0.201 | | floating_network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | id | 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 | | port_id | 867b7476-3cc2-434a-8ba5-a6c448aa8d3f | | router_id | f4f52ce0-d9a0-441e-9a21-24a3d7966654 | | status | ACTIVE | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------+--------------------------------------+ |
[9] | Configure security settings like follows to access with SSH and ICMP. |
# permit SSH root@dlp ~(keystone)# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ # permit ICMP root@dlp ~(keystone)# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+root@dlp ~(keystone)# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ |
[10] | It's possible to login to the Instance to connect to the IP address with SSH like follows. |
root@dlp ~(keystone)# ssh trusty@10.0.0.201
The authenticity of host '10.0.0.200 (10.0.0.200)' can't be established.
* Documentation: https://help.ubuntu.com/ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:af:3d:00. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.200' (ECDSA) to the list of known hosts. trusty@10.0.0.200's password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64) Last login: Thu May 15 21:11:26 2014 trusty@host-192-168-100-2:~$ # just logined |