OpenStack builds enterprise private cloud four: Networking service (continuous update ...)

Source: Internet
Author: User

Network Services Overview

OpenStack Networking (neutron), which allows you to create and plug in interface devices that are managed by other OpenStack services. Plug-in implementations can accommodate different network devices and software, providing flexibility for OpenStack architecture and deployment.

It contains the following components:

  • Neutron-server:
    The receive and route API requests to the appropriate OpenStack network plug-in for the desired purpose.

  • OpenStack Network plug-ins and proxies:
    Plug-in ports, create networks and subnets, and provide IP addresses, these plug-ins and proxies depend on vendors and technologies, and the OpenStack network is based on plug-ins and proxies for Cisco virtual and physical switches, NEC openflow products, Open vswitch,linux Bridging and VMware NSX product threading bridging.
    Common proxy L3 (3 tiers), DHCP (Dynamic Host IP address), and plug-in proxy.

  • Message Queuing:
    Most OpenStack networking installations are used to route information between Neutron-server and various agent processes. Also plays the role of a database for certain plug-ins to store network state
    The OpenStack network interacts primarily with OpenStack computing to provide a network connection to its instance.

  • Network Neutron concept:
    The OpenStack Network (neutron) manages the access layer of all virtual network infrastructure (VNI), physical network infrastructure (PNI) in the OpenStack environment. OpenStack networks allow tenants to create load balancer virtual private network (×××) advanced virtual network topologies including such as firewall,: term: and: Term: And so on.

Network services provide a network, a subnet, and an abstraction for routing these objects. Each abstract concept has its own capabilities to simulate the corresponding physical device: The network includes subnets, and routes are routed between different subnets and networks.

For any given network, you must include at least one external network. Unlike other networks, external networks are more than just a defined virtual network. Instead, it represents a view outside of the OpenStack installation that can be accessed from a physical, external network. An IP address on the external network can be accessed by any physical device on the external network
Outside the network, any Networking settings have one or more internal networks. These software-defined networks are connected directly to the virtual machine. A virtual machine on a given network, or a virtual machine that is connected to a subnet on a similar route through an interface, can directly access a virtual machine connected to that network.
If the external network wants to access the instance or the opposite instance wants to access the external network, then the routing between the networks is necessary. Each route is equipped with a gateway for connecting to the external network, and one or more interfaces connected to the internal network. Just like a physical route, subnets can access machines in other subnets on the same route, and the machine can access the routed gateway to access the external network.
In addition, you can assign the IP address of the external network to the ports of the internal network. Whenever a connection is connected to a subnet, that connection is called a port. You can assign the IP address of the external network to the port of the instance. In this way, an entity on the external network can access the instance.
Network services also support security groups. Security groups allow administrators to define firewall rules in a security group. An instance can belong to one or more security groups, and the network configures the rules in these security groups for that instance to block or open ports, port ranges, or traffic types.

Operation Steps
  • On the Controller node
  • Create Nuetron database and authorization

    # mysql -u root -p> CREATE DATABASE neutron;> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘   IDENTIFIED BY ‘123456‘;> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘   IDENTIFIED BY ‘123456‘;
  • Get the admin credentials to get access to only the commands that the administrator can perform:

    # source ~/admin-openrc
  • Create user

    # openstack user create --domain default --password-prompt neutronUser Password:        //密码123456Repeat User Password:  //密码123456
  • adminto add a role to a neutron user:

    # openstack role add --project service --user neutron admin
  • Create a neutron service

    # openstack service create --name neutron   --description "OpenStack Networking" network
  • Create a Network Service endpoint

    # openstack endpoint create --region RegionOne  network public http://controller:9696# openstack endpoint create --region RegionOne  network internal http://controller:9696# openstack endpoint create --region RegionOne  network admin http://controller:9696

  • Installing and configuring network components on the Controller node
  • Installing components

