Learning OpenStack Networking Third Edition Build a solid foundation in virtual networking technologies for OpenStack-based clouds James Denton BIRMINGHAM - MUMBAI Learning OpenStack Networking Third Edition Copyright © 2018 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Kartikey Pandey Acquisition Editor: Prachi Bisht Content Development Editor: Trusha Shriyan Technical Editor: Cymon Pereira Copy Editor: Safis Editing Project Coordinator: Kinjal Bari Proofreader: Safis Editing Indexer: Aishwarya Gangawane Graphics: Jisha Chirayil Production Coordinator: Shraddha Falebhai First published: October 2014 Second edition: November 2015 Third edition : August 2018 Production reference: 1310818 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78839-249-5 www.packtpub.com mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Mapt is fully searchable Copy and paste, print, and bookmark content PacktPub.com Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the author James Denton is a Principal Architect at Rackspace with over 15 years of experience in systems administration and networking. He has a bachelor's degree in Business Management with a focus on Computer Information Systems from Texas State University in San Marcos, Texas. He is currently focused on OpenStack operations and support within the Rackspace Private Cloud team. James is the author of the Learning OpenStack Networking (Neutron), first and second editions, as well as OpenStack Networking Essentials, both by Packt Publishing. About the reviewers Andy McCrae works as a Principal Software Engineer at Red Hat in the Multi-Architecture team. Andy began his career at Rackspace as a Linux systems administrator, after completing a master's in engineering, majoring in Computer Science at University College London (UCL). He specializes in deployment and operations automation using tools such as Ansible and Chef, as well as in distributed storage systems, specifically Swift (OpenStack Object Storage) and Ceph. Andy was the Project Technical Lead for the OpenStack-Ansible project for the Ocata and Pike cycles and has given talks at multiple international OpenStack events. Andy is currently a maintainer on the ceph-ansible project and was previously a core reviewer on the Chef-OpenStack project. Andy was also a technical reviewer on the third and fourth editions of the OpenStack Cloud Computing Cookbook, Packt Publishing. Kevin Jackson is married and has three children. He has over 20 years experience working with hosted environments, and private and public clouds. He is an OpenStack specialist at Rackspace and has been working with OpenStack since the first release. Kevin has co- authored a number of OpenStack books, including the OpenStack Cloud Computing Cookbook. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Chapter 1: Introduction to OpenStack Networking 8 What is OpenStack Networking? 8 Features of OpenStack Networking 9 Switching 10 Routing 10 Load balancing 11 Firewalling 11 Virtual private networks 11 Network functions virtualization 12 OpenStack Networking resources 12 Virtual network interfaces 13 Virtual network switches 14 Overlay networks 14 Virtual Extensible Local Area Network (VXLAN) 15 Generic Router Encapsulation (GRE) 16 Generic Network Virtualization Encapsulation (GENEVE) 16 Preparing the physical infrastructure 17 Configuring the physical infrastructure 19 Management network 19 API network 20 External network 20 Guest network 21 Physical server connections 21 Single interface 21 Multiple interfaces 22 Bonding 22 Separating services across nodes 24 Using a single controller node 24 Using a dedicated network node 27 Summary 28 Chapter 2: Installing OpenStack 29 System requirements 30 Operating system requirements 30 Initial network configuration 31 Example networks 31 Interface configuration 34 Initial steps 36 Permissions 36 Configuring the OpenStack repository 36 Table of Contents Upgrading the system 37 Setting the hostnames 37 Installing and configuring Network Time Protocol 37 Rebooting the system 38 Installing OpenStack 38 Installing and configuring the MySQL database server 39 Installing and configuring the messaging server 40 Installing and configuring memcached 40 Installing and configuring the identity service 41 Configuring the database 41 Installing Keystone 42 