Book Image

Learning OpenStack Networking - Third Edition

By : James Denton
Book Image

Learning OpenStack Networking - Third Edition

By: James Denton

Overview of this book

OpenStack Networking is a pluggable, scalable, and API-driven system to manage physical and virtual networking resources in an OpenStack-based cloud. Like other core OpenStack components, OpenStack Networking can be used by administrators and users to increase the value and maximize the use of existing datacenter resources. This third edition of Learning OpenStack Networking walks you through the installation of OpenStack and provides you with a foundation that can be used to build a scalable and production-ready OpenStack cloud. In the initial chapters, you will review the physical network requirements and architectures necessary for an OpenStack environment that provide core cloud functionality. Then, you’ll move through the installation of the new release of OpenStack using packages from the Ubuntu repository. An overview of Neutron networking foundational concepts, including networks, subnets, and ports will segue into advanced topics such as security groups, distributed virtual routers, virtual load balancers, and VLAN tagging within instances. By the end of this book, you will have built a network infrastructure for your cloud using OpenStack Neutron.

Related Content you might be interested in

Current Title:

Small book image
Learning OpenStack Networking - Third Edition
James Denton
Aug, 2018 | 462 pages
Small book image
OpenStack Bootcamp
Vinoth Kumar Selvaraj
Nov, 2017 | 302 pages
Small book image
OpenStack Cloud Computing Cookbook
Egle Sigler | James Denton | Cody Bunch | Kevin Jackson
Jan, 2018 | 398 pages
Small book image
Mastering OpenStack
Omar Khedher | Chandan Dutta
Apr, 2017 | 470 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Introduction to OpenStack Networking
Introduction to OpenStack Networking
What is OpenStack Networking?
Preparing the physical infrastructure
Separating services across nodes
Summary
2
Installing OpenStack
Installing OpenStack
System requirements
Initial network configuration
Initial steps
Installing OpenStack
Summary
3
Installing Neutron
Installing Neutron
Basic networking elements in Neutron
Extending functionality with plugins
Network namespaces
Installing and configuring Neutron services
Configuring Neutron services
Interfacing with OpenStack Networking
Summary
4
Virtual Network Infrastructure Using Linux Bridges
Virtual Network Infrastructure Using Linux Bridges
Using the Linux bridge driver
Visualizing traffic flow through Linux bridges
Configuring the ML2 networking plugin
Configuring the Linux bridge driver and agent
Summary
5
Building a Virtual Switching Infrastructure Using Open vSwitch
Building a Virtual Switching Infrastructure Using Open vSwitch
Using the Open vSwitch driver
Basic OpenvSwitch commands
Visualizing traffic flow when using Open vSwitch
Configuring the ML2 networking plugin
Configuring the Open vSwitch driver and agent
Summary
6
Building Networks with Neutron
Building Networks with Neutron
Network management in OpenStack
Subnet management in OpenStack
Managing network ports in OpenStack
Summary
7
Attaching Instances to Networks
Attaching Instances to Networks
Attaching instances to networks
Exploring how instances get their addresses
Exploring how instances retrieve their metadata
Summary
8
Managing Security Groups
Managing Security Groups
Security groups in OpenStack
An introduction to iptables
Working with security groups
Applying security groups to instances and ports
Implementing security group rules
Working with security groups in the dashboard
Disabling port security
Allowed address pairs
Summary
9
Role-Based Access Control
Role-Based Access Control
Working with access control policies
Applying RBAC policies to projects
Creating policies for external networks
Summary
10
Creating Standalone Routers with Neutron
Creating Standalone Routers with Neutron
Routing traffic in the cloud
Installing and configuring the Neutron L3 agent
Router management in the CLI
Network address translation
Floating IP management
Demonstrating traffic flow from an instance to the internet
Router management in the dashboard
Summary
11
Router Redundancy Using VRRP
Router Redundancy Using VRRP
Using keepalived and VRRP to provide redundancy
Networking of highly available routers
Installing and configuring additional L3 agents
Configuring Neutron
Working with highly available routers
Decomposing a highly available router
Summary
12
Distributed Virtual Routers
Distributed Virtual Routers
Distributing routers across the cloud
Installing and configuring Neutron components
Routing east-west traffic between instances
Centralized SNAT
Floating IPs through distributed virtual routers
Summary
13
Load Balancing Traffic to Instances
Load Balancing Traffic to Instances
Fundamentals of load balancing
Integrating load balancers into the network
Installing LBaaS v2
Load balancer management in the CLI
Building a load balancer
Load balancer management in the dashboard
Summary
14
Advanced Networking Topics
Advanced Networking Topics
VLAN-aware VMs
BGP dynamic routing
Network availability zones
Summary
15
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Applying security groups to instances and ports

Applying security groups to instances within the CLI is typically done at instance creation using the openstack server create command that's shown here:

openstack server create
--flavor <FLAVOR_ID>
--image <IMAGE_ID>
--nic net-id=<NETWORK_ID>
--security-group <SECURITY_GROUP_ID>
INSTANCE_NAME

Security groups can also be applied to running instances by using either the openstack port set or the openstack server add security group commands. The following examples demonstrate the use of the openstack port set command to apply security groups to a port.

In this example, the security group will be applied to the port, and the associated rules will be implemented immediately:

openstack port set <PORT> --security-group <SECURITY_GROUP>

Multiple security groups can be associated with a port simultaneously...

Previous Section
End of Section 5
Next Section