CentOS 7
Sponsored Link

OpenStack Newton : Neutron Networking(GRE)
2016/10/25
 
Configure virtual networking by OpenStack Network Service (Neutron).
For example, configure GRE tunneling type of networking on here.
Before it, Configure basic settings on Control Node, Network Node, Compute Node.
Furthermore, this example is based on the environment that Network Node has 2 network interfaces.

                                        |
  +-------------+                  +----+----+
  | Name Server |                  | Gateway |
  +------+------+                  +----+----+
         |10.0.0.10                     |10.0.0.1
         |                              |
         +------------+-----------------+------------------------+
         |            |                 |                        |
         |            |                 |              10.0.0.200-10.0.0.254
     eth0|10.0.0.30   |        10.0.0.50| eth0          +--------+-------+
+--------+---------+  |     +-----------+----------+    | Virtual Router |
| [ Control Node ] |  |     |   [ Network Node ]   |    +--------+-------+
|     Keystone     |  |     |       DHCP Agent     |       192.168.100.1
|      Glance      |  |     |       L3 Agent       |eth1         |            192.168.100.0/24
|     Nova API     |  |     |       L2 Agent       |             |           +-----------------+
|  Neutron Server  |  |     |    Metadata Agent    |             |       +---| Virtual Machine |
+------------------+  |     +----------------------+             |       |   +-----------------+
                      |                                          |       |   +-----------------+
                      |     +----------------------+             +-------+---| Virtual Machine |
                      | eth0|   [ Compute Node ]   |                     |   +-----------------+
                      +-----|     Nova Compute     |                     |   +-----------------+
                   10.0.0.51|       L2 Agent       |                     |---| Virtual Machine |
                            +----------------------+                     |   +-----------------+
                                                                         |   +-----------------+
                                                                         +---| Virtual Machine |
                                                                             +-----------------+
[1] Change settings on Control Node.
[root@dlp ~(keystone)]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
gre
# line 184: add

[ml2_type_gre]
tunnel_id_ranges = 1:1000
[root@dlp ~(keystone)]#
systemctl restart neutron-server

[2] Change settings on Network Node.
# add bridge

[root@network ~]#
ovs-vsctl add-br br-ext

# add eth1 to the port of the bridge above

[root@network ~]#
ovs-vsctl add-port br-ext eth1

[root@network ~]#
vi /etc/neutron/l3_agent.ini
# line 98: add

external_network_bridge =
br-ext
[root@network ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
gre
# line 184: add

[ml2_type_gre]
tunnel_id_ranges = 1:1000
[root@network ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
# line 102: add

[agent]
tunnel_types = gre
# line 181: add (specify IP address of this host for local_ip)

[ovs]
local_ip = 10.0.0.50
enable_tunneling = True
bridge_mappings = external:br-ext
[root@network ~]#
systemctl restart neutron-l3-agent neutron-openvswitch-agent

[3] Change settings on Compute Node.
[root@node01 ~]#
vi /etc/neutron/plugins/ml2/ml2_conf.ini
# line 103: add a value to tenant_network_types

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
gre
# line 184: add

[ml2_type_gre]
tunnel_id_ranges = 1:1000
[root@node01 ~]#
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
# line 102: add

[agent]
tunnel_types = gre
# line 181: add (specify IP address of this host for local_ip)

[ovs]
local_ip = 10.0.0.51
enable_tunneling = True
[root@node01 ~]#
systemctl restart neutron-openvswitch-agent

[4] Create a Virtual router. It's OK to work on any node. (This example is on Control Node)
# create a virtual router

[root@dlp ~(keystone)]#
neutron router-create router01

Created a new router:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| created_at              | 2016-10-26T04:14:20Z                 |
| description             |                                      |
| distributed             | False                                |
| external_gateway_info   |                                      |
| flavor_id               |                                      |
| ha                      | False                                |
| id                      | 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426 |
| name                    | router01                             |
| project_id              | 150e205a8791426e8028a94699fb8848     |
| revision_number         | 2                                    |
| routes                  |                                      |
| status                  | ACTIVE                               |
| tenant_id               | 150e205a8791426e8028a94699fb8848     |
| updated_at              | 2016-10-26T04:14:20Z                 |
+-------------------------+--------------------------------------+

[root@dlp ~(keystone)]#
Router_ID=`neutron router-list | grep router01 | awk '{ print $2 }'`

[5] Create internal network and associate with the router above.
# create internal network

[root@dlp ~(keystone)]#
neutron net-create int_net

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2016-10-26T04:14:45Z                 |
| description               |                                      |
| id                        | 5fbf3808-6831-40e4-a8fa-a4d9aa3d75bd |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1458                                 |
| name                      | int_net                              |
| port_security_enabled     | True                                 |
| project_id                | 150e205a8791426e8028a94699fb8848     |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 82                                   |
| revision_number           | 3                                    |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 150e205a8791426e8028a94699fb8848     |
| updated_at                | 2016-10-26T04:14:45Z                 |
+---------------------------+--------------------------------------+

