Sign In Start Free Trial

Learning OpenStack Networking

By : James Denton

5 (1)

Learning OpenStack Networking

5 (1)

By: James Denton

Overview of this book

OpenStack Networking is a pluggable, scalable, and API-driven system to manage physical and virtual networking resources in an OpenStack-based cloud. Like other core OpenStack components, OpenStack Networking can be used by administrators and users to increase the value and maximize the use of existing datacenter resources. This third edition of Learning OpenStack Networking walks you through the installation of OpenStack and provides you with a foundation that can be used to build a scalable and production-ready OpenStack cloud. In the initial chapters, you will review the physical network requirements and architectures necessary for an OpenStack environment that provide core cloud functionality. Then, you’ll move through the installation of the new release of OpenStack using packages from the Ubuntu repository. An overview of Neutron networking foundational concepts, including networks, subnets, and ports will segue into advanced topics such as security groups, distributed virtual routers, virtual load balancers, and VLAN tagging within instances. By the end of this book, you will have built a network infrastructure for your cloud using OpenStack Neutron.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Introduction to OpenStack Networking

Introduction to OpenStack Networking

What is OpenStack Networking?

Preparing the physical infrastructure

Separating services across nodes

Summary

Installing OpenStack

Installing OpenStack

System requirements

Initial network configuration

Initial steps

Installing OpenStack

Summary

Installing Neutron

Installing Neutron

Basic networking elements in Neutron

Extending functionality with plugins

Network namespaces

Installing and configuring Neutron services

Configuring Neutron services

Interfacing with OpenStack Networking

Summary

Virtual Network Infrastructure Using Linux Bridges

Virtual Network Infrastructure Using Linux Bridges

Using the Linux bridge driver

Visualizing traffic flow through Linux bridges

Configuring the ML2 networking plugin

Configuring the Linux bridge driver and agent

Summary

Building a Virtual Switching Infrastructure Using Open vSwitch

Building a Virtual Switching Infrastructure Using Open vSwitch

Using the Open vSwitch driver

Basic OpenvSwitch commands

Visualizing traffic flow when using Open vSwitch

Configuring the ML2 networking plugin

Configuring the Open vSwitch driver and agent

Summary

Building Networks with Neutron

Building Networks with Neutron

Network management in OpenStack

Subnet management in OpenStack

Managing network ports in OpenStack

Summary

Attaching Instances to Networks

Attaching Instances to Networks

Attaching instances to networks

Exploring how instances get their addresses

Exploring how instances retrieve their metadata

Summary

Managing Security Groups

Managing Security Groups

Security groups in OpenStack

An introduction to iptables

Working with security groups

Applying security groups to instances and ports

Implementing security group rules

Working with security groups in the dashboard

Disabling port security

Allowed address pairs

Summary

Role-Based Access Control

Role-Based Access Control

Working with access control policies

Applying RBAC policies to projects

Creating policies for external networks

Summary

Creating Standalone Routers with Neutron

Creating Standalone Routers with Neutron

Routing traffic in the cloud

Installing and configuring the Neutron L3 agent

Router management in the CLI

Network address translation

Floating IP management

Demonstrating traffic flow from an instance to the internet

Router management in the dashboard

Summary

Router Redundancy Using VRRP

Router Redundancy Using VRRP

Using keepalived and VRRP to provide redundancy

Networking of highly available routers

Installing and configuring additional L3 agents

Configuring Neutron

Working with highly available routers

Decomposing a highly available router

Summary

Distributed Virtual Routers

Distributed Virtual Routers

Distributing routers across the cloud

Installing and configuring Neutron components

Routing east-west traffic between instances

Centralized SNAT

Floating IPs through distributed virtual routers

Summary

Load Balancing Traffic to Instances

Load Balancing Traffic to Instances

Fundamentals of load balancing

Integrating load balancers into the network

Installing LBaaS v2

Load balancer management in the CLI

Building a load balancer

Load balancer management in the dashboard

Summary

Advanced Networking Topics

Advanced Networking Topics

VLAN-aware VMs

BGP dynamic routing

Network availability zones

Summary

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 (1)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Implementing security group rules

In the following example, an instance named WEB1 has been created that acts as a web server running Apache on ports 80 and 443. Making a request to the web server at 192.168.206.6:80 eventually times out:

To demonstrate how security group rules are implemented on a compute node, take note of the following WEB_SERVERS security group:

The following screenshot demonstrates two security group rules being added to the WEB_SERVERS security group using the openstack security group rule create command. The rules allow inbound connections on ports 80 and 443 from any remote host, as defined by the CIDR 0.0.0.0/0:

Using the openstack server add security group command, the WEB_SERVERS security group can be applied to the WEB1 instance, as shown in the following screenshot:

Once a security group has been applied to the corresponding port of an instance...

Search

Your notes and bookmarks