Book Image

Learning OpenStack Networking (Neutron)

By : James Denton
Book Image

Learning OpenStack Networking (Neutron)

By: James Denton

Overview of this book

OpenStack Neutron is an OpenStack component that provides networking as a service for other OpenStack services to architect networks and create virtual machines through its API. This API lets you define network connectivity in order to leverage network capabilities to cloud deployments. Through this practical book, you will build a strong foundational knowledge of Neutron, and will architect and build an OpenStack cloud using advanced networking features. We start with an introduction to OpenStack Neutron and its various components, including virtual switching, routing, FWaaS, VPNaaS, and LBaaS. You’ll also get hands-on by installing OpenStack and Neutron and its components, and use agents and plugins to orchestrate network connectivity and build a virtual switching infrastructure. Moving on, you’ll get to grips with the HA routing capabilities utilizing VRRP and distributed virtual routers in Neutron. You’ll also discover load balancing fundamentals, including the difference between nodes, pools, pool members, and virtual IPs. You’ll discover the purpose of security groups and learn how to apply the security concept to your cloud/tenant/instance. Finally, you' ll configure virtual private networks that will allow you to avoid the use of SNAT and floating IPs when connecting to remote networks.
Table of Contents (21 chapters)
Learning OpenStack Networking (Neutron) Second Edition
About the Author
About the Reviewers


In the fall of 2015, the OpenStack Foundation released the 12th version of OpenStack, code-named Liberty, to the public. Since its introduction as an open source project in 2010 by NASA and Rackspace, OpenStack has undergone significant improvements in its features and functionality and has matured into production-ready cloud software that powers workloads of all sizes throughout the world.

In 2012, the Folsom release of OpenStack introduced a standalone networking component, known then as Quantum. Now known as Neutron, the networking component of OpenStack provides cloud operators and users with an API to create and manage networks in the cloud. Neutron's extensible framework allows for third-party plugins and additional network services, such as load balancers, firewalls, and virtual private networks, to be deployed and managed.

As an architect and operator of hundreds of OpenStack-based private clouds since 2012, I have seen much of what OpenStack has to offer in terms of networking capabilities, and I have condensed what I feel are its most valuable and production-ready features to date into this book. Throughout this book, we will take a look at a few common network and service architectures and lay a foundation for deploying and managing OpenStack Networking, which will help you develop and sharpen your skills as an OpenStack cloud operator.

What this book covers

Chapter 1, Preparing the Network for OpenStack, provides an introduction to OpenStack Networking, including supported networking technologies and examples of how to architect the physical network to support an OpenStack cloud.

Chapter 2, Installing OpenStack, provides instructions to install the core components of the Kilo release of OpenStack on the Ubuntu 14.04 LTS operating system.

Chapter 3, Installing Neutron, explains how to install the Neutron networking components of OpenStack. We will also cover the internal architecture of Neutron, including the use of agents and plugins to orchestrate network connectivity.

Chapter 4, Building a Virtual Switching Infrastructure, helps you to install and configure the ML2 plugin to support both the LinuxBridge and Open vSwitch drivers and agents. We will also cover the architectural differences between the LinuxBridge and Open vSwitch drivers and agents and how they connect instances to the network.

Chapter 5, Creating Networks with Neutron, walks you through creating networks and subnets in the cloud, booting and attaching instances to networks, and exploring the process of obtaining DHCP leases and metadata.

Chapter 6, Managing Security Groups, examines the use of iptables to secure instance traffic at the compute node and walks you through creating and managing security groups and associated rules.

Chapter 7, Creating Standalone Routers with Neutron, walks you through creating standalone virtual routers and attaching them to networks, applying floating IPs to instances, and following the flow of traffic through a router to an instance.

Chapter 8, Router Redundancy Using VRRP, explores Virtual Routing Redundancy Protocol and its use in providing highly-available virtual routers.

Chapter 9, Distributed Virtual Routers, walks you through creating and managing virtual routers that are distributed across multiple nodes.

Chapter 10, Load Balancing Traffic to Instances, explores the fundamental components of a load balancer in Neutron, including virtual IPs, pools, pool members, and monitors, and walks you through creating and integrating a virtual load balancer into the network.

Chapter 11, Firewall as a Service, covers the creation and management of virtual firewalls, their associated policies and rules, and the integration of virtual firewalls in the network.

Chapter 12, Virtual Private Network as a Service, examines the fundamental concepts of IPSec-based virtual private networks and walks you through configuring and managing VPN connections that connect tenant networks to remote networks.

Appendix A, Additional Neutron Commands, briefly covers additional Neutron functionality that is outside the scope of this book, including commands related to Cisco 1000V, VMware NSX, and more.

Appendix B, Virtualizing the Environment, describes the process of deploying OpenStack across multiple virtual machines using VirtualBox virtualization software in case physical servers are not available to the reader. Examples are limited to VirtualBox 5 on Mac OS but can be adapted to other operating systems and releases if necessary.

What you need for this book

This book assumes a moderate level of networking experience, including experience with Linux networking configurations as well as physical switch and router configurations. While this book walks the reader through a basic installation of OpenStack, little time is spent on services other than Neutron. Therefore, it is important that the reader has a basic understanding of OpenStack and its general configuration prior to configuring OpenStack Networking.

In this book, the following is required:

  • Operating system:

    Ubuntu 14.04 LTS

The following software is needed:

  • OpenStack Kilo (2015.1)

Internet connectivity is required to install OpenStack packages and to make use of the example architectures in the book. While virtualization software, such as VirtualBox or VMware, can be used to simulate servers and the network infrastructure, this book assumes that OpenStack is installed on physical hardware and that a physical network infrastructure is in place.

Major OpenStack releases occur every six months, and after the M- or N-release, Kilo repositories may no longer be available. In the event that the OpenStack installation procedure documented in this book no longer functions properly, refer to the installation guide at for instructions on installing the latest version of OpenStack.

Who this book is for

This book is geared towards OpenStack cloud administrators or operators with a novice to intermediate level of experience in managing OpenStack-based clouds who are looking to build or enhance their cloud using the networking service known as Neutron. By laying down a basic installation of OpenStack based on the installation guide found at, the reader should be able to follow the examples laid out in the book to obtain a functional understanding of the various components of OpenStack Networking using open-source reference architectures.


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The OPENSTACK_KEYSTONE_DEFAULT_ROLE setting in the /etc/openstack-dashboard/ file must also be modified before the dashboard can be used."

A block of code is set as follows:

my_ip =
vncserver_proxyclient_address =
vnc_enabled = True
vncserver_listen =
novncproxy_base_url = http://controller01:6080/vnc_auto.html

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

nova boot --flavor <FLAVOR_ID> --image <IMAGE_ID> \
--nic net-id=<NETWORK_ID> --security-group <SECURITY_GROUP_ID> \

Any command-line input or output is written as follows:

# service nova-api restart
# service nova-cert restart
# service nova-consoleauth restart
# service nova-scheduler restart
# service nova-conductor restart
# service nova-novncproxy restart

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Looking at the following screenshot, the System Information panel provides the user with information about the environment, including Services and Compute Services."


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files from your account at for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from:


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at , and we will do our best to address the problem.