book

LEARNING OPENSTACK NETWORKING (NEUTRON)

Name: LEARNING OPENSTACK NETWORKING (NEUTRON)
Author: James Denton
ISBN: 9781783983308

by James Denton

October 2014

Intermediate to advanced

300 pages

6h 24m

English

Packt Publishing

Read now

Unlock full access

Learning OpenStack Networking (Neutron)
Table of Contents
Learning OpenStack Networking (Neutron)
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
Downloading the example codeDownloading the color images of this bookErrataPiracyQuestions
1. Preparing the Network for OpenStack
What is OpenStack Networking?Features of OpenStack NetworkingSwitchingRoutingLoad balancingFirewallingVirtual private networks
Preparing the physical infrastructure
Types of network trafficManagement networkAPI networkExternal networkGuest network
Physical server connections
Single interfaceMultiple interfacesBondingSeparating services across nodesA single controller with one or more compute nodesA single controller plus network node with one or more compute nodes
Summary
2. Installing OpenStack
System requirementsOperating system requirementsInitial network configurationInterface configuration
Before you begin
PermissionsConfiguring the OpenStack repositoryInstalling OpenStack utilitiesSetting the hostnamesDisabling SELinuxRemoving iptables rulesInstalling and configuring Network Time ProtocolUpgrading the system
Installation of OpenStack
Installing and configuring the MySQL database serverInstalling the MySQL database clientInstalling and configuring the messaging serverInstalling and configuring the Identity serviceDefining users, tenants, and roles in KeystoneDefine services and API endpoints in KeystoneVerify the Keystone installationSetting environment variablesInstalling and configuring the image serviceDefine the Glance service and API endpoints in KeystoneVerify the Glance image service installationInstalling and configuring the Compute serviceInstalling and configuring controller node componentsInstalling and configuring compute node componentsVerify communication between servicesInstalling the OpenStack dashboardAllowing connections to the dashboardIdentifying the Keystone serverChanging the listener addressTesting connectivity to the dashboard
Summary
3. Installing Neutron
Basic Neutron constructsOverlapping networks using network namespacesExtending network functions with plugins
Installing and configuring Neutron services
Creating the Neutron databaseConfiguring the Neutron user, role, and endpoint in KeystoneEnabling packet forwardingConfiguring Neutron to use KeystoneConfiguring Neutron to use a messaging serviceConfiguring a root helperConfiguring Nova to utilize Neutron networking
Configuring Neutron services
Configuring neutron-serverStarting neutron-serverConfiguring the Neutron DHCP agentStarting the Neutron DHCP agentConfiguring the Neutron metadata agentConfiguring the Neutron L3 agentConfiguring the Neutron LBaaS agentUsing the Neutron command-line interface
Summary
4. Building a Virtual Switching Infrastructure
Providing layer 2 connectivity to instancesVirtual network interfacesBridgingConfiguring the bridge interface
Types of networks in Neutron
Choosing a networking plugin
LinuxBridgeInternal network connections when using LinuxBridgeVLANFlatLocalOpen vSwitchInternal network connections when using Open vSwitchIdentifying ports on the virtual switchIdentifying the local VLANs associated with portsProgramming flow rulesFlow rules for VLAN networksFlow rules for flat networksFlow rules for local networks
Configuring a layer 2 networking plugin
Configuring the LinuxBridge pluginConfiguring Nova to use LinuxBridgeConfiguring the DHCP agent to use LinuxBridgeLinuxBridge plugin configuration optionsTenant network typePhysical interface mappingsNetwork VLAN rangesFirewall driverRestarting servicesConfiguring the Open vSwitch pluginConfiguring Neutron to use Open vSwitchConfiguring Nova to use Open vSwitchConfiguring the DHCP agent to use Open vSwitchOpen vSwitch plugin configuration optionsBridge mappingsConfiguring the bridgesTenant network typeNetwork VLAN rangesEnable tunnelingTunnel typeTunnel ID rangesIntegration bridgeTunnel bridgeLocal IPConfiguring a virtual VLAN interface for overlay trafficFirewall driverDatabaseRestarting services to enable the Open vSwitch plugin
Summary
5. Creating Networks with Neutron
Network managementManaging networks in the CLICreating a flat network in the CLICreating a VLAN in the CLICreating a local network in the CLIListing networks in the CLIShowing network properties in the CLIUpdating networks in the CLIDeleting networks in the CLICreating networks in the dashboardUsing the Admin tab as an administratorUsing the Project tab as a userSubnets in NeutronCreating subnets in the CLICreating a subnet in the CLIListing subnets in the CLIShowing subnet properties in the CLIUpdating a subnet in the CLICreating subnets in the dashboardUsing the Admin tab as an administratorUsing the Project tab as a userNeutron ports
Attaching instances to networks
Attaching instances to networks using Nova bootAttaching and detaching network interfacesAdding secondary addresses to interfaces
Exploring how instances get their addresses
Exploring how instances retrieve their metadata
Router namespaceThe DHCP namespaceAdding a manual route to 169.254.169.254Using DHCP to inject the route
Summary
6. Creating Routers with Neutron
Configuring the Neutron L3 agentDefining an interface driverSetting the external networkSetting the external bridgeEnabling the metadata proxyStarting the Neutron L3 agent
Router management in the CLI
Creating routers in the CLIWorking with router interfaces in the CLIAttaching internal interfaces to routersAttaching a gateway interface to a routerListing interfaces attached to routersDeleting internal interfacesClearing the gateway interfaceListing routers in the CLIDisplaying router attributes in the CLIUpdating router attributes in the CLIDeleting routers in the CLI
