Book Image

Learning OpenStack Networking (Neutron)

By : James Denton
Book Image

Learning OpenStack Networking (Neutron)

By: James Denton

Overview of this book

OpenStack Neutron is an OpenStack component that provides networking as a service for other OpenStack services to architect networks and create virtual machines through its API. This API lets you define network connectivity in order to leverage network capabilities to cloud deployments. Through this practical book, you will build a strong foundational knowledge of Neutron, and will architect and build an OpenStack cloud using advanced networking features. We start with an introduction to OpenStack Neutron and its various components, including virtual switching, routing, FWaaS, VPNaaS, and LBaaS. You’ll also get hands-on by installing OpenStack and Neutron and its components, and use agents and plugins to orchestrate network connectivity and build a virtual switching infrastructure. Moving on, you’ll get to grips with the HA routing capabilities utilizing VRRP and distributed virtual routers in Neutron. You’ll also discover load balancing fundamentals, including the difference between nodes, pools, pool members, and virtual IPs. You’ll discover the purpose of security groups and learn how to apply the security concept to your cloud/tenant/instance. Finally, you' ll configure virtual private networks that will allow you to avoid the use of SNAT and floating IPs when connecting to remote networks.

Related Content you might be interested in

Current Title:

Small book image
Learning OpenStack Networking (Neutron)
James Denton
Nov, 2015 | 462 pages
No titles found
Table of Contents (21 chapters)
Learning OpenStack Networking (Neutron) Second Edition
Learning OpenStack Networking (Neutron) Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Preparing the Network for OpenStack
Preparing the Network for OpenStack
What is OpenStack Networking?
Preparing the physical infrastructure
Physical server connections
Separating services across nodes
Summary
2
Installing OpenStack
Installing OpenStack
System requirements
Initial network configuration
Initial steps
Installing OpenStack
Summary
3
Installing Neutron
Installing Neutron
Basic networking elements in Neutron
Extending functionality with plugins
Network namespaces
Installing and configuring Neutron services
Configuring Neutron services
Summary
4
Building a Virtual Switching Infrastructure
Building a Virtual Switching Infrastructure
Virtual network devices
Network types supported by Neutron
Choosing a plugin and driver
Visualizing traffic flow when using LinuxBridge
Visualizing the traffic flow when using Open vSwitch
Configuring the ML2 networking plugin
Configuring the LinuxBridge driver and agent
Configuring the Open vSwitch driver and agent
Summary
5
Creating Networks with Neutron
Creating Networks with Neutron
Network management
Neutron ports
Attaching instances to networks
Exploring how instances get their addresses
Exploring how instances retrieve their metadata
Summary
6
Managing Security Groups
Managing Security Groups
Security groups in OpenStack
An introduction to iptables
Working with security groups
Implementing security group rules
Working with security groups in the dashboard
Disabling port security
Summary
7
Creating Standalone Routers with Neutron
Creating Standalone Routers with Neutron
Routing traffic in a cloud
Installing and configuring the Neutron L3 agent
Router management in the CLI
Network address translation
Floating IP management
Demonstrating traffic flow from an instance to the Internet
Router management in the dashboard
Summary
8
Router Redundancy Using VRRP
Router Redundancy Using VRRP
Using keepalived and VRRP to provide redundancy
Networking of highly available routers
Installing and configuring additional L3 agents
Configuring Neutron
Working with highly available routers
Decomposing a highly available router
Summary
9
Distributed Virtual Routers
Distributed Virtual Routers
Distributing routers across the cloud
Installing and configuring Neutron components
Routing east-west traffic between instances
Centralized SNAT
Floating IPs through distributed virtual routers
Summary
10
Load Balancing Traffic to Instances
Load Balancing Traffic to Instances
Fundamentals of load balancing
Integrating load balancers into the network
Installing LBaaS
Load balancer management in the CLI
Building a load balancer
Load balancer management in the dashboard
Summary
11
Firewall as a Service
Firewall as a Service
Enabling FWaaS
Firewall Management in the CLI
Demonstrating traffic flow through a firewall
Summary
12
Virtual Private Network as a Service
Virtual Private Network as a Service
An overview of IPSec
Installing VPNaaS
VPN management in the CLI
VPN management in the dashboard
A tale of two routers
Summary
Additional Neutron Commands
Additional Neutron Commands
Neutron extensions
Neutron agents
Per-tenant quotas
Cisco Nexus 1000V command reference
VMware NSX command reference
Nuage VSP command reference
L3 metering
The LBaaS v2 API
Summary
Virtualizing the Environment
Virtualizing the Environment
Configuring VirtualBox networking
Creating a virtual machine
Configuring a virtual machine
Installing the Ubuntu operating system
Configuring virtual machine networking
Accessing a virtual machine over SSH
Changes to the OpenStack installation
Summary
Index
Index

