OpenStack Newton : Neutron Networking(GRE)2016/10/25 |
|
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure GRE tunneling type of networking on here.
Furthermore, this example is based on the environment that Network Node has 2 network interfaces.
Before it, Configure basic settings on Control Node, Network Node, Compute Node.
|
+-------------+ +----+----+
| Name Server | | Gateway |
+------+------+ +----+----+
|10.0.0.10 |10.0.0.1
| |
+------------+-----------------+------------------------+
| | | |
| | | 10.0.0.200-10.0.0.254
eth0|10.0.0.30 | 10.0.0.50| eth0 +--------+-------+
+--------+---------+ | +-----------+----------+ | Virtual Router |
| [ Control Node ] | | | [ Network Node ] | +--------+-------+
| Keystone | | | DHCP Agent | 192.168.100.1
| Glance | | | L3 Agent |eth1 | 192.168.100.0/24
| Nova API | | | L2 Agent | | +-----------------+
| Neutron Server | | | Metadata Agent | | +---| Virtual Machine |
+------------------+ | +----------------------+ | | +-----------------+
| | | +-----------------+
| +----------------------+ +-------+---| Virtual Machine |
| eth0| [ Compute Node ] | | +-----------------+
+-----| Nova Compute | | +-----------------+
10.0.0.51| L2 Agent | |---| Virtual Machine |
+----------------------+ | +-----------------+
| +-----------------+
+---| Virtual Machine |
+-----------------+
|
| [1] | Change settings on Control Node. |
|
[root@dlp ~(keystone)]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value to tenant_network_types [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre
# line 184: add [ml2_type_gre] tunnel_id_ranges = 1:1000
systemctl restart neutron-server |
| [2] | Change settings on Network Node. |
|
# add bridge [root@network ~]# ovs-vsctl add-br br-ext # add eth1 to the port of the bridge above [root@network ~]# ovs-vsctl add-port br-ext eth1
[root@network ~]#
vi /etc/neutron/l3_agent.ini # line 98: add external_network_bridge = br-ext
[root@network ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value to tenant_network_types [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre
# line 184: add [ml2_type_gre] tunnel_id_ranges = 1:1000
[root@network ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini # line 102: add [agent] tunnel_types = gre
# line 181: add (specify IP address of this host for local_ip) [ovs]
local_ip = 10.0.0.50
enable_tunneling = True bridge_mappings = external:br-ext systemctl restart neutron-l3-agent neutron-openvswitch-agent |
| [3] | Change settings on Compute Node. |
|
[root@node01 ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini # line 103: add a value to tenant_network_types [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre
# line 184: add [ml2_type_gre] tunnel_id_ranges = 1:1000
[root@node01 ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini # line 102: add [agent] tunnel_types = gre
# line 181: add (specify IP address of this host for local_ip) [ovs]
local_ip = 10.0.0.51
enable_tunneling = True systemctl restart neutron-openvswitch-agent |
| [4] | Create a Virtual router. It's OK to work on any node. (This example is on Control Node) |
|
# create a virtual router [root@dlp ~(keystone)]# neutron router-create router01 Created a new router: +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-10-26T04:14:20Z | | description | | | distributed | False | | external_gateway_info | | | flavor_id | | | ha | False | | id | 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426 | | name | router01 | | project_id | 150e205a8791426e8028a94699fb8848 | | revision_number | 2 | | routes | | | status | ACTIVE | | tenant_id | 150e205a8791426e8028a94699fb8848 | | updated_at | 2016-10-26T04:14:20Z | +-------------------------+--------------------------------------+[root@dlp ~(keystone)]# Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'` |
| [5] | Create internal network and associate with the router above. |
|
