Learning OpenStack Networking - Third Edition

Learning OpenStack Networking - Third Edition

by James Denton
Released August 2018
Publisher(s): Packt Publishing
ISBN: 9781788392495

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Discover the basics of virtual networking in OpenStack to implement various cloud network architectures

Key Features

  • Learn the difference between Open vSwitch and Linux bridge switching technologies
  • Connect virtual machine instances to virtual networks, subnets, and ports
  • Implement virtual load balancers, firewalls, and routers in your network

Book Description

OpenStack Networking is a pluggable, scalable, and API-driven system to manage physical and virtual networking resources in an OpenStack-based cloud. Like other core OpenStack components, OpenStack Networking can be used by administrators and users to increase the value and maximize the use of existing datacenter resources. This third edition of Learning OpenStack Networking walks you through the installation of OpenStack and provides you with a foundation that can be used to build a scalable and production-ready OpenStack cloud.

In the initial chapters, you will review the physical network requirements and architectures necessary for an OpenStack environment that provide core cloud functionality. Then, you'll move through the installation of the new release of OpenStack using packages from the Ubuntu repository. An overview of Neutron networking foundational concepts, including networks, subnets, and ports will segue into advanced topics such as security groups, distributed virtual routers, virtual load balancers, and VLAN tagging within instances.

By the end of this book, you will have built a network infrastructure for your cloud using OpenStack Neutron.

What you will learn

  • Get familiar with Neutron constructs, including agents and plugins
  • Build foundational Neutron resources to provide connectivity to instances
  • Work with legacy Neutron routers and troubleshoot traffic through them
  • Explore high-availability routing capabilities utilizing Virtual Router Redundancy Protocol (VRRP)
  • Create and manage load balancers and associated components
  • Manage security groups as a method of securing traffic to and from instances

