This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.

1. OpenStack Networking
Hands-On Tutorial
Kyle Mestery (@mestery)
Mark McClain (@gtwmm)

2. ● Quick OpenStack and Neutron Overview
● Neutron Deployment Overview
● Hands-On With Neutron
○ Networks and Subnets
○ Routers and L3 constructs
○ LBaaS
○ VPNaaS
Agenda

3. OpenStack and Neutron Overview

4. About OpenStack
● Open Source project founded in 2010
● 1,786 Unique Developers during Kilo
● A growing ecosystem of projects
○ With a new governance model!
● Production Ready
● Latest Release 2015.1 - Kilo (11th Release)
● Apache 2 Licensed

5. OpenStack

6. What does the user see?

7. What is Neutron?
● Provides “networking as a service”
● Provides Rich Topologies
● Technology Agnostic
● Extensible
● Advanced Services Support
○ LBaaS, VPNaaS, FWaaS

8. Neutron Design Goals
● Unified API
● Small Core
● Pluggable Open Architecture
● Extensible
● Growing ecosystem (Neutron as a platform)

9. Abstractions

10. Basic Deployment

11. Neutron Installation Tips

12. Types of Network Traffic
● Management
○ Internal communication between services
● API
○ Exposes OpenStack APIs to users of the cloud
● Guest
○ A network dedicated to instance traffic
● External
○ Provides Neutron routers with network access

13. Single NIC Setup
VM
VM
VM
br-int
br-tun
br-eth0 eth0
overlay
networks
mgmt and
API
external

14. Multi-Nic Setup
VM
VM
VM
br-int
br-tun
br-eth1 eth1
overlay
networks
mgmt and
API
external
eth0 eth0

15. Bonded NIC Setup
VM
VM
VM
br-int
br-tun
br-bond0
eth1
overlay
networks
mgmt and
API
external
eth0
bond0

16. What Type Of Neutron Network To Use

17. Neutron Provider Network Setup
Compute
Host
Compute
Host
Compute
Host
Provider VLAN 100
Provider VLAN 200

18. When To Use Provider Networks?
● Mapping Neutron install into existing
network environment
● Small number of tenants
● Want to perform routing with existing
routers (physical or virtual)
● Little or no interest in floating IPs

19. Neutron With Overlays (and L2 gateways!)
Compute
Host
Compute
Host
Compute
Host
Network
Node
Underlay Network
L2 Gateway
Node
L2 Gateway node
handles translating
between overlay
networks to VLAN
networks
Network
node
handles L3
routing N/S,
and SNAT
when used
with DVR
DVR routes E/W
traffic and performs
DNAT locally

20. When To Use Neutron With Overlays?
● Large number of tenant networks
● Floating IPs central to installation

21. Neutron Tutorial

22. Thank you to our sponsor!
● Two options for gaining access to provided VMs
○ Join “tutorial” wifi network (password openstackneutron)
○ OR
○ ssh into the jumphost as “onug@67.205.58.120”
● Username/password for VMs: onug / ONUG2015

23. Components used in the tutorial
All-In-One Control/Compute Node (Ubuntu 14.04.1)
nova
glance
keystone
neutron
neutron l2
neutron l3
metadata
dhcp
Open vSwitch
rabbitmq

24. Tutorial Assumptions
● You are using a devstack install on a cloud
VM provided by Dreamhost
● The Tutorial uses the Kilo release of
OpenStack

25. Neutron Networks and Subnets
In this section, we’ll cover basic Neutron
operations around networks, ports and subnets

26. Neutron Network Types
● local networks
● provider networks
● overlay networks

27. Neutron local networks
● local networks are created locally on the host
○ traffic is local on the node it is created on
● DHCP and metadata may not work with local
networks
● Useful for complex technologies where you
want to keep some traffic local to a small
number of VMs on a host

28. Create a local network
neutron net-create --provider:network_type=local onug_local

29. Neutron provider networks
● Useful when using a small number of tenants
and you want to share networks created by
the admin
● Assumes L3 routing handled in existing
infrastructure

30. Creating a provider network
neutron net-create --provider:network_type=vlan --provider:
physical_network=physnet1 --provider:segmentation_id=200 --shared
onug_vlan_network

31. Tenant overlay networks
● Useful for installations with a large number
of tenants
● Allows tenants to create rich network layouts
● Allows for overlapping, shared IP address
spaces
● Can utilize floating IPs for remote access
● Utilize L2 gateways to bridge to VLAN
networks

32. Create an overlay network
neutron net-create onug_overlay

33. Neutron subnets
● Subnets are the main L3 resource in Neutron
● Subnets can be IPv4 or IPv6
● Planning ahead for your subnets is
important
○ Note: Pluggable IPAM will be available in Liberty,
and allow for integration with existing IPAM
solutions you may have

