summaryrefslogtreecommitdiffstats
path: root/meta-openstack/Documentation/README.networking_l3_router
diff options
context:
space:
mode:
authorBruce Ashfield <bruce.ashfield@windriver.com>2014-05-23 23:49:49 -0400
committerBruce Ashfield <bruce.ashfield@windriver.com>2014-05-23 23:49:49 -0400
commit649327f80dc331943d448e87f73ecaadcc78a22a (patch)
tree2d640deedbc19b925f5539a31da26f2f7a6249c8 /meta-openstack/Documentation/README.networking_l3_router
parentfb1d6f23fa01c0217ed3f6778d8033dd0030db2a (diff)
downloadmeta-cloud-services-649327f80dc331943d448e87f73ecaadcc78a22a.tar.gz
docs: move more READMEs into Documentation
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/Documentation/README.networking_l3_router')
-rw-r--r--meta-openstack/Documentation/README.networking_l3_router450
1 files changed, 450 insertions, 0 deletions
diff --git a/meta-openstack/Documentation/README.networking_l3_router b/meta-openstack/Documentation/README.networking_l3_router
new file mode 100644
index 0000000..a16f8c4
--- /dev/null
+++ b/meta-openstack/Documentation/README.networking_l3_router
@@ -0,0 +1,450 @@
1Networking - l3 router
2=========================
3
4Description
5-----------
6Using provider networks (such as we did for flat and vlan usecases)
7does not scale to large deployments, their downsides become quickly
8apparent. The l3-agent provides the ability to create routers that can
9handle routing between directly connected LAN interfaces and a single
10WAN interface.
11
12Here we setup a virtual router with a connection to a provider network
13(vlan) and 2 attached subnets. We don't use floating IPs for this
14demo.
15
16
17Assumptions
18-----------
19It is assumed you have completed the steps described in
20README.networking and have provisioned the host vSwitch as well as
21created the br-eth0 bridges on the controller and compute nodes.
22
23At this point you should be able to ping 192.168.7.4 from 192.168.7.4
24and vise versa.
25
26You have built your controller image including the cirros image (for
27which you have already added the image to glance as myFirstImage).
28
29You have run 'source /etc/nova/openrc'
30
31Configuration updates
32---------------------
33On the host Open vSwitch add an IP for 192.168.100.1/22
34sudo ip address add 192.168.100.1/22 broadcast 192.168.255.255 dev br-int
35
36On the controller and (all) compute nodes you must edit the file
37/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
38
39In the [OVS] section set
40network_vlan_ranges = ph-eth0:1998:1998
41bridge_mappings = ph-eth0:br-eth0
42
43(*** on compute nodes edit local_ip as well [192.168.7.4]***)
44
45Restart some services to allow these changes to take effect:
46/etc/init.d/neutron-openvswitch-agent reload
47(on controller)
48/etc/init.d/neutron-server reload
49/etc/init.d/neutron-dhcp-agent reload
50(on compute)
51/etc/init.d/nova-compute reload
52
53
54** edit /etc/neutron/l3-agent.ini
55use_namespaces = True
56external_network_bridge =
57
58/etc/init.d/neutron-l3-agent restart
59
60
61Create the provider network
62---------------------------
63neutron net-create --provider:physical_network=ph-eth0 \
64 --provider:network_type=vlan --provider:segmentation_id=1998 \
65 --shared --router:external=true GATEWAY_NET
66
67neutron subnet-create GATEWAY_NET 192.168.100.0/22 \
68 --name GATEWAY_SUBNET --gateway=192.168.100.1 \
69 --allocation-pool start=192.168.101.1,end=192.168.103.254
70
71
72Create the router
73-----------------
74neutron router-create NEUTRON-ROUTER
75Created a new router:
76+-----------------------+--------------------------------------+
77| Field | Value |
78+-----------------------+--------------------------------------+
79| admin_state_up | True |
80| external_gateway_info | |
81| id | b27d1a20-8a31-46d5-bdef-32a5ccf4ec91 |
82| name | NEUTRON-ROUTER |
83| status | ACTIVE |
84| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
85+-----------------------+--------------------------------------+
86
87neutron router-gateway-set NEUTRON-ROUTER GATEWAY_NET
88Set gateway for router NEUTRON-ROUTER
89
