Core Plugin/agent is responsible for managing key entities: NET, subnet, and port. For more advanced network services, it is managed by service Plugin/agent.
Service Plugin and its agents provide richer extension capabilities, including routing, load Balance,firewall, and more:
Dhcp
The DHCP agent provides DHCP services for instance through DNSMASQ.
Routing
The L3 agent can create router for project (tenant), providing a routing service between Neutron subnet. The routing feature is implemented by default through IPtables.
Firewall
The L3 Agent can configure firewall policy on router to provide network security protection.
Another safety-related feature is the security Group, which is also implemented through IPtables. The difference between Firewall and Security Group is that:
The Firewall security policy is located in router, which protects all network of a project.
Security Group Safety Policy is located in instance and is protected by a single instance.
Firewall and Security Group will be analyzed in detail later.
Load Balance
Neutron provides the load balance service by default for multiple instance in project through HAProxy.
The following chapters discuss each service in detail in conjunction with Linux Bridge and open vswitch.
Now that we've learned the Core and Service plugin/agent, the next section will summarize the Neutron architecture.
Service plugin/agent-5 minutes a day to play OpenStack (73)