Per-tenant quotas

To prevent system resources from being exhausted, Neutron supports per-tenant quota limits via the quotas extension. Every tenant is bound to a default quota that is set by the administrator in the Neutron configuration file, as follows:

[quotas]
# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver

# Resource name(s) that are supported in quota features
# quota_items = network,subnet,port

# Default number of resource allowed per tenant. 
# default_quota = -1

# Number of networks allowed per tenant. 
# quota_network = 10

# Number of subnets allowed per tenant. 
# quota_subnet = 10

# Number of ports allowed per tenant. 
# quota_port = 50

# Number of security groups allowed per tenant. 
# quota_security_group = 10

# Number of security group rules allowed per tenant. 
# quota_security_group_rule = 100

# Number of vips allowed per tenant. 
# quota_vip = 10

# Number of pools allowed per tenant. 
# quota_pool = 10
# Number of pool members allowed per tenant. 
# quota_member = -1

# Number of health monitors allowed per tenant. 
# quota_health_monitor = -1

# Number of loadbalancers allowed per tenant. 
# quota_loadbalancer = 10

# Number of listeners allowed per tenant. 
# quota_listener = -1

# Number of v2 health monitors allowed per tenant. 
# quota_healthmonitor = -1

# Number of routers allowed per tenant. \
# quota_router = 10

# Number of floating IPs allowed per tenant. 
# quota_floatingip = 50

# Number of firewalls allowed per tenant. 
# quota_firewall = 1

# Number of firewall policies allowed per tenant. 
# quota_firewall_policy = 1

# Number of firewall rules allowed per tenant. 
# quota_firewall_rule = 100

A negative value for a quota means that the tenant may create an unlimited amount of the resource. To change the default, change the value and uncomment the line associated with the quota that you want to change. A restart of the neutron-server service is necessary for the changes to take effect.

The following Neutron commands can be used to manage per-tenant quotas:

  • quota-delete

  • quota-list

  • quota-show

  • quota-update

Listing the current tenant quotas

To get a list of the current quotas, use the Neutron quota-show command, as follows:

Usage:   quota-show [--tenant-id TENANT_ID]

The returned output will contain the current per-tenant Neutron quotas, as shown in the following screenshot:

Figure A.2

Updating tenant quotas

To update a quota for a specified tenant, use the Neutron quota-update command, as shown here:

Usage:    quota-update --tenant-id TENANT_ID
          [--network NUM_OF_NETWORKS]
          [--port NUM_OF_PORTS]
          [--subnet NUM_OF_SUBNETS]
          [--floatingip NUM_OF_FLOATING_IPS]
          [--security-group NUM_OF_SEC_GROUPS]
          [--security-group-rule NUM_OF_SEC_GROUP_RULES]
          [--router NUM_OF_ROUTERS]

The attributes in brackets are optional and allow you to specify new values for the respective quota. You can update multiple attributes simultaneously, as shown in the following screenshot:

Figure A.3

Listing tenant quotas

To list the quotas of a tenant, use the Neutron quota-list command as shown below:

Usage: quota-list

If a tenant is using the default quotas, no output will be provided. If the quotas are modified, the output will resemble the following screenshot:

Figure A.4

Deleting tenant quotas

To make the tenant quotas revert to their default value, use the Neutron quota-delete command, as follows:

Usage:   quota-delete --tenant-id TENANT_ID

Note

The quota-delete command results in all per-tenant quotas being reverted to their default values. It is not possible for a single quota to revert.

Previous Section
End of Section
Next Section