# create subnet in the internal network

[root@dlp ~(keystone)]#
neutron subnet-create \
--gateway 192.168.100.1 --dns-nameserver 10.0.0.1 int_net 192.168.100.0/24

Created a new subnet:
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| allocation_pools  | {"start": "192.168.100.2", "end": "192.168.100.254"} |
| cidr              | 192.168.100.0/24                                     |
| created_at        | 2016-10-26T04:15:32Z                                 |
| description       |                                                      |
| dns_nameservers   | 10.0.0.1                                             |
| enable_dhcp       | True                                                 |
| gateway_ip        | 192.168.100.1                                        |
| host_routes       |                                                      |
| id                | e7f8b8f1-ff2e-4056-9ffc-5763b598d860                 |
| ip_version        | 4                                                    |
| ipv6_address_mode |                                                      |
| ipv6_ra_mode      |                                                      |
| name              |                                                      |
| network_id        | 5fbf3808-6831-40e4-a8fa-a4d9aa3d75bd                 |
| project_id        | 150e205a8791426e8028a94699fb8848                     |
| revision_number   | 2                                                    |
| service_types     |                                                      |
| subnetpool_id     |                                                      |
| tenant_id         | 150e205a8791426e8028a94699fb8848                     |
| updated_at        | 2016-10-26T04:15:32Z                                 |
+-------------------+------------------------------------------------------+

[root@dlp ~(keystone)]#
Int_Subnet_ID=`neutron net-list | grep int_net | awk '{ print $6 }'`
# set internal network to the router above

[root@dlp ~(keystone)]#
neutron router-interface-add $Router_ID $Int_Subnet_ID

Added interface bc793873-d02e-45da-a7ec-7220d17c148d to router 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426.
[6] Create external network and associate with the router above.
# create external network

[root@dlp ~(keystone)]#
neutron net-create ext_net --router:external

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2016-10-26T04:16:36Z                 |
| description               |                                      |
| id                        | 2bcdbea6-a56b-4ad3-a412-17424cecaabd |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| is_default                | False                                |
| mtu                       | 1458                                 |
| name                      | ext_net                              |
| port_security_enabled     | True                                 |
| project_id                | 150e205a8791426e8028a94699fb8848     |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 97                                   |
| revision_number           | 3                                    |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 150e205a8791426e8028a94699fb8848     |
| updated_at                | 2016-10-26T04:16:37Z                 |
+---------------------------+--------------------------------------+

# create subnet in external network

[root@dlp ~(keystone)]#
neutron subnet-create ext_net \
--allocation-pool start=10.0.0.200,end=10.0.0.254 \
--gateway 10.0.0.1 --dns-nameserver 10.0.0.1 10.0.0.0/24 --disable-dhcp

Created a new subnet:
+-------------------+----------------------------------------------+
| Field             | Value                                        |
+-------------------+----------------------------------------------+
| allocation_pools  | {"start": "10.0.0.200", "end": "10.0.0.254"} |
| cidr              | 10.0.0.0/24                                  |
| created_at        | 2016-10-26T04:18:04Z                         |
| description       |                                              |
| dns_nameservers   | 10.0.0.1                                     |
| enable_dhcp       | False                                        |
| gateway_ip        | 10.0.0.1                                     |
| host_routes       |                                              |
| id                | 97f25b39-18f3-46f2-8489-947bc5641048         |
| ip_version        | 4                                            |
| ipv6_address_mode |                                              |
| ipv6_ra_mode      |                                              |
| name              |                                              |
| network_id        | 2bcdbea6-a56b-4ad3-a412-17424cecaabd         |
| project_id        | 150e205a8791426e8028a94699fb8848             |
| revision_number   | 2                                            |
| service_types     |                                              |
| subnetpool_id     |                                              |
| tenant_id         | 150e205a8791426e8028a94699fb8848             |
| updated_at        | 2016-10-26T04:18:04Z                         |
+-------------------+----------------------------------------------+

[root@dlp ~(keystone)]#
Ext_Net_ID=`neutron net-list | grep ext_net | awk '{ print $2 }'`

# set gateway to the router above

[root@dlp ~(keystone)]#
neutron router-gateway-set $Router_ID $Ext_Net_ID

Set gateway for router 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426
[7] Create and start Virtual machine Instance.
[root@dlp ~(keystone)]#
Int_Net_ID=`neutron net-list | grep int_net | awk '{ print $2 }'`

[root@dlp ~(keystone)]#
openstack image list

+--------------------------------------+---------+--------+
| ID                                   | Name    | Status |
+--------------------------------------+---------+--------+
| 0f695de0-2bf6-4a51-93ea-0c87ac6a3d07 | CentOS7 | active |
+--------------------------------------+---------+--------+

[root@dlp ~(keystone)]#
openstack server create --flavor m1.small --image CentOS7 --security-group default --nic net-id=$Int_Net_ID CentOS_7

