Learning OpenStack Networking (Neutron)
By Denton James
4.5/5
()
About this ebook
OpenStack provides a rich API that enables users to architect networks, create virtual machines, and scale their application as they see fit. However, it suffered limited network implementations, providing only basic networking through Linux VLANs and iptables. With the arrival of Neutron, you can achieve so much more with OpenStack. Whether you are new to OpenStack Networking (Neutron) or have experience, this book will provide you with the skills needed to successfully design, create, customize, and maintain the core network foundation of an OpenStack cloud using the Neutron networking API.
From start to finish, this tutorial will educate you on the various network features of OpenStack in the Havana release and how they work together. With ample screenshots, examples, and command-line output that provide a consistent experience, this book will give you a foundation from which you can build your very own OpenStack cloud with advanced networking services.
Read more from Denton James
OpenStack Networking Essentials Rating: 0 out of 5 stars0 ratingsLearning OpenStack Networking (Neutron) - Second Edition Rating: 0 out of 5 stars0 ratings
Related to Learning OpenStack Networking (Neutron)
Related ebooks
Kubernetes Handbook: Non-Programmer's Guide to Deploy Applications with Kubernetes Rating: 4 out of 5 stars4/5Ubuntu Linux Bible Rating: 0 out of 5 stars0 ratingsLinux Services Deployment Rating: 0 out of 5 stars0 ratingsImplementing NetScaler VPX™ - Second Edition Rating: 0 out of 5 stars0 ratingsLearning Proxmox VE Rating: 0 out of 5 stars0 ratingsLearn Kubernetes - Container orchestration using Docker: Learn Collection Rating: 4 out of 5 stars4/5Learn Docker in a Month of Lunches Rating: 0 out of 5 stars0 ratingsHTTP/2 in Action Rating: 0 out of 5 stars0 ratingsMastering Proxmox - Second Edition Rating: 0 out of 5 stars0 ratingsVirtualization Essentials Rating: 0 out of 5 stars0 ratingsDocker: A Quick-Start Beginner's Guide Rating: 4 out of 5 stars4/5Getting Started with Terraform Rating: 5 out of 5 stars5/5Windows PowerShell for .NET Developers - Second Edition Rating: 4 out of 5 stars4/5Learning Ansible 2 - Second Edition Rating: 5 out of 5 stars5/5Puppet Cookbook - Third Edition Rating: 5 out of 5 stars5/5OpenStack for Architects Rating: 0 out of 5 stars0 ratingsOpenStack A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsRed Hat Ansible A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsDevOps for Networking Rating: 0 out of 5 stars0 ratingsMastering Linux Shell Scripting Rating: 4 out of 5 stars4/5Ansible Playbook Essentials Rating: 0 out of 5 stars0 ratingsMastering Jenkins Rating: 3 out of 5 stars3/5OpenShift in Action Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Ansible For Containers and Kubernetes By Examples Rating: 0 out of 5 stars0 ratingsMastering Ubuntu Server Rating: 5 out of 5 stars5/5Mastering KVM Virtualization Rating: 5 out of 5 stars5/5DNS in Action Rating: 0 out of 5 stars0 ratings
Networking For You
Quantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsNetworking All-in-One For Dummies Rating: 5 out of 5 stars5/5SharePoint For Dummies Rating: 0 out of 5 stars0 ratingsNetworking For Dummies Rating: 5 out of 5 stars5/5Unlock Any Roku Device: Watch Shows, TV, & Download Apps Rating: 0 out of 5 stars0 ratingsGroup Policy: Fundamentals, Security, and the Managed Desktop Rating: 0 out of 5 stars0 ratingsThe Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5DNS Security: Defending the Domain Name System Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Microsoft Azure For Dummies Rating: 0 out of 5 stars0 ratingsUnderstanding Azure Data Factory: Operationalizing Big Data and Advanced Analytics Solutions Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking Android Rating: 4 out of 5 stars4/5Computer Networking: Beginners Guide to Network Security & Network Troubleshooting Fundamentals Rating: 0 out of 5 stars0 ratingsCCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5CompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5AWS Certified Solutions Architect Study Guide: Associate SAA-C02 Exam Rating: 0 out of 5 stars0 ratingsHome Networking Do-It-Yourself For Dummies Rating: 4 out of 5 stars4/5Docker: A Quick-Start Beginner's Guide Rating: 4 out of 5 stars4/5Raspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Concise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Dissecting the Hack: The F0rb1dd3n Network, Revised Edition: The F0rb1dd3n Network Rating: 4 out of 5 stars4/5A Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratings
Reviews for Learning OpenStack Networking (Neutron)
2 ratings0 reviews
Book preview
Learning OpenStack Networking (Neutron) - Denton James
Table of Contents
Learning OpenStack Networking (Neutron)
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Preparing the Network for OpenStack
What is OpenStack Networking?