90Inspect the created network namespaces
91--------------------------------------
92root@controller:~# ip netns
93qrouter-b27d1a20-8a31-46d5-bdef-32a5ccf4ec91
94qdhcp-498fa1f2-87de-4874-8ca9-f4ba3e394d2a
95
96ip netns exec qrouter-b27d1a20-8a31-46d5-bdef-32a5ccf4ec91 ip a
971: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
98 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
99 inet 127.0.0.1/8 scope host lo
100 valid_lft forever preferred_lft forever
101 inet6 ::1/128 scope host
102 valid_lft forever preferred_lft forever
1032: sit0: <NOARP> mtu 1480 qdisc noop state DOWN group default
104 link/sit 0.0.0.0 brd 0.0.0.0
10520: qg-19f6d85f-a6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
106 link/ether fa:16:3e:b8:1e:9d brd ff:ff:ff:ff:ff:ff
107 inet 192.168.101.1/22 brd 192.168.103.255 scope global qg-19f6d85f-a6
108 valid_lft forever preferred_lft forever
109 inet6 fe80::f816:3eff:feb8:1e9d/64 scope link
110 valid_lft forever preferred_lft forever
111
112
113Attach tenant networks
114----------------------
115neutron net-create --provider:network_type=gre --provider:segmentation_id=10 \
116 --shared APPS_NET
117Created a new network:
118+---------------------------+--------------------------------------+
119| Field | Value |
120+---------------------------+--------------------------------------+
121| admin_state_up | True |
122| id | 52f4549f-aeed-4fcf-997b-4349f591cd5f |
123| name | APPS_NET |
124| provider:network_type | gre |
125| provider:physical_network | |
126| provider:segmentation_id | 10 |
127| shared | True |
128| status | ACTIVE |
129| subnets | |
130| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
131+---------------------------+--------------------------------------+
132
133neutron net-create --provider:network_type=gre --provider:segmentation_id=20 \
134 --shared DMZ_NET
135Created a new network:
136+---------------------------+--------------------------------------+
137| Field | Value |
138+---------------------------+--------------------------------------+
139| admin_state_up | True |
140| id | eeb07b09-4b4a-4c2c-9060-0b8e414a9279 |
141| name | DMZ_NET |
142| provider:network_type | gre |
143| provider:physical_network | |
144| provider:segmentation_id | 20 |
145| shared | True |
146| status | ACTIVE |
147| subnets | |
148| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
149+---------------------------+--------------------------------------+
150
151neutron subnet-create APPS_NET 10.241.0.0/22 --name APPS_SUBNET
152Created a new subnet:
153+------------------+------------------------------------------------+
154| Field | Value |
155+------------------+------------------------------------------------+
156| allocation_pools | {"start": "10.241.0.2", "end": "10.241.3.254"} |
157| cidr | 10.241.0.0/22 |
158| dns_nameservers | |
159| enable_dhcp | True |
160| gateway_ip | 10.241.0.1 |
161| host_routes | |
162| id | 45e7d887-1c4c-485a-9247-2a2bec9e3714 |
163| ip_version | 4 |
164| name | APPS_SUBNET |
165| network_id | 52f4549f-aeed-4fcf-997b-4349f591cd5f |
166| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
167+------------------+------------------------------------------------+
168
169neutron subnet-create DMZ_NET 10.242.0.0/22 --name DMZ_SUBNET
170Created a new subnet:
171+------------------+------------------------------------------------+
172| Field | Value |
173+------------------+------------------------------------------------+
174| allocation_pools | {"start": "10.242.0.2", "end": "10.242.3.254"} |
175| cidr | 10.242.0.0/22 |
176| dns_nameservers | |
177| enable_dhcp | True |
178| gateway_ip | 10.242.0.1 |
179| host_routes | |
180| id | 2deda040-be04-432b-baa6-3a2219d22f20 |
181| ip_version | 4 |
182| name | DMZ_SUBNET |
183| network_id | eeb07b09-4b4a-4c2c-9060-0b8e414a9279 |
184| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
185+------------------+------------------------------------------------+
186
187neutron router-interface-add NEUTRON-ROUTER APPS_SUBNET
188Added interface 58f3db35-f5df-4fd1-9735-4ff13dd342de to router NEUTRON-ROUTER.
