Network Services Overview
OpenStack Networking (neutron), which allows you to create and plug in interface devices that are managed by other OpenStack services. Plug-in implementations can accommodate different network devices and software, providing flexibility for OpenStack architecture and deployment.
It contains the following components:
Neutron-server:
The receive and route API requests to the appropriate OpenStack network plug-in for the desired purpose.
OpenStack Network plug-ins and proxies:
Plug-in ports, create networks and subnets, and provide IP addresses, these plug-ins and proxies depend on vendors and technologies, and the OpenStack network is based on plug-ins and proxies for Cisco virtual and physical switches, NEC openflow products, Open vswitch,linux Bridging and VMware NSX product threading bridging.
Common proxy L3 (3 tiers), DHCP (Dynamic Host IP address), and plug-in proxy.
Message Queuing:
Most OpenStack networking installations are used to route information between Neutron-server and various agent processes. Also plays the role of a database for certain plug-ins to store network state
The OpenStack network interacts primarily with OpenStack computing to provide a network connection to its instance.
- Network Neutron concept:
The OpenStack Network (neutron) manages the access layer of all virtual network infrastructure (VNI), physical network infrastructure (PNI) in the OpenStack environment. OpenStack networks allow tenants to create load balancer
virtual private network (×××)
advanced virtual network topologies including such as firewall,: term: and: Term: And so on.
Network services provide a network, a subnet, and an abstraction for routing these objects. Each abstract concept has its own capabilities to simulate the corresponding physical device: The network includes subnets, and routes are routed between different subnets and networks.
For any given network, you must include at least one external network. Unlike other networks, external networks are more than just a defined virtual network. Instead, it represents a view outside of the OpenStack installation that can be accessed from a physical, external network. An IP address on the external network can be accessed by any physical device on the external network
Outside the network, any Networking settings have one or more internal networks. These software-defined networks are connected directly to the virtual machine. A virtual machine on a given network, or a virtual machine that is connected to a subnet on a similar route through an interface, can directly access a virtual machine connected to that network.
If the external network wants to access the instance or the opposite instance wants to access the external network, then the routing between the networks is necessary. Each route is equipped with a gateway for connecting to the external network, and one or more interfaces connected to the internal network. Just like a physical route, subnets can access machines in other subnets on the same route, and the machine can access the routed gateway to access the external network.
In addition, you can assign the IP address of the external network to the ports of the internal network. Whenever a connection is connected to a subnet, that connection is called a port. You can assign the IP address of the external network to the port of the instance. In this way, an entity on the external network can access the instance.
Network services also support security groups. Security groups allow administrators to define firewall rules in a security group. An instance can belong to one or more security groups, and the network configures the rules in these security groups for that instance to block or open ports, port ranges, or traffic types.
Operation Steps
- On the Controller node
Create Nuetron database and authorization
# mysql -u root -p> CREATE DATABASE neutron;> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘123456‘;> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘123456‘;
Get the admin credentials to get access to only the commands that the administrator can perform:
# source ~/admin-openrc
Create user
# openstack user create --domain default --password-prompt neutronUser Password: //密码123456Repeat User Password: //密码123456
admin
to add a role to a neutron
user:
# openstack role add --project service --user neutron admin
Create a neutron service
# openstack service create --name neutron --description "OpenStack Networking" network
Create a Network Service endpoint
# openstack endpoint create --region RegionOne network public http://controller:9696# openstack endpoint create --region RegionOne network internal http://controller:9696# openstack endpoint create --region RegionOne network admin http://controller:9696
- Installing and configuring network components on the Controller node
