Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Learning OpenStack NetworkingThird Edition
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introduction to OpenStack Networking
What is OpenStack Networking?
Features of OpenStack Networking
Switching
Routing
Load balancing
Firewalling
Virtual private networks
Network functions virtualization
OpenStack Networking resources
Virtual network interfaces
Virtual network switches
Overlay networks
Virtual Extensible Local Area Network (VXLAN)
Generic Router Encapsulation (GRE)
Generic Network Virtualization Encapsulation (GENEVE)
Preparing the physical infrastructure
Configuring the physical infrastructure
Management network
API network
External network
Guest network
Physical server connections
Single interface
Multiple interfaces
Bonding
Separating services across nodes
Using a single controller node
Using a dedicated network node
Summary
Installing OpenStack
System requirements
Operating system requirements
Initial network configuration
Example networks
Interface configuration
Initial steps
Permissions
Configuring the OpenStack repository
Upgrading the system
Setting the hostnames
Installing and configuring Network Time Protocol
Rebooting the system
Installing OpenStack
Installing and configuring the MySQL database server
Installing and configuring the messaging server
Installing and configuring memcached
Installing and configuring the identity service
Configuring the database
Installing Keystone
Configuring tokens and drivers
Bootstrap the Identity service
Configuring the Apache HTTP server
Setting environment variables
Defining services and API endpoints in Keystone
Defining users, projects, and roles in Keystone
Installing and configuring the image service
Configuring the database
Defining the Glance user, service, and endpoints
Installing and configuring Glance components
Configuring authentication settings
Configuring additional settings
Verifying the Glance image service installation
Installing additional images
Installing and configuring the Compute service
Configuring the database
Defining the Nova user, service, and endpoints
Installing and configuring controller node components
Configuring authentication settings
Additional controller tasks
Installing and configuring compute node components
Additional compute tasks
Adding the compute node(s) to the cell database
Installing the OpenStack Dashboard
Updating the host and API version configuration
Configuring Keystone settings
Modifying network configuration
Uninstalling default Ubuntu theme (optional)
Reloading Apache
Testing connectivity to the dashboard
Familiarizing yourself with the dashboard
Summary
Installing Neutron
Basic networking elements in Neutron
Extending functionality with plugins
Modular Layer 2 plugin
Drivers
TypeDrivers
Mechanism drivers
ML2 architecture
Network namespaces
Installing and configuring Neutron services
Creating the Neutron database
Configuring the Neutron user, role, and endpoint in Keystone
Installing Neutron packages
Configuring Neutron to use Keystone
Configuring Neutron to use a messaging service
Configuring Nova to utilize Neutron networking
Configuring Neutron to notify Nova
Configuring Neutron services
Starting neutron-server
Configuring the Neutron DHCP agent
Restarting the Neutron DHCP agent
Configuring the Neutron metadata agent
Restarting the Neutron metadata agent
Interfacing with OpenStack Networking
Using the OpenStack command-line interface
Using the Neutron command-line interface
Using the OpenStack Python SDK
Using the cURL utility
Summary
Virtual Network Infrastructure Using Linux Bridges
Using the Linux bridge driver
Visualizing traffic flow through Linux bridges
VLAN
Flat
VXLAN
Potential issues when using overlay networks
Local
Configuring the ML2 networking plugin
Configuring the bridge interface
Configuring the overlay interface
ML2 plugin configuration options
Type drivers
Mechanism drivers
Using the L2 population driver
Tenant network types
Flat networks
Network VLAN ranges
VNI ranges
Security groups
Configuring the Linux bridge driver and agent
Installing the Linux bridge agent
Updating the Linux bridge agent configuration file
Physical interface mappings
Enabling VXLAN
L2 population
Local IP
Firewall driver
Configuring the DHCP agent to use the Linux bridge driver
Restarting services
Verifying Linux bridge agents
Summary
Building a Virtual Switching Infrastructure Using Open vSwitch
Using the Open vSwitch driver
Basic OpenvSwitch commands
Base commands
ovs-vsctl
ovs-ofctl
ovs-dpctl
ovs-appctl
Visualizing traffic flow when using Open vSwitch
Identifying ports on the virtual switch
Identifying the local VLANs associated with ports
Programming flow rules
Flow rules for VLAN networks
Return traffic
Flow rules for flat networks
Flow rules for overlay networks
Flow rules for local networks