Who this book is for

If you are an OpenStack-based cloud operator and administrator who is new to Neutron networking and wants to build your very own OpenStack cloud, then this book is for you.Prior networking experience and a physical server and network infrastructure is recommended to follow along with concepts demonstrated in the book.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Learning OpenStack NetworkingThird Edition
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  6. Introduction to OpenStack Networking
    1. What is OpenStack Networking?
      1. Features of OpenStack Networking
        1. Switching
        2. Routing
        3. Load balancing
        4. Firewalling
        5. Virtual private networks
        6. Network functions virtualization
      2. OpenStack Networking resources
        1. Virtual network interfaces
        2. Virtual network switches
      3. Overlay networks
        1. Virtual Extensible Local Area Network (VXLAN)
        2. Generic Router Encapsulation (GRE)
        3. Generic Network Virtualization Encapsulation (GENEVE)
    2. Preparing the physical infrastructure
      1. Configuring the physical infrastructure
        1. Management network
        2. API network
        3. External network
        4. Guest network
      2. Physical server connections
        1. Single interface
        2. Multiple interfaces
        3. Bonding
    3. Separating services across nodes
      1. Using a single controller node
      2. Using a dedicated network node
    4. Summary
  7. Installing OpenStack
    1. System requirements
      1. Operating system requirements
    2. Initial network configuration
      1. Example networks
      2. Interface configuration
    3. Initial steps
      1. Permissions
      2. Configuring the OpenStack repository
      3. Upgrading the system
      4. Setting the hostnames
      5. Installing and configuring Network Time Protocol
      6. Rebooting the system
    4. Installing OpenStack
      1. Installing and configuring the MySQL database server
      2. Installing and configuring the messaging server
      3. Installing and configuring memcached
      4. Installing and configuring the identity service
        1. Configuring the database
      5. Installing Keystone
        1. Configuring tokens and drivers
        2. Bootstrap the Identity service
        3. Configuring the Apache HTTP server
        4. Setting environment variables
        5. Defining services and API endpoints in Keystone
        6. Defining users, projects, and roles in Keystone
      6. Installing and configuring the image service
        1. Configuring the database
        2. Defining the Glance user, service, and endpoints
        3. Installing and configuring Glance components
        4. Configuring authentication settings
        5. Configuring additional settings
        6. Verifying the Glance image service installation
        7. Installing additional images
      7. Installing and configuring the Compute service
        1. Configuring the database
        2. Defining the Nova user, service, and endpoints
        3. Installing and configuring controller node components
        4. Configuring authentication settings
        5. Additional controller tasks
        6. Installing and configuring compute node components
          1. Additional compute tasks
        7. Adding the compute node(s) to the cell database
      8. Installing the OpenStack Dashboard
        1. Updating the host and API version configuration
        2. Configuring Keystone settings
        3. Modifying network configuration
        4. Uninstalling default Ubuntu theme (optional)
        5. Reloading Apache
        6. Testing connectivity to the dashboard
        7. Familiarizing yourself with the dashboard
    5. Summary
  8. Installing Neutron
    1. Basic networking elements in Neutron
    2. Extending functionality with plugins
      1. Modular Layer 2 plugin
        1. Drivers
          1. TypeDrivers
          2. Mechanism drivers
        2. ML2 architecture
    3. Network namespaces
    4. Installing and configuring Neutron services
      1. Creating the Neutron database
      2. Configuring the Neutron user, role, and endpoint in Keystone
      3. Installing Neutron packages
      4. Configuring Neutron to use Keystone
      5. Configuring Neutron to use a messaging service
      6. Configuring Nova to utilize Neutron networking
      7. Configuring Neutron to notify Nova
    5. Configuring Neutron services
      1. Starting neutron-server
      2. Configuring the Neutron DHCP agent
        1. Restarting the Neutron DHCP agent
      3. Configuring the Neutron metadata agent
        1. Restarting the Neutron metadata agent
    6. Interfacing with OpenStack Networking
      1. Using the OpenStack command-line interface
      2. Using the Neutron command-line interface
      3. Using the OpenStack Python SDK
      4. Using the cURL utility
    7. Summary
  9. Virtual Network Infrastructure Using Linux Bridges
    1. Using the Linux bridge driver
    2. Visualizing traffic flow through Linux bridges
      1. VLAN
      2. Flat
      3. VXLAN
        1. Potential issues when using overlay networks
      4. Local
    3. Configuring the ML2 networking plugin
      1. Configuring the bridge interface
      2. Configuring the overlay interface
      3. ML2 plugin configuration options
        1. Type drivers
        2. Mechanism drivers
          1. Using the L2 population driver
        3. Tenant network types
        4. Flat networks
        5. Network VLAN ranges
        6. VNI ranges
        7. Security groups
    4. Configuring the Linux bridge driver and agent
      1. Installing the Linux bridge agent
      2. Updating the Linux bridge agent configuration file
        1. Physical interface mappings
        2. Enabling VXLAN
        3. L2 population
        4. Local IP
        5. Firewall driver
      3. Configuring the DHCP agent to use the Linux bridge driver
      4. Restarting services
      5. Verifying Linux bridge agents
    5. Summary
  10. Building a Virtual Switching Infrastructure Using Open vSwitch
    1. Using the Open vSwitch driver
    2. Basic OpenvSwitch commands
      1. Base commands
        1. ovs-vsctl
        2. ovs-ofctl
        3. ovs-dpctl
        4. ovs-appctl
    3. Visualizing traffic flow when using Open vSwitch
      1. Identifying ports on the virtual switch
      2. Identifying the local VLANs associated with ports
      3. Programming flow rules
        1. Flow rules for VLAN networks
          1. Return traffic
        2. Flow rules for flat networks
        3. Flow rules for overlay networks
        4. Flow rules for local networks
    4. Configuring the ML2 networking plugin
      1. Configuring the bridge interface
      2. Configuring the overlay interface
      3. ML2 plugin configuration options
        1. Mechanism drivers
        2. Flat networks
        3. Network VLAN ranges
        4. Tunnel ID ranges
        5. VNI Ranges
        6. Security groups
    5. Configuring the Open vSwitch driver and agent
      1. Installing the Open vSwitch agent
      2. Updating the Open vSwitch agent configuration file
        1. Tunnel types
        2. L2 population
        3. VXLAN UDP port
        4. Integration bridge
        5. Tunnel bridge
        6. Local IP
        7. Bridge mappings
          1. Configuring the bridges
        8. Firewall driver
      3. Configuring the DHCP agent to use the Open vSwitch driver
      4. Restarting services
      5. Verifying Open vSwitch agents
    6. Summary
  11. Building Networks with Neutron
    1. Network management in OpenStack
      1. Provider and tenant networks
      2. Managing networks in the CLI
        1. Creating a flat network in the CLI
        2. Creating a VLAN network in the CLI
        3. Creating a local network in the CLI
        4. Listing networks in the CLI
        5. Showing network properties in the CLI
        6. Updating network attributes in the CLI
        7. Deleting networks in the CLI
      3. Creating networks in the dashboard
        1. Via the Project panel
        2. Via the Admin panel
    2. Subnet management in OpenStack
      1. Working with IPv4 addresses
      2. Working with IPv6 addresses
      3. Creating subnets in the CLI
        1. Creating a subnet in the CLI
        2. Listing subnets in the CLI
        3. Showing subnet properties in the CLI
        4. Updating a subnet in the CLI
      4. Creating subnets in the dashboard
        1. Via the Project tab
        2. Via the Admin tab
      5. Managing subnet pools
        1. Creating a subnet pool
        2. Creating a subnet from a pool
        3. Deleting a subnet pool
        4. Assigning a default subnet pool
    3. Managing network ports in OpenStack
      1. Creating a port
    4. Summary
  12. Attaching Instances to Networks
    1. Attaching instances to networks
      1. Attaching instances to networks at creation
        1. Specifying a network
        2. Specifying a port
        3. Attaching multiple interfaces
      2. Attaching network interfaces to running instances
      3. Detaching network interfaces
    2. Exploring how instances get their addresses
      1. Watching the DHCP lease cycle
      2. Troubleshooting DHCP
    3. Exploring how instances retrieve their metadata
      1. The DHCP namespace
        1. Adding a manual route to 169.254.169.254
        2. Using DHCP to inject the route
    4. Summary
  13. Managing Security Groups
    1. Security groups in OpenStack
    2. An introduction to iptables
      1. Using ipset
    3. Working with security groups
      1. Managing security groups in the CLI
        1. Creating security groups in the CLI
        2. Deleting security groups in the CLI
        3. Listing security groups in the CLI
        4. Showing the details of a security group in the CLI
        5. Updating security groups in the CLI
        6. Creating security group rules in the CLI
        7. Deleting security group rules in the CLI
        8. Listing security group rules in the CLI
        9. Showing the details of a security group rule in the CLI
    4. Applying security groups to instances and ports
      1. Removing security groups from instances and ports in the CLI
    5. Implementing security group rules
      1. Stepping through the chains
    6. Working with security groups in the dashboard
      1. Creating a security group
      2. Managing security group rules
      3. Applying security groups to instances
    7. Disabling port security
      1. Configuring Neutron
      2. Disabling port security for all ports on a network
      3. Modifying port security on an individual port
    8. Allowed address pairs
    9. Summary
  14. Role-Based Access Control
    1. Working with access control policies
      1. Managing access control policies in the CLI
        1. Creating access control policies in the CLI
        2. Deleting access control policies in the CLI
        3. Listing access control policies in the CLI
        4. Showing the details of an access control policy in the CLI
        5. Updating access control policies in the CLI
    2. Applying RBAC policies to projects
      1. Creating projects and users
      2. Creating a network to share
      3. Creating a policy
      4. Viewing the policy in action
    3. Creating policies for external networks
    4. Summary
  15. Creating Standalone Routers with Neutron
    1. Routing traffic in the cloud
    2. Installing and configuring the Neutron L3 agent
      1. Defining an interface driver
      2. Enabling the metadata proxy
      3. Setting the agent mode
      4. Enabling the router service plugin
      5. Enabling router management in the dashboard
      6. Restarting services
    3. Router management in the CLI
      1. Creating routers in the CLI
      2. Listing routers in the CLI
      3. Displaying router attributes in the CLI
      4. Updating router attributes in the CLI
      5. Working with router interfaces in the CLI
        1. Attaching internal interfaces to routers
        2. Attaching a gateway interface to a router
      6. Listing interfaces attached to routers
      7. Deleting internal interfaces
      8. Clearing the gateway interface
      9. Deleting routers in the CLI
    4. Network address translation
      1. Floating IP addresses
    5. Floating IP management
      1. Creating floating IPs in the CLI
      2. Associating floating IPs with ports in the CLI
      3. Listing floating IPs in the CLI
      4. Displaying floating IP attributes in the CLI
      5. Disassociating floating IPs in the CLI
      6. Deleting floating IPs in the CLI
    6. Demonstrating traffic flow from an instance to the internet
      1. Setting the foundation
      2. Creating an external provider network
      3. Creating a Neutron router
      4. Attaching the router to an external network
        1. Identifying the L3 agent and namespace
      5. Testing gateway connectivity