Features of OpenStack Networking
Switching
Routing
Load balancing
Firewalling
Virtual private networks
Preparing the physical infrastructure
Types of network traffic
Management network
API network
External network
Guest network
Physical server connections
Single interface
Multiple interfaces
Bonding
Separating services across nodes
A single controller with one or more compute nodes
A single controller plus network node with one or more compute nodes
Summary
2. Installing OpenStack
System requirements
Operating system requirements
Initial network configuration
Interface configuration
Before you begin
Permissions
Configuring the OpenStack repository
Installing OpenStack utilities
Setting the hostnames
Disabling SELinux
Removing iptables rules
Installing and configuring Network Time Protocol
Upgrading the system
Installation of OpenStack
Installing and configuring the MySQL database server
Installing the MySQL database client
Installing and configuring the messaging server
Installing and configuring the Identity service
Defining users, tenants, and roles in Keystone
Define services and API endpoints in Keystone
Verify the Keystone installation
Setting environment variables
Installing and configuring the image service
Define the Glance service and API endpoints in Keystone
Verify the Glance image service installation
Installing and configuring the Compute service
Installing and configuring controller node components
Installing and configuring compute node components
Verify communication between services
Installing the OpenStack dashboard
Allowing connections to the dashboard
Identifying the Keystone server
Changing the listener address
Testing connectivity to the dashboard
Summary
3. Installing Neutron
Basic Neutron constructs
Overlapping networks using network namespaces
Extending network functions with plugins
Installing and configuring Neutron services
Creating the Neutron database
Configuring the Neutron user, role, and endpoint in Keystone
Enabling packet forwarding
Configuring Neutron to use Keystone
Configuring Neutron to use a messaging service
Configuring a root helper
Configuring Nova to utilize Neutron networking
Configuring Neutron services
Configuring neutron-server
Starting neutron-server
Configuring the Neutron DHCP agent
Starting the Neutron DHCP agent
Configuring the Neutron metadata agent
Configuring the Neutron L3 agent
Configuring the Neutron LBaaS agent
Using the Neutron command-line interface
Summary
4. Building a Virtual Switching Infrastructure
Providing layer 2 connectivity to instances
Virtual network interfaces
Bridging
Configuring the bridge interface
Types of networks in Neutron
Choosing a networking plugin
LinuxBridge
Internal network connections when using LinuxBridge
VLAN
Flat
Local
Open vSwitch
Internal network connections when using Open vSwitch
Identifying ports on the virtual switch
Identifying the local VLANs associated with ports
Programming flow rules
Flow rules for VLAN networks
Flow rules for flat networks
Flow rules for local networks
Configuring a layer 2 networking plugin
Configuring the LinuxBridge plugin
Configuring Nova to use LinuxBridge
Configuring the DHCP agent to use LinuxBridge
LinuxBridge plugin configuration options
Tenant network type
Physical interface mappings
Network VLAN ranges
Firewall driver
Restarting services
Configuring the Open vSwitch plugin
Configuring Neutron to use Open vSwitch
Configuring Nova to use Open vSwitch
Configuring the DHCP agent to use Open vSwitch
Open vSwitch plugin configuration options
Bridge mappings
Configuring the bridges
Tenant network type
Network VLAN ranges
Enable tunneling
Tunnel type
Tunnel ID ranges
Integration bridge
Tunnel bridge
Local IP
Configuring a virtual VLAN interface for overlay traffic
Firewall driver
Database
Restarting services to enable the Open vSwitch plugin
Summary
5. Creating Networks with Neutron
Network management
Managing networks in the CLI
Creating a flat network in the CLI
Creating a VLAN in the CLI
Creating a local network in the CLI
Listing networks in the CLI
Showing network properties in the CLI
Updating networks in the CLI
