From 25d19d243f67800796cbd1de2ab9c15d3ba8d4b9 Mon Sep 17 00:00:00 2001 From: Joseph Robinson Date: Tue, 3 Jun 2014 15:35:25 +1000 Subject: [PATCH] Editing Neutron Concepts Sentence and paragraph structure edits, and an additional heading to review the Neutron Concept section. Change-Id: I8328e7ae5d36c1f1aa365ed01a0ffee4b759229f backport: none Implements: blueprint installation-guide-improvements --- .../section_neutron-concepts.xml | 67 ++++++++++--------- 1 file changed, 35 insertions(+), 32 deletions(-) diff --git a/doc/install-guide/section_neutron-concepts.xml b/doc/install-guide/section_neutron-concepts.xml index b3c3a3bd09..c55ed49df5 100644 --- a/doc/install-guide/section_neutron-concepts.xml +++ b/doc/install-guide/section_neutron-concepts.xml @@ -4,54 +4,57 @@ xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> Networking concepts - OpenStack Networking (neutron) manages all of the networking facets for - the Virtual Networking Infrastructure (VNI) and the access layer aspects - of the Physical Networking Infrastructure (PNI) in your OpenStack - environment. OpenStack Networking allows tenants to create advanced virtual - network topologies including services such as + OpenStack Networking (neutron) manages all of the networking + facets for the Virtual Networking Infrastructure (VNI) in your + OpenStack environment. OpenStack Networking also manages the access + layer aspects of the Physical Networking Infrastructure (PNI). + Tenants can create advanced virtual network topologies using + OpenStack Networking. These topologies include services such as firewalls, load balancers, and virtual private networks (VPNs). Networking provides the following object abstractions: networks, - subnets, and routers. Each has functionality that mimics its + routers, and subnets. Each has a functionality that mimics its physical counterpart: networks contain subnets, and routers route traffic between different subnet and networks. + Each router has one gateway that connects to a network, and many + interfaces connected to subnets. Subnets can access machines on + other subnets connected to the same router. Any given Networking set up has at least one external network. - This network, unlike the other networks, is not merely a virtually - defined network. Instead, it represents the view into a slice of - the external network that is accessible outside the OpenStack - installation. IP addresses on the Networking external network are - accessible by anybody physically on the outside network. Because - this network merely represents a slice of the outside network, - DHCP is disabled on this network. + This external network, unlike the other networks, is not solely a + virtually defined network. It instead provides a view into a slice + of the network accessible outside the OpenStack installation, which + is the outside network. IP addresses on the external network are + accessible by anybody physically on the outside network. DHCP is + disabled on this network. + Machines can access the outside network through the gateway + for the router. For the outside network to access VMs, and for VM's + to access the outside network, routers between the networks are + needed. In addition to external networks, any Networking set up has one or more internal networks. These software-defined networks connect directly to the VMs. Only the VMs on any given internal network, or those on subnets connected through interfaces to a similar router, can access VMs connected to that network directly. - For the outside network to access VMs, and vice versa, routers - between the networks are needed. Each router has one gateway that - is connected to a network and many interfaces that are connected - to subnets. Like a physical router, subnets can access machines on - other subnets that are connected to the same router, and machines - can access the outside network through the gateway for the - router. - Additionally, you can allocate IP addresses on external + Additionally, you can allocate IP addresses on external networks to ports on the internal network. Whenever something is - connected to a subnet, that connection is called a port. You can - associate external network IP addresses with ports to VMs. This - way, entities on the outside network can access VMs. + connected to a subnet, that connection is called a port.You can + associate external network IP addresses with ports to VMs. + This way, entities on the outside network can access VMs. Networking also supports security - groups. Security groups enable administrators to - define firewall rules in groups. A VM can belong to one or more - security groups, and Networking applies the rules in those security + groups, which enable administrators to define + firewall rules in groups. A VM can belong to one or more + security groups. Networking applies the rules in those security groups to block or unblock ports, port ranges, or traffic types for that VM. - Each plug-in that Networking uses has its own concepts. While not - vital to operating Networking, understanding these concepts can help - you set up Networking. All Networking installations use a core plug-in - and a security group plug-in (or just the No-Op security group - plug-in). Additionally, Firewall-as-a-service (FWaaS) and + Networking plug-ins + Each plug-in that Networking uses has its own concepts. These + plug-in concepts are not vital to operating Networking. + Understanding these concepts can help you set up the Openstack + Networking service, however. All Networking installations use a core + plug-in and a security group plug-in (or just the No-Op security + group plug-in). Additionally, Firewall-as-a-service (FWaaS) and Load-balancing-as-a-service (LBaaS) plug-ins are available. +