Configuring the ML2 networking plugin
Configuring the bridge interface
Configuring the overlay interface
ML2 plugin configuration options
Mechanism drivers
Flat networks
Network VLAN ranges
Tunnel ID ranges
VNI Ranges
Security groups
Configuring the Open vSwitch driver and agent
Installing the Open vSwitch agent
Updating the Open vSwitch agent configuration file
Tunnel types
L2 population
VXLAN UDP port
Integration bridge
Tunnel bridge
Local IP
Bridge mappings
Configuring the bridges
Firewall driver
Configuring the DHCP agent to use the Open vSwitch driver
Restarting services
Verifying Open vSwitch agents
Summary
Building Networks with Neutron
Network management in OpenStack
Provider and tenant networks
Managing networks in the CLI
Creating a flat network in the CLI
Creating a VLAN network in the CLI
Creating a local network in the CLI
Listing networks in the CLI
Showing network properties in the CLI
Updating network attributes in the CLI
Deleting networks in the CLI
Creating networks in the dashboard
Via the Project panel
Via the Admin panel
Subnet management in OpenStack
Working with IPv4 addresses
Working with IPv6 addresses
Creating subnets in the CLI
Creating a subnet in the CLI
Listing subnets in the CLI
Showing subnet properties in the CLI
Updating a subnet in the CLI
Creating subnets in the dashboard
Via the Project tab
Via the Admin tab
Managing subnet pools
Creating a subnet pool
Creating a subnet from a pool
Deleting a subnet pool
Assigning a default subnet pool
Managing network ports in OpenStack
Creating a port
Summary
Attaching Instances to Networks
Attaching instances to networksÂ
Attaching instances to networks at creation
Specifying a network
Specifying a port
Attaching multiple interfaces
Attaching network interfaces to running instances
Detaching network interfaces
Exploring how instances get their addresses
Watching the DHCP lease cycle
Troubleshooting DHCP
Exploring how instances retrieve their metadata
The DHCP namespace
Adding a manual route to 169.254.169.254
Using DHCP to inject the route
Summary
Managing Security Groups
Security groups in OpenStack
An introduction to iptables
Using ipset
Working with security groups
Managing security groups in the CLI
Creating security groups in the CLI
Deleting security groups in the CLI
Listing security groups in the CLI
Showing the details of a security group in the CLI
Updating security groups in the CLI
Creating security group rules in the CLI
Deleting security group rules in the CLI
Listing security group rules in the CLI
Showing the details of a security group rule in the CLI
Applying security groups to instances and ports
Removing security groups from instances and ports in the CLI
Implementing security group rules
Stepping through the chains
Working with security groups in the dashboard
Creating a security group
Managing security group rules
Applying security groups to instances
Disabling port security
Configuring Neutron
Disabling port security for all ports on a network
Modifying port security on an individual port
Allowed address pairs
Summary
Role-Based Access Control
Working with access control policies
Managing access control policies in the CLI
Creating access control policies in the CLI
Deleting access control policies in the CLI
Listing access control policies in the CLI
Showing the details of an access control policy in the CLI
Updating access control policies in the CLI
Applying RBAC policies to projects
Creating projects and users
Creating a network to share
Creating a policy
Viewing the policy in action
Creating policies for external networks
Summary
Creating Standalone Routers with Neutron
Routing traffic in the cloud
Installing and configuring the Neutron L3 agent
Defining an interface driver
Enabling the metadata proxy
Setting the agent mode
Enabling the router service plugin
Enabling router management in the dashboard
Restarting services
Router management in the CLI
Creating routers in the CLI
Listing routers in the CLI
Displaying router attributes in the CLI
Updating router attributes in the CLI
Working with router interfaces in the CLI
Attaching internal interfaces to routers
Attaching a gateway interface to a router
Listing interfaces attached to routers
Deleting internal interfaces
Clearing the gateway interface
Deleting routers in the CLI
Network address translation
Floating IP addresses
Floating IP management
Creating floating IPs in the CLI
Associating floating IPs with ports in the CLI
Listing floating IPs in the CLI
Displaying floating IP attributes in the CLI
Disassociating floating IPs in the CLI
Deleting floating IPs in the CLI
Demonstrating traffic flow from an instance to the internet
Setting the foundation
Creating an external provider network
Creating a Neutron router
Attaching the router to an external network
Identifying the L3 agent and namespace
Testing gateway connectivity
