Deep understanding of the OpenStack Network Architecture (3)-----Routing

Original address: Https://blogs.oracle.com/ronen/entry/diving_into_openstack_network_architecture2

In the previous article, we learned about several basic network components used by the OpenStack network and explained how the network was communicated through some simple use cases. In this article, we will explore the settings of the network through a slightly more complex (and still fairly basic) use case (two inter-network routing). The routing uses the same components as the connected internal network, using namespace to create an isolated container that allows the network packets between the subnet to relay.
Remembering what we said in the first article, this is just an example of using the OvS plugin. OpenStack has a lot of plugins in different ways, and we're just talking about one of them.

Use case #4: Routing traffic between, isolated networks

In reality, we will create different networks for different purposes. We will also need to connect these networks together. Since two networks are in different IP segments, we need router to connect them together. To analyze this setup, we create another network (NET2) and configure a 20.20.20.0/24 subnet. After this network is created, we launch a virtual machine for Oracle Linux and connect to Net2. is the network topology diagram seen from the Openstackgui:

For further exploration, we will see another namespace on the OpenStack network node, the namespace used to service the newly created network. Now we have two namespace, one for each network.

# IP Netns listqdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42ddqdhcp-5f833617-6179-4797-b7c0-7d420d84040c

You can view the network ID information through the Nova Net-list, or use the UI to view Web information.

# Nova net-list+--------------------------------------+-------+------+| ID                                   | Label | CIDR |+--------------------------------------+-------+------+| 5f833617-6179-4797-b7c0-7d420d84040c | Net1  | None | | 63B7FCF2-E921-4011-8DA9-5FC2444B42DD | Net2  | None |+--------------------------------------+-------+------+

Our newly created Network,net2 has its own namespace, and this namespace is separate from the Net1. In namespace, we can see two network interfaces, one local and one for the DHCP service.

# IP netns exec qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42dd IP addr1:lo:  MTU 65536 qdisc noqueue State UNKNOWN    Lin K/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00    inet 127.0.0.1/8 Scope host lo    INET6:: 1/128 Scope host       Valid_lft Forever preferred_lft forever19:tap16630347-45: MTU qdisc noqueue State  UNKNOWN    link/ether fa:16 : 3e:bd:94:42 BRD ff:ff:ff:ff:ff:ff    inet 20.20.20.3/24 BRD 20.20.20.255 scope global tap16630347-45    inet6 FE80:: F816:3EFF:FEBD:9442/64 scope link       valid_lft forever preferred_lft Forever

Net1 and Net2 Two network is not connected, we need to create a router, through the router will be two network unicom. Openstack Neutron provides users with the ability to create router and connect two or more network connections. Router is actually just an extra namespace. Creating router using neutron can be done via GUI or command line:

# neutron Router-create my-routercreated a new router:+-----------------------+------------------------------------- -+| Field                 | Value                                |+-----------------------+--------------------------------------+| admin_state_up        | True                                 | | external_gateway_info |                                      | | | id                    | fce64ebe-47f0-4846-b3af-9cf764f1ff11 | | name                  | my-router                            || Status                | ACTIVE                               | | tenant_id             | 9796e5145ee546508939cd49ad59d51f     |+-----------------------+----------------- ---------------------+

Now we connect the two Netwrok via router:

To view the ID of the subnet:

# neutron subnet-list+--------------------------------------+------+---------------+---------------------------- --------------------+| ID |                                   name | CIDR          | allocation_pools                               |+--------------------------------------+------+---------------+-- ----------------------------------------------+| 2D7A0A58-0674-439A-AD23-D6471AAAE9BC |      | 10.10.10.0/24 | {"Start": "10.10.10.2", "End": "10.10.10.254"} | | 4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890 |      | 20.20.20.0/24 | {"Start": "20.20.20.2", "End": "20.20.20.254"} |+--------------------------------------+------+---------------+--- ---------------------------------------------+

Add subnet 10.10.10.0/24 to Router:

# neutron Router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 subnet= 2d7a0a58-0674-439a-ad23-d6471aaae9bcadded interface 0b7b0b40-f952-41dd-ad74-2c15a063243a to Router Fce64ebe-47f0-4846-b3af-9cf764f1ff11.

