summaryrefslogtreecommitdiffstats
path: root/meta-openstack/Documentation/README.networking_vlan
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openstack/Documentation/README.networking_vlan')
-rw-r--r--meta-openstack/Documentation/README.networking_vlan382
1 files changed, 382 insertions, 0 deletions
diff --git a/meta-openstack/Documentation/README.networking_vlan b/meta-openstack/Documentation/README.networking_vlan
new file mode 100644
index 0000000..6d48e2b
--- /dev/null
+++ b/meta-openstack/Documentation/README.networking_vlan
@@ -0,0 +1,382 @@
1Networking - VLAN network
2=========================
3
4Description
5-----------
6The vlan network will have the VMs on one of two vlan networks
7(DMZ_SUBNET - 172.16.0.0/24, INSIDE_SUBNET - 192.168.100.0/241). We
8will continue to use the management network (192.168.7.0/24) for
9controller/compute communications. The dhcp-agent will provide the VMs
10addresses within each subnet and within its provisioned ranges. This
11type of network is more typical of a deployed network since network
12traffic can be contained to within the assigned vlan.
13
14
15Assumptions
16-----------
17It is assumed you have completed the steps described in
18README.networking and have provisioned the host vSwitch as well as
19created the br-eth0 bridges on the controller and compute nodes.
20
21At this point you should be able to ping 192.168.7.4 from 192.168.7.4
22and vise versa.
23
24You have built your controller image including the cirros image (for
25which you have already added the image to glance as myFirstImage).
26
27You have run 'source /etc/nova/openrc'
28
29Configuration updates
30---------------------
31On the host Open vSwitch add an IP for 192.168.100.1/22
32sudo ip address add 192.168.100.1/24 broadcast 192.168.100.255 dev br-int
33sudo ip address add 172.16.0.1/24 broadcast 172.16.0.255 dev br-int
34
35On the controller and (all) compute nodes you must edit the file
36/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
37
38In the [OVS] section set
39network_vlan_ranges = ph-eth0:200:200,ph-eth0:300:300
40bridge_mappings = ph-eth0:br-eth0
41
42(*** on compute nodes edit local_ip as well [192.168.7.4]***)
43
44Restart some services to allow these changes to take effect:
45/etc/init.d/neutron-openvswitch-agent reload
46(on controller)
47/etc/init.d/neutron-server reload
48/etc/init.d/neutron-dhcp-agent reload
49(on compute)
50/etc/init.d/nova-compute reload
51
52
53Create the net and subnet
54-------------------------
55neutron net-create --provider:physical_network=ph-eth0 \
56 --provider:network_type=vlan --provider:segmentation_id=200 \
57 --shared INSIDE_NET
58Created a new network:
59+---------------------------+--------------------------------------+
60| Field | Value |
61+---------------------------+--------------------------------------+
62| admin_state_up | True |
63| id | 587e29d0-eb89-4c0d-948b-845009380097 |
64| name | INSIDE_NET |
65| provider:network_type | vlan |
66| provider:physical_network | ph-eth0 |
67| provider:segmentation_id | 200 |
68| shared | True |
69| status | ACTIVE |
70| subnets | |
71| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
72+---------------------------+--------------------------------------+
73
74neutron net-create --provider:physical_network=ph-eth0 \
75 --provider:network_type=vlan --provider:segmentation_id=300 \
76 --shared DMZ_NET
77Created a new network:
78+---------------------------+--------------------------------------+
79| Field | Value |
80+---------------------------+--------------------------------------+
81| admin_state_up | True |
82| id | 498fa1f2-87de-4874-8ca9-f4ba3e394d2a |
83| name | DMZ_NET |
84| provider:network_type | vlan |
85| provider:physical_network | ph-eth0 |
86| provider:segmentation_id | 300 |
87| shared | True |
88| status | ACTIVE |
89| subnets | |
90| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
91+---------------------------+--------------------------------------+
92
93neutron subnet-create INSIDE_NET 192.168.100.0/24 \
94 --name INSIDE_SUBNET --no-gateway \
95 --host-route destination=0.0.0.0/0,nexthop=192.168.100.1 \
96 --allocation-pool start=192.168.100.100,end=192.168.100.199
97Created a new subnet:
98+------------------+----------------------------------------------------------+
99| Field | Value |
100+------------------+----------------------------------------------------------+
101| allocation_pools | {"start": "192.168.100.100", "end": "192.168.100.199"} |
102| cidr | 192.168.100.0/24 |
103| dns_nameservers | |
104| enable_dhcp | True |
105| gateway_ip | |
106| host_routes | {"destination": "0.0.0.0/0", "nexthop": "192.168.100.1"} |
107| id | 2c1a77aa-614c-4a97-9855-a62bb4b4d899 |
108| ip_version | 4 |
109| name | INSIDE_SUBNET |
110| network_id | 587e29d0-eb89-4c0d-948b-845009380097 |
111| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
112+------------------+----------------------------------------------------------+
113
114neutron subnet-create DMZ_NET 172.16.0.0/24 --name DMZ_SUBNET \
115 --no-gateway --host-route destination=0.0.0.0/0,nexthop=172.16.0.1 \
116 --allocation-pool start=172.16.0.100,end=172.16.0.199
117Created a new subnet:
118+------------------+-------------------------------------------------------+
119| Field | Value |
120+------------------+-------------------------------------------------------+
121| allocation_pools | {"start": "172.16.0.100", "end": "172.16.0.199"} |
122| cidr | 172.16.0.0/24 |
123| dns_nameservers | |
124| enable_dhcp | True |
125| gateway_ip | |
126| host_routes | {"destination": "0.0.0.0/0", "nexthop": "172.16.0.1"} |
127| id | bfae1a19-e15f-4e5e-94f2-018f24abbc2e |
128| ip_version | 4 |
129| name | DMZ_SUBNET |
130| network_id | 498fa1f2-87de-4874-8ca9-f4ba3e394d2a |
131| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
132+------------------+-------------------------------------------------------+
133
134
135Boot the image and test connectivity
136------------------------------------
137(note with our current config you might only be able to run 2 instances at
138 any one time, so you will end up juggling them to test connectivity)
139
140nova boot --flavor=m1.small --image=myFirstImage \
141 --nic net-id=587e29d0-eb89-4c0d-948b-845009380097 INSIDE_INSTANCE
142+--------------------------------------+-----------------------------------------------------+
143| Property | Value |
144+--------------------------------------+-----------------------------------------------------+
145| OS-DCF:diskConfig | MANUAL |
146| OS-EXT-AZ:availability_zone | nova |
147| OS-EXT-SRV-ATTR:host | - |
148| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
149| OS-EXT-SRV-ATTR:instance_name | instance-00000009 |
150| OS-EXT-STS:power_state | 0 |
151| OS-EXT-STS:task_state | scheduling |
152| OS-EXT-STS:vm_state | building |
153| OS-SRV-USG:launched_at | - |
154| OS-SRV-USG:terminated_at | - |
155| accessIPv4 | |
156| accessIPv6 | |
157| adminPass | 7itgDwsdY8d4 |
158| config_drive | |
159| created | 2014-04-10T14:31:21Z |
160| flavor | m1.small (2) |
161| hostId | |
162| id | 630affe0-d497-4211-87bb-383254d60428 |
163| image | myFirstImage (f22d3ab8-96a5-46db-a029-7d59156c8e31) |
164| key_name | - |
165| metadata | {} |
166| name | INSIDE_INSTANCE |
167| os-extended-volumes:volumes_attached | [] |
168| progress | 0 |
169| security_groups | default |
170| status | BUILD |
171| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
172| updated | 2014-04-10T14:31:21Z |
173| user_id | 1dfcb72ef6a7428d8dd7300bc7f303d9 |
174+--------------------------------------+-----------------------------------------------------+
175
176nova boot --flavor=m1.small --image=myFirstImage \