    # yum install -y openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables
  • Modifying the configuration file

      # vim/etc/neutron/neutron.conf[database]//729connection = mysql+pymysql://neutron:[ Email protected]/neutron[default]//27auth_strategy = Keystone//30core_plugin = Ml2//33 does not write on behalf of disabling other plugins service_ Plugins =//570transport_url = Rabbit://openstack:rabbit_[email protected]//98notify_nova_on_port_status_ Changes = True//102notify_nova_on_port_data_changes = True[keystone_authtoken]//847auth_uri = Http://controller : 5000auth_url = http://controller:35357//898memcached_servers = Controller:11211//1005auth_type = passwordproject_ domain_name = Defaultuser_domain_name = Defaultproject_name = Serviceusername = Neutronpassword = 123456[nova]//1085auth _url = Http://controller:35357//1089auth_type = Password//1127project_domain_name = Default//1156user_domain_name = Default//1069region_name = Regionone//1135project_name = Service//1163username = Nova//1121password = 123456[oslo_ Concurrency]//1179lock_path =/var/lib/neutron/tmp  
  • Configuring the network two-tier plug-in
  • Configuring the Modular Layer 2 (ML2) plug-in

    # vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]//136type_drivers = flat,vlan//141   设置空是禁用本地网络tenant_network_types =//145mechanism_drivers = linuxbridge//150extension_drivers = port_security[ml2_type_flat]//186flat_networks = provider[securitygroup]//263enable_ipset = true
  • Configuring the Linux Bridge

    # vim  /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]//157physical_interface_mappings = provider:ens33[vxlan]//208enable_vxlan = false[securitygroup]//193enable_security_group = true//188firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • Configure DHCP

    # vim /etc/neutron/dhcp_agent.ini//16interface_driver = linuxbridge//28dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq//37enable_isolated_metadata = true
  • Configure metadata

    # vim  /etc/neutron/metadata_agent.ini[DEFAULT]//22nova_metadata_host = controller//34metadata_proxy_shared_secret = 123456
  • Configure compute services to use network services

    # vim /etc/nova/nova.conf[neutron]//7534url = http://controller:9696//7610auth_url = http://controller:35357//7604auth_type = password//7631project_domain_name = default//7657user_domain_name = default//7678region_name = RegionOne//7625project_name = service//7651username = neutron//7660password = 123456//7573service_metadata_proxy = true//7584metadata_proxy_shared_secret = 123456
  • Establishing a service soft connection

    # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  • Synchronizing databases

    # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  • Restart the Compute API service and start the neutron service and join the boot-up

    # systemctl restart openstack-nova-api.servicesystemctl enable neutron-server.service   systemctl enable neutron-linuxbridge-agent.service systemctl enable neutron-dhcp-agent.service   systemctl enable neutron-metadata-agent.servicesystemctl start neutron-server.service   systemctl start neutron-linuxbridge-agent.service systemctl start neutron-dhcp-agent.service   systemctl start neutron-metadata-agent.service

Configuring the Compute Node Network Service
    # yum install -y openstack-neutron-linuxbridge ebtables ipset
  • Configuring Common Components

    # vim /etc/neutron/neutron.conf[DEFAULT]//27auth_strategy = keystone//570transport_url = rabbit://openstack:[email protected][keystone_authtoken]//847auth_uri = http://controller:5000auth_url = http://controller:35357//898memcached_servers = controller:11211//1005auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123456[oslo_concurrency]//1180lock_path = /var/lib/neutron/tmp
  • Configuring the Linux Bridge

    # vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]//157physical_interface_mappings = provider:ens33[vxlan]//208enable_vxlan = false[securitygroup]//193enable_security_group = true//188firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • Configure Compute Node Network Service

    # vim /etc/nova/nova.conf[neutron]//7534url = http://controller:9696//7610auth_url = http://controller:35357//7605auth_type = password//7631project_domain_name = default//7657user_domain_name = default//7678region_name = RegionOne//7625project_name = service//7651username = neutron//7660password = 123456
  • Restart Compute Service

    # systemctl restart openstack-nova-compute.service
  • Start the Linuxbridge agent and configure it to boot from

    # systemctl enable neutron-linuxbridge-agent.service# systemctl start neutron-linuxbridge-agent.service
  • Verify
  • Lists the loaded extensions to verify that the neutron-server process starts normally:

    # source ~/admin-openrc# neutron ext-list

OpenStack builds enterprise private cloud four: Networking service (continuous update ...)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.