In the fall of 2015, the OpenStack Foundation released the 12th version of OpenStack, code-named Liberty, to the public. Since its introduction as an open source project in 2010 by NASA and Rackspace, OpenStack has undergone significant improvements in its features and functionality and has matured into production-ready cloud software that powers workloads of all sizes throughout the world.
In 2012, the Folsom release of OpenStack introduced a standalone networking component, known then as Quantum. Now known as Neutron, the networking component of OpenStack provides cloud operators and users with an API to create and manage networks in the cloud. Neutron's extensible framework allows for third-party plugins and additional network services, such as load balancers, firewalls, and virtual private networks, to be deployed and managed.
As an architect and operator of hundreds of OpenStack-based private clouds since 2012, I have seen much of what OpenStack has to offer in terms of networking capabilities, and I have condensed what I feel are its most valuable and production-ready features to date into this book. Throughout this book, we will take a look at a few common network and service architectures and lay a foundation for deploying and managing OpenStack Networking, which will help you develop and sharpen your skills as an OpenStack cloud operator.
Chapter 1, Preparing the Network for OpenStack, provides an introduction to OpenStack Networking, including supported networking technologies and examples of how to architect the physical network to support an OpenStack cloud.
Chapter 2, Installing OpenStack, provides instructions to install the core components of the Kilo release of OpenStack on the Ubuntu 14.04 LTS operating system.
Chapter 3, Installing Neutron, explains how to install the Neutron networking components of OpenStack. We will also cover the internal architecture of Neutron, including the use of agents and plugins to orchestrate network connectivity.
Chapter 4, Building a Virtual Switching Infrastructure, helps you to install and configure the ML2 plugin to support both the LinuxBridge and Open vSwitch drivers and agents. We will also cover the architectural differences between the LinuxBridge and Open vSwitch drivers and agents and how they connect instances to the network.
Chapter 5, Creating Networks with Neutron, walks you through creating networks and subnets in the cloud, booting and attaching instances to networks, and exploring the process of obtaining DHCP leases and metadata.
Chapter 6, Managing Security Groups, examines the use of iptables to secure instance traffic at the compute node and walks you through creating and managing security groups and associated rules.
Chapter 7, Creating Standalone Routers with Neutron, walks you through creating standalone virtual routers and attaching them to networks, applying floating IPs to instances, and following the flow of traffic through a router to an instance.
Chapter 8, Router Redundancy Using VRRP, explores Virtual Routing Redundancy Protocol and its use in providing highly-available virtual routers.
Chapter 9, Distributed Virtual Routers, walks you through creating and managing virtual routers that are distributed across multiple nodes.
Chapter 10, Load Balancing Traffic to Instances, explores the fundamental components of a load balancer in Neutron, including virtual IPs, pools, pool members, and monitors, and walks you through creating and integrating a virtual load balancer into the network.
Chapter 11, Firewall as a Service, covers the creation and management of virtual firewalls, their associated policies and rules, and the integration of virtual firewalls in the network.
Chapter 12, Virtual Private Network as a Service, examines the fundamental concepts of IPSec-based virtual private networks and walks you through configuring and managing VPN connections that connect tenant networks to remote networks.
Appendix A, Additional Neutron Commands, briefly covers additional Neutron functionality that is outside the scope of this book, including commands related to Cisco 1000V, VMware NSX, and more.
Appendix B, Virtualizing the Environment, describes the process of deploying OpenStack across multiple virtual machines using VirtualBox virtualization software in case physical servers are not available to the reader. Examples are limited to VirtualBox 5 on Mac OS but can be adapted to other operating systems and releases if necessary.
This book assumes a moderate level of networking experience, including experience with Linux networking configurations as well as physical switch and router configurations. While this book walks the reader through a basic installation of OpenStack, little time is spent on services other than Neutron. Therefore, it is important that the reader has a basic understanding of OpenStack and its general configuration prior to configuring OpenStack Networking.
In this book, the following is required:
Ubuntu 14.04 LTS
The following software is needed:
OpenStack Kilo (2015.1)
Internet connectivity is required to install OpenStack packages and to make use of the example architectures in the book. While virtualization software, such as VirtualBox or VMware, can be used to simulate servers and the network infrastructure, this book assumes that OpenStack is installed on physical hardware and that a physical network infrastructure is in place.
Major OpenStack releases occur every six months, and after the M- or N-release, Kilo repositories may no longer be available. In the event that the OpenStack installation procedure documented in this book no longer functions properly, refer to the installation guide at docs.openstack.org for instructions on installing the latest version of OpenStack.
This book is geared towards OpenStack cloud administrators or operators with a novice to intermediate level of experience in managing OpenStack-based clouds who are looking to build or enhance their cloud using the networking service known as Neutron. By laying down a basic installation of OpenStack based on the installation guide found at docs.openstack.org, the reader should be able to follow the examples laid out in the book to obtain a functional understanding of the various components of OpenStack Networking using open-source reference architectures.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The
OPENSTACK_KEYSTONE_DEFAULT_ROLE setting in the
/etc/openstack-dashboard/local_settings.py file must also be modified before the dashboard can be used."
A block of code is set as follows:
[DEFAULT] ... my_ip = 10.254.254.101 vncserver_proxyclient_address = 10.254.254.101 vnc_enabled = True vncserver_listen = 0.0.0.0 novncproxy_base_url = http://controller01:6080/vnc_auto.html
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
nova boot --flavor <FLAVOR_ID> --image <IMAGE_ID> \
--nic net-id=<NETWORK_ID> --security-group <SECURITY_GROUP_ID> \
Any command-line input or output is written as follows:
# service nova-api restart # service nova-cert restart # service nova-consoleauth restart # service nova-scheduler restart # service nova-conductor restart # service nova-novncproxy restart
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Looking at the following screenshot, the System Information panel provides the user with information about the environment, including Services and Compute Services."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail
<[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from: https://www.packtpub.com/sites/default/files/downloads/7225OS_Graphics.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at
<[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at
<[email protected]>, and we will do our best to address the problem.