Configuring tokens and drivers 42 Bootstrap the Identity service 43 Configuring the Apache HTTP server 43 Setting environment variables 43 Defining services and API endpoints in Keystone 44 Defining users, projects, and roles in Keystone 45 Installing and configuring the image service 45 Configuring the database 45 Defining the Glance user, service, and endpoints 46 Installing and configuring Glance components 46 Configuring authentication settings 47 Configuring additional settings 48 Verifying the Glance image service installation 48 Installing additional images 49 Installing and configuring the Compute service 50 Configuring the database 50 Defining the Nova user, service, and endpoints 51 Installing and configuring controller node components 51 Configuring authentication settings 52 Additional controller tasks 53 Installing and configuring compute node components 54 Additional compute tasks 56 Adding the compute node(s) to the cell database 57 Installing the OpenStack Dashboard 57 Updating the host and API version configuration 57 Configuring Keystone settings 58 Modifying network configuration 58 Uninstalling default Ubuntu theme (optional) 58 Reloading Apache 59 Testing connectivity to the dashboard 59 Familiarizing yourself with the dashboard 59 Summary 61 Chapter 3: Installing Neutron 62 Basic networking elements in Neutron 62 Extending functionality with plugins 63 Modular Layer 2 plugin 64 [ ii ] Table of Contents Drivers 64 TypeDrivers 64 Mechanism drivers 65 ML2 architecture 66 Network namespaces 67 Installing and configuring Neutron services 68 Creating the Neutron database 68 Configuring the Neutron user, role, and endpoint in Keystone 69 Installing Neutron packages 69 Configuring Neutron to use Keystone 70 Configuring Neutron to use a messaging service 71 Configuring Nova to utilize Neutron networking 71 Configuring Neutron to notify Nova 72 Configuring Neutron services 72 Starting neutron-server 74 Configuring the Neutron DHCP agent 74 Restarting the Neutron DHCP agent 75 Configuring the Neutron metadata agent 76 Restarting the Neutron metadata agent 78 Interfacing with OpenStack Networking 79 Using the OpenStack command-line interface 79 Using the Neutron command-line interface 80 Using the OpenStack Python SDK 81 Using the cURL utility 81 Summary 83 Chapter 4: Virtual Network Infrastructure Using Linux Bridges 84 Using the Linux bridge driver 85 Visualizing traffic flow through Linux bridges 86 VLAN 87 Flat 90 VXLAN 94 Potential issues when using overlay networks 95 Local 96 Configuring the ML2 networking plugin 98 Configuring the bridge interface 98 Configuring the overlay interface 98 ML2 plugin configuration options 100 Type drivers 101 Mechanism drivers 101 Using the L2 population driver 101 Tenant network types 102 Flat networks 103 Network VLAN ranges 103 VNI ranges 104 Security groups 105 Configuring the Linux bridge driver and agent 105 [ iii ] Table of Contents Installing the Linux bridge agent 105 Updating the Linux bridge agent configuration file 106 Physical interface mappings 106 Enabling VXLAN 107 L2 population 107 Local IP 108 Firewall driver 108 Configuring the DHCP agent to use the Linux bridge driver 109 Restarting services 109 Verifying Linux bridge agents 109 Summary 110 Chapter 5: Building a Virtual Switching Infrastructure Using Open vSwitch 111 Using the Open vSwitch driver 111 Basic OpenvSwitch commands 114 Base commands 114 ovs-vsctl 114 ovs-ofctl 115 ovs-dpctl 115 ovs-appctl 115 Visualizing traffic flow when using Open vSwitch 116 Identifying ports on the virtual switch 118 Identifying the local VLANs associated with ports 120 Programming flow rules 122 Flow rules for VLAN networks 122 Return traffic 125 Flow rules for flat networks 126 Flow rules for overlay networks 129 Flow rules for local networks 133 Configuring the ML2 networking plugin 134 Configuring the bridge interface 134 Configuring the overlay interface 134 ML2 plugin configuration options 136 Mechanism drivers 136 Flat networks 136 Network VLAN ranges 137 Tunnel ID ranges 137 VNI Ranges 138 Security groups 139 Configuring the Open vSwitch driver and agent 139 Installing the Open vSwitch agent 140 Updating the Open vSwitch agent configuration file 140 Tunnel types 140 L2 population 141 VXLAN UDP port 141 Integration bridge 142 Tunnel bridge 142 [ iv ]