Creating an internal network
Attaching the router to the internal network
Creating instances
Verifying instance connectivity
Observing default NAT behavior
Assigning floating IPs
Reassigning floating IPs
Router management in the dashboard
Creating a router in the dashboard
Attaching internal interfaces in the dashboard
Viewing the network topology in the dashboard
Associating floating IPs to instances in the dashboard
Disassociating floating IPs in the dashboard
Summary
Router Redundancy Using VRRP
Using keepalived and VRRP to provide redundancy
VRRP groups
VRRP priority
VRRP working mode
Preemptive
Non-preemptive
VRRP timers
Advertisement interval timer
Preemption delay timer
Networking of highly available routers
Dedicated HA network
Limitations
Virtual IP
Determining the master router
Installing and configuring additional L3 agents
Defining an interface driver
Setting the agent mode
Restarting the Neutron L3 agent
Configuring Neutron
Working with highly available routers
Creating highly-available routers
Deleting highly-available routers
Decomposing a highly available router
Examining the keepalived configuration
Executing a failover
Summary
Distributed Virtual Routers
Distributing routers across the cloud
Installing and configuring Neutron components
Installing additional L3 agents
Defining an interface driver
Enabling distributed mode
Setting the agent mode
Configuring Neutron
Restarting the Neutron L3 and Open vSwitch agent
Managing distributed virtual routers
Creating distributed virtual routers
Routing east-west traffic between instances
Reviewing the topology
Plumbing it up
Distributing router ports
Making it work
Demonstrating traffic between instances
Centralized SNAT
Reviewing the topology
Using the routing policy database
Tracing a packet through the SNAT namespace
Floating IPs through distributed virtual routers
Introducing the FIP namespace
Tracing a packet through the FIP namespace
Sending traffic from an instance with a floating IP
Returning traffic to the floating IP
Using proxy ARP
Summary
Load Balancing Traffic to Instances
Fundamentals of load balancing
Load balancing algorithms
Monitoring
Session persistence
Integrating load balancers into the network
Network namespaces
Installing LBaaS v2
Configuring the Neutron LBaaS agent service
Defining an interface driver
Defining a device driver
Defining a user group
Configuring Neutron
Defining a service plugin
Defining a service provider
Updating the database schema
Restarting the Neutron LBaaS agent and API service
Load balancer management in the CLI
Managing load balancers in the CLI
Creating load balancers in the CLI
Deleting load balancers in the CLI
Listing load balancers in the CLI
Showing load balancer details in the CLI
Showing load balancer statistics in the CLI
Showing the load balancer's status in the CLI
Updating a load balancer in the CLI
Managing pools in the CLI
Creating a pool in the CLI
Deleting a pool in the CLI
Listing pools in the CLI
Showing pool details in the CLI
Updating a pool in the CLI
Managing pool members in the CLI
Creating pool members in the CLI
Deleting pool members
Listing pool members
Showing pool member details
Updating a pool member
Managing health monitors in the CLI
Creating a health monitor in the CLI
Deleting a health monitor in the CLI
Listing health monitors in the CLI
Showing health monitor details
Updating a health monitor
Managing listeners in the CLI
Creating listeners in the CLI
Deleting listeners in the CLI
Listing listeners in the CLI
Showing listener details in the CLI
Updating a listener in the CLI
Building a load balancer
Creating a load balancer
Creating a pool
Creating pool members
Creating a health monitor
Creating a listener
The LBaaS network namespace
Confirming load balancer functionality
Observing health monitors
Connecting to the virtual IP externally
Load balancer management in the dashboard
Creating a load balancer in the dashboard
Assigning a floating IP to the load balancer
Summary
Advanced Networking Topics
VLAN-aware VMs
Configuring the trunk plugin
Defining the workflow
Managing trunks in the CLI
Creating trunks in the CLI
Deleting trunks in the CLI
Listing trunks in the CLI
Showing trunk details in the CLI
Updating a trunk in the CLI
Building a trunk
Creating the parent port
Creating a sub-port
Creating a trunk
Booting an instance with a trunk
Configuring the instance
Reviewing the network plumbing
BGP dynamic routing
Prefix advertisement requirements
Operations with distributed virtual routers
Configuring BGP dynamic routing
Installing the agent
Configuring the agent
Restarting services
Managing BGP speakers in the CLI
Network availability zones
Configuring network availability zones
Scheduling routers to availability zones
Scheduling DHCP services to availability zones
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →