Book Image

Learning OpenStack Networking (Neutron)

By : James Denton
Book Image

Learning OpenStack Networking (Neutron)

By: James Denton

Overview of this book

OpenStack Neutron is an OpenStack component that provides networking as a service for other OpenStack services to architect networks and create virtual machines through its API. This API lets you define network connectivity in order to leverage network capabilities to cloud deployments. Through this practical book, you will build a strong foundational knowledge of Neutron, and will architect and build an OpenStack cloud using advanced networking features. We start with an introduction to OpenStack Neutron and its various components, including virtual switching, routing, FWaaS, VPNaaS, and LBaaS. You’ll also get hands-on by installing OpenStack and Neutron and its components, and use agents and plugins to orchestrate network connectivity and build a virtual switching infrastructure. Moving on, you’ll get to grips with the HA routing capabilities utilizing VRRP and distributed virtual routers in Neutron. You’ll also discover load balancing fundamentals, including the difference between nodes, pools, pool members, and virtual IPs. You’ll discover the purpose of security groups and learn how to apply the security concept to your cloud/tenant/instance. Finally, you' ll configure virtual private networks that will allow you to avoid the use of SNAT and floating IPs when connecting to remote networks.
Table of Contents (21 chapters)
Learning OpenStack Networking (Neutron) Second Edition
About the Author
About the Reviewers

Chapter 11. Firewall as a Service

Neutron includes an advanced service known as Firewall as a Service, or FWaaS, which enables users to create and manage firewalls that provide layer 3 and layer 4 filtering at the perimeter of the network. Using the reference driver and Neutron API, users can:

  • Apply firewall rules to the traffic entering and leaving the tenant networks attached to Neutron routers

  • Create and share firewall policies that hold an ordered collection of the firewall rules

  • Audit firewall rules and policies

The FWaaS extension introduces the following network resources:

  • Firewall: A logical firewall resource that a tenant can instantiate and manage. A firewall is associated with a single firewall policy.

  • Firewall policy: An ordered collection of firewall rules that can be shared across tenants.

  • Firewall rule: A collection of attributes such as layer 3 addresses and layer 4 ports that are allowed or denied access through an interface.

As with security groups, firewalls in Neutron utilize...