177 --nic net-id=587e29d0-eb89-4c0d-948b-845009380097 INSIDE_INSTANCE2
178+--------------------------------------+-----------------------------------------------------+
179| Property | Value |
180+--------------------------------------+-----------------------------------------------------+
181| OS-DCF:diskConfig | MANUAL |
182| OS-EXT-AZ:availability_zone | nova |
183| OS-EXT-SRV-ATTR:host | - |
184| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
185| OS-EXT-SRV-ATTR:instance_name | instance-0000000a |
186| OS-EXT-STS:power_state | 0 |
187| OS-EXT-STS:task_state | scheduling |
188| OS-EXT-STS:vm_state | building |
189| OS-SRV-USG:launched_at | - |
190| OS-SRV-USG:terminated_at | - |
191| accessIPv4 | |
192| accessIPv6 | |
193| adminPass | BF9p6tftS2xJ |
194| config_drive | |
195| created | 2014-04-10T14:32:07Z |
196| flavor | m1.small (2) |
197| hostId | |
198| id | ff94ee07-ae24-4785-9d51-26de2c23da60 |
199| image | myFirstImage (f22d3ab8-96a5-46db-a029-7d59156c8e31) |
200| key_name | - |
201| metadata | {} |
202| name | INSIDE_INSTANCE2 |
203| os-extended-volumes:volumes_attached | [] |
204| progress | 0 |
205| security_groups | default |
206| status | BUILD |
207| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
208| updated | 2014-04-10T14:32:08Z |
209| user_id | 1dfcb72ef6a7428d8dd7300bc7f303d9 |
210+--------------------------------------+-----------------------------------------------------+
211
212root@controller:~# nova list
213+--------------------------------------+------------------+--------+------------+-------------+----------------------------+
214| ID | Name | Status | Task State | Power State | Networks |
215+--------------------------------------+------------------+--------+------------+-------------+----------------------------+
216| 630affe0-d497-4211-87bb-383254d60428 | INSIDE_INSTANCE | ACTIVE | - | Running | INSIDE_NET=192.168.100.100 |
217| ff94ee07-ae24-4785-9d51-26de2c23da60 | INSIDE_INSTANCE2 | ACTIVE | - | Running | INSIDE_NET=192.168.100.102 |
218+--------------------------------------+------------------+--------+------------+-------------+----------------------------+
219
220nova boot --flavor=m1.small --image=myFirstImage \
221 --nic net-id=498fa1f2-87de-4874-8ca9-f4ba3e394d2a DMZ_INSTANCE
222+--------------------------------------+-----------------------------------------------------+
223| Property | Value |
224+--------------------------------------+-----------------------------------------------------+
225| OS-DCF:diskConfig | MANUAL |
226| OS-EXT-AZ:availability_zone | nova |
227| OS-EXT-SRV-ATTR:host | - |
228| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
229| OS-EXT-SRV-ATTR:instance_name | instance-0000000d |
230| OS-EXT-STS:power_state | 0 |
231| OS-EXT-STS:task_state | scheduling |
232| OS-EXT-STS:vm_state | building |
233| OS-SRV-USG:launched_at | - |
234| OS-SRV-USG:terminated_at | - |
235| accessIPv4 | |
236| accessIPv6 | |
237| adminPass | SvzSpnmB6mXJ |
238| config_drive | |
239| created | 2014-04-10T14:42:53Z |
240| flavor | m1.small (2) |
241| hostId | |
242| id | 0dab2712-5f1d-4559-bfa4-d09c6304418c |
243| image | myFirstImage (f22d3ab8-96a5-46db-a029-7d59156c8e31) |
244| key_name | - |
245| metadata | {} |
246| name | DMZ_INSTANCE |
247| os-extended-volumes:volumes_attached | [] |
248| progress | 0 |
249| security_groups | default |
250| status | BUILD |
251| tenant_id | b5890ba3fb234347ae317ca2f8358663 |
252| updated | 2014-04-10T14:42:54Z |
253| user_id | 1dfcb72ef6a7428d8dd7300bc7f303d9 |
254+--------------------------------------+-----------------------------------------------------+
255
256nova boot --flavor=m1.small --image=myFirstImage \
257 --nic net-id=498fa1f2-87de-4874-8ca9-f4ba3e394d2a DMZ_INSTANCE2
258...
259
260nova console-log INSIDE_INSTANCE2
261---
262...skip
263Starting network...
