|
OpenStack Icehouse : Neutron Networking#2
2014/05/23 |
|
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure simply flat networking.
Furthermore,
this example is based on the environment that Network Node has 3 network interfaces and alsp Compute Node has 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node.
|
+-------------+ +----+----+
| Name Server | | Gateway |
+------+------+ +----+----+
|10.0.0.10 |10.0.0.1
| |
+------------+-----------------+------------------------+
| | | |
| | | 10.0.0.200-10.0.0.254
eth0|10.0.0.30 | 10.0.0.50| eth0 +--------+-------+
+--------+---------+ | +-----------+----------+ | Virtual Router |
| [ Control Node ] | | | [ Network Node ] | +--------+-------+
| Keystone | | | DHCP Agent | 192.168.100.1
| Glance | | eth2| L3 Agent |eth1 | 192.168.100.0/24
| Nova API | | | L2 Agent | | +-----------------+
| Neutron Server | | | Metadata Agent | | +---| Virtual Machine |
+------------------+ | +----------------------+ | | +-----------------+
| | | +-----------------+
| +----------------------+ +-------+---| Virtual Machine |
| eth0| [ Compute Node ] |eth1 | +-----------------+
+-----| Nova Compute | | +-----------------+
10.0.0.51| L2 Agent | |---| Virtual Machine |
+----------------------+ | +-----------------+
| +-----------------+
+---| Virtual Machine |
+-----------------+
|
| [1] | Change settings like follows on Control Node. |
|
root@dlp ~(keystone)#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 36: add [ml2_type_vlan] network_vlan_ranges = physnet1:1000:2999
# add at the last line
[ovs]
tenant_network_type = vlan bridge_mappings = physnet1:br-eth1 service neutron-server restart neutron-server stop/waiting neutron-server start/running, process 4044 |
| [2] | Change settings like follows on both Network Node and Compute Node. |
|
root@network:~# ovs-vsctl add-br br-eth1 # add a bridge root@network:~# ovs-vsctl add-port br-eth1 eth1 # add eth1 to the port of the bridge above
root@network:~#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 36: add [ml2_type_vlan] network_vlan_ranges = physnet1:1000:2999
# add at the last line
[ovs]
tenant_network_type = vlan bridge_mappings = physnet1:br-eth1 service neutron-plugin-openvswitch-agent restart neutron-plugin-openvswitch-agent stop/waiting neutron-plugin-openvswitch-agent start/running, process 1993 |
| [3] | Create and define a bridge for external network on Network Node. |
|
root@network:~# ovs-vsctl add-br br-ext root@network:~# ovs-vsctl add-port br-ext eth2
root@network:~#
vi /etc/neutron/l3_agent.ini # line 47: add external_network_bridge = br-ext
service neutron-l3-agent restart neutron-l3-agent stop/waiting neutron-l3-agent start/running, process 2227 |
| [4] | Create a Virtual router. It's OK to work on any node. (This example is on Control Node) |
|
# create a virtual router root@dlp ~(keystone)# neutron router-create router01 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | cbbdfe73-9bab-4c57-b5db-effd35a8d8a6 | | name | router01 | | status | ACTIVE | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +-----------------------+--------------------------------------+root@dlp ~(keystone)# Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'` |
| [5] | Create internal network and associate with the router above. |
|
# create internal network root@dlp ~(keystone)# neutron net-create int_net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | efbaf2fc-cb84-4bfe-bc6a-48514748986f | | name | int_net | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1000 | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------------+--------------------------------------+ # create subnet in the internal network root@dlp ~(keystone)# neutron subnet-create \ --gateway 192.168.100.1 --dns-nameserver 10.0.0.10 int_net 192.168.100.0/24 Created a new subnet:
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.100.2", "end": "192.168.100.254"} |
| cidr | 192.168.100.0/24 |
| dns_nameservers | 10.0.0.10 |
| enable_dhcp | True |
| gateway_ip | 192.168.100.1 |
| host_routes | |
| id | d7da5b07-f780-45a8-a706-ed10a2cd1513 |
| ip_version | 4 |
| name | |
| network_id | efbaf2fc-cb84-4bfe-bc6a-48514748986f |
| tenant_id | 0bf06fa0415043cb924ead3db08e2518 |
+------------------+------------------------------------------------------+
root@dlp ~(keystone)#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above root@dlp ~(keystone)# neutron router-interface-add $Router_ID $Int_Subnet_ID Added interface f04f2566-6767-4506-8926-8a435b80d588 to router f4f52ce0-d9a0-441e-9a21-24a3d7966654. |
| [6] | Create external network and associate with the router above. |
|
# create external network root@dlp ~(keystone)# neutron net-create ext_net --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | name | ext_net | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1001 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------------+--------------------------------------+ # create subnet in external network root@dlp ~(keystone)# neutron subnet-create ext_net \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.10 10.0.0.0/24 --disable-dhcp Created a new subnet:
+------------------+----------------------------------------------+
| Field | Value |
+------------------+----------------------------------------------+
| allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| dns_nameservers | 10.0.0.10 |
| enable_dhcp | False |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | e1fe23f4-44d7-4f5b-b051-b4f8e0785101 |
| ip_version | 4 |
| name | |
| network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 |
| tenant_id | 0bf06fa0415043cb924ead3db08e2518 |
+------------------+----------------------------------------------+
root@dlp ~(keystone)#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'` # set gateway to the router above root@dlp ~(keystone)# neutron router-gateway-set $Router_ID $Ext_Net_ID Set gateway for router f4f52ce0-d9a0-441e-9a21-24a3d7966654 |
| [7] | Create and start Virtual machine Instance. |
|
root@dlp ~(keystone)#
root@dlp ~(keystone)# Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'` nova image-list +--------------------------------------+-------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+-------------+--------+--------+ | 98c7ba58-512f-4750-a0ff-3b892753f096 | Ubuntu14.04 | ACTIVE | | +--------------------------------------+-------------+--------+--------+root@dlp ~(keystone)# nova boot --flavor 2 --image Ubuntu14.04 --security_group default --nic net-id=$Int_Net_ID Ubuntu_Trusty root@dlp ~(keystone)# nova list +-----------+---------------+--------+------------+-------------+-----------------------+ | ID | Name | Status | Task State | Power State | Networks | +-----------+---------------+--------+------------+-------------+-----------------------+ | ff1046c2- | Ubuntu_Trusty | ACTIVE | - | Running | int_net=192.168.100.2 | +-----------+---------------+--------+------------+-------------+-----------------------+ |
| [8] | Assign floating IP address to the Instance above. |
|
root@dlp ~(keystone)# neutron floatingip-create ext_net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 10.0.0.201 | | floating_network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | id | 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 | | port_id | | | router_id | | | status | DOWN | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------+--------------------------------------+
root@dlp ~(keystone)#
Device_ID=`nova list | grep Ubuntu_Trusty | awk '{ print $2 }'` root@dlp ~(keystone)# Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.2 | awk '{ print $2 }'` root@dlp ~(keystone)# Floating_ID=`neutron floatingip-list | grep 10.0.0.201 | awk '{ print $2 }'`
root@dlp ~(keystone)#
neutron floatingip-associate $Floating_ID $Port_ID Associated floatingip 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 # confirm settings root@dlp ~(keystone)# neutron floatingip-show $Floating_ID +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | 192.168.100.2 | | floating_ip_address | 10.0.0.201 | | floating_network_id | 07811ebd-e62d-43a8-866c-1f84d37276c5 | | id | 1c7385f2-e285-4db8-b0a1-39ed7565dfc2 | | port_id | 867b7476-3cc2-434a-8ba5-a6c448aa8d3f | | router_id | f4f52ce0-d9a0-441e-9a21-24a3d7966654 | | status | ACTIVE | | tenant_id | 0bf06fa0415043cb924ead3db08e2518 | +---------------------+--------------------------------------+ |
| [9] | Configure security settings like follows to access with SSH and ICMP. |
|
# permit SSH root@dlp ~(keystone)# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ # permit ICMP root@dlp ~(keystone)# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+root@dlp ~(keystone)# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ |
| [10] | It's possible to login to the Instance to connect to the IP address with SSH like follows. |
|
root@dlp ~(keystone)# ssh trusty@10.0.0.201
The authenticity of host '10.0.0.200 (10.0.0.200)' can't be established.
* Documentation: https://help.ubuntu.com/ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:af:3d:00. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.200' (ECDSA) to the list of known hosts. trusty@10.0.0.200's password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64) Last login: Thu May 15 21:11:26 2014 trusty@host-192-168-100-2:~$ # just logined |