Installing components
# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
-
Modifying the configuration file
# vim/etc/neutron/neutron.conf[database]//729connection = mysql+pymysql://neutron:[ Email protected]/neutron[default]//27auth_strategy = Keystone//30core_plugin = Ml2//33 does not write on behalf of disabling other plugins service_ Plugins =//570transport_url = Rabbit://openstack:rabbit_[email protected]//98notify_nova_on_port_status_ Changes = True//102notify_nova_on_port_data_changes = True[keystone_authtoken]//847auth_uri = Http://controller : 5000auth_url = http://controller:35357//898memcached_servers = Controller:11211//1005auth_type = passwordproject_ domain_name = Defaultuser_domain_name = Defaultproject_name = Serviceusername = Neutronpassword = 123456[nova]//1085auth _url = Http://controller:35357//1089auth_type = Password//1127project_domain_name = Default//1156user_domain_name = Default//1069region_name = Regionone//1135project_name = Service//1163username = Nova//1121password = 123456[oslo_ Concurrency]//1179lock_path =/var/lib/neutron/tmp
- Configuring the network two-tier plug-in
Configuring the Modular Layer 2 (ML2) plug-in
# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]//136type_drivers = flat,vlan//141 设置空是禁用本地网络tenant_network_types =//145mechanism_drivers = linuxbridge//150extension_drivers = port_security[ml2_type_flat]//186flat_networks = provider[securitygroup]//263enable_ipset = true
Configuring the Linux Bridge
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]//157physical_interface_mappings = provider:ens33[vxlan]//208enable_vxlan = false[securitygroup]//193enable_security_group = true//188firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Configure DHCP
# vim /etc/neutron/dhcp_agent.ini//16interface_driver = linuxbridge//28dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq//37enable_isolated_metadata = true
Configure metadata
# vim /etc/neutron/metadata_agent.ini[DEFAULT]//22nova_metadata_host = controller//34metadata_proxy_shared_secret = 123456
Configure compute services to use network services
# vim /etc/nova/nova.conf[neutron]//7534url = http://controller:9696//7610auth_url = http://controller:35357//7604auth_type = password//7631project_domain_name = default//7657user_domain_name = default//7678region_name = RegionOne//7625project_name = service//7651username = neutron//7660password = 123456//7573service_metadata_proxy = true//7584metadata_proxy_shared_secret = 123456
Establishing a service soft connection
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Synchronizing databases
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Restart the Compute API service and start the neutron service and join the boot-up
# systemctl restart openstack-nova-api.servicesystemctl enable neutron-server.service systemctl enable neutron-linuxbridge-agent.service systemctl enable neutron-dhcp-agent.service systemctl enable neutron-metadata-agent.servicesystemctl start neutron-server.service systemctl start neutron-linuxbridge-agent.service systemctl start neutron-dhcp-agent.service systemctl start neutron-metadata-agent.service
Configuring the Compute Node Network Service
# yum install -y openstack-neutron-linuxbridge ebtables ipset
Configuring Common Components
# vim /etc/neutron/neutron.conf[DEFAULT]//27auth_strategy = keystone//570transport_url = rabbit://openstack:[email protected][keystone_authtoken]//847auth_uri = http://controller:5000auth_url = http://controller:35357//898memcached_servers = controller:11211//1005auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123456[oslo_concurrency]//1180lock_path = /var/lib/neutron/tmp
Configuring the Linux Bridge
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]//157physical_interface_mappings = provider:ens33[vxlan]//208enable_vxlan = false[securitygroup]//193enable_security_group = true//188firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Configure Compute Node Network Service
# vim /etc/nova/nova.conf[neutron]//7534url = http://controller:9696//7610auth_url = http://controller:35357//7605auth_type = password//7631project_domain_name = default//7657user_domain_name = default//7678region_name = RegionOne//7625project_name = service//7651username = neutron//7660password = 123456
Restart Compute Service
# systemctl restart openstack-nova-compute.service
Start the Linuxbridge agent and configure it to boot from
# systemctl enable neutron-linuxbridge-agent.service# systemctl start neutron-linuxbridge-agent.service
- Verify
Lists the loaded extensions to verify that the neutron-server
process starts normally:
# source ~/admin-openrc# neutron ext-list
OpenStack builds enterprise private cloud four: Networking service (continuous update ...)