# create internal network [root@dlp ~(keystone)]# neutron net-create int_net Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-10-26T04:14:45Z | | description | | | id | 5fbf3808-6831-40e4-a8fa-a4d9aa3d75bd | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1458 | | name | int_net | | port_security_enabled | True | | project_id | 150e205a8791426e8028a94699fb8848 | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 82 | | revision_number | 3 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 150e205a8791426e8028a94699fb8848 | | updated_at | 2016-10-26T04:14:45Z | +---------------------------+--------------------------------------+ # create subnet in the internal network [root@dlp ~(keystone)]# neutron subnet-create \ --gateway 192.168.100.1 --dns-nameserver 10.0.0.1 int_net 192.168.100.0/24 Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.100.2", "end": "192.168.100.254"} |
| cidr | 192.168.100.0/24 |
| created_at | 2016-10-26T04:15:32Z |
| description | |
| dns_nameservers | 10.0.0.1 |
| enable_dhcp | True |
| gateway_ip | 192.168.100.1 |
| host_routes | |
| id | e7f8b8f1-ff2e-4056-9ffc-5763b598d860 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | |
| network_id | 5fbf3808-6831-40e4-a8fa-a4d9aa3d75bd |
| project_id | 150e205a8791426e8028a94699fb8848 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tenant_id | 150e205a8791426e8028a94699fb8848 |
| updated_at | 2016-10-26T04:15:32Z |
+-------------------+------------------------------------------------------+
[root@dlp ~(keystone)]#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above [root@dlp ~(keystone)]# neutron router-interface-add $Router_ID $Int_Subnet_ID Added interface bc793873-d02e-45da-a7ec-7220d17c148d to router 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426. |
| [6] | Create external network and associate with the router above. |
|
# create external network [root@dlp ~(keystone)]# neutron net-create ext_net --router:external Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-10-26T04:16:36Z | | description | | | id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd | | ipv4_address_scope | | | ipv6_address_scope | | | is_default | False | | mtu | 1458 | | name | ext_net | | port_security_enabled | True | | project_id | 150e205a8791426e8028a94699fb8848 | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 97 | | revision_number | 3 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 150e205a8791426e8028a94699fb8848 | | updated_at | 2016-10-26T04:16:37Z | +---------------------------+--------------------------------------+ # create subnet in external network [root@dlp ~(keystone)]# neutron subnet-create ext_net \ --allocation-pool start=10.0.0.200,end=10.0.0.254 \ --gateway 10.0.0.1 --dns-nameserver 10.0.0.1 10.0.0.0/24 --disable-dhcp Created a new subnet:
+-------------------+----------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------+
| allocation_pools | {"start": "10.0.0.200", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| created_at | 2016-10-26T04:18:04Z |
| description | |
| dns_nameservers | 10.0.0.1 |
| enable_dhcp | False |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 97f25b39-18f3-46f2-8489-947bc5641048 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | |
| network_id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd |
| project_id | 150e205a8791426e8028a94699fb8848 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tenant_id | 150e205a8791426e8028a94699fb8848 |
| updated_at | 2016-10-26T04:18:04Z |
+-------------------+----------------------------------------------+
[root@dlp ~(keystone)]#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'` # set gateway to the router above [root@dlp ~(keystone)]# neutron router-gateway-set $Router_ID $Ext_Net_ID Set gateway for router 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426 |
| [7] | Create and start Virtual machine Instance. |
|
[root@dlp ~(keystone)]#
[root@dlp ~(keystone)]# Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'` openstack image list +--------------------------------------+---------+--------+ | ID | Name | Status | +--------------------------------------+---------+--------+ | 0f695de0-2bf6-4a51-93ea-0c87ac6a3d07 | CentOS7 | active | +--------------------------------------+---------+--------+[root@dlp ~(keystone)]# openstack server create --flavor m1.small --image CentOS7 --security-group default --nic net-id=$Int_Net_ID CentOS_7 [root@dlp ~(keystone)]# openstack server list +-----------+----------+--------+-----------------------+------------+ | ID | Name | Status | Networks | Image Name | +-----------+----------+--------+-----------------------+------------+ | c1282f75- | CentOS_7 | BUILD | int_net=192.168.100.6 | CentOS7 | +-----------+----------+--------+-----------------------+------------+ |
