Book Image

Learning OpenStack Networking - Third Edition

By : James Denton

Book Image

Learning OpenStack Networking - Third Edition

By: James Denton

Overview of this book

OpenStack Networking is a pluggable, scalable, and API-driven system to manage physical and virtual networking resources in an OpenStack-based cloud. Like other core OpenStack components, OpenStack Networking can be used by administrators and users to increase the value and maximize the use of existing datacenter resources. This third edition of Learning OpenStack Networking walks you through the installation of OpenStack and provides you with a foundation that can be used to build a scalable and production-ready OpenStack cloud. In the initial chapters, you will review the physical network requirements and architectures necessary for an OpenStack environment that provide core cloud functionality. Then, you’ll move through the installation of the new release of OpenStack using packages from the Ubuntu repository. An overview of Neutron networking foundational concepts, including networks, subnets, and ports will segue into advanced topics such as security groups, distributed virtual routers, virtual load balancers, and VLAN tagging within instances. By the end of this book, you will have built a network infrastructure for your cloud using OpenStack Neutron.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Introduction to OpenStack Networking

Introduction to OpenStack Networking

What is OpenStack Networking?

Preparing the physical infrastructure

Separating services across nodes

Installing OpenStack

Installing OpenStack

System requirements

Initial network configuration

Installing OpenStack

Installing Neutron

Installing Neutron

Basic networking elements in Neutron

Extending functionality with plugins

Network namespaces

Installing and configuring Neutron services

Configuring Neutron services

Interfacing with OpenStack Networking

Virtual Network Infrastructure Using Linux Bridges

Virtual Network Infrastructure Using Linux Bridges

Using the Linux bridge driver

Visualizing traffic flow through Linux bridges

Configuring the ML2 networking plugin

Configuring the Linux bridge driver and agent

Building a Virtual Switching Infrastructure Using Open vSwitch

Building a Virtual Switching Infrastructure Using Open vSwitch

Using the Open vSwitch driver

Basic OpenvSwitch commands

Visualizing traffic flow when using Open vSwitch

Configuring the ML2 networking plugin

Configuring the Open vSwitch driver and agent

Building Networks with Neutron

Building Networks with Neutron

Network management in OpenStack

Subnet management in OpenStack

Managing network ports in OpenStack

Attaching Instances to Networks

Attaching Instances to Networks

Attaching instances to networks

Exploring how instances get their addresses

Exploring how instances retrieve their metadata

Managing Security Groups

Managing Security Groups

Security groups in OpenStack

An introduction to iptables

Working with security groups

Applying security groups to instances and ports

Implementing security group rules

Working with security groups in the dashboard

Disabling port security

Allowed address pairs

Role-Based Access Control

Role-Based Access Control

Working with access control policies

Applying RBAC policies to projects

Creating policies for external networks

Creating Standalone Routers with Neutron

Creating Standalone Routers with Neutron

Routing traffic in the cloud

Installing and configuring the Neutron L3 agent

Router management in the CLI

Network address translation

Floating IP management

Demonstrating traffic flow from an instance to the internet

Router management in the dashboard

Router Redundancy Using VRRP

Router Redundancy Using VRRP

Using keepalived and VRRP to provide redundancy

Networking of highly available routers

Installing and configuring additional L3 agents

Configuring Neutron

Working with highly available routers

Decomposing a highly available router

Distributed Virtual Routers

Distributed Virtual Routers

Distributing routers across the cloud

Installing and configuring Neutron components

Routing east-west traffic between instances

Centralized SNAT

Floating IPs through distributed virtual routers

Load Balancing Traffic to Instances

Load Balancing Traffic to Instances

Fundamentals of load balancing

Integrating load balancers into the network

Installing LBaaS v2

Load balancer management in the CLI

Building a load balancer

Load balancer management in the dashboard

Advanced Networking Topics

Advanced Networking Topics

BGP dynamic routing

Network availability zones

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

Security groups are fundamental for controlling access to instances by allowing users to create inbound and outbound rules that limit traffic to and from instances based on specific addresses, ports, protocols, and even other security groups. Default security groups are created by Neutron for every project that allows all outbound communication and restrict inbound communication to instances in the same default security group. Subsequent security groups are locked down even further, allowing only outbound communication and not allowing any inbound traffic at all unless modified by the user.

Security group rules are implemented on the compute nodes and are triggered when traffic enters or leaves a virtual network interface belonging to an instance. Users are free to implement additional firewalls within the guest operating system, but may find managing rules in both places...