34. Creating a subnet
neutron subnet-create onug_overlay 192.168.100.0/24 --name onug_overlay_subnet --ip-version=4 --
gateway=192.168.100.1 --allocation-pool start=192.168.100.2,end=192.168.100.254 --dns-
nameservers 8.8.8.8 8.8.4.4

35. Quick Detour: Neutron Ports
Port created for DHCP agent from previous port

36. Neutron Ports and Namespaces
The DHCP port created previously looks like this on the host itself

37. Neutron Routers
We’ll cover Neutron routers, floating IPs, and
building complex topologies with them

38. Neutron Routers: Overview
● Neutron routers are per-tenant
○ Admin can create routers for tenants
● Neutron routers support both IPv4 and IPv6
● Neutron routers can route traffic between
internal and external networks
● Neutron routers can also route traffic
between internal networks

39. Neutron With Routers

40. Create a router
neutron router-create onug_router

41. Neutron router ports
Neutron router
Internal
interface
Gateway
interfaceThis interface is
attached to a local
subnet
This interface is
attached to an
upstream device to
provide external
connectivity

42. Distributed Routers!

43. Neutron With Distributed Routers!

44. Attaching router ports
● Attach the internal router port
○ neutron router-interface-add 87e8ca5c-7446-40d2-9973-
b57c6a9f1b0a 68f34192-72d7-4e4d-82ae-b87410113a9a
● Attach the gateway port
○ neutron router-gateway-set 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a
dab3f1f7-7015-4439-b393-0ad75d2de536

45. Verify your router ports
neutron router-port-list 87e8ca5c-7446-40d2-9973-b57c6a9f1b0a

46. Launch An Instance
Find your image UUID and flavor ID

47. Launch an Instance (cont.)
Boot the instance
attaching to your
tenant created
network

48. Verify the Instance Is Up
Note: We added a security group rule to allow ICMP packets.

49. Neutron NAT
● Neutron supports two types of NAT
○ one-to-one (with floating IPs)
○ one-to-many (without floating IPs)
● NAT and DVR
○ DVR supports decentralized DNAT but requires
centralized SNAT

50. Create And Add a Floating IP

51. Neutron subnetpools
● Allow for creation of a range of address to be
allocated to a pool
● Subnet allocation can now happen out of
that range
● Instead of requiring specific addressing, can
now utilize dynamic addressing from the
pool

52. subnetpool: create network

53. subnetpool: create subnetpool

54. subnetpool: create subnet using pool

55. Neutron LBaaS
We’ll walk through Neutron Load Balancing as
a Service here, creating LBaaS constructs using
the new for Kilo LBaaS V2 API

56. Neutron LBaaS V2
● Neutron LBaaS V2 is new in Kilo
○ New API with different objects and attributes
○ http://developer.openstack.org/api-ref-networking-
v2-ext.html#lbaas-v2.0
● Lets give it a try!

57. Neutron LBaas V2 Tutorial
● Create 2 nova instances on onug_overlay
network
● Setup security group rules to allow port 80
● Run simple HTTP servers in those servers
● Create LBaaS constructs to balance HTTP
requests across servers

58. Create 2 Nova Instances

59. Add security group rules

60. Spinup simple web servers

61. Create some loadbalancers

62. Create the listener

63. Create the pool

64. Add members

65. Verify it’s working

66. Debugging Neutron

67. Neutron Open Source Backends

68. Open Source Options
● Dragonflow
● OpenContrail
● OpenDaylight
● OVN
● Announced today: Akanda

69. Dragonflow
● A fully distributed virtual router using
OpenFlow and Open vSwitch
● Removes the use of namespaces on the host
for DVR
○ Implementation utilizes straight OpenFlow

70. Dragonflow Architecture

71. OpenContrail
● Extensible networking system designed for
cloud networking and NFV
● Consists of two components: Controller and
vRouter
○ Controller is logically centralized by physically
distributed SDN controller
○ vRouter is a forwarding plane which runs in the
hypervisor

72. OpenContrail Architecture
OpenStack
Nova
OpenContrail
Neutron
Plugin
Compute Node
OpenStack
Nova Agent
vRouter
Agent
Contrail Node
Configuration Node

73. OpenDaylight
● A community led, industry supported open
source platform to support the adoption of
SDN and NFV
● A platform to allow for many different APIs
on both the north and south side

74. OpenDaylight Architecture
OpenStack
Nova
OpenDaylight
ML2 Driver
Compute Node
OpenStack
Nova Agent
Open
vSwitch
Compute Node
OpenStack
Nova Agent
Open
vSwitch

75. Open Virtual Networking (OVN)
● Compliments OVS by adding native support
for virtual networking abstractions
○ L2 and L3 overlays, security groups, etc.
● Not a general purpose SDN controller
○ Focuses on L2/L3 networking
● Tight integration with OpenStack

76. OVN
OpenStack
OVN NB Database
OVN ML2
Driver
ovn-nbd
OVN DB
ovn-controller
ovs-vswitchd ovsdb-server
ovn-controller
ovs-vswitchd ovsdb-server