The difference between the provider network and the Tenant network within OpenStack

The difference between the provider network and the Tenant network within OpenStack

The network in OpenStack is relatively complex, and there is often confusion over several network concepts, and here's a basic explanation

Within OpenStack, the Neutron network can be divided into the following:

Provider Network: Administrator-created virtual networks that have a direct mapping relationship to the physical network.

Tenant Network: The networks created by the tenant's ordinary users, whose configuration is determined by the Neutorn based on the administrator's configuration in the system. Limited by neutron configuration.

Depending on the type of network, Neutron networks can be divided into:

VLAN network (virtual LAN): Virtual networks based on physical VLAN networks. Multiple VLAN networks that share the same physical network are isolated from each other and can even use overlapping IP address spaces. Each of the physical networks that support VLAN network can be treated as a separate VLAN trunk, which uses a set of exclusive VLAN IDs. The valid VLAN ID range is 1 to 4094.

Flat Network: Virtual networks implemented based on physical networks that do not use VLANs. Only one virtual network can be implemented per physical network.

Local network: A virtual network that only allows communication within the server and does not know about cross-server communication. Primarily used for single-node testing.

GRE Network: A virtual network that uses GRE to encapsulate a network package. A GRE encapsulated packet is routed based on an IP routing table, so the GRE network is not tied to a specific physical network.

VXLAN Network (virtual extensible Networks): Virtual networks based on VXLAN. As with the GRE network, the routing of IP packets in the VXLAN network is also based on the IP routing table and is not tied to a specific physical network.

The Provider network is only meaningful for Flat and VLAN-type networks, because an important attribute of the Provider network is provider:physical_network, which does not make sense for other network types. and provider network is a planning level of things, there are administrator hands-on operation.

The Tenant network is created by an ordinary user of Tenant. By default, this type of user cannot create a shared tenant network (so the policy for Nuetron Server is set to "create_network:shared": "Rule:admin_only". ), so the network is completely isolated and cannot be shared by other tenant. OpenStack has permission controls on the operations of some APIs, and is determined in conjunction with his model scenario. Tenant Network also has types of local,flat,vlan,gre and Vxlan. However, the Flat and VLAN tenant networks created by tenant are actually Provider network, so it really makes sense to have GRE and VXLAN types that have no binding relationship with the physical network.

In general, SDN uses Vxlan, the government cloud inside because the physical planning of the basic use of VLANs, and are administrators to do the relevant network, by the tenant, because the relationship between the VLAN and IP is generally planned.

Summarize:

The Provider network is created by the Admin user, while the Tenant network is made by Tenant ordinary users

Created by.

A direct mapping of the Provider network and the physical networks, such as a VLAN, requires a pre-

Make the appropriate configuration in the physical network. While the tenant network is virtualized, Neutron needs to be responsible for the three-tier capabilities of its routing.

For Flat and VLAN-type networks, only the Provider network makes sense. Even this type of tenant network, in essence, corresponds to an actual physical segment.

For GRE and VXLAN types of networks, only the tenant network is meaningful, because it does not rely on a specific physical network, but requires the physical network to provide IP and multicast.

The Provider network is created based on the physical networking parameters entered by the Admin user, while tenant work is created by tenant ordinary users, Neutron select specific configurations based on their network configuration, including network type, physical network, and Segmentation_i D.

segmentation_id that are not within the scope of the configuration item is allowed when creating the Provider network.

The difference between the provider network and the Tenant network within OpenStack