189
190neutron router-interface-add NEUTRON-ROUTER DMZ_SUBNET
191Added interface 9252ec29-7aac-4550-821c-f910f10680cf to router NEUTRON-ROUTER.
192
193ip netns exec qrouter-b27d1a20-8a31-46d5-bdef-32a5ccf4ec91 ip a
1941: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
195 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
196 inet 127.0.0.1/8 scope host lo
197 valid_lft forever preferred_lft forever
198 inet6 ::1/128 scope host
199 valid_lft forever preferred_lft forever
2002: sit0: <NOARP> mtu 1480 qdisc noop state DOWN group default
201 link/sit 0.0.0.0 brd 0.0.0.0
20220: qg-19f6d85f-a6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
203 link/ether fa:16:3e:b8:1e:9d brd ff:ff:ff:ff:ff:ff
204 inet 192.168.101.1/22 brd 192.168.103.255 scope global qg-19f6d85f-a6
205 valid_lft forever preferred_lft forever
206 inet6 fe80::f816:3eff:feb8:1e9d/64 scope link
207 valid_lft forever preferred_lft forever
20821: qr-58f3db35-f5: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
209 link/ether fa:16:3e:76:ec:23 brd ff:ff:ff:ff:ff:ff
210 inet 10.241.0.1/22 brd 10.241.3.255 scope global qr-58f3db35-f5
211 valid_lft forever preferred_lft forever
212 inet6 fe80::f816:3eff:fe76:ec23/64 scope link
213 valid_lft forever preferred_lft forever
21422: qr-9252ec29-7a: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
215 link/ether fa:16:3e:fb:98:06 brd ff:ff:ff:ff:ff:ff
216 inet 10.242.0.1/22 brd 10.242.3.255 scope global qr-9252ec29-7a
217 valid_lft forever preferred_lft forever
218 inet6 fe80::f816:3eff:fefb:9806/64 scope link
219 valid_lft forever preferred_lft forever
220
221Note the two new interfaces.