264udhcpc (v1.18.5) started
265Sending discover...
266Sending select for 192.168.100.102...
267...skip
268
269ping
270---
271
272You should also be able to ping instances on the same subnet but not
273those on the other subnet. The controller and compute can not ping
274instances on either network (with metadata implemented the controller
275should be able to, but currently the metadata agent is not available.)
276
277dump-flows
278----------
279(note the 'vlan' tags)
280root@compute:~# ovs-ofctl dump-flows br-int
281NXST_FLOW reply (xid=0x4):
282 cookie=0x0, duration=1640.378s, table=0, n_packets=3, n_bytes=788, idle_age=1628, priority=3,in_port=6,dl_vlan=300 actions=mod_vlan_vid:2,NORMAL
283 cookie=0x0, duration=2332.714s, table=0, n_packets=6, n_bytes=1588, idle_age=2274, priority=3,in_port=6,dl_vlan=200 actions=mod_vlan_vid:1,NORMAL
284 cookie=0x0, duration=2837.737s, table=0, n_packets=22, n_bytes=1772, idle_age=1663, priority=2,in_port=6 actions=drop
285 cookie=0x0, duration=2837.976s, table=0, n_packets=53, n_bytes=5038, idle_age=1535, priority=1 actions=NORMAL
286
287
288
289The final Open vSwitch configs
290------------------------------
291
292Controller
293---
294root@controller:~# ovs-vsctl show
295524a6c84-226d-427b-8efa-732ed7e7fa43
296 Bridge br-tun
297 Port "gre-2"
298 Interface "gre-2"
299 type: gre
300 options: {in_key=flow, local_ip="192.168.7.2", out_key=flow, remote_ip="192.168.7.4"}
301 Port br-tun
302 Interface br-tun
303 type: internal
304 Port patch-int
305 Interface patch-int
306 type: patch
307 options: {peer=patch-tun}
308 Bridge "br-eth0"
309 Port "eth0"
310 Interface "eth0"
311 Port "br-eth0"
312 Interface "br-eth0"
313 type: internal
314 Port "phy-br-eth0"
315 Interface "phy-br-eth0"
316 Bridge br-int
317 Port patch-tun
318 Interface patch-tun
319 type: patch
320 options: {peer=patch-int}
321 Port "tapafbbdd15-e7"
322 tag: 1
323 Interface "tapafbbdd15-e7"
324 type: internal
325 Port "int-br-eth0"
326 Interface "int-br-eth0"
327 Port "tapa50c1a18-34"
328 tag: 2
329 Interface "tapa50c1a18-34"
330 type: internal
331 Port br-int
332 Interface br-int
333 type: internal
334 ovs_version: "2.0.0"
335
336
337Compute
338---
339root@compute:~# ovs-vsctl show
34099d365d2-f74e-40a8-b9a0-5bb60353675d
341 Bridge br-tun
342 Port br-tun
343 Interface br-tun
344 type: internal
345 Port "gre-1"
346 Interface "gre-1"
347 type: gre
348 options: {in_key=flow, local_ip="192.168.7.4", out_key=flow, remote_ip="192.168.7.2"}
349 Port patch-int
350 Interface patch-int
351 type: patch
352 options: {peer=patch-tun}
353 Bridge br-int
354 Port br-int
355 Interface br-int
356 type: internal
357 Port "int-br-eth0"
358 Interface "int-br-eth0"
359 Port patch-tun
360 Interface patch-tun
361 type: patch
362 options: {peer=patch-int}
363 Port "tap78e1ac37-6c"
364 tag: 2
365 Interface "tap78e1ac37-6c"
366 Port "tap315398a4-cd"
367 tag: 1
368 Interface "tap315398a4-cd"
369 Bridge "br-eth0"
370 Port "phy-br-eth0"
371 Interface "phy-br-eth0"
372 Port "eth0"
373 Interface "eth0"
374 Port "br-eth0"
375 Interface "br-eth0"
376 type: internal
377 ovs_version: "2.0.0"
378
379
380References
381----------
382http://developer.rackspace.com/blog/neutron-networking-vlan-provider-networks.html \ No newline at end of file
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 12:41:24 +0000