From 29cdefc9f65e39738b7108ff060836acdb2174f8 Mon Sep 17 00:00:00 2001 From: Matthew Kassawara Date: Wed, 24 Dec 2014 13:18:33 -0600 Subject: [PATCH] Further clarify networking content Further clarify installation guide networking content to reduce potential confusion about the purpose of each network. Change-Id: I1c7f79784eb80e317be1f156bc3a0e68ac39df3b Closes-Bug: #1372669 backport: Juno --- .../section_basics-networking-neutron.xml | 31 ++++++++++ .../section_basics-networking-nova.xml | 23 ++++++++ .../section_basics-networking.xml | 58 +++++++++++-------- 3 files changed, 88 insertions(+), 24 deletions(-) diff --git a/doc/install-guide/section_basics-networking-neutron.xml b/doc/install-guide/section_basics-networking-neutron.xml index 90aae7cf79..a2f12d3339 100644 --- a/doc/install-guide/section_basics-networking-neutron.xml +++ b/doc/install-guide/section_basics-networking-neutron.xml @@ -19,6 +19,37 @@ external network. The compute node contains one network interface on the management network and one on the instance tunnels network. + The example architecture assumes use of the following networks: + + + Management on 10.0.0.0/24 with gateway 10.0.0.1 + + This network requires a gateway to provide Internet + access to all nodes for administrative purposes such as + package installation, security updates, + DNS, and + NTP. + + + + Instance tunnels on 10.0.1.0/24 without a gateway + + This network does not require a gateway because communication + only occurs among network and compute nodes in your OpenStack + environment. + + + + External on 203.0.113.0/24 with gateway 203.0.113.1 + + This network requires a gateway to provide Internet + access to instances in your OpenStack environment. + + + + You can modify these ranges and gateways to work with your + particular network infrastructure. Network interface names vary by distribution. Traditionally, interfaces use "eth" followed by a sequential number. To cover all diff --git a/doc/install-guide/section_basics-networking-nova.xml b/doc/install-guide/section_basics-networking-nova.xml index 5984a50ed8..f44dad3575 100644 --- a/doc/install-guide/section_basics-networking-nova.xml +++ b/doc/install-guide/section_basics-networking-nova.xml @@ -16,6 +16,29 @@ management network. The compute node contains one network interface on the management network and one on the external network. + The example architecture assumes use of the following networks: + + + Management on 10.0.0.0/24 with gateway 10.0.0.1 + + This network requires a gateway to provide Internet + access to all nodes for administrative purposes such as + package installation, security updates, + DNS, and + NTP. + + + + External on 203.0.113.0/24 with gateway 203.0.113.1 + + This network requires a gateway to provide Internet + access to instances in your OpenStack environment. + + + + You can modify these ranges and gateways to work with your + particular network infrastructure. Network interface names vary by distribution. Traditionally, interfaces use "eth" followed by a sequential number. To cover all diff --git a/doc/install-guide/section_basics-networking.xml b/doc/install-guide/section_basics-networking.xml index 8d672084f1..10059e5317 100644 --- a/doc/install-guide/section_basics-networking.xml +++ b/doc/install-guide/section_basics-networking.xml @@ -28,6 +28,26 @@ openSUSE documentation. + All nodes require Internet access for administrative purposes + such as package installation, security updates, + DNS, and + NTP. In most cases, nodes should obtain Internet + access through the management network interface. To highlight + the importance of network separation, the example architectures + use private address space for the management network and assume + that network infrastructure provides Internet access via + NAT. To illustrate the flexibility of + IaaS, the example architectures use public + IP address space for the external network and assume that network + infrastructure provides direct Internet access to instances in + your OpenStack environment. In environments with only one block + of public IP address space, both the management and external networks + must ultimately obtain Internet access using it. For simplicity, the + diagrams in this guide only show Internet access for OpenStack + services. To disable Network Manager @@ -41,34 +61,24 @@ - RHEL and CentOS enable a restrictive - firewall by default. During the installation - process, certain steps will fail unless you alter or disable the - firewall. For more information about securing your environment, refer - to the OpenStack - Security Guide. - openSUSE and SLES enable a restrictive - firewall by default. During the installation - process, certain steps will fail unless you alter or disable the - firewall. For more information about securing your environment, refer - to the OpenStack - Security Guide. - Your distribution does not enable a - restrictive firewall by default. For more - information about securing your environment, refer to the - OpenStack - Security Guide. + + Your distribution enables + a restrictive firewall by default. During the + installation process, certain steps will fail unless you alter or + disable the firewall. For more information about securing your + environment, refer to the + OpenStack + Security Guide. + Your distribution does not enable a + restrictive firewall by default. For more + information about securing your environment, refer to the + OpenStack + Security Guide. + Proceed to network configuration for the example OpenStack Networking (neutron) or legacy networking (nova-network) architecture. - - All nodes require Internet access to install OpenStack packages - and perform maintenance tasks such as periodic updates. In most - cases, nodes should obtain Internet access through the management - network interface. For simplicity, the network diagrams in this guide - only show Internet access for OpenStack network services. -