8. neutron Network Virtualization

Keywords: OpenStack network Mac Database

Article directory

8.1 Why Physical Networks Can't Meet the Needs of Cloud Computing

8.1.1 Large Capacity MAC and ARP Table Items

Virtualization results in larger MAC table entries. Assuming that there are 5,000 servers in an Internet cloud computing center, there are 100,000 virtual machines for virtualization at a ratio of 1:20. Usually, each virtual opportunity is equipped with two business ports, so the cloud computing center has 200,000 virtual ports, corresponding to the need for 200,000 MAC addresses and IP addresses. Cloud computing requires flexible scheduling of resources and arbitrary migration of business resources. That is to say, any virtual machine can migrate arbitrarily in the whole cloud computing network. This requires the whole network in a unified two-tier network. It is possible for any switch in the whole network to learn all MAC table items in the whole network. Correspondingly, at present, the mainstream MAC entries of access switches in the industry are only 32K, which can hardly meet the needs of Internet cloud computing. In addition, the gateway needs to record ARP information of all hosts and all network ports. This requires more than 200,000 valid ARP entries for gateway devices. Most gateway chips do not have this capability

8.1.2 4K VLAN TRUNK

Traditional large two-tier networks support the migration of virtual machines from any VLAN to any location in the network, generally in two ways. Mode 1: After virtual machine migration, VLAN configuration is dynamically sent up and down to all ports corresponding to the virtual machine through the automated network management platform; at the same time, VLAN configuration on all ports corresponding to the virtual machine needs to be dynamically deleted before migration. The disadvantage of this method is that it is very complex to implement, and the automation management platform also faces the compatibility problem for multi-vendor equipment, so it is difficult to achieve. Mode 2: Statically configure VLAN on cloud computing network and configure VLAN trunk all on all ports. The advantage of this method is very simple, and it is the mainstream application mode at present. But it also brings a huge problem: if there is a broadcast storm in any VLAN, all VLAN virtual machines in the whole network will be affected by the storm and business interruption will occur.

8.1.34 K VLAN upper bound problem

There may be multi-tenant demand in cloud computing networks. If the number of tenants and businesses exceeds the VLAN upper limit (4K), they will not be able to support customer needs.

8.1.4 Network Dependency in Virtual Machine Migration

VM migration needs to be within the same two-tier domain==, and IP-based subnet partitioning limits the scale of connectivity of the two-tier network.

8.2 neutron Network Virtualization Capability

  1. Virtualization of Layer 2 to Layer 7 Networks: L2 (virtual switch), L3 (virtual Router and LB), L4-7 (virtual Firewall), etc.
  2. Network Connectivity: Two-tier Network and Three-tier Network
  3. Tenant segregation
  4. Network Security
  5. Network Extensibility
  6. REST API
  7. More advanced services, including LBaaS, FWaaS, VPNaaS, etc.

8.3 neutron provides network types

  • local type
  • flat type
  • vlan type
  • gre type
  • vxlan type

8.4 Register neutron service in Keystone

8.4.1 Create neutron database

mysql -uroot -pabc-123
---
create database neutron;
grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'neutron'
grant all privileges on neutron.* to 'neutron'@'%' identified by 'neutron'
exit

8.4.2 Create neutron users

source /script/admin.sh
openstack user create --domain default --password=neutron neutron
openstack user list

8.4.3 Add neutron to the test project and grant admin privileges

openstack role add --project test --user neutron admin

8.4.4 Create neutron services

openstack service create --name neutron --description "OpenStack Networking" network
openstack service list

8.4.5 Create neutron's api service (endpoint)

openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
openstack endpoint list

8.5 Control Node Installation Configuration neutron

8.5.1 Install neutron

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

8.5.2 Configure neutron.conf

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:neutron@controller/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  test 
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  neutron  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://controller:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  test  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  nova  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

8.5.3 Configuration ml2_conf.ini

openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  flat,vlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  linuxbridge
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider 
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True 

8.5.4 Configure linuxbridge_agent.ini

openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:ens192
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan  enable_vxlan  False
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True 
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

neutron-linuxbridge-agent.service is automatically set to 1

sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables

8.5.5 Configure dhcp_agent.ini

openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  linuxbridge
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True 

8.5.6 Configure metadata_agent.ini

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron

8.5.7 nova adds neutron network services

openstack-config --set  /etc/nova/nova.conf  neutron url http://controller:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://controller:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name test
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password neutron
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret neutron

8.5.8 Initialization of Network Plug-ins

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

8.5.9 Synchronized Database

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

8.5.10 Restart the nova_api service

systemctl restart openstack-nova-api.service

Start and configure self-start

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

8.6 nova Computing Node Installs neutron Service

8.6.1 Install neutron

yum install openstack-neutron-linuxbridge ebtables ipset -y

8.6.2 Configure neutron.conf

openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url  rabbit://openstack:openstack@controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name test
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

8.6.3 Configure linuxbridge_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings  provider:ens192
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

8.6.4 nova adds neutron network services

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name test
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron

8.6.5 Restart nova

systemctl restart openstack-nova-compute.service
systemctl status openstack-nova-compute.service

8.6.6 Start and Configure Self-Start

systemctl restart neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service

8.7 Control Node Checks neutron Service

source /script/admin.sh
openstack extension list --network
openstack network agent list

8.8 Control Nodes Create Networks

8.8.1 Create a Network Interface (provider: bridging existing physical networks)

openstack network create --share --external --provider-physical-network provider  --provider-network-type flat provider
openstack network list

8.8.2 Creating Subnets

openstack subnet create --network provider --no-dhcp --allocation-pool start=192.168.204.100,end=192.168.204.200 --dns-nameserver 223.5.5.5 --gateway 192.168.204.1 --subnet-range 192.168.204.0/24 provider-subnet01
openstack subnet list

Posted by phphelpme on Thu, 09 May 2019 11:00:38 -0700