      6. Creating an internal network
      7. Attaching the router to the internal network
      8. Creating instances
      9. Verifying instance connectivity
      10. Observing default NAT behavior
      11. Assigning floating IPs
      12. Reassigning floating IPs
    7. Router management in the dashboard
      1. Creating a router in the dashboard
      2. Attaching internal interfaces in the dashboard
      3. Viewing the network topology in the dashboard
      4. Associating floating IPs to instances in the dashboard
      5. Disassociating floating IPs in the dashboard
    8. Summary
  16. Router Redundancy Using VRRP
    1. Using keepalived and VRRP to provide redundancy
      1. VRRP groups
      2. VRRP priority
      3. VRRP working mode
        1. Preemptive
        2. Non-preemptive
      4. VRRP timers
        1. Advertisement interval timer
        2. Preemption delay timer
    2. Networking of highly available routers
      1. Dedicated HA network
        1. Limitations
      2. Virtual IP
      3. Determining the master router
    3. Installing and configuring additional L3 agents
      1. Defining an interface driver
      2. Setting the agent mode
      3. Restarting the Neutron L3 agent
    4. Configuring Neutron
    5. Working with highly available routers
      1. Creating highly-available routers
      2. Deleting highly-available routers
    6. Decomposing a highly available router
      1. Examining the keepalived configuration
      2. Executing a failover
    7. Summary
  17. Distributed Virtual Routers
    1. Distributing routers across the cloud
    2. Installing and configuring Neutron components
      1. Installing additional L3 agents
      2. Defining an interface driver
      3. Enabling distributed mode
      4. Setting the agent mode
      5. Configuring Neutron
      6. Restarting the Neutron L3 and Open vSwitch agent
      7. Managing distributed virtual routers
        1. Creating distributed virtual routers
    3. Routing east-west traffic between instances
      1. Reviewing the topology
      2. Plumbing it up
      3. Distributing router ports
        1. Making it work
      4. Demonstrating traffic between instances
    4. Centralized SNAT
      1. Reviewing the topology
      2. Using the routing policy database
      3. Tracing a packet through the SNAT namespace
    5. Floating IPs through distributed virtual routers
      1. Introducing the FIP namespace
      2. Tracing a packet through the FIP namespace
        1. Sending traffic from an instance with a floating IP
        2. Returning traffic to the floating IP
          1. Using proxy ARP
    6. Summary
  18. Load Balancing Traffic to Instances
    1. Fundamentals of load balancing
      1. Load balancing algorithms
      2. Monitoring
      3. Session persistence
    2. Integrating load balancers into the network
      1. Network namespaces
    3. Installing LBaaS v2
      1. Configuring the Neutron LBaaS agent service
        1. Defining an interface driver
        2. Defining a device driver
      2. Defining a user group
      3. Configuring Neutron
        1. Defining a service plugin
        2. Defining a service provider
      4. Updating the database schema
      5. Restarting the Neutron LBaaS agent and API service
    4. Load balancer management in the CLI
      1. Managing load balancers in the CLI
        1. Creating load balancers in the CLI
        2. Deleting load balancers in the CLI
        3. Listing load balancers in the CLI
        4. Showing load balancer details in the CLI
        5. Showing load balancer statistics in the CLI
        6. Showing the load balancer's status in the CLI
        7. Updating a load balancer in the CLI
      2. Managing pools in the CLI
        1. Creating a pool in the CLI
        2. Deleting a pool in the CLI
        3. Listing pools in the CLI
        4. Showing pool details in the CLI
        5. Updating a pool in the CLI
      3. Managing pool members in the CLI
        1. Creating pool members in the CLI
        2. Deleting pool members
        3. Listing pool members
        4. Showing pool member details
        5. Updating a pool member
      4. Managing health monitors in the CLI
        1. Creating a health monitor in the CLI
        2. Deleting a health monitor in the CLI
        3. Listing health monitors in the CLI
        4. Showing health monitor details
        5. Updating a health monitor
      5. Managing listeners in the CLI
        1. Creating listeners in the CLI
        2. Deleting listeners in the CLI
        3. Listing listeners in the CLI
        4. Showing listener details in the CLI
        5. Updating a listener in the CLI
    5. Building a load balancer
      1. Creating a load balancer
      2. Creating a pool
      3. Creating pool members
      4. Creating a health monitor
      5. Creating a listener
      6. The LBaaS network namespace
      7. Confirming load balancer functionality
        1. Observing health monitors
        2. Connecting to the virtual IP externally
    6. Load balancer management in the dashboard
      1. Creating a load balancer in the dashboard
        1. Assigning a floating IP to the load balancer
    7. Summary
  19. Advanced Networking Topics
    1. VLAN-aware VMs
      1. Configuring the trunk plugin
      2. Defining the workflow
      3. Managing trunks in the CLI
        1. Creating trunks in the CLI
        2. Deleting trunks in the CLI
        3. Listing trunks in the CLI
        4. Showing trunk details in the CLI
        5. Updating a trunk in the CLI
      4. Building a trunk
        1. Creating the parent port
        2. Creating a sub-port
        3. Creating a trunk
      5. Booting an instance with a trunk
        1. Configuring the instance
        2. Reviewing the network plumbing
    2. BGP dynamic routing
      1. Prefix advertisement requirements
      2. Operations with distributed virtual routers
      3. Configuring BGP dynamic routing
        1. Installing the agent
        2. Configuring the agent
        3. Restarting services
      4. Managing BGP speakers in the CLI
    3. Network availability zones
      1. Configuring network availability zones
      2. Scheduling routers to availability zones
      3. Scheduling DHCP services to availability zones
    4. Summary
  20. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Learning OpenStack Networking - Third Edition
  • Author(s): James Denton
  • Release date: August 2018
  • Publisher(s): Packt Publishing
  • ISBN: 9781788392495