2221 connection to the provider network
2232 connections to the subnets (1 to APPS_SUBNET, 1 to DMZ_SUBNET)
224
225Boot an instance
226---------------
227nova boot --flavor=m1.small --image=myFirstImage \
228 --nic net-id=52f4549f-aeed-4fcf-997b-4349f591cd5f APPS_INSTANCE
229+--------------------------------------+-----------------------------------------------------+
230| Property | Value |
231+--------------------------------------+-----------------------------------------------------+
232| OS-DCF:diskConfig | MANUAL |
233| OS-EXT-AZ:availability_zone | nova |
234| OS-EXT-SRV-ATTR:host | - |
235| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
236| OS-EXT-SRV-ATTR:instance_name | instance-0000000e |
237| OS-EXT-STS:power_state | 0 |
238| OS-EXT-STS:task_state | scheduling |
239| OS-EXT-STS:vm_state | building |
240| OS-SRV-USG:launched_at | - |
241| OS-SRV-USG:terminated_at | - |
242| accessIPv4 | |
243| accessIPv6 | |
244| adminPass | jdLkr4i6ATvQ |
245| config_drive | |
246| created | 2014-04-10T16:27:31Z |
247| flavor | m1.small (2) |
248| hostId | |
249| id | fc849bb9-54d3-4a9a-99a4-6346a6eef404 |
250| image | myFirstImage (f22d3ab8-96a5-46db-a029-7d59156c8e31) |
251| key_name | - |
252| metadata | {} |
253| name | APPS_INSTANCE |
254| os-extended-volumes:volumes_attached | [] |
255| progress | 0 |
256| security_groups | default |
257| status | BUILD |
258| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
259| updated | 2014-04-10T16:27:31Z |
260| user_id | 1dfcb72ef6a7428d8dd7300bc7f303d9 |
261+--------------------------------------+-----------------------------------------------------+
262
263nova boot --flavor=m1.small --image=myFirstImage \
264 --nic net-id=eeb07b09-4b4a-4c2c-9060-0b8e414a9279 DMZ_INSTANCE
265+--------------------------------------+-----------------------------------------------------+
266| Property | Value |
267+--------------------------------------+-----------------------------------------------------+
268| OS-DCF:diskConfig | MANUAL |
269| OS-EXT-AZ:availability_zone | nova |
270| OS-EXT-SRV-ATTR:host | - |
271| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
272| OS-EXT-SRV-ATTR:instance_name | instance-0000000f |
273| OS-EXT-STS:power_state | 0 |
274| OS-EXT-STS:task_state | scheduling |
275| OS-EXT-STS:vm_state | building |
276| OS-SRV-USG:launched_at | - |
277| OS-SRV-USG:terminated_at | - |
278| accessIPv4 | |
279| accessIPv6 | |
280| adminPass | 4d7UsUJhSpBd |
281| config_drive | |
282| created | 2014-04-10T16:29:25Z |
283| flavor | m1.small (2) |
284| hostId | |
285| id | f281c349-d49c-4d6c-bf56-74f04f2e8aec |
286| image | myFirstImage (f22d3ab8-96a5-46db-a029-7d59156c8e31) |
287| key_name | - |
288| metadata | {} |
289| name | DMZ_INSTANCE |
290| os-extended-volumes:volumes_attached | [] |
291| progress | 0 |
292| security_groups | default |
293| status | BUILD |
294| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
295| updated | 2014-04-10T16:29:25Z |
296| user_id | 1dfcb72ef6a7428d8dd7300bc7f303d9 |
297+--------------------------------------+-----------------------------------------------------+
298
299Check connectivity
300------------------
301nova console-log APPS_INSTANCE
302...skip
303Starting network...
304udhcpc (v1.18.5) started
305Sending discover...
306Sending select for 10.241.0.2...
307Lease of 10.241.0.2 obtained, lease time 86400
308..skip
309
310nova console-log DMZ_INSTANCE
311...skip
312Starting network...
313udhcpc (v1.18.5) started
314Sending discover...
315Sending select for 10.242.0.2...
316Lease of 10.242.0.2 obtained, lease time 86400
317...skip
318
319root@controller:~# nova list
320+--------------------------------------+---------------+--------+------------+-------------+---------------------+
321| ID | Name | Status | Task State | Power State | Networks |
322+--------------------------------------+---------------+--------+------------+-------------+---------------------+
323| fc849bb9-54d3-4a9a-99a4-6346a6eef404 | APPS_INSTANCE | ACTIVE | - | Running | APPS_NET=10.241.0.2 |
324| f281c349-d49c-4d6c-bf56-74f04f2e8aec | DMZ_INSTANCE | ACTIVE | - | Running | DMZ_NET=10.242.0.2 |
325+--------------------------------------+---------------+--------+------------+-------------+---------------------+
326
327
328ping
329---
330Since we are not using floating IPs you will only be able ping from inside the route namespace
331
332# ip netns exec qrouter-b27d1a20-8a31-46d5-bdef-32a5ccf4ec91 \
333 ping 10.241.0.2 -c 1
334PING 10.241.0.2 (10.241.0.2) 56(84) bytes of data.
