2016-09-16 10:17:45 +01:00
|
|
|
.. _networking-guide:
|
|
|
|
|
|
2017-05-31 17:51:09 +03:00
|
|
|
============================
|
|
|
|
|
Enabling Provider Networks
|
|
|
|
|
============================
|
2017-07-13 15:04:19 +01:00
|
|
|
Provider networks allow to connect compute instances directly to physical
|
|
|
|
|
networks avoiding tunnels. This is necessary for example for some performance
|
|
|
|
|
critical applications. Only administrators of OpenStack can create such
|
|
|
|
|
networks. For provider networks compute hosts must have external bridge
|
|
|
|
|
created and configured by Ansible tasks like it is already done for tenant
|
|
|
|
|
DVR mode networking. Normal tenant non-DVR networking does not need external
|
|
|
|
|
bridge on compute hosts and therefore operators don't need additional
|
|
|
|
|
dedicated network interface.
|
2017-05-31 17:51:09 +03:00
|
|
|
|
2017-07-13 15:04:19 +01:00
|
|
|
To enable provider networks modify the configuration
|
|
|
|
|
file ``/etc/kolla/globals.yml``:
|
2017-05-31 17:51:09 +03:00
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
enable_neutron_provider_networks: "yes"
|
|
|
|
|
|
2016-09-16 10:17:45 +01:00
|
|
|
============================
|
|
|
|
|
Enabling Neutron Extensions
|
|
|
|
|
============================
|
|
|
|
|
|
|
|
|
|
Overview
|
|
|
|
|
========
|
|
|
|
|
Kolla deploys Neutron by default as OpenStack networking component. This guide
|
|
|
|
|
describes configuring and running Neutron extensions like LBaaS,
|
|
|
|
|
Networking-SFC, QoS, etc.
|
|
|
|
|
|
|
|
|
|
Networking-SFC
|
|
|
|
|
==============
|
|
|
|
|
|
|
|
|
|
Preparation and deployment
|
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
|
|
Modify the configuration file ``/etc/kolla/globals.yml`` and change
|
|
|
|
|
the following:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
neutron_plugin_agent: "sfc"
|
|
|
|
|
|
|
|
|
|
Networking-SFC is an additional Neutron plugin. For SFC to work, this plugin
|
|
|
|
|
has to be installed in ``neutron-server`` container as well. Modify the
|
|
|
|
|
configuration file ``/etc/kolla/kolla-build.conf`` and add the following
|
|
|
|
|
contents:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
[neutron-server-plugin-networking-sfc]
|
|
|
|
|
type = git
|
|
|
|
|
location = https://github.com/openstack/networking-sfc.git
|
|
|
|
|
reference = mitaka
|
|
|
|
|
|
|
|
|
|
Verification
|
|
|
|
|
------------
|
|
|
|
|
|
|
|
|
|
Verify the build and deploy operation of Networking-SFC container. Successful
|
|
|
|
|
deployment will bring up an SFC container in the list of running containers.
|
|
|
|
|
Run the following command to login into the ``neutron-server`` container:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
docker exec -it neutron_server bash
|
|
|
|
|
|
|
|
|
|
Neutron should provide the following CLI extensions.
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
#neutron help|grep port
|
|
|
|
|
|
|
|
|
|
port-chain-create [port_chain] Create a Port Chain.
|
|
|
|
|
port-chain-delete [port_chain] Delete a given Port Chain.
|
|
|
|
|
port-chain-list [port_chain] List Port Chains that belong
|
|
|
|
|
to a given tenant.
|
|
|
|
|
port-chain-show [port_chain] Show information of a
|
|
|
|
|
given Port Chain.
|
|
|
|
|
port-chain-update [port_chain] Update Port Chain's
|
|
|
|
|
information.
|
|
|
|
|
port-pair-create [port_pair] Create a Port Pair.
|
|
|
|
|
port-pair-delete [port_pair] Delete a given Port Pair.
|
|
|
|
|
port-pair-group-create [port_pair_group] Create a Port Pair
|
|
|
|
|
Group.
|
|
|
|
|
port-pair-group-delete [port_pair_group] Delete a given
|
|
|
|
|
Port Pair Group.
|
|
|
|
|
port-pair-group-list [port_pair_group] List Port Pair Groups
|
|
|
|
|
that belongs to a given tenant.
