Book Image

Learning OpenStack Networking (Neutron)

By : James Denton
Book Image

Learning OpenStack Networking (Neutron)

By: James Denton

Overview of this book

OpenStack Neutron is an OpenStack component that provides networking as a service for other OpenStack services to architect networks and create virtual machines through its API. This API lets you define network connectivity in order to leverage network capabilities to cloud deployments. Through this practical book, you will build a strong foundational knowledge of Neutron, and will architect and build an OpenStack cloud using advanced networking features. We start with an introduction to OpenStack Neutron and its various components, including virtual switching, routing, FWaaS, VPNaaS, and LBaaS. You’ll also get hands-on by installing OpenStack and Neutron and its components, and use agents and plugins to orchestrate network connectivity and build a virtual switching infrastructure. Moving on, you’ll get to grips with the HA routing capabilities utilizing VRRP and distributed virtual routers in Neutron. You’ll also discover load balancing fundamentals, including the difference between nodes, pools, pool members, and virtual IPs. You’ll discover the purpose of security groups and learn how to apply the security concept to your cloud/tenant/instance. Finally, you' ll configure virtual private networks that will allow you to avoid the use of SNAT and floating IPs when connecting to remote networks.
Table of Contents (21 chapters)
Learning OpenStack Networking (Neutron) Second Edition
About the Author
About the Reviewers

Per-tenant quotas

To prevent system resources from being exhausted, Neutron supports per-tenant quota limits via the quotas extension. Every tenant is bound to a default quota that is set by the administrator in the Neutron configuration file, as follows:

# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver

# Resource name(s) that are supported in quota features
# quota_items = network,subnet,port

# Default number of resource allowed per tenant. 
# default_quota = -1

# Number of networks allowed per tenant. 
# quota_network = 10

# Number of subnets allowed per tenant. 
# quota_subnet = 10

# Number of ports allowed per tenant. 
# quota_port = 50

# Number of security groups allowed per tenant. 
# quota_security_group = 10

# Number of security group rules allowed per tenant. 
# quota_security_group_rule = 100

# Number of vips allowed per tenant. 
# quota_vip = 10

# Number of pools allowed per tenant. 
# quota_pool = 10
# Number of pool members allowed per tenant. 
# quota_member = -1

# Number of health monitors allowed per tenant. 
# quota_health_monitor = -1

# Number of loadbalancers allowed per tenant. 
# quota_loadbalancer = 10

# Number of listeners allowed per tenant. 
# quota_listener = -1

# Number of v2 health monitors allowed per tenant. 
# quota_healthmonitor = -1

# Number of routers allowed per tenant. \
# quota_router = 10

# Number of floating IPs allowed per tenant. 
# quota_floatingip = 50

# Number of firewalls allowed per tenant. 
# quota_firewall = 1

# Number of firewall policies allowed per tenant. 
# quota_firewall_policy = 1

# Number of firewall rules allowed per tenant. 
# quota_firewall_rule = 100

A negative value for a quota means that the tenant may create an unlimited amount of the resource. To change the default, change the value and uncomment the line associated with the quota that you want to change. A restart of the neutron-server service is necessary for the changes to take effect.

The following Neutron commands can be used to manage per-tenant quotas:

  • quota-delete

  • quota-list

  • quota-show

  • quota-update

Listing the current tenant quotas

To get a list of the current quotas, use the Neutron quota-show command, as follows:

Usage:   quota-show [--tenant-id TENANT_ID]

The returned output will contain the current per-tenant Neutron quotas, as shown in the following screenshot:

Figure A.2

Updating tenant quotas

To update a quota for a specified tenant, use the Neutron quota-update command, as shown here:

Usage:    quota-update --tenant-id TENANT_ID
          [--network NUM_OF_NETWORKS]
          [--port NUM_OF_PORTS]
          [--subnet NUM_OF_SUBNETS]
          [--floatingip NUM_OF_FLOATING_IPS]
          [--security-group NUM_OF_SEC_GROUPS]
          [--security-group-rule NUM_OF_SEC_GROUP_RULES]
          [--router NUM_OF_ROUTERS]

The attributes in brackets are optional and allow you to specify new values for the respective quota. You can update multiple attributes simultaneously, as shown in the following screenshot:

Figure A.3

Listing tenant quotas

To list the quotas of a tenant, use the Neutron quota-list command as shown below:

Usage: quota-list

If a tenant is using the default quotas, no output will be provided. If the quotas are modified, the output will resemble the following screenshot:

Figure A.4

Deleting tenant quotas

To make the tenant quotas revert to their default value, use the Neutron quota-delete command, as follows:

Usage:   quota-delete --tenant-id TENANT_ID


The quota-delete command results in all per-tenant quotas being reverted to their default values. It is not possible for a single quota to revert.