Neutron create the commands that the network executes

When OpenStack is built, the first thing to do before creating a instance is to create the network, a classic process like this:

Tenant_name= "OpenStack"
Tenant_network_name= "Openstack-net"
Tenant_subnet_name= "${tenant_network_name}-subnet"
Tenant_router_name= "Openstack-router"
Fixed_range= "Neutron_fixed_range"
Network_gateway= "Neutron_network_gateway"

Public_gateway= "Neutron_public_gateway"
Public_range= "Neutron_public_range"
Public_start= "Neutron_public_start"
Public_end= "Neutron_public_end" (1) Create private network and subnet

tenant_id=$ (Keystone Tenant-list | grep "$TENANT _name" | awk ' {print $} ')

tenant_net_id=$ (neutron net-create--tenant_id $TENANT _id $TENANT _network_name--provider:network_type GRE--provider : segmentation_id 1 | grep "id" | awk ' {print $4} ')

tenant_subnet_id=$ (neutron subnet-create--tenant_id $TENANT _id--ip_version 4--name $TENANT _subnet_name $TENANT _net_ ID $FIXED _range--gateway $NETWORK _gateway--dns_nameservers list=true 8.8.8.8 | grep "id" | awk ' {print $4} ')

When there is only private network, a DHCP Server is created for this private network

So the DHCP agent executes the following command:

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip-o link show tap452bdfab-31

This command attempts to find the DHCP network card from the DHCP namespace, but unfortunately it cannot be found and returns an error

Cannot open Network namespace "QDHCP-66B9930B-2871-414C-8C6F-991A6A8CFFE0": No such file or directory

So try to create a DHCP server network card, this network card will be attach to Br-int, so first look at Br-int

Ip-o Link Show Br-int

If Br-int is not a problem, create a DHCP server network card and attach to Br-int

OVS-VSCTL----if-exists del-port tap452bdfab-31--Add-port br-int tap452bdfab-31--set Interface tap452bdfab-31 type=in Ternal--Set Interface tap452bdfab-31 external-ids:iface-id=452bdfab-3152-44d0-bd9c-40c94a6f8640--Set Interface Tap452bdfab-31 external-ids:iface-status=active--Set Interface tap452bdfab-31 external-ids:attached-mac=fa:16:3e: d7:08:67

Set up MAC for network card

IP link Set tap452bdfab-31 address fa:16:3e:d7:08:67

View namespace currently in existence

Ip-o Netns List

Return

qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323

Qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18

Found that there is no namespace for this DHCP, you need to create a

IP netns Add qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0

Set the IO Nic to up

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP link set lo up

Place the new DHCP server's NIC in this namespace

IP link set tap452bdfab-31 netns qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0

Set the NIC for DHCP server to up

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP link set tap452bdfab-31 up

Check the IP address of this network card

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP addr Show tap452bdfab-31 permanent Scope global

Configure the IP address for this NIC

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip-4 addr Add 192.168.10.3/24 brd 192.168.10.255 scope global de V tap452bdfab-31

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip-4 addr Add 169.254.169.254/16 brd 169.254.255.255 scope Globa L Dev tap452bdfab-31

The first address is the address of the DHCP server, and the second address is the address of the metadata server

View the routing table

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip route list Dev tap452bdfab-31

169.254.0.0/16 proto kernel scope link src 169.254.169.254

192.168.10.0/24 proto kernel scope link src 192.168.10.3

Add route table

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP route replace default via 192.168.10.1 Dev tap452bdfab-31

View the configuration of the NIC

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP addr Show tap452bdfab-31

232:TAP452BDFAB-31: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN Group Default

