Book Image

OpenStack Networking Cookbook

Book Image

OpenStack Networking Cookbook

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
OpenStack Networking Cookbook
Oct, 2015 | 282 pages
No titles found
Table of Contents (19 chapters)
OpenStack Networking Cookbook
OpenStack Networking Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with OpenStack Networking
Getting Started with OpenStack Networking
Introduction
Creating a Subnet and Network using Horizon
Viewing the details of a Network using Horizon
Associating a Network to an instance using Horizon
Creating a Network using OpenStack CLI
Creating a Subnet using OpenStack CLI
Creating a Port without an associated instance using the OpenStack CLI
Associating a Port to an instance using OpenStack CLI
Configuring the networking quota in OpenStack
2
Using Open vSwitch for VLAN-Based Networks
Using Open vSwitch for VLAN-Based Networks
Introduction
Configuring Neutron to use the Open vSwitch mechanism driver
Configuring Neutron to use the VLAN type driver
Configuring the VLAN range to be used for the networks
Viewing the VLAN allotted for a Network
Creating a Network with a specific VLAN
Viewing the virtual interface information on the compute node
Viewing the virtual interface information on the Network node
3
Exploring Other Network Types in Neutron
Exploring Other Network Types in Neutron
Introduction
Configuring Neutron to use the Linux bridge mechanism driver
Viewing the virtual interface information for Linux bridge on the compute node
Configuring Neutron to use a Flat network type
Creating a Flat Network using Horizon
Creating a Shared Network using Horizon
Creating an External Network using Horizon
Setting up a simple web application – an introduction
Setting up a simple web application – setting up OpenStack Networks
Setting up a simple web application – creating instances
4
Exploring Overlay Networks with Neutron
Exploring Overlay Networks with Neutron
Introduction
Configuring Neutron to use a VXLAN type driver
Configuring a VNI Range for VXLAN Networks
Viewing a VNI assigned to a Neutron Network
Creating a Network with a specific VNI
Viewing the virtual interface information on the compute node for VXLAN tunnels
Viewing the virtual interface information on the network node for VXLAN tunnels
Configuring Neutron to use a GRE type driver
Viewing a virtual interface on the compute node for GRE tunnels
5
Managing IP Addresses in Neutron
Managing IP Addresses in Neutron
Introduction
Creating an instance with a specific IP address
Configuring multiple IP addresses for a virtual interface
Creating a redundant DHCP server per OpenStack Network
Starting the DHCP server on a specific network node
Increasing the number of IP addresses in a Network using the Horizon dashboard
6
Using Routing Services in Neutron
Using Routing Services in Neutron
Introduction
Configuring Neutron for Routing services
Creating a Router using the Horizon dashboard and Neutron CLI
Enabling instances on different Networks to communicate
Allowing the Virtual Machine instances to access the Internet
Providing access to a Virtual Machine from an external Network or the Internet using Horizon
Creating and deleting a floating IP address using the Neutron CLI
Associating a floating IP address to a virtual machine using the Neutron CLI
7
Using Neutron Security and Firewall Services
Using Neutron Security and Firewall Services
Introduction
Creating a security group using Horizon
Configuring the security group rules using Horizon
Creating a security group using CLI
Configuring the security group rules using CLI
Securing the traffic between instances on the same Network
Creating the security group rules to allow web traffic
Configuring Neutron for the Firewall service
Creating the Firewall rules
Creating the Firewall policies
Creating a Firewall
Viewing and verifying the Firewall rules on the Network node
8
Using HAProxy for Load Balancing
Using HAProxy for Load Balancing
Introduction
Installing and configuring the Neutron load balancer service plugin
Creating a load balancer pool using Horizon
Creating a load balancer pool using CLI
Adding a load balancer member using Horizon
Adding a load balancer member using CLI
Adding a load balancer health monitor using Horizon
Adding a load balancer health monitor using CLI
Creating a Virtual IP using Horizon
Creating a Virtual IP using CLI
Making the load balancer accessible to the Internet
Testing the load balancer
Viewing the load balancer on the network node
9
Monitoring OpenStack Networks
Monitoring OpenStack Networks
Introduction
Monitoring the Virtual Machine bandwidth
Monitoring the L3 bandwidth
Monitoring the load balancer connection statistics
Monitoring the per project and per user bandwidth
Monitoring the host Network bandwidth
10
Writing Your Own Neutron ML2 Mechanism Driver
Writing Your Own Neutron ML2 Mechanism Driver
Introduction
Creating a basic ML2 mechanism driver
Registering your ML2 mechanism driver with the Neutron server
Processing API requests for a Network
Processing API requests for a Subnet
Processing API requests for a Port
11
Troubleshooting Tips for Neutron
Troubleshooting Tips for Neutron
Introduction
Troubleshooting a VM that does not get a DHCP IP address
Troubleshooting a VM that does not get an initial configuration
Troubleshooting a VM that does not get external Network access
Troubleshooting a VM not reachable from external Networks
Checking the status of the Neutron service
Checking the MAC address table on a virtual switch
12
Advanced Topics
Advanced Topics
Introduction
Configuring Neutron for VPN as a service
Testing VPN as a service on Neutron
Using link aggregation on the compute node
Integrating networking in a Heat template
Index
Index

Creating the Firewall rules

In OpenStack Neutron, Firewall provides security by configuring the access control at the Network Router, in contrast to the security group, which provided the access control at the Network port. The Firewall policies provide you with the access control over the traffic crossing the Network boundary.

In Neutron, a Firewall service is composed of a Firewall policy, which in turn is composed of many Firewall rules. We will start exploring Firewall as a service by first looking at the Firewall rules. We will then create a Firewall policy by grouping these rules. Finally, we will define a Firewall that will use the Firewall policy that we created.

Getting ready

In this recipe, we will go through the process of creating a Firewall rule using Horizon. For this recipe, you will need the following information:

  • The Firewall rule name

  • The rule description

  • The protocol to define the type of traffic, for example, TCP, UDP, or ICMP

  • The type of action that the rule will add, for example...

Previous Section
End of Section 10
Next Section