Академический Документы
Профессиональный Документы
Культура Документы
Port A port is a connection point for attaching a single device, such as the NIC of
a virtual server, to a virtual network. The port also describes the associated
network con guration, such as the MAC and IP addresses to be used with this
port.
Subnet A block of IP addresses and associated con guration state. Subnets are
used to allocate IP addresses when new ports are created on a network.
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 1/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
The virtual port in the drawing, can be connected to vif port that managed by Nova.
Routers
Neutron allows you to create virtual routers and manage routing using L3 agent that
is is usually installed on the network node. Routing is possible between networks in
your OpenStack environment or between your instances and the external network.
Below, in the drawing you can see there is a virtual router on the network node
making routing possible between Host_A and Host_B to Host_c. The Router has
internal and external network ports. But in order for it to work it will also need to use
NAT and oating IPs.
NAT
Network Address Translation is used for modifying the source or destination IP
address. Whenever your instance is trying to the reach Host_C on the public
network, the NAT protocol will translate your instance IP address from 192.168.1.x
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 2/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
The same goes for Host_C, trying to reach the instances in your tenant.
There several NAT types, but well leave that for anther post =)
Floating IP
Allows public connectivity to your OpenStack instances from the outside. The
internal address of your instances is not known for hosts on the external network
hence, the 192.180.1.2 address cant be used by Host_C to reach Host_A.
To allow such connectivity you would use Floating IP. The oating ip would be
allocated on provider network range. So based on the above drawing, for Host_C to
reach Host_A, it would have to use the address 190.40.10.2.
External Similar to VM data traf c but with access to the public network (
Orange lines in the drawing below ).
API Access to the API OpenStack services. Services like horizon, neutron, nova,
glace. It should be accessible from public network ( Purple lines in the drawing
below ).
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 3/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
Network Node
Network node get data moved between networks and to the external world.
neutron-server
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 4/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
It provides the REST API. Normally you would nd it installed on the controller. It
receiving API calls like creating network, delete subnet, delete router and manages
the SQL database accordingly, making the it persistent in the database.
It also uses the Messaging broker ( green circle in the drawing ) to forward
noti cations to the different agents resides on the different nodes over RPC.
One short work ow for example: neutron-server receives API call for creating router
-> Make it persistent in the database -> Forward noti cation message to the L3 agent
that resides on the network node.
message queue
Used for interaction (messages/noti cations) between services. Common
implementations are qpid, rabbitmq, amqp.
DHCP agent
L3 agent
An extension in neutron. It Receives noti cations from neutron-server to to manage
routers. It resides on the network node. So it manages routing and also oating IPs.
L3 uses linux network namespace. It provides isolated copy of network stack. You get
your own private loopback and the scope is limited to namespace which allows you to
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 5/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
reuse addresses. You can also spawn processes with namespace. You can have
multiple DHCP servers with overlapping IPs.
You can setup HA by using L3 on anther network node with separate namespace and
sync the states between them using vrrp.
L2 agent
L2 agent runs on hypervisor and and communicates with neutron server using RPC.
Normally will be installed on the network and compute nodes. Its main job is to watch
and notify when devices added or removed and to con gure the network on the host
accordingly. It can handle linux bridges, OVS and security group rules.
One common example for its usage would be new created vm with single nic that
must be connected to some network. The actual connection is done by L2 agent that
makes sure it connected to the right network. It also handles OVS ows, Linux
bridges, VLAN tagging and security groups.
OVS L2 agent
Openvswitch L2 agent con gured to work with OVS, using ovsdb. It supports Tenant
Isolation ( VLAN, GRE, VXLAN). The way it works with tunnel networks is that its
actually con gures two bridges on the host and the tunnel networks are con gured
between the hosts. On the host itself it using local vlans to segregate traf c.
Metadata agent
Proxy to nova metadata service. Provides any own information requested by the
instances. for example: IP address, hostname, tenants. Normally installed on network
node.
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 6/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
Tap device virtual device that represents the virtual nic on the virtual machine. It
simulates a link layer device and it used to create linux bridge. You can think of it as a
cable that one end of of it connected to network X and the other end connected to
the virtual nic of the virtual instace.
Plugins
In the previous sections you saw that neutron can handle a variety protocols . It
accomplished by using plugins. Neutron API is pluggable, meaning you can write and
use any plugin you want to use new features and technologies as L2, L3 and QoS for
example. Each plugin implements API differently.
The plugin code of neutron is executed as part of neutron server service. The plugins
are classi ed into two categories coreplugins andservice plugins. Core plugin
implements the core API (port, network, subnet). ML2 is an example to core plugin
which is an integral part of neutron today. It handles a variety of L2 technologies.
Extensions
Neutron support extensions to the REST API to extend the core resources. Common
extensions are security groups, L3, DHCP, binding. You can access those by using the
url: $serverUrl/v2.0/extensions.
Common Features
The common features that youll nd for every implementation are:
Support for overlapping IPs You could use the same networks for different
tenants
Floating IPs
Tenant isolation
Tenant network isolation is achieved by using VLANs or GRE / VXLAN tunnels.
Historically speaking, tunneling was less mature and used to ood broadcast
information to know where the vm is located. Since l2 population implemented, peer
to peer tunnels are now being done in much more intelligent way. This is an important
part of neutron and it will be covered in much more detail on separate post.
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 8/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
Share this:
28
Related
Openstack
6 Comments
Vishal
FEBRUARY 8, 2016 AT 2:19 AM
REPLY
fulda19d
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 9/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
MARCH 15, 2016 AT 12:55 AM
REPLY
hammad
APRIL 20, 2016 AT 10:40 AM
Great
REPLY
REPLY
vISHV
SEPTEMBER 26, 2016 AT 4:08 PM
REPLY
bhr
MAY 30, 2017 AT 11:43 AM
Hi abregman,
Thanks for such nice explanation. I have one doubt regarding ip allocation to the
vm.
In the diagram, as per step7 neutron server will allocate the ip and inform to dhcp
agent to update dnsmasq about the ip which is contradicting the dhcp agent
de nition In charge of IP address allocation. It receives delete/create network
noti cations from neutron server and then it using dsnmasq technology as a dhcp
server. When you boot vm, it will send dhcp request using the guest/vm data
network. The request will reach the network node, speci cally the dnsmasq
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 10/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
instace of this network that will send a reply back to the instance with the IP
address.
REPLY
Leave a Reply
Your email address will not be published.
Name
Website
Post Comment
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 11/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
RECENT POSTS
RECENT COMMENTS
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 12/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 13/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 14/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 15/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 16/17
12/10/2017 Openstack Neutron: Introduction Arie Bregman
http://abregman.com/2016/01/04/openstack-neutron-introduction/#more-170 17/17