Neutron is the networking component of the openstack setup which will manage the inward and outward traffic to and from the instances to the external network. The benefits of neutron is it will act as a network connectivity service and supports many L2 and L3 technologies. It is easy to manage as we can deploy in centralised setup also it can be deployed as distributed setup.The advanced technologies which includes in neutron are like load balancing, VPN, firewall etc.
The basic neutron process is given below
- Boot VM start.
- Create a port and notify the DHCP of the new port.
- Create a new device (virtualization library – libvirt).
- Wire port (connect the VM to the new port).
- Complete boot.
Neutron server contains mainly 3 components
- REST API - This is a http based API service which includes methods, url's, media types , responses etc. It also exposes logical resources like subnets & ports
- Queue - This handles bi directional communication between agents and the neutron server.
- Plugin - This component will communicate with plugin agents installed in instances to manage vswitch configuration . Also this will help neutron server to access the database persistently using the AMQP protocol.
Basic architecture of a neutron server is below
Detailed architecture of neutron setup is below
Steps to configure the neutron
- First we need to create an external network which is called provider network in controller node
command format is below
neutron net-create <NET-NAME> --provider:physical_network=<LABEL-PHYSICAL-INTERFACE> --provider:network_type=<flat or vlan> --shared --router:external=True
root@CTRL:~# neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | f26chf4c-5c46-2881-c0h0-0845918d6536 |
| name | ext-net |
| provider:network_type | flat |
| provider:physical_network | external |
| provider:segmentation_id | |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | c15d8b07h462481348c3f3c4e8d581c7 |
+---------------------------+--------------------------------------+
root@CTRL:~#
- Next step is to assign the IP pool for the external network router and interfaces to avoid the IP conflict . In our case i am assigning the IP pool starting from 192.168.24.10 to 192.168.24.30 and the default gateway is 192.168.24.2
command format
neutron subnet-create --name <SUBNET-NAME> <NET-NAME> <SUBNET-CIDR> --gateway <GATEWAY-IP> --allocation-pool start=<STARTING-IP>,end=<ENDING-IP> --dns-nameservers list=true <DNS-1 DNS-2>
root@CTRL:~# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=192.168.24.10,end=192.168.24.30 --disable-dhcp --gateway 192.168.24.2 192.168.24.0/24
Created a new subnet:
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | {"start": "192.168.24.10", "end": "192.168.24.30"} |
| cidr | 192.168.24.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 192.168.24.2 |
| host_routes | |
| id | f26chf4c-5c46-2881-c0h0-0845918d6536
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | ext-subnet |
| network_id | 2d188736-5877-77df-bc8c-eb1964c4a74a |
| tenant_id | c15d8b07h462481348c3f3c4e8d581c7 |
+-------------------+--------------------------------------------------------+
root@CTRL:~#
- Next step is to create a Tenant network , we have created a tenant earlier as tuxfixer . We have to source that tuxfixer.rc file
root@CTRL:~# cat tuxfixer.rc
export OS_USERNAME=tuxfixer
export OS_PASSWORD=tux123
export OS_TENANT_NAME=tuxfixer
export OS_AUTH_URL=http://CTRL:35357/v2.0
root@CTRL:~#
root@CTRL:~# source tuxfixer.rc
command format
neutron net-create <NET-NAME>
neutron subnet-create --name <SUBNET-NAME> <NET-NAME> <SUBNET-CIDR>
root@CTRL:~# neutron net-create tuxfixer-net
Created a new network:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | True |
| id | 2c0dh763-3fd4-2f8c-743f-7h0j35cv6cde |
| name | tuxfixer-net |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | dbe3cf30f46b446fcfe84b205459780d |
+-----------------+--------------------------------------+
Now create a subnet for the tenant tuxfixer
The tuxfixer tanent can use the ip starting from 192.168.5.2 to 192.168.5.254
root@CTRL:~# neutron subnet-create tuxfixer-net --name tuxfixer-subnet --gateway 192.168.5.1 192.168.5.0/24
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.5.2", "end": "192.168.5.254"} |
| cidr | 192.168.5.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.5.1 |
| host_routes | |
| id | ac05bc74-eade-4811-8e7b-8de021abe0c1 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | tuxfixer-subnet |
| network_id | 2c0dh763-3fd4-2f8c-743f-7h0j35cv6cde |
| tenant_id | dbe3cf30f46b446fcfe84b205459780d |
+-------------------+--------------------------------------------------+
- We have to create a tanent router and add the internal and external interfaces to that .
command details
neutron router-create <ROUTER-NAME>
neutron router-interface-add <ROUTER-NAME> <SUBNET-NAME>
neutron router-gateway-set <ROUTER-NAME> <NET-NAME>
root@CTRL:~# neutron router-create tuxfixer-router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 1e4g48d3-a9d0-3567-3f1c-29cd8b83345d |
| name | tuxfixer-router |
| routes | |
| status | ACTIVE |
| tenant_id | dbe3cf30f46b446fcfe84b205459780d |
root@CTRL:~# neutron router-interface-add tuxfixer-router tuxfixer-subnet
Added interface 445d79cb-3dcf-5f88-963c-aa054f7ce758 to router tuxfixer-router.
root@CTRL:~# neutron router-gateway-set tuxfixer-router ext-net
Set gateway for router tuxfixer-router
Now we need to list the newly created router details. We have 2 subnets configured where 1 will use for tanent and other will be for external
root@CTRL:~# neutron router-port-list tuxfixer-router
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| |1e4g48d3-a9d0-3567-3f1c-29cd8b83345d | fc:16:4d:13:32:21 | {"subnet_id": "f6523637-7162-449d-b12c-e1f0eda6196d", "ip_address": "192.168.5.1"} |
We can verify the work by pinging to the external and tanent IP from controller node
First we need to verify the router interfaces which we created for tuxfixer
root@CTRL:/var/log/neutron# ip netns
efccp-49ff7852-07c4-30d2-82cb-e6f7daf673a4
qrouter-43681237-d673-5e1b-ca04-7e4672274992
Now ping the external IP using below command
root@CTRL:~# ip netns exec qrouter-43681237-d673-5e1b-ca04-7e4672274992 ping 192.168.24.30
PING 192.168.24.30 (192.168.24.30) 56(84) bytes of data.
64 bytes from 192.168.24.30: icmp_seq=1 ttl=64 time=0.165 ms
64 bytes from 192.168.24.30: icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from 192.168.24.30: icmp_seq=3 ttl=64 time=0.082 ms
^C
Ping the Tanent IP
root@CTRL:~# ip netns exec qrouter-43681237-d673-5e1b-ca04-7e4672274992 ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 56(84) bytes of data.
64 bytes from 192.168.5.1: icmp_seq=1 ttl=64 time=0.165 ms
64 bytes from 192.168.5.1: icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from 192.168.5.1: icmp_seq=3 ttl=64 time=0.082 ms
^C
Basic neutron configuration is completed except the security groups which i will discuss as separately
No comments:
Post a Comment