Deleting networks in the CLI
Creating networks in the dashboard
Using the Admin tab as an administrator
Using the Project tab as a user
Subnets in Neutron
Creating subnets in the CLI
Creating a subnet in the CLI
Listing subnets in the CLI
Showing subnet properties in the CLI
Updating a subnet in the CLI
Creating subnets in the dashboard
Using the Admin tab as an administrator
Using the Project tab as a user
Neutron ports
Attaching instances to networks
Attaching instances to networks using Nova boot
Attaching and detaching network interfaces
Adding secondary addresses to interfaces
Exploring how instances get their addresses
Exploring how instances retrieve their metadata
Router namespace
The DHCP namespace
Adding a manual route to 169.254.169.254
Using DHCP to inject the route
Summary
6. Creating Routers with Neutron
Configuring the Neutron L3 agent
Defining an interface driver
Setting the external network
Setting the external bridge
Enabling the metadata proxy
Starting the Neutron L3 agent
Router management in the CLI
Creating routers in the CLI
Working with router interfaces in the CLI
Attaching internal interfaces to routers
Attaching a gateway interface to a router
Listing interfaces attached to routers
Deleting internal interfaces
Clearing the gateway interface
Listing routers in the CLI
Displaying router attributes in the CLI
Updating router attributes in the CLI
Deleting routers in the CLI
Network Address Translation
Floating IP addresses
Floating IP Management
Creating floating IPs in the CLI
Associating floating IPs to ports in the CLI
Listing floating IPs in the CLI
Displaying floating IP attributes in the CLI
Disassociating floating IPs in the CLI
Deleting floating IPs in the CLI
Demonstrating traffic flow from instance to Internet
Setting the foundation
Creating an external provider network
Creating a Neutron router
Attaching the router to the external network
Testing gateway connectivity
Creating an internal network
Attaching the router to the internal network
Creating instances
Verifying instance connectivity
Observing default NAT behavior
Assigning floating IPs
Reassigning floating IPs
Router management in the dashboard
Creating a router in the dashboard
Attaching a gateway interface in the dashboard
Attaching internal interfaces in the dashboard
Viewing the network topology in the dashboard
Associating floating IPs to instances in the dashboard
Disassociating floating IPs in the dashboard
Summary
7. Load Balancing Traffic in Neutron
Fundamentals of load balancing
Load balancing algorithms
Monitoring
Session persistence
Integrating load balancers into the network
Network namespaces
Installing LBaaS
Configuring the Neutron LBaaS agent service
Define an interface driver
Define a device driver
Change the user group
Define a service plugin
Starting the Neutron LBaaS agent service
Enabling LBaaS in Horizon
Load balancer management in the CLI
Managing pools in the CLI
Creating a pool
Deleting a pool
Listing pools
Showing pool details
Showing pool statistics
Updating a pool
Listing pools associated with an agent
Managing pool members in the CLI
Creating pool members
Deleting pool members
Listing pool members
Showing pool member details
Updating a pool member
Managing health monitors in the CLI
Creating a health monitor
Deleting a health monitor
Associating a health monitor with a pool
Disassociating a health monitor from a pool
Listing health monitors
Showing health monitor details
Updating a health monitor
Managing virtual IPs in the CLI
Creating a virtual IP
Deleting a virtual IP
Listing virtual IPs
Showing virtual IP details
Updating a virtual IP
Building a load balancer
Creating a pool
Creating pool members
Creating a health monitor
Creating a virtual IP
The LBaaS network namespace
Confirming load balancer functionality
Observing health monitors
Connecting to the virtual IP externally
Load balancer management in the dashboard
Creating a pool in the dashboard
Creating pool members in the dashboard
Creating health monitors in the dashboard
Creating a virtual IP in the dashboard
Connecting to the virtual IP externally
