This article will not explain the details of each of the network technology, and will not explain the implementation of neutron network details, but a high degree of summary of the technical nature of these basic network technology, trying to help you in these network technology and neutron between the establishment of a higher level of contact, so that everyone juchongruoqing, the global system to So before you read this article, understanding the following knowledge will help you understand this article:
Understand the OSI seven layer model, and understand basic network knowledge such as L2 layer frame forwarding, L3 layer Routing and forwarding.
Understanding the neutron network or any other cloud network will also help the understanding of this article.
What is neutron?
In a word, neutron is a sub module of OpenStack, its essence is a well-defined framework to drive the L2-L7 layer of different underlying network technology for THIRD-PARTY applications to provide independent tenant isolation of virtual network services.
The above definition is only the author of neutron for a long time one of the most intuitive feelings, the beholder, and I believe that you read this article, for "Neutron is what" this question will have their own views.
The author has previously published an article in Developworks, "Stroll in the Cloud network," in that article, the author also did not directly specifically speak Quantum HOWTO problem (at present Quantum because of a company with a duplicate name, so has been renamed Neturon), but described Qauntum the general principles behind the network, readers can at least get the following knowledge from the article:
Know the implementation of Linux under the Virtual network card general use of Tap/tun technology. A TAP device is a process under Linux, two virtual machines through the network communication, is actually a Linux two processes between the communication. So many Hypervisor the use of DMA (direct memory access) technology to promote network IO performance between two virtual machines in the same physical machine is no surprise.
Know that in the L2 layer, Linux Bridge is a virtual switch implementation, know whether the virtual switch or physical switch, the principle is the same. Know that the L2 layer is used to do physical isolation using VLANs. Know the fundamental difference between a FLAT network and a VLAN network.
Know how to carry on static route forwarding through IPv4 forward function in the L3 layer, know how to use iptables SNAT and Dnat rules to realize virtual machine in intranet and external network to access the virtual machine (that is, the so-called floating IP).
In my first season, Quantum only achieved the L2,L3 two, so in the "stroll in the Cloud network," the article is only involved in the L2, L3 behind the two-layer network principle knowledge. But now neutron on the L2 and L3 layer to achieve more network technology, while at the L4-L7 layer also has more action, so it is necessary to the second quarter of the entire L2-L7 layer of the network to carry out a comprehensive. This season will also summarize L2, L3 theoretical knowledge, but not as detailed in the first quarter, you can also combine the first quarter of the study. Therefore, the main contents of this article are:
L2 layer: The principle of the switch, why there is the difference between FLAT and VLAN in Vlan;neutron;
L3 layer: The technology of implementing static routing on Linux (namespace + IPv4 forward + iptables), dynamic routing, neutron using the L3 level of the GRE channel technology to overcome the limit of VLAN size;
Using the L3 layer to extend the L2 layer technology: Vxlan; Nvgre;
Using L2 layer to extend the label technology of L3 layer: MPLS;
Different from the traditional routing and forwarding of the transfer technology: OpenFlow and the essence of SDN;
L4-L7 layer: such as Lbaas;fwaas; Vpnaas; Nataas
OSI Seven layer model
Mentioned that the network has to mention the OSI seven-layer model, from top to bottom, OSI is divided into seven layers:
L7, Application layer
L6, Presentation layer
L5, Session Layer
L4, Transport Layer
L3, Network layer
L2, Data Link layer
L1, Physical layer
For the OSI seven layer model, at least the following common sense should be known:
L2 layer mainly through the MAC address frame forwarding
L3 layer is mainly transmitted by IP address
The L4 layer combines port ports to uniquely flag an application
Protocol is a communication between the two sides of the data, such as the L7 layer has our common Protocol HTTP protocol, on the HTTP protocol is the communication between the two sides of the understanding of the HTML data; at the L4 layer there are important protocols, connectionless UDP and connection-oriented TCP. Reliable transmission can be achieved through the TCP protocol, for the following L2,L3 layer does not need to implement a reliable transmission mechanism, such as the L2 layer, the transmission of data frames in the process of the error simply discarded on the line, the upper TCP will naturally control its retransmission. The socket is not a protocol, but an interface definition for transferring data from the L4 layer.
When the network card receives the data, the hardware network card will interrupt the CPU, the CPU instructs the operating system software to take the data from the network card buffer in the instruction cycle, then the operating system sends the data to the TCP/IP stack to process, to the L2 layer, resolves the MAC address in the L2 layer data frame head to decide the forwarding in the L2 3-layer forwarding to the above L3 layer resolves the IP address in the packet header to determine the forwarding in the L3, and so on.
L1
L1 is the physical layer, mainly involves some electrical characteristics of the hardware, and the neutron virtual network of the partial software has little relationship with the knowledge context, and does not unfold.
L2
FLAT
The L2 Data link layer is used for frame forwarding through the switch device. After receiving the frame (L2 layer called frame, L3 layer called packet), the switch first resolves the MAC address in the frame head, and then finds out if there is a port corresponding to the MAC address in the forwarding post, and then forwards it from the corresponding port. No, on the flood (professional terminology, the frame forward to all ports of the switch), each computer on each port check the MAC address in the frame header is the same as the MAC address of the local network card, the same words will receive data frames, inconsistent directly discarded. And the transfer of the publication is automatically established by self-learning.
This leads to an important concept of promiscuous mode. By default, the computer only receives data frames that are consistent with the local MAC address, and if the computer accepts all frames, it must set up the NIC for promiscuous mode (ifconfig eth0 0.0.0.0 promisc up). So in virtual bridge, if you want virtual machine and external communication, you must turn on the promiscuous mode feature of the physical network card that bridges to the virtual bridge.