|
|
|
|
|
port-pair-group-show [port_pair_group] Show information of a
|
|
|
|
|
given Port Pair Group.
|
|
|
|
|
port-pair-group-update [port_pair_group] Update Port Pair
|
|
|
|
|
Group's information.
|
|
|
|
|
port-pair-list [port_pair] List Port Pairs that belongs
|
|
|
|
|
to a given tenant.
|
|
|
|
|
port-pair-show [port_pair] Show information of a given
|
|
|
|
|
Port Pair.
|
|
|
|
|
port-pair-update [port_pair] Update Port Pair's
|
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
For setting up a testbed environment and creating a port chain, please refer
|
|
|
|
|
to the following link:
|
|
|
|
|
|
|
|
|
|
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining
|
|
|
|
|
|
|
|
|
|
For the source code, please refer to the following link:
|
|
|
|
|
|
|
|
|
|
https://github.com/openstack/networking-sfc
|
2016-11-24 11:56:59 +00:00
|
|
|
|
2017-01-27 18:52:04 +00:00
|
|
|
|
2016-11-24 11:56:59 +00:00
|
|
|
Neutron VPNaaS (VPN-as-a-Service)
|
2017-02-15 12:17:12 +08:00
|
|
|
=================================
|
2016-11-24 11:56:59 +00:00
|
|
|
|
|
|
|
|
Preparation and deployment
|
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
|
|
Modify the configuration file ``/etc/kolla/globals.yml`` and change
|
|
|
|
|
the following:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
enable_neutron_vpnaas: "yes"
|
|
|
|
|
|
|
|
|
|
Verification
|
|
|
|
|
------------
|
|
|
|
|
|
|
|
|
|
VPNaaS is a complex subject, hence this document provides directions for a
|
|
|
|
|
simple smoke test to verify the service is up and running.
|
|
|
|
|
|
|
|
|
|
On the network node(s), the ``neutron_vpnaas_agent`` should be up (image naming
|
|
|
|
|
and versioning may differ depending on deploy configuration):
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
docker ps --filter name=neutron_vpnaas_agent
|
|
|
|
|
CONTAINER ID IMAGE
|
|
|
|
|
COMMAND CREATED STATUS PORTS
|
|
|
|
|
NAMES
|
|
|
|
|
97d25657d55e
|
|
|
|
|
operator:5000/kolla/oraclelinux-source-neutron-vpnaas-agent:4.0.0
|
|
|
|
|
"kolla_start" 44 minutes ago Up 44 minutes
|
|
|
|
|
neutron_vpnaas_agent
|
|
|
|
|
|
2017-01-26 15:59:19 +00:00
|
|
|
Kolla-Ansible includes a small script that can be used in tandem with
|
2016-11-24 11:56:59 +00:00
|
|
|
``tools/init-runonce`` to verify the VPN using two routers and two Nova VMs:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
tools/init-runonce
|
|
|
|
|
tools/init-vpn
|
|
|
|
|
|
|
|
|
|
Verify both VPN services are active:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
neutron vpn-service-list
|
|
|
|
|
+--------------------------------------+----------+--------------------------------------+--------+
|
|
|
|
|
| id | name | router_id | status |
|
|
|
|
|
+--------------------------------------+----------+--------------------------------------+--------+
|
|
|
|
|
| ad941ec4-5f3d-4a30-aae2-1ab3f4347eb1 | vpn_west | 051f7ce3-4301-43cc-bfbd-7ffd59af539e | ACTIVE |
|
|
|
|
|
| edce15db-696f-46d8-9bad-03d087f1f682 | vpn_east | 058842e0-1d01-4230-af8d-0ba6d0da8b1f | ACTIVE |
|
|
|
|
|
+--------------------------------------+----------+--------------------------------------+--------+
|
|
|
|
|
|
|
|
|
|
Two VMs can now be booted, one on vpn_east, the other on vpn_west, and
|
|
|
|
|
encrypted ping packets observed being sent from one to the other.
|
|
|
|
|
|
|
|
|
|
For more information on this and VPNaaS in Neutron refer to the VPNaaS area on
|
|
|
|
|
the OpenStack wiki:
|
|
|
|
|
|
|
|
|
|
https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall
|
|
|
|
|
https://wiki.openstack.org/wiki/Neutron/VPNaaS
|
2017-01-27 18:52:04 +00:00
|
|
|
|