| [8] | Assign floating IP address to the Instance above. |
|
[root@dlp ~(keystone)]# neutron floatingip-create ext_net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2016-10-26T04:21:37Z | | description | | | fixed_ip_address | | | floating_ip_address | 10.0.0.205 | | floating_network_id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd | | id | 9cb33190-69bf-4b32-a607-d1cb6f1d6e03 | | port_id | | | project_id | 150e205a8791426e8028a94699fb8848 | | revision_number | 1 | | router_id | | | status | DOWN | | tenant_id | 150e205a8791426e8028a94699fb8848 | | updated_at | 2016-10-26T04:21:37Z | +---------------------+--------------------------------------+
[root@dlp ~(keystone)]#
Device_ID=`openstack server list | grep CentOS_7 | awk '{ print $2 }'` [root@dlp ~(keystone)]# Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.6 | awk '{ print $2 }'` [root@dlp ~(keystone)]# Floating_ID=`neutron floatingip-list | grep 10.0.0.205 | awk '{ print $2 }'`
[root@dlp ~(keystone)]#
neutron floatingip-associate $Floating_ID $Port_ID Associated floating IP 9cb33190-69bf-4b32-a607-d1cb6f1d6e03 # confirm settings [root@dlp ~(keystone)]# neutron floatingip-show $Floating_ID +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2016-10-26T04:21:37Z | | description | | | fixed_ip_address | 192.168.100.6 | | floating_ip_address | 10.0.0.205 | | floating_network_id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd | | id | 9cb33190-69bf-4b32-a607-d1cb6f1d6e03 | | port_id | 6e0084aa-9e83-41ce-8ba7-b50b8414f644 | | project_id | 150e205a8791426e8028a94699fb8848 | | revision_number | 2 | | router_id | 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426 | | status | ACTIVE | | tenant_id | 150e205a8791426e8028a94699fb8848 | | updated_at | 2016-10-26T04:23:44Z | +---------------------+--------------------------------------+ |
| [9] | Configure security settings like follows to access with SSH and ICMP. |
|
# permit ICMP [root@dlp ~(keystone)]# neutron security-group-rule-create --direction ingress --protocol icmp default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | description | | | direction | ingress | | ethertype | IPv4 | | id | 2ee46326-17cf-4b0a-89ff-84d91e5522db | | port_range_max | | | port_range_min | | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | daeb3c1f-67e1-4129-990c-49ca0504f841 | | tenant_id | 7a160aeddebd4e398fd22e6491f10baa | +-------------------+--------------------------------------+ # permit SSH [root@dlp ~(keystone)]# neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | description | | | direction | ingress | | ethertype | IPv4 | | id | e99bc736-a85c-4471-ba43-105b4cb8bd99 | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | | | security_group_id | daeb3c1f-67e1-4129-990c-49ca0504f841 | | tenant_id | 7a160aeddebd4e398fd22e6491f10baa | +-------------------+--------------------------------------+[root@dlp ~(keystone)]# neutron security-group-rule-list +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+ | id | security_group | direction | ethertype | port/protocol | remote | +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+ | 2ee46326-17cf-4b0a-89ff-84d91e5522db | default | ingress | IPv4 | icmp | any | | 312684a0-534d-4053-98ed-ce8ddfd529f4 | default | ingress | IPv6 | any | default (group) | | 4ea4aa8d-792c-438f-966e-d01386786e97 | default | egress | IPv6 | any | any | | 5761e89a-f57f-48c6-866a-11a7f1a0e719 | default | ingress | IPv4 | any | default (group) | | 988eba63-3fb0-456d-a94a-c21aab5fedf3 | default | egress | IPv4 | any | any | | e99bc736-a85c-4471-ba43-105b4cb8bd99 | default | ingress | IPv4 | 22/tcp | any | +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+ |
| [10] | It's possible to login to the Instance to connect to the IP address with SSH like follows. |
|
[root@dlp ~(keystone)]# ssh 10.0.0.205 root@10.0.0.205's password: Last login: Wed Oct 26 14:08:39 2016 [root@host-192-168-100-6 ~]# # just logined
|
| Sponsored Link |