33564 bytes from 10.241.0.2: icmp_seq=1 ttl=64 time=6.32 ms
336
337--- 10.241.0.2 ping statistics ---
3381 packets transmitted, 1 received, 0% packet loss, time 0ms
339rtt min/avg/max/mdev = 6.328/6.328/6.328/0.000 ms
340
341# ping 10.241.0.2 -c 1
342connect: Network is unreachable
343
344
345The final Open vSwitch configs
346------------------------------
347
348Controller
349---
350root@controller:~# ovs-vsctl show
351524a6c84-226d-427b-8efa-732ed7e7fa43
352 Bridge "br-eth0"
353 Port "eth0"
354 Interface "eth0"
355 Port "br-eth0"
356 Interface "br-eth0"
357 type: internal
358 Port "phy-br-eth0"
359 Interface "phy-br-eth0"
360 Bridge br-tun
361 Port patch-int
362 Interface patch-int
363 type: patch
364 options: {peer=patch-tun}
365 Port "gre-2"
366 Interface "gre-2"
367 type: gre
368 options: {in_key=flow, local_ip="192.168.7.2", out_key=flow, remote_ip="192.168.7.4"}
369 Port br-tun
370 Interface br-tun
371 type: internal
372 Bridge br-int
373 Port "qr-58f3db35-f5"
374 tag: 2
375 Interface "qr-58f3db35-f5"
376 type: internal
377 Port "tap6e65f2e5-39"
378 tag: 3
379 Interface "tap6e65f2e5-39"
380 type: internal
381 Port "qr-9252ec29-7a"
382 tag: 3
383 Interface "qr-9252ec29-7a"
384 type: internal
385 Port "int-br-eth0"
386 Interface "int-br-eth0"
387 Port patch-tun
388 Interface patch-tun
389 type: patch
390 options: {peer=patch-int}
391 Port "tapcf2a0e68-6b"
392 tag: 2
393 Interface "tapcf2a0e68-6b"
394 type: internal
395 Port br-int
396 Interface br-int
397 type: internal
398 Port "qg-19f6d85f-a6"
399 tag: 1
400 Interface "qg-19f6d85f-a6"
401 type: internal
402 ovs_version: "2.0.0"
403
404
405Compute
406---
407root@compute:~# ovs-vsctl show
40899d365d2-f74e-40a8-b9a0-5bb60353675d
409 Bridge br-int
410 Port br-int
411 Interface br-int
412 type: internal
413 Port patch-tun
414 Interface patch-tun
415 type: patch
416 options: {peer=patch-int}
417 Port "tapc2db0bfa-ae"
418 tag: 1
419 Interface "tapc2db0bfa-ae"
420 Port "tap57fae225-16"
421 tag: 2
422 Interface "tap57fae225-16"
423 Port "int-br-eth0"
424 Interface "int-br-eth0"
425 Bridge "br-eth0"
426 Port "eth0"
427 Interface "eth0"
428 Port "phy-br-eth0"
429 Interface "phy-br-eth0"
430 Port "br-eth0"
431 Interface "br-eth0"
432 type: internal
433 Bridge br-tun
434 Port br-tun
435 Interface br-tun
436 type: internal
437 Port "gre-1"
438 Interface "gre-1"
439 type: gre
440 options: {in_key=flow, local_ip="192.168.7.4", out_key=flow, remote_ip="192.168.7.2"}
441 Port patch-int
442 Interface patch-int
443 type: patch
444 options: {peer=patch-tun}
445 ovs_version: "2.0.0"
446
447
448References
449----------
450http:// developer.rackspace.com/blog/neutron-networking-l3-agent.html \ No newline at end of file
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-11 23:14:27 +0000