Summary
8. Protecting Instances on the Network
Security groups in OpenStack
Firewall-as-a-service
Introducing iptables
Working with security groups
Managing security groups in the CLI
Creating security groups in the CLI
Deleting security groups in the CLI
Listing security groups in the CLI
Showing the details of a security group in the CLI
Updating security groups in the CLI
Creating security group rules in the CLI
Deleting security group rules in the CLI
Listing security group rules in the CLI
Showing the details of a security group rule in the CLI
Applying security groups to instances in the CLI
Implementing security group rules
Stepping through the chains
Working with security groups in the dashboard
Working with FWaaS
Preparing Neutron for FWaaS
Configuring the FWaaS driver
Defining a service plugin
Enabling FWaaS in the dashboard
Working with firewalls in the CLI
Creating a firewall rule in the CLI
Deleting a firewall rule in the CLI
Listing firewall rules in the CLI
Showing the details of a firewall rule in the CLI
Updating a firewall rule in the CLI
Creating a firewall policy in the CLI
Deleting a firewall policy in the CLI
Listing firewall policies in the CLI
Showing the details of a firewall policy in the CLI
Updating a firewall policy in the CLI
Inserting rules into firewall policies in the CLI
Removing rules from firewall policies in the CLI
Creating a firewall in the CLI
Deleting a firewall in the CLI
Listing firewalls in the CLI
Showing the details of a firewall in the CLI
Updating a firewall in the CLI
Working with firewalls in the dashboard
Firewall rules – behind the scenes
Stepping through the chains within the firewall
Summary
A. Additional Neutron Commands
Neutron extensions
Listing Neutron API extensions
Showing the details of an API extension
Virtual private networks
Per-tenant quotas
Listing the default quotas
Updating tenant quotas
Listing tenant quotas
Deleting tenant quotas
Cisco Nexus 1000V command reference
VMware/Nicera command reference
B. ML2 Configuration
Installing the ML2 plugin
Creating a database for ML2
Configuring Neutron to use ML2
Configuring service plugins
Configuring the ML2 plugin
Restarting Neutron services
Index
Learning OpenStack Networking (Neutron)
Learning OpenStack Networking (Neutron)
Copyright © 2014 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2014
Production reference: 1071014
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78398-330-8
www.packtpub.com
Cover image by Suyog Gharat (<yogiee@me.com>)
Credits
Author
James Denton
Reviewers
Kevin Jackson
Jorge Armin Garcia Lopez
Jacob Walcik
Commissioning Editor
Kartikey Pandey
Acquisition Editor
Richard Harvey
Content Development Editor
Susmita Panda
Technical Editor
Shiny Poojary
Copy Editors
Roshni Banerjee
Sarang Chari
Karuna Narayanan
Project Coordinator
Kartik Vedam
Proofreaders
Martin Diver
Ameesha Green
Samantha Lyon
Indexers
Hemangini Bari
Monica Ajmera Mehta
Tejal Soni
Graphics
Sheetal Aute
Ronak Dhruv
Valentina D'silva
Disha Haria
Abhinash Sahu
Production Coordinators
Aparna Bhagat
Shantanu N. Zagade
Cover Work
Aparna Bhagat
About the Author
James Denton lives with his beautiful wife, Amanda, and son, Wyatt, in San Antonio, Texas. He is an experienced IT professional with extensive experience in application networking technologies and OpenStack networking. He specializes in OpenStack for Rackspace in San Antonio, Texas. He is a Network Architect for the Rackspace Private Cloud team. He can be found on Twitter @jimmdenton and on Freenode IRC as busterswt.
I'd like to thank my wife, Amanda, for providing encouragement and patience throughout the writing of this book. In addition, I would like to thank my team at Rackspace for reviewing many rough drafts and providing excellent feedback.
Without OpenStack and Rackspace, the opportunity to write this book would not have been possible. A big thanks goes out to the OpenStack community for developing, and continuing to improve on, the product. It has been an amazing experience to be involved in this open source movement, and I look forward to the future.