[root@dlp ~(keystone)]#
openstack server list

+-----------+----------+--------+-----------------------+------------+
| ID        | Name     | Status | Networks              | Image Name |
+-----------+----------+--------+-----------------------+------------+
| c1282f75- | CentOS_7 | BUILD  | int_net=192.168.100.6 | CentOS7    |
+-----------+----------+--------+-----------------------+------------+
[8] Assign floating IP address to the Instance above.
[root@dlp ~(keystone)]#
neutron floatingip-create ext_net

Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| created_at          | 2016-10-26T04:21:37Z                 |
| description         |                                      |
| fixed_ip_address    |                                      |
| floating_ip_address | 10.0.0.205                           |
| floating_network_id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd |
| id                  | 9cb33190-69bf-4b32-a607-d1cb6f1d6e03 |
| port_id             |                                      |
| project_id          | 150e205a8791426e8028a94699fb8848     |
| revision_number     | 1                                    |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | 150e205a8791426e8028a94699fb8848     |
| updated_at          | 2016-10-26T04:21:37Z                 |
+---------------------+--------------------------------------+

[root@dlp ~(keystone)]#
Device_ID=`openstack server list | grep CentOS_7 | awk '{ print $2 }'`

[root@dlp ~(keystone)]#
Port_ID=`neutron port-list -- --device_id $Device_ID | grep 192.168.100.6 | awk '{ print $2 }'`

[root@dlp ~(keystone)]#
Floating_ID=`neutron floatingip-list | grep 10.0.0.205 | awk '{ print $2 }'`

[root@dlp ~(keystone)]#
neutron floatingip-associate $Floating_ID $Port_ID

Associated floating IP 9cb33190-69bf-4b32-a607-d1cb6f1d6e03
# confirm settings

[root@dlp ~(keystone)]#
neutron floatingip-show $Floating_ID

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| created_at          | 2016-10-26T04:21:37Z                 |
| description         |                                      |
| fixed_ip_address    | 192.168.100.6                        |
| floating_ip_address | 10.0.0.205                           |
| floating_network_id | 2bcdbea6-a56b-4ad3-a412-17424cecaabd |
| id                  | 9cb33190-69bf-4b32-a607-d1cb6f1d6e03 |
| port_id             | 6e0084aa-9e83-41ce-8ba7-b50b8414f644 |
| project_id          | 150e205a8791426e8028a94699fb8848     |
| revision_number     | 2                                    |
| router_id           | 6ac557e2-bfa3-4e1b-8f7b-1fc8d72e9426 |
| status              | ACTIVE                               |
| tenant_id           | 150e205a8791426e8028a94699fb8848     |
| updated_at          | 2016-10-26T04:23:44Z                 |
+---------------------+--------------------------------------+
[9] Configure security settings like follows to access with SSH and ICMP.
# permit ICMP

[root@dlp ~(keystone)]#
neutron security-group-rule-create --direction ingress --protocol icmp default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 2ee46326-17cf-4b0a-89ff-84d91e5522db |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          | icmp                                 |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | daeb3c1f-67e1-4129-990c-49ca0504f841 |
| tenant_id         | 7a160aeddebd4e398fd22e6491f10baa     |
+-------------------+--------------------------------------+

# permit SSH

[root@dlp ~(keystone)]#
neutron security-group-rule-create --direction ingress --protocol tcp --port_range_min 22 --port_range_max 22 default

Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| description       |                                      |
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | e99bc736-a85c-4471-ba43-105b4cb8bd99 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | daeb3c1f-67e1-4129-990c-49ca0504f841 |
| tenant_id         | 7a160aeddebd4e398fd22e6491f10baa     |
+-------------------+--------------------------------------+

[root@dlp ~(keystone)]#
neutron security-group-rule-list

+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| id                                   | security_group | direction | ethertype | port/protocol | remote          |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
| 2ee46326-17cf-4b0a-89ff-84d91e5522db | default        | ingress   | IPv4      | icmp          | any             |
| 312684a0-534d-4053-98ed-ce8ddfd529f4 | default        | ingress   | IPv6      | any           | default (group) |
| 4ea4aa8d-792c-438f-966e-d01386786e97 | default        | egress    | IPv6      | any           | any             |
| 5761e89a-f57f-48c6-866a-11a7f1a0e719 | default        | ingress   | IPv4      | any           | default (group) |
| 988eba63-3fb0-456d-a94a-c21aab5fedf3 | default        | egress    | IPv4      | any           | any             |
| e99bc736-a85c-4471-ba43-105b4cb8bd99 | default        | ingress   | IPv4      | 22/tcp        | any             |
+--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
[10] It's possible to login to the Instance to connect to the IP address with SSH like follows.
[root@dlp ~(keystone)]#
ssh 10.0.0.205

root@10.0.0.205's password:
Last login: Wed Oct 26 14:08:39 2016
[root@host-192-168-100-6 ~]#    
# just logined
Matched Content
 
Tweet