openstack/openstack-ansible
Code Issues Proposed changes
41f42be6cc
openstack-ansible/doc/source/install-guide/overview-network-arch.rst
Jesse Pretorius 5cc5277939 [docs] Split Network Architecture page 
This splits the information in the Network Architecture page
into two parts. The one part remains in the install guide and
is revised to be appropriate. The other part is moved into an
Appendix.

Change-Id: I66fa73792ee21ddbc88ec71295900493a6eeb3a0
2016-09-07 12:30:50 +01:00

3.1 KiB
Raw Blame History

Network architecture

Although Ansible automates most deployment operations, networking on target hosts requires manual configuration as it varies from one use-case to another.

The following section describes the network configuration that must be implemented on all target hosts.

A deeper explanation of how the networking works can be found in network-appendix.

Host network bridges

OpenStack-Ansible uses bridges to connect physical and logical network interfaces on the host to virtual network interfaces within containers.

Target hosts are configured with the following network bridges:

  • LXC internal lxcbr0:
    • This bridge is required, but OpenStack-Ansible configures it automatically.
    • Provides external (typically internet) connectivity to containers.
    • This bridge does not directly attach to any physical or logical interfaces on the host because iptables handles connectivity. It attaches to eth0 in each container, but the container network interface it attaches to is configurable in openstack_user_config.yml in the provider_networks dictionary.
  • Container management br-mgmt:
    • This bridge is required.
    • Provides management of and communication between the infrastructure and OpenStack services.
    • Attaches to a physical or logical interface, typically a bond0 VLAN subinterface. Also attaches to eth1 in each container. The container network interface it attaches to is configurable in openstack_user_config.yml.
  • Storage br-storage:
    • This bridge is optional, but recommended for production environments.
    • Provides segregated access to Block Storage devices between OpenStack services and Block Storage devices.
    • Attaches to a physical or logical interface, typically a bond0 VLAN subinterface. Also attaches to eth2 in each associated container. The container network interface it attaches to is configurable in openstack_user_config.yml.
  • OpenStack Networking tunnel br-vxlan:
    • This bridge is required if the environment is configured to allow projects to create virtual networks.
    • Provides the interface for virtual (VXLAN) tunnel networks.
    • Attaches to a physical or logical interface, typically a bond1 VLAN subinterface. Also attaches to eth10 in each associated container. The container network interface it attaches to is configurable in openstack_user_config.yml.
  • OpenStack Networking provider br-vlan:
    • This bridge is required.
    • Provides infrastructure for VLAN tagged or flat (no VLAN tag) networks.
    • Attaches to a physical or logical interface, typically bond1. Attaches to eth11 for vlan type networks in each associated container. It is not assigned an IP address because it only handles layer 2 connectivity. The container network interface it attaches to is configurable in openstack_user_config.yml.