About the Reviewers
Kevin Jackson is married and has three children. He is an experienced IT professional working with a range of clients, from small businesses to online enterprises. He has extensive experience of various flavors of Linux and Unix. He works as Principal Cloud Architect for Rackspace UK, specializing in OpenStack and covering the international market for the DevOps & Automation Advisory Services team. He is a co-author of OpenStack Cloud Computing Cookbook, Packt Publishing and OpenStack Architecture Design Guide, OpenStack Foundation. He can be found on Twitter @itarchitectkev.
Jorge Armin Garcia Lopez is a very passionate information security consultant from Mexico with more than 6 years of experience in computer security, penetration testing, intrusion detection/prevention, malware analysis, and incident response. He is the leader of a tiger team at one of the most important security companies placed in Latin America and Spain. He is also a security researcher at Cipher Storm Ltd Group and is the cofounder and CEO of the most important security conference in Mexico, BugCON. He holds important security industry certifications, such as OSCP, GCIA, GPEN, FireEye Specialist.
He has reviewed the following books:
Penetration Testing with BackBox, Packt Publishing
Django Essentials, Packt Publishing
PenetrationTesting with the Bash shell, Packt Publishing
Thanks to all my friends for supporting me. Special thanks to my grandmother, Margarita, and my sister, Abril. I would also like to thank Krangel, Shakeel Ali, Mada, Hector Garcia Posadas, and Belindo.
Jacob Walcik works as Principal Solutions Architect for Rackspace (http://rackspace.com). Over the last 18 years, he has worked as a software developer, systems administrator, and general technologist. In recent years, he has specialized in helping companies design and build their OpenStack-based private clouds. In his spare time, he enjoys hiking, playing soccer, and riding British motorcycles.
www.PacktPub.com
Support files, eBooks, discount offers, and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print and bookmark content
On demand and accessible via web browser
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
I dedicate this book to the memory of my grandfather, a proud Aggie whose curiosity in all things, including technology, helped form my identity and career. This book also goes to our friend, Alejandro Martinez, a great teammate and Racker.
Preface
The latest release of OpenStack, code-named Icehouse, was released in April 2014 and includes the networking service known as Neutron (formerly Quantum). First introduced in the Folsom release of OpenStack, Neutron provides cloud operators and users with an API to create and manage networks in the cloud. An extension framework allows for additional network services, such as load balancing, firewalls, and virtual private networks, to be deployed and managed.
It is important to note that OpenStack Networking in this book refers only to Neutron and should not be confused with the legacy networking service known as nova-network built in Nova (Compute). While nova-network has slipped its deprecation date in the last two releases, support for the technology is limited in the future.
What this book covers
Chapter 1, Preparing the Network for OpenStack, will provide an introduction to OpenStack Networking that includes a description of the different supported networking technologies, and it will explain how to architect the physical network to support an OpenStack cloud.
Chapter 2, Installing OpenStack, will cover how to install the base components of the Havana release of OpenStack on the CentOS 6.5 operating system.
Chapter 3, Installing Neutron, will explain how to install the Neutron networking components of OpenStack and will help us to understand the internal architecture of Neutron, including the use of agents and plugins to orchestrate network connectivity.
Chapter 4, Building a Virtual Switching Infrastructure, will help us to install and configure the LinuxBridge plugin for Neutron to provide layer 2 connectivity to instances. We will also cover the architectural differences between the LinuxBridge and Open vSwitch plugins and how they connect instances to the network.
Chapter 5, Creating Networks with Neutron, will create networks and subnets in Neutron, boot and attach instances to networks, and explore the process of obtaining DHCP leases and metadata.
Chapter 6, Creating Routers with Neutron, will create Neutron routers and attach them to networks, follow traffic from an instance through a router, and explore the process of applying floating IPs to instances.
Chapter 7, Load Balancing Traffic in Neutron, will explore the fundamental components of a load balancer in Neutron, including virtual IPs, pools, pool members, and monitors. It will also help us to create and integrate a load balancer into the network.
Chapter 8, Protecting Instances on the Network, will cover the creation and management of security-group