Book Image

Learning OpenStack Networking - Third Edition

By : James Denton
Book Image

Learning OpenStack Networking - Third Edition

By: James Denton

Overview of this book

OpenStack Networking is a pluggable, scalable, and API-driven system to manage physical and virtual networking resources in an OpenStack-based cloud. Like other core OpenStack components, OpenStack Networking can be used by administrators and users to increase the value and maximize the use of existing datacenter resources. This third edition of Learning OpenStack Networking walks you through the installation of OpenStack and provides you with a foundation that can be used to build a scalable and production-ready OpenStack cloud. In the initial chapters, you will review the physical network requirements and architectures necessary for an OpenStack environment that provide core cloud functionality. Then, you’ll move through the installation of the new release of OpenStack using packages from the Ubuntu repository. An overview of Neutron networking foundational concepts, including networks, subnets, and ports will segue into advanced topics such as security groups, distributed virtual routers, virtual load balancers, and VLAN tagging within instances. By the end of this book, you will have built a network infrastructure for your cloud using OpenStack Neutron.

Related Content you might be interested in

Current Title:

Small book image
Learning OpenStack Networking - Third Edition
James Denton
Aug, 2018 | 462 pages
Small book image
OpenStack Bootcamp
Vinoth Kumar Selvaraj
Nov, 2017 | 302 pages
Small book image
OpenStack Cloud Computing Cookbook
Egle Sigler | James Denton | Cody Bunch | Kevin Jackson
Jan, 2018 | 398 pages
Small book image
Mastering OpenStack
Omar Khedher | Chandan Dutta
Apr, 2017 | 470 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Introduction to OpenStack Networking
Introduction to OpenStack Networking
What is OpenStack Networking?
Preparing the physical infrastructure
Separating services across nodes
Summary
2
Installing OpenStack
Installing OpenStack
System requirements
Initial network configuration
Initial steps
Installing OpenStack
Summary
3
Installing Neutron
Installing Neutron
Basic networking elements in Neutron
Extending functionality with plugins
Network namespaces
Installing and configuring Neutron services
Configuring Neutron services
Interfacing with OpenStack Networking
Summary
4
Virtual Network Infrastructure Using Linux Bridges
Virtual Network Infrastructure Using Linux Bridges
Using the Linux bridge driver
Visualizing traffic flow through Linux bridges
Configuring the ML2 networking plugin
Configuring the Linux bridge driver and agent
Summary
5
Building a Virtual Switching Infrastructure Using Open vSwitch
Building a Virtual Switching Infrastructure Using Open vSwitch
Using the Open vSwitch driver
Basic OpenvSwitch commands
Visualizing traffic flow when using Open vSwitch
Configuring the ML2 networking plugin
Configuring the Open vSwitch driver and agent
Summary
6
Building Networks with Neutron
Building Networks with Neutron
Network management in OpenStack
Subnet management in OpenStack
Managing network ports in OpenStack
Summary
7
Attaching Instances to Networks
Attaching Instances to Networks
Attaching instances to networks
Exploring how instances get their addresses
Exploring how instances retrieve their metadata
Summary
8
Managing Security Groups
Managing Security Groups
Security groups in OpenStack
An introduction to iptables
Working with security groups
Applying security groups to instances and ports
Implementing security group rules
Working with security groups in the dashboard
Disabling port security
Allowed address pairs
Summary
9
Role-Based Access Control
Role-Based Access Control
Working with access control policies
Applying RBAC policies to projects
Creating policies for external networks
Summary
10
Creating Standalone Routers with Neutron
Creating Standalone Routers with Neutron
Routing traffic in the cloud
Installing and configuring the Neutron L3 agent
Router management in the CLI
Network address translation
Floating IP management
Demonstrating traffic flow from an instance to the internet
Router management in the dashboard
Summary
11
Router Redundancy Using VRRP
Router Redundancy Using VRRP
Using keepalived and VRRP to provide redundancy
Networking of highly available routers
Installing and configuring additional L3 agents
Configuring Neutron
Working with highly available routers
Decomposing a highly available router
Summary
12
Distributed Virtual Routers
Distributed Virtual Routers
Distributing routers across the cloud
Installing and configuring Neutron components
Routing east-west traffic between instances
Centralized SNAT
Floating IPs through distributed virtual routers
Summary
13
Load Balancing Traffic to Instances
Load Balancing Traffic to Instances
Fundamentals of load balancing
Integrating load balancers into the network
Installing LBaaS v2
Load balancer management in the CLI
Building a load balancer
Load balancer management in the dashboard
Summary
14
Advanced Networking Topics
Advanced Networking Topics
VLAN-aware VMs
BGP dynamic routing
Network availability zones
Summary
15
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Implementing security group rules

In the following example, an instance named WEB1 has been created that acts as a web server running Apache on ports 80 and 443. Making a request to the web server at 192.168.206.6:80 eventually times out:

To demonstrate how security group rules are implemented on a compute node, take note of the following WEB_SERVERS security group:

The following screenshot demonstrates two security group rules being added to the WEB_SERVERS security group using the openstack security group rule create command. The rules allow inbound connections on ports 80 and 443 from any remote host, as defined by the CIDR 0.0.0.0/0:

Using the openstack server add security group command, the WEB_SERVERS security group can be applied to the WEB1 instance, as shown in the following screenshot:

Once a security group has been applied to the corresponding port of an instance...

Previous Section
End of Section 6
Next Section