Network Address Translation
Floating IP addresses
Floating IP Management
Creating floating IPs in the CLIAssociating floating IPs to ports in the CLIListing floating IPs in the CLIDisplaying floating IP attributes in the CLIDisassociating floating IPs in the CLIDeleting floating IPs in the CLI
Demonstrating traffic flow from instance to Internet
Setting the foundationCreating an external provider networkCreating a Neutron routerAttaching the router to the external networkTesting gateway connectivityCreating an internal networkAttaching the router to the internal networkCreating instancesVerifying instance connectivityObserving default NAT behaviorAssigning floating IPsReassigning floating IPs
Router management in the dashboard
Creating a router in the dashboardAttaching a gateway interface in the dashboardAttaching internal interfaces in the dashboardViewing the network topology in the dashboardAssociating floating IPs to instances in the dashboardDisassociating floating IPs in the dashboard
Summary
7. Load Balancing Traffic in Neutron
Fundamentals of load balancingLoad balancing algorithmsMonitoringSession persistence
Integrating load balancers into the network
Network namespaces
Installing LBaaS
Configuring the Neutron LBaaS agent serviceDefine an interface driverDefine a device driverChange the user groupDefine a service pluginStarting the Neutron LBaaS agent serviceEnabling LBaaS in Horizon
Load balancer management in the CLI
Managing pools in the CLICreating a poolDeleting a poolListing poolsShowing pool detailsShowing pool statisticsUpdating a poolListing pools associated with an agentManaging pool members in the CLICreating pool membersDeleting pool membersListing pool membersShowing pool member detailsUpdating a pool memberManaging health monitors in the CLICreating a health monitorDeleting a health monitorAssociating a health monitor with a poolDisassociating a health monitor from a poolListing health monitorsShowing health monitor detailsUpdating a health monitorManaging virtual IPs in the CLICreating a virtual IPDeleting a virtual IPListing virtual IPsShowing virtual IP detailsUpdating a virtual IP
Building a load balancer
Creating a poolCreating pool membersCreating a health monitorCreating a virtual IPThe LBaaS network namespaceConfirming load balancer functionalityObserving health monitorsConnecting to the virtual IP externally
Load balancer management in the dashboard
Creating a pool in the dashboardCreating pool members in the dashboardCreating health monitors in the dashboardCreating a virtual IP in the dashboardConnecting to the virtual IP externally
Summary
8. Protecting Instances on the Network
Security groups in OpenStack
Firewall-as-a-service
Introducing iptables
Working with security groups
Managing security groups in the CLICreating security groups in the CLIDeleting security groups in the CLIListing security groups in the CLIShowing the details of a security group in the CLIUpdating security groups in the CLICreating security group rules in the CLIDeleting security group rules in the CLIListing security group rules in the CLIShowing the details of a security group rule in the CLIApplying security groups to instances in the CLIImplementing security group rulesStepping through the chainsWorking with security groups in the dashboard
Working with FWaaS
Preparing Neutron for FWaaSConfiguring the FWaaS driverDefining a service pluginEnabling FWaaS in the dashboardWorking with firewalls in the CLICreating a firewall rule in the CLIDeleting a firewall rule in the CLIListing firewall rules in the CLIShowing the details of a firewall rule in the CLIUpdating a firewall rule in the CLICreating a firewall policy in the CLIDeleting a firewall policy in the CLIListing firewall policies in the CLIShowing the details of a firewall policy in the CLIUpdating a firewall policy in the CLIInserting rules into firewall policies in the CLIRemoving rules from firewall policies in the CLICreating a firewall in the CLIDeleting a firewall in the CLIListing firewalls in the CLIShowing the details of a firewall in the CLIUpdating a firewall in the CLIWorking with firewalls in the dashboard
Firewall rules – behind the scenes
Stepping through the chains within the firewall
Summary
A. Additional Neutron Commands
Neutron extensionsListing Neutron API extensionsShowing the details of an API extension
Virtual private networks
Per-tenant quotas
Listing the default quotasUpdating tenant quotasListing tenant quotasDeleting tenant quotas
Cisco Nexus 1000V command reference
VMware/Nicera command reference
B. ML2 Configuration
Installing the ML2 pluginCreating a database for ML2Configuring Neutron to use ML2Configuring service plugins
Configuring the ML2 plugin
Restarting Neutron services
Index

Content preview from LEARNING OPENSTACK NETWORKING (NEUTRON)

Introducing iptables

Both security groups and Neutron firewalls leverage iptables rules to perform traffic filtering. Iptables is a built-in firewall in Linux that allows a system administrator to define tables containing chains of rules that determine how network packets should be treated. Packets are processed by sequentially traversing rules in chains within the following tables:

Raw: This is a default table that filters packets before any other table. It is mainly used to configure exemptions from connection tracking and is not used by security groups or FWaaS.
Filter: This is a default table used to filter packets.
NAT: This is a default table used for network address translation.
Mangle: This is a default table used for specialized packet alteration ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Learning OpenStack Networking (Neutron), Second Edition

Publisher Resources

ISBN: 9781783983308

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

LEARNING OPENSTACK NETWORKING (NEUTRON)

by James Denton

Introducing iptables

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.