Link/ether fa:16:3e:d7:08:67 BRD FF:FF:FF:FF:FF:FF

inet 192.168.10.3/24 BRD 192.168.10.255 Scope Global tap452bdfab-31

Valid_lft Forever Preferred_lft Forever

inet 169.254.169.254/16 BRD 169.254.255.255 Scope Global tap452bdfab-31

Valid_lft Forever Preferred_lft Forever

Inet6 fe80::f816:3eff:fed7:867/64 Scope Link tentative

Valid_lft Forever Preferred_lft Forever

Start DHCP server

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 env neutron_network_id= 66b9930b-2871-414c-8c6f-991a6a8cffe0 dnsmasq--no-hosts--no-resolv--strict-order--bind-interfaces--interface= tap452bdfab-31--except-interface=lo--pid-file=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/pid-- Dhcp-hostsfile=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/host--addn-hosts=/var/lib/neutron/ Dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/addn_hosts--dhcp-optsfile=/var/lib/neutron/dhcp/ 66b9930b-2871-414c-8c6f-991a6a8cffe0/opts--leasefile-ro--dhcp-range=set:tag0,192.168.10.0,static,86400s-- dhcp-lease-max=256--conf-file=--domain=openstacklocal

Start metadata Proxy

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 neutron-ns-metadata-proxy--pid_file=/var/lib/neutron/ External/pids/66b9930b-2871-414c-8c6f-991a6a8cffe0.pid--metadata_proxy_socket=/var/lib/neutron/metadata_proxy- -NETWORK_ID=66B9930B-2871-414C-8C6F-991A6A8CFFE0--state_path=/var/lib/neutron--metadata_port=80--debug-- Verbose--log-file=neutron-ns-metadata-proxy-66b9930b-2871-414c-8c6f-991a6a8cffe0.log--log-dir=/var/log/neutron

Finally, check the NIC configuration

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 IP addr Show tap452bdfab-31

Kill-hup 17666

What is this PID?

# PS aux | grep 17666
Nobody 17666 0.0 0.0 28204 1112? S Jul14 0:00 dnsmasq--no-hosts--no-resolv--strict-order--bind-interfaces--interface=tap452bdfab-31--except-inte Rface=lo--pid-file=/var/lib/neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/pid--dhcp-hostsfile=/var/lib/ Neutron/dhcp/66b9930b-2871-414c-8c6f-991a6a8cffe0/host--addn-hosts=/var/lib/neutron/dhcp/ 66b9930b-2871-414c-8c6f-991a6a8cffe0/addn_hosts--dhcp-optsfile=/var/lib/neutron/dhcp/ 66b9930b-2871-414c-8c6f-991a6a8cffe0/opts--leasefile-ro--dhcp-range=set:tag0,192.168.10.0,static,86400s-- dhcp-lease-max=256--conf-file=--domain=openstacklocal

Turns out to be our DHCP server

The purpose of this command is to use this command if you want to change the configuration without stopping and restarting the service. After making the necessary changes to the configuration file, issue the command to dynamically update the service configuration.

Finally, check the routing configuration

IP netns exec qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0 ip route list Dev tap452bdfab-31

(2) Create a router and connect to the private network

router_id=$ (neutron router-create--tenant_id $TENANT _id $TENANT _router_name | grep "ID" | awk ' {print $4} ')

Neutron router-interface-add $ROUTER _id $TENANT _subnet_id

View Br-ex

Ip-o Link Show Br-ex

59:br-ex: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN mode default group default

Link/ether A0:48:1C:AB:DF:B5 BRD FF:FF:FF:FF:FF:FF

See all namespace

Ip-o Netns List

Qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0

qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323

Qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18

Found no namespace of this router, creating a

IP netns Add qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82

Set the IO Nic to up

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP link set lo up

This is a router, so enable IP forward

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 sysctl-w net.ipv4.ip_forward=1

Initialize Iptables

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-save–c

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:37:57 2014

*nat

:P rerouting ACCEPT [0:0]

: INPUT ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

:P ostrouting ACCEPT [0:0]

COMMIT

# completed on Thu Jul 17 01:37:57 2014

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:37:57 2014

*mangle

:P rerouting ACCEPT [0:0]

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

:P ostrouting ACCEPT [0:0]

