help you know what neutron is, what it is, and why, before you go into the details of the research neutron, so you can always clearly position yourself in the study of these complex network technologies without losing your way. This article is suitable for architects who want to quickly understand the full range of neutron features, for programmers who want to study neutron code, for testers who want to run neutron, and for those who want to know about the basics of the network.
This article will not explain the details of each of the network technology, and will not explain the implementation of neutron network details, but a high degree of summary of the technical nature of these basic network technology, trying to help you in these network technology and neutron between the establishment of a higher level of contact, so that everyone lifting, the global system to So before you read this article, understanding the following knowledge will help you understand this article:
understand the OSI seven layer model, and understand basic network knowledge such as L2 layer frame forwarding, L3 layer Routing and forwarding. Understanding the neutron network or any other cloud network will also help the understanding of this article.
What is neutron?
In a word, neutron is a sub module of OpenStack, its essence is a well-defined framework to drive the L2-L7 layer of different underlying network technology for THIRD-PARTY applications to provide independent tenant isolation of virtual network services.
The above definition is only the author of neutron for a long time one of the most intuitive feelings, the beholder, and I believe that you read this article, for "Neutron is what" this question will have their own views.
The author has previously published an article in Developworks, "Stroll in the Cloud network," in that article, the author also did not directly specifically speak Quantum HOWTO problem (at present Quantum because of a company with a duplicate name, so has been renamed Neturon), but described Qauntum the general principles behind the network, readers can at least get the following knowledge from the article:
Know Linux to implement virtual network card general use Tap/tun technology. A TAP device is a process under Linux, two virtual machines through the network communication, is actually a Linux two processes between the communication. So many Hypervisor the use of DMA (direct memory access) technology to promote network IO performance between two virtual machines in the same physical machine is no surprise. Know that in the L2 layer, Linux Bridge is a virtual switch implementation, know whether the virtual switch or physical switch, the principle is the same. Know that the L2 layer is used for physical isolation using VLANs. Know the fundamental difference between a FLAT network and a VLAN network. Know how to carry on static route forwarding through IPv4 forward function in the L3 layer, know how to use iptables SNAT and Dnat rules to realize virtual machine in intranet and external network to access the virtual machine (that is, the so-called floating IP).
In my first season, Quantum only achieved the L2,L3 two, so in the "stroll in the Cloud network," the article is only involved in the L2, L3 behind the two-layer network principle knowledge. But now neutron on the L2 and L3 layer to achieve more network technology, while at the L4-L7 layer also has more action, so it is necessary to the second quarter of the entire L2-L7 layer of the network to carry out a comprehensive. This season will also summarize L2, L3 theoretical knowledge, but not as detailed in the first quarter, you can also combine the first quarter of the study. Therefore, the main contents of this article are:
L2 Layer: The principle of the switch, why there is the difference between FLAT and VLAN in Vlan;neutron; L3 layer: A technique for implementing static routing on Linux (namespace + IPv4 forward + iptables); dynamic routing Neutron using the L3-level GRE technology to overcome the VLAN size limitation, and using the L3 layer to extend the L2 layer's tunnel technology: Vxlan; Nvgre; Using the L2 layer to extend the label technology of L3 layer: MPLS, which differs from the traditional routing and forwarding technology: OpenFlow and SDN, L4-L7 layer: such as Lbaas;fwaas; Vpnaas; Nataas
OSI Seven layer model
Mentioned that the network has to mention the OSI seven-layer model, from top to bottom, OSI is divided into seven layers:
L7, Application layer L6, Presentation layer L5, Session layer L4, Transport layer L3, network layer L2, Data link layer L1, physical layer
For the OSI seven layer model, at least the following common sense should be known:
L2 layer mainly through the MAC address frame forwarding L3 layer mainly through the IP address packet forwarding L4 layer and then combine port to unique flag an application protocol is a communication between the two sides of the data, for example, in the L7 layer has our common Protocol HTTP protocol, in the HTTP The protocol transmits the HTML data that both sides of the communication understand, and there are two important protocols in the L4 layer, connectionless UDP and connection-oriented TCP. Reliable transmission can be achieved through the TCP protocol, for the following L2,L3 layer does not need to implement a reliable transmission mechanism, such as the L2 layer, the transmission of data frames in the process of the error simply discarded on the line, the upper TCP will naturally control its retransmission. The socket is not a protocol, but an interface definition for transferring data from the L4 layer. When the network card receives the data, the hardware network card will interrupt the CPU, the CPU instructs the operating system software to take the data from the network card buffer in the instruction cycle, then the operating system sends the data to the TCP/IP stack to process, to the L2 layer, resolves the MAC address in the L2 layer data frame head to decide the forwarding in L2 Layer forwarding to the above L3 layer resolves the IP address in the packet header to determine the forwarding in the L3, and so on.
L1
L1 is the physical layer, mainly involves some electrical characteristics of the hardware, and the neutron virtual network of the partial software has little relationship with the knowledge context, and does not unfold.
L2
FLAT
The L2 Data link layer is used for frame forwarding through the switch device. After receiving the frame (L2 layer called frame, L3 layer called packet), the switch first resolves the MAC address in the frame head, and then finds out if there is a port corresponding to the MAC address in the forwarding post, and then forwards it from the corresponding port. No, on the flood (professional terminology, the frame forward to all ports of the switch), each computer on each port check the MAC address in the frame header is the same as the MAC address of the local network card, the same words will receive data frames, inconsistent directly discarded. And the transfer of the publication is automatically established by self-learning.
This leads to an important concept of promiscuous mode. By default, the computer receives only the same data frame as the local MAC address, and if the computer accepts all frames, it must set up the network card for promiscuous mode (ifconfig eth0 0.0.0.0 promisc up). So in virtual bridge, if you want virtual machine and external communication, you must turn on the promiscuous mode feature of the physical network card that bridges to the virtual bridge.
VLAN
FLAT in the flood, often in a local area network generated a large number of broadcasts, which is called "Broadcast storm." In order to isolate the broadcast storm, the concept of VLAN was introduced. That is, for each port of the switch set a 1-4094 number, the switch according to the MAC address forwarding, but also the combination of VLAN number this number, different words also want to discard. Thus, the physical isolation of the L2 layer data frame is realized, and the broadcast storm is avoided.
In neutron, we know that by the time I write this article, I have realized the FLAT, VLAN, GRE, Vxlan four network topologies. So how do you differentiate between FLAT and VLANs? Very simple, the combination of VLAN and MAC address forwarding is VLAN mode, only according to the MAC address forwarding is the FLAT mode.
The disadvantages of VLAN and the technology of large L2 layer
In fact, the technology of the tunnel can not be completely classified in the L2 layer. Because there is a tunnel agreement based on the L2 layer, such as PPTP and L2TP, there are also based on the L3 layer of the tunnel, such as GRE, Vxlan, Nvgre and so on, but these tunnels from the technical principle of the same, so the author of these technologies as a "big L2 layer" put in a piece to describe, but I hope readers do not misunderstand.
This article will focus only on the GRE and Vxlan techniques used in neutron.