Add subnet 20.20.20.0/24 to Router:

# neutron Router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 subnet= 4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890added interface dc290da0-0aa4-4d96-9085-1f894cf5b160 to Router Fce64ebe-47f0-4846-b3af-9cf764f1ff11.

At this point, we look at the network topology and discover that two networks are router through:

We can also find two network interfaces connected to the router as the gateway of their respective subnet.

We can see the namespace created for router.

# IP Netns Listqrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42ddqdhcp-5f833617-6179-4797-b7c0-7 d420d84040c

We enter the namespace inside to see:

# IP netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 IP addr1:lo:  MTU 65536 qdisc noqueue State UNKNOWN    L Ink/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00    inet 127.0.0.1/8 Scope host lo    INET6:: 1/128 Scope Host       Valid_lft Forever preferred_lft forever20:qr-0b7b0b40-f9: MTU qdisc noqueue State  UNKNOWN    Link/ether FA:16:3E:82:47:A6 BRD ff:ff:ff:ff:ff:ff    inet 10.10.10.1/24 BRD 10.10.10.255 scope global QR-0B7B0B40-F9    Inet6 FE80::F816:3EFF:FE82:47A6/64 scope link       valid_lft forever preferred_lft forever21:qr-dc290da0-0a:  MTU 1500 Qdisc noqueue State UNKNOWN    link/ether fa:16:3e:c7:7c:9c brd ff:ff:ff:ff:ff:ff    inet 20.20.20.1/24 BRD 20.20.20.255 Scope Global qr-dc290da0-0a    inet6 fe80::f816:3eff:fec7:7c9c/64 scope link       valid_lft forever Preferred_lft Forever

We see two network interfaces, "qr-dc290da0-0a" and "qr-0b7b0b40-f9." The two network interfaces are connected to the OVS using two network/subnet gateway IPs.

# ovs-vsctl SHOW8A069C7C-EA05-4375-93E2-B9FC9E4B3CA1 Bridge "br-eth2" Port "Br-eth2" Interface "Br-et H2 "Type:internal port" eth2 "Interface" eth2 "Port" Phy-br-eth2 "Inte Rface "Phy-br-eth2" bridge Br-ex Port Br-ex Interface br-ex type:internal Bridge b            R-int Port "int-br-eth2" Interface "int-br-eth2" Port "qr-dc290da0-0a" Tag:2 Interface "qr-dc290da0-0a" type:internal Port "tap26c9b807-7c" Tag:1 Inte Rface "tap26c9b807-7c" type:internal Port br-int Interface br-int type:i         Nternal Port "tap16630347-45" Tag:2 Interface "tap16630347-45" type:internal Port "Qr-0b7b0b40-f9" tag:1 Interface "qr-0b7b0b40-f9" type:internal OvS _version: "1.11.0"

As we can see, these interfaces are connected to "Br-int" and the VLAN tag corresponding to the network is located. Here we can successfully ping through router namespace via the gateway address (20.20.20.1):

We can also see that the IP address is 20.20.20.2 can ping the virtual machine with IP address 10.10.10.2:

Two subnet are interconnected through the network interfaces in the namespace. In namespace, neutron sets the system parameter Net.ipv4.ip_forward to 1. Commands are viewed as follows:

# IP netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 sysctl net.ipv4.ip_forwardnet.ipv4.ip_forward = 1

We can see that the system parameter Net.ipv4.ip_forward is set in namespace, this setting does not affect the outside of namespace.

Summarize

When you create a router, neutron creates a namespace called qrouter-. The subnets is connected to router via a network interface on the OvS Br-int Bridge. The network interfaces are set up with the correct VLAN so that they can be connected to their corresponding networks. In the example, the IP of the network interface QR-0B7B0B40-F9 is set to the 10.10.10.1,vlan label of 1, which can be connected to "Net1". By setting the system parameter Net.ipv4.ip_forward to 1 in namespace, the route is allowed to take effect.

This article describes how to create a router using the network namespace. In the next article, we'll explore how floating IP works with iptables. This may be more complex, but it still uses these basic networking components.

Deep understanding of the OpenStack Network Architecture (3)-----Routing