COMMIT

# completed on Thu Jul 17 01:37:57 2014

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:37:57 2014

*filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

COMMIT

# completed on Thu Jul 17 01:37:57 2014

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-restore–c

Start metadata Proxy

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 neutron-ns-metadata-proxy--pid_file=/var/lib/neutron/ External/pids/d62d417d-2005-46d7-a83b-b1e5c0a36d82.pid--metadata_proxy_socket=/var/lib/neutron/metadata_proxy- -router_id=d62d417d-2005-46d7-a83b-b1e5c0a36d82--state_path=/var/lib/neutron--metadata_port=9697--debug-- Verbose--log-file=neutron-ns-metadata-proxy-d62d417d-2005-46d7-a83b-b1e5c0a36d82.log--log-dir=/var/log/neutron

View router's network card

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-o link show Qr-29003a09-e7

But the network card does not exist

Device "Qr-29003a09-e7" does not exist.

View Br-int,router's network card will attach to this network card

Ip-o Link Show Br-int

58:br-int: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN mode default group default

Link/ether 0a:9b:c6:54:ef:46 BRD FF:FF:FF:FF:FF:FF

Create a router network card, and attach to Br-int

OVS-VSCTL----if-exists del-port qr-29003a09-e7--Add-port br-int Qr-29003a09-e7--set Interface Qr-29003a09-e7 type=in Ternal-
-Set Interface qr-29003a09-e7 external-ids:iface-id=29003a09-e787-49dd-b5f4-11ad107159c7--Set Interface Qr-29003a09-e7 external-ids:iface-status=active--set Interface Qr-29003a09-e7 external-ids:attached-mac=fa:16:3e : 84:6E:CC

Setting up a Mac for the router NIC

IP link Set qr-29003a09-e7 address fa:16:3e:84:6e:cc

See all namespace

Ip-o Netns List

qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82

Qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0

qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323

Qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18

With this router namespace.

Put this NIC in the namespace.

IP link set qr-29003a09-e7 netns qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82

Set the router NIC to up

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP link set qr-29003a09-e7 up

View the address of the network card

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP addr Show Qr-29003a09-e7 permanent Scope global

Set the address of the network card

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-4 addr Add 192.168.10.1/24 BRD 192.168.10.255 scope Global Dev qr-2
9003a09-e7

View all network cards

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-o-D link List

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN mode default group default

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 promiscuity 0

241:qr-29003a09-e7: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN mode default group default

Link/ether FA:16:3E:84:6E:CC BRD ff:ff:ff:ff:ff:ff promiscuity 1

(3) Create the extranet and connect to the router

Neutron net-create public--router:external=true

Neutron subnet-create--ip_version 4--gateway $PUBLIC _gateway public $PUBLIC _range--allocation-pool start= $PUBLIC _ start,end= $PUBLIC _end--disable-dhcp--name public-subnet

Neutron Router-gateway-set ${tenant_router_name} public

View Br-ex

Ip-o Link Show Br-ex

59:br-ex: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN mode default group default

Link/ether A0:48:1C:AB:DF:B5 BRD FF:FF:FF:FF:FF:FF

List all the network cards

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-o-D link List

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN mode default group default

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 promiscuity 0

241:qr-29003a09-e7: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN mode default group default

Link/ether FA:16:3E:84:6E:CC BRD ff:ff:ff:ff:ff:ff promiscuity 1

View QG NIC

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-o link show qg-556ca938-e1

But the network card does not exist

Device "Qg-556ca938-e1" does not exist.

View Br-ex

Ip-o Link Show Br-ex

Create a new NIC Qg,attach to Br-ex

OVS-VSCTL----if-exists del-port qg-556ca938-e1--Add-port br-ex qg-556ca938-e1--set Interface qg-556ca938-e1 type=int Ernal--Set Interface qg-556ca938-e1 external-ids:iface-id=556ca938-e11b-4246-bdc1-ef25c91b7593--Set Interface Qg-556ca938-e1 external-ids:iface-status=active--set Interface qg-556ca938-e1 external-ids:attached-mac=fa:16:3e : 68:12:c0

