Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
OpenStack Networking
Hands-On Tutorial
Kyle Mestery (@mestery)
Mark McClain (@gtwmm)
● Quick OpenStack and Neutron Overview
● Neutron Deployment Overview
● Hands-On With Neutron
○ Networks and Subnets
○ Rout...
OpenStack and Neutron Overview
About OpenStack
● Open Source project founded in 2010
● 1,786 Unique Developers during Kilo
● A growing ecosystem of proje...
OpenStack
What does the user see?
What is Neutron?
● Provides “networking as a service”
● Provides Rich Topologies
● Technology Agnostic
● Extensible
● Adva...
Neutron Design Goals
● Unified API
● Small Core
● Pluggable Open Architecture
● Extensible
● Growing ecosystem (Neutron as...
Abstractions
Basic Deployment
Neutron Installation Tips
Types of Network Traffic
● Management
○ Internal communication between services
● API
○ Exposes OpenStack APIs to users of...
Single NIC Setup
VM
VM
VM
br-int
br-tun
br-eth0 eth0
overlay
networks
mgmt and
API
external
Multi-Nic Setup
VM
VM
VM
br-int
br-tun
br-eth1 eth1
overlay
networks
mgmt and
API
external
eth0 eth0
Bonded NIC Setup
VM
VM
VM
br-int
br-tun
br-bond0
eth1
overlay
networks
mgmt and
API
external
eth0
bond0
What Type Of Neutron Network To Use
Neutron Provider Network Setup
Compute
Host
Compute
Host
Compute
Host
Provider VLAN 100
Provider VLAN 200
When To Use Provider Networks?
● Mapping Neutron install into existing
network environment
● Small number of tenants
● Wan...
Neutron With Overlays (and L2 gateways!)
Compute
Host
Compute
Host
Compute
Host
Network
Node
Underlay Network
L2 Gateway
N...
When To Use Neutron With Overlays?
● Large number of tenant networks
● Floating IPs central to installation
Neutron Tutorial
Thank you to our sponsor!
● Two options for gaining access to provided VMs
○ Join “tutorial” wifi network (password openst...
Components used in the tutorial
All-In-One Control/Compute Node (Ubuntu 14.04.1)
nova
glance
keystone
neutron
neutron l2
n...
Tutorial Assumptions
● You are using a devstack install on a cloud
VM provided by Dreamhost
● The Tutorial uses the Kilo r...
Neutron Networks and Subnets
In this section, we’ll cover basic Neutron
operations around networks, ports and subnets
Neutron Network Types
● local networks
● provider networks
● overlay networks
Neutron local networks
● local networks are created locally on the host
○ traffic is local on the node it is created on
● ...
Create a local network
neutron net-create --provider:network_type=local onug_local
Neutron provider networks
● Useful when using a small number of tenants
and you want to share networks created by
the admi...
Creating a provider network
neutron net-create --provider:network_type=vlan --provider:
physical_network=physnet1 --provid...
Tenant overlay networks
● Useful for installations with a large number
of tenants
● Allows tenants to create rich network ...
Create an overlay network
neutron net-create onug_overlay
Neutron subnets
● Subnets are the main L3 resource in Neutron
● Subnets can be IPv4 or IPv6
● Planning ahead for your subn...
Creating a subnet
neutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 --
gateway...
Quick Detour: Neutron Ports
Port created for DHCP agent from previous port
Neutron Ports and Namespaces
The DHCP port created previously looks like this on the host itself
Neutron Routers
We’ll cover Neutron routers, floating IPs, and
building complex topologies with them
Neutron Routers: Overview
● Neutron routers are per-tenant
○ Admin can create routers for tenants
● Neutron routers suppor...
Neutron With Routers
Create a router
neutron router-create onug_router
Neutron router ports
Neutron router
Internal
interface
Gateway
interfaceThis interface is
attached to a local
subnet
This ...
Distributed Routers!
Neutron With Distributed Routers!
Attaching router ports
● Attach the internal router port
○ neutron router-interface-add 87e8ca5c-7446-40d2-9973-
b57c6a9f1...
Verify your router ports
neutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
Launch An Instance
Find your image UUID and flavor ID
Launch an Instance (cont.)
Boot the instance
attaching to your
tenant created
network
Verify the Instance Is Up
Note: We added a security group rule to allow ICMP packets.
Neutron NAT
● Neutron supports two types of NAT
○ one-to-one (with floating IPs)
○ one-to-many (without floating IPs)
● NA...
Create And Add a Floating IP
Neutron subnetpools
● Allow for creation of a range of address to be
allocated to a pool
● Subnet allocation can now happe...
subnetpool: create network
subnetpool: create subnetpool
subnetpool: create subnet using pool
Neutron LBaaS
We’ll walk through Neutron Load Balancing as
a Service here, creating LBaaS constructs using
the new for Kil...
Neutron LBaaS V2
● Neutron LBaaS V2 is new in Kilo
○ New API with different objects and attributes
○ http://developer.open...
Neutron LBaas V2 Tutorial
● Create 2 nova instances on onug_overlay
network
● Setup security group rules to allow port 80
...
Create 2 Nova Instances
Add security group rules
Spinup simple web servers
Create some loadbalancers
Create the listener
Create the pool
Add members
Verify it’s working
Debugging Neutron
Neutron Open Source Backends
Open Source Options
● Dragonflow
● OpenContrail
● OpenDaylight
● OVN
● Announced today: Akanda
Dragonflow
● A fully distributed virtual router using
OpenFlow and Open vSwitch
● Removes the use of namespaces on the hos...
Dragonflow Architecture
OpenContrail
● Extensible networking system designed for
cloud networking and NFV
● Consists of two components: Controller...
OpenContrail Architecture
OpenStack
Nova
OpenContrail
Neutron
Plugin
Compute Node
OpenStack
Nova Agent
vRouter
Agent
Contr...
OpenDaylight
● A community led, industry supported open
source platform to support the adoption of
SDN and NFV
● A platfor...
OpenDaylight Architecture
OpenStack
Nova
OpenDaylight
ML2 Driver
Compute Node
OpenStack
Nova Agent
Open
vSwitch
Compute No...
Open Virtual Networking (OVN)
● Compliments OVS by adding native support
for virtual networking abstractions
○ L2 and L3 o...
OVN
OpenStack
OVN NB Database
OVN ML2
Driver
ovn-nbd
OVN DB
ovn-controller
ovs-vswitchd ovsdb-server
ovn-controller
ovs-vs...
Upcoming SlideShare
Loading in …5
×

OpenStack Neutron Tutorial

17,603 views

Published on

This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.

Published in: Software
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

OpenStack Neutron Tutorial

  1. 1. OpenStack Networking Hands-On Tutorial Kyle Mestery (@mestery) Mark McClain (@gtwmm)
  2. 2. ● Quick OpenStack and Neutron Overview ● Neutron Deployment Overview ● Hands-On With Neutron ○ Networks and Subnets ○ Routers and L3 constructs ○ LBaaS ○ VPNaaS Agenda
  3. 3. OpenStack and Neutron Overview
  4. 4. About OpenStack ● Open Source project founded in 2010 ● 1,786 Unique Developers during Kilo ● A growing ecosystem of projects ○ With a new governance model! ● Production Ready ● Latest Release 2015.1 - Kilo (11th Release) ● Apache 2 Licensed
  5. 5. OpenStack
  6. 6. What does the user see?
  7. 7. What is Neutron? ● Provides “networking as a service” ● Provides Rich Topologies ● Technology Agnostic ● Extensible ● Advanced Services Support ○ LBaaS, VPNaaS, FWaaS
  8. 8. Neutron Design Goals ● Unified API ● Small Core ● Pluggable Open Architecture ● Extensible ● Growing ecosystem (Neutron as a platform)
  9. 9. Abstractions
  10. 10. Basic Deployment
  11. 11. Neutron Installation Tips
  12. 12. Types of Network Traffic ● Management ○ Internal communication between services ● API ○ Exposes OpenStack APIs to users of the cloud ● Guest ○ A network dedicated to instance traffic ● External ○ Provides Neutron routers with network access
  13. 13. Single NIC Setup VM VM VM br-int br-tun br-eth0 eth0 overlay networks mgmt and API external
  14. 14. Multi-Nic Setup VM VM VM br-int br-tun br-eth1 eth1 overlay networks mgmt and API external eth0 eth0
  15. 15. Bonded NIC Setup VM VM VM br-int br-tun br-bond0 eth1 overlay networks mgmt and API external eth0 bond0
  16. 16. What Type Of Neutron Network To Use
  17. 17. Neutron Provider Network Setup Compute Host Compute Host Compute Host Provider VLAN 100 Provider VLAN 200
  18. 18. When To Use Provider Networks? ● Mapping Neutron install into existing network environment ● Small number of tenants ● Want to perform routing with existing routers (physical or virtual) ● Little or no interest in floating IPs
  19. 19. Neutron With Overlays (and L2 gateways!) Compute Host Compute Host Compute Host Network Node Underlay Network L2 Gateway Node L2 Gateway node handles translating between overlay networks to VLAN networks Network node handles L3 routing N/S, and SNAT when used with DVR DVR routes E/W traffic and performs DNAT locally
  20. 20. When To Use Neutron With Overlays? ● Large number of tenant networks ● Floating IPs central to installation
  21. 21. Neutron Tutorial
  22. 22. Thank you to our sponsor! ● Two options for gaining access to provided VMs ○ Join “tutorial” wifi network (password openstackneutron) ○ OR ○ ssh into the jumphost as “onug@67.205.58.120” ● Username/password for VMs: onug / ONUG2015
  23. 23. Components used in the tutorial All-In-One Control/Compute Node (Ubuntu 14.04.1) nova glance keystone neutron neutron l2 neutron l3 metadata dhcp Open vSwitch rabbitmq
  24. 24. Tutorial Assumptions ● You are using a devstack install on a cloud VM provided by Dreamhost ● The Tutorial uses the Kilo release of OpenStack
  25. 25. Neutron Networks and Subnets In this section, we’ll cover basic Neutron operations around networks, ports and subnets
  26. 26. Neutron Network Types ● local networks ● provider networks ● overlay networks
  27. 27. Neutron local networks ● local networks are created locally on the host ○ traffic is local on the node it is created on ● DHCP and metadata may not work with local networks ● Useful for complex technologies where you want to keep some traffic local to a small number of VMs on a host
  28. 28. Create a local network neutron net-create --provider:network_type=local onug_local
  29. 29. Neutron provider networks ● Useful when using a small number of tenants and you want to share networks created by the admin ● Assumes L3 routing handled in existing infrastructure
  30. 30. Creating a provider network neutron net-create --provider:network_type=vlan --provider: physical_network=physnet1 --provider:segmentation_id=200 --shared onug_vlan_network
  31. 31. Tenant overlay networks ● Useful for installations with a large number of tenants ● Allows tenants to create rich network layouts ● Allows for overlapping, shared IP address spaces ● Can utilize floating IPs for remote access ● Utilize L2 gateways to bridge to VLAN networks
  32. 32. Create an overlay network neutron net-create onug_overlay
  33. 33. Neutron subnets ● Subnets are the main L3 resource in Neutron ● Subnets can be IPv4 or IPv6 ● Planning ahead for your subnets is important ○ Note: Pluggable IPAM will be available in Liberty, and allow for integration with existing IPAM solutions you may have
  34. 34. Creating a subnet neutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 -- gateway=192.168.100.1 --allocation-pool start=192.168.100.2,end=192.168.100.254 --dns- nameservers 8.8.8.8 8.8.4.4
  35. 35. Quick Detour: Neutron Ports Port created for DHCP agent from previous port
  36. 36. Neutron Ports and Namespaces The DHCP port created previously looks like this on the host itself
  37. 37. Neutron Routers We’ll cover Neutron routers, floating IPs, and building complex topologies with them
  38. 38. Neutron Routers: Overview ● Neutron routers are per-tenant ○ Admin can create routers for tenants ● Neutron routers support both IPv4 and IPv6 ● Neutron routers can route traffic between internal and external networks ● Neutron routers can also route traffic between internal networks
  39. 39. Neutron With Routers
  40. 40. Create a router neutron router-create onug_router
  41. 41. Neutron router ports Neutron router Internal interface Gateway interfaceThis interface is attached to a local subnet This interface is attached to an upstream device to provide external connectivity
  42. 42. Distributed Routers!
  43. 43. Neutron With Distributed Routers!
  44. 44. Attaching router ports ● Attach the internal router port ○ neutron router-interface-add 87e8ca5c-7446-40d2-9973- b57c6a9f1b0a 68f34192-72d7-4e4d-82ae-b87410113a9a ● Attach the gateway port ○ neutron router-gateway-set 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a dab3f1f7-7015-4439-b393-0ad75d2de536
  45. 45. Verify your router ports neutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
  46. 46. Launch An Instance Find your image UUID and flavor ID
  47. 47. Launch an Instance (cont.) Boot the instance attaching to your tenant created network
  48. 48. Verify the Instance Is Up Note: We added a security group rule to allow ICMP packets.
  49. 49. Neutron NAT ● Neutron supports two types of NAT ○ one-to-one (with floating IPs) ○ one-to-many (without floating IPs) ● NAT and DVR ○ DVR supports decentralized DNAT but requires centralized SNAT
  50. 50. Create And Add a Floating IP
  51. 51. Neutron subnetpools ● Allow for creation of a range of address to be allocated to a pool ● Subnet allocation can now happen out of that range ● Instead of requiring specific addressing, can now utilize dynamic addressing from the pool
  52. 52. subnetpool: create network
  53. 53. subnetpool: create subnetpool
  54. 54. subnetpool: create subnet using pool
  55. 55. Neutron LBaaS We’ll walk through Neutron Load Balancing as a Service here, creating LBaaS constructs using the new for Kilo LBaaS V2 API
  56. 56. Neutron LBaaS V2 ● Neutron LBaaS V2 is new in Kilo ○ New API with different objects and attributes ○ http://developer.openstack.org/api-ref-networking- v2-ext.html#lbaas-v2.0 ● Lets give it a try!
  57. 57. Neutron LBaas V2 Tutorial ● Create 2 nova instances on onug_overlay network ● Setup security group rules to allow port 80 ● Run simple HTTP servers in those servers ● Create LBaaS constructs to balance HTTP requests across servers
  58. 58. Create 2 Nova Instances
  59. 59. Add security group rules
  60. 60. Spinup simple web servers
  61. 61. Create some loadbalancers
  62. 62. Create the listener
  63. 63. Create the pool
  64. 64. Add members
  65. 65. Verify it’s working
  66. 66. Debugging Neutron
  67. 67. Neutron Open Source Backends
  68. 68. Open Source Options ● Dragonflow ● OpenContrail ● OpenDaylight ● OVN ● Announced today: Akanda
  69. 69. Dragonflow ● A fully distributed virtual router using OpenFlow and Open vSwitch ● Removes the use of namespaces on the host for DVR ○ Implementation utilizes straight OpenFlow
  70. 70. Dragonflow Architecture
  71. 71. OpenContrail ● Extensible networking system designed for cloud networking and NFV ● Consists of two components: Controller and vRouter ○ Controller is logically centralized by physically distributed SDN controller ○ vRouter is a forwarding plane which runs in the hypervisor
  72. 72. OpenContrail Architecture OpenStack Nova OpenContrail Neutron Plugin Compute Node OpenStack Nova Agent vRouter Agent Contrail Node Configuration Node
  73. 73. OpenDaylight ● A community led, industry supported open source platform to support the adoption of SDN and NFV ● A platform to allow for many different APIs on both the north and south side
  74. 74. OpenDaylight Architecture OpenStack Nova OpenDaylight ML2 Driver Compute Node OpenStack Nova Agent Open vSwitch Compute Node OpenStack Nova Agent Open vSwitch
  75. 75. Open Virtual Networking (OVN) ● Compliments OVS by adding native support for virtual networking abstractions ○ L2 and L3 overlays, security groups, etc. ● Not a general purpose SDN controller ○ Focuses on L2/L3 networking ● Tight integration with OpenStack
  76. 76. OVN OpenStack OVN NB Database OVN ML2 Driver ovn-nbd OVN DB ovn-controller ovs-vswitchd ovsdb-server ovn-controller ovs-vswitchd ovsdb-server

×