Set up network card Mac

IP link Set qg-556ca938-e1 address fa:16:3e:68:12:c0

See all namespace

Ip-o Netns List

qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82

Qdhcp-66b9930b-2871-414c-8c6f-991a6a8cffe0

qrouter-26a45e0e-a58a-443b-a972-d62c0c5a1323

Qdhcp-760d2c5e-4938-49b0-bffe-c77c5b141d18

Set the QG Nic to namespace

IP link set qg-556ca938-e1 netns qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82

Set the NIC to up

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP link set qg-556ca938-e1 up

View Network card Address

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP addr Show qg-556ca938-e1 permanent Scope global

Set the network card address

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 ip-4 addr Add 16.158.165.105/22 brd 16.158.167.255 scope Globa L Dev QG
-556ca938-e1

Add Router table

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 route add default GW 16.158.164.1

Set Iptables

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-save–c

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:58:30 2014

*nat

:P rerouting ACCEPT [4:425]

: INPUT ACCEPT [1:229]

: OUTPUT ACCEPT [0:0]

:P ostrouting ACCEPT [0:0]

: Neutron-l3-agent-output-[0:0]

: neutron-l3-agent-postrouting-[0:0]

: neutron-l3-agent-prerouting-[0:0]

: Neutron-l3-agent-float-snat-[0:0]

: Neutron-l3-agent-snat-[0:0]

: Neutron-postrouting-bottom-[0:0]

[4:425]-A prerouting-j neutron-l3-agent-prerouting

[0:0]-A output-j neutron-l3-agent-output

[0:0]-A postrouting-j neutron-l3-agent-postrouting

[0:0]-A postrouting-j Neutron-postrouting-bottom

[0:0]-A neutron-l3-agent-prerouting-d 169.254.169.254/32-p tcp-m tcp--dport 80-j REDIRECT--to-ports 9697

[0:0]-A Neutron-l3-agent-snat-jneutron-l3-agent-float-snat

[0:0]-A neutron-postrouting-bottom-j Neutron-l3-agent-snat

COMMIT

# completed on Thu Jul 17 01:58:30 2014

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:58:30 2014

*mangle

:P rerouting ACCEPT [4:425]

: INPUT ACCEPT [1:229]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

:P ostrouting ACCEPT [0:0]

COMMIT

# completed on Thu Jul 17 01:58:30 2014

# Generated by Iptables-save v1.4.21 on Thu Jul 17 01:58:30 2014

*filter

: INPUT ACCEPT [1:229]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

: Neutron-filter-top-[0:0]

: Neutron-l3-agent-forward-[0:0]

: Neutron-l3-agent-input-[0:0]

: Neutron-l3-agent-output-[0:0]

: neutron-l3-agent-local-[0:0]

[1:229]-A input-j neutron-l3-agent-input

[0:0]-A forward-j neutron-filter-top

[0:0]-A forward-j Neutron-l3-agent-forward

[0:0]-A output-j neutron-filter-top

[0:0]-A output-j neutron-l3-agent-output

[0:0]-A neutron-filter-top-j neutron-l3-agent-local

[0:0]-A neutron-l3-agent-input-d 127.0.0.1/32-p tcp-m tcp--dport 9697-j ACCEPT

COMMIT

# completed on Thu Jul 17 01:58:30 2014

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 iptables-restore–c

Display Network card information

IP netns exec qrouter-d62d417d-2005-46d7-a83b-b1e5c0a36d82 IP addr Show qg-556ca938-e1

242:QG-556CA938-E1: <BROADCAST,UP,LOWER_UP> MTU qdisc noqueue State UNKNOWN Group Default

Link/ether fa:16:3e:68:12:c0 BRD FF:FF:FF:FF:FF:FF

inet 16.158.165.105/22 BRD 16.158.167.255 Scope Global QG-556CA938-E1

Valid_lft Forever Preferred_lft Forever

Inet6 fe80::f816:3eff:fe68:12c0/64 Scope Link tentative

Valid_lft Forever Preferred_lft Forever