diff --git a/doc/glossary/glossary-terms.xml b/doc/glossary/glossary-terms.xml
index e908978dd8..7e779778d8 100644
--- a/doc/glossary/glossary-terms.xml
+++ b/doc/glossary/glossary-terms.xml
@@ -1467,6 +1467,13 @@
+
+ DHCP agent
+
+ OpenStack Networking agent that provides DHCP services
+ for virtual networks.
+
+ Diablo
@@ -2093,6 +2100,14 @@
passes network traffic between different networks.
+
+ Generic Receive Offload (GRO)
+
+ Feature of certain network interface drivers that
+ combines many smaller received packets into a large packet
+ before delivery to the kernel IP stack.
+
+ Generic Routing Encapsulation (GRE)
@@ -2797,6 +2812,13 @@
data link layer.
+
+ Layer-3 (L3) agent
+
+ OpenStack Networking agent that provides layer-3
+ (routing) services for virtual networks.
+
+ libvirt
@@ -2976,6 +2998,13 @@
the job completes.
+
+ Metadata agent
+
+ OpenStack Networking agent that provides metadata
+ services for instances.
+
+ Meta-Data Server (MDS)
diff --git a/doc/install-guide/ch_networking.xml b/doc/install-guide/ch_networking.xml
index d07c871c07..0f4b95bba2 100644
--- a/doc/install-guide/ch_networking.xml
+++ b/doc/install-guide/ch_networking.xml
@@ -49,6 +49,7 @@
we recommend using the Open vSwitch (OVS) plug-in.
+
diff --git a/doc/install-guide/section_neutron-ml2-network-node.xml b/doc/install-guide/section_neutron-ml2-network-node.xml
new file mode 100644
index 0000000000..7acb627072
--- /dev/null
+++ b/doc/install-guide/section_neutron-ml2-network-node.xml
@@ -0,0 +1,527 @@
+
+
+ Configure network node
+
+ Prerequisites
+ Before you configure Networking, you must enable certain kernel
+ networking functions.
+
+ Edit /etc/sysctl.conf to contain the
+ following:
+ net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
+
+
+ Implement the changes:
+ #sysctl -p
+
+
+
+ To install the Networking components:
+
+ #apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent openvswitch-datapath-dkms \
+ neutron-l3-agent neutron-dhcp-agent
+ #yum install openstack-neutron openstack-neutron-ml2
+ #zypper install openstack-neutron-openvswitch-agent openstack-neutron-l3-agent \
+ openstack-neutron-dhcp-agent openstack-neutron-metadata-agent
+
+ Ubuntu installations using Linux kernel version 3.11 or newer
+ do not require the openvswitch-datapath-dkms
+ package.
+
+
+ SUSE does not use a separate ML2 plug-in package.
+
+
+
+
+ To configure the Networking common components:
+ The Networking common component configuration includes the
+ authentication mechanism, messaging service, and plug-in.
+
+ Respond to prompts for
+ database management,
+ Identity service
+ credentials,
+ service endpoint
+ registration, and
+ messaging service
+ credentials.
+
+
+ Configure Networking to use the Identity service for
+ authentication:
+ Replace NEUTRON_PASS with the
+ password you chose for the neutron user
+ in the Identity service.
+ #openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ auth_strategy keystone
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ auth_uri http://controller:5000
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ auth_host controller
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ auth_protocol http
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ auth_port 35357
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ admin_tenant_name service
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ admin_user neutron
+#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
+ admin_password NEUTRON_PASS
+
+
+ Configure Networking to use the Identity service for
+ authentication:
+
+
+ Edit the /etc/neutron/neutron.conf
+ file and add the following key to the
+ [DEFAULT] section:
+ [DEFAULT]
+...
+auth_strategy = keystone
+ Add the following keys to the
+ [keystone_authtoken] section:
+ Replace NEUTRON_PASS with the
+ password you chose for the neutron user
+ in the Identity service.
+ [keystone_authtoken]
+...
+auth_uri = http://controller:5000
+auth_host = controller
+auth_protocol = http
+auth_port = 35357
+admin_tenant_name = service
+admin_user = neutron
+admin_password = NEUTRON_PASS
+
+
+
+
+ Configure Networking to use the messaging service:
+ Replace RABBIT_PASS with the password
+ you chose for the guest account in
+ RabbitMQ.
+ #openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ rpc_backend neutron.openstack.common.rpc.impl_kombu
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ rabbit_host controller
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ rabbit_userid guest
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ rabbit_password RABBIT_PASS
+
+
+ Configure Networking to use the messaging service:
+ #openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ rpc_backend neutron.openstack.common.rpc.impl_qpid
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ qpid_hostname controller
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ qpid_port 5672
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ qpid_username guest
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ qpid_password guest
+
+
+ Configure Networking to use the messaging service:
+
+
+ Edit the /etc/neutron/neutron.conf file
+ and add the following keys to the [DEFAULT]
+ section:
+ Replace RABBIT_PASS with the
+ password you chose for the guest account in
+ RabbitMQ.
+ [DEFAULT]
+...
+rpc_backend = neutron.openstack.common.rpc.impl_kombu
+rabbit_host = controller
+rabbit_password = RABBIT_PASS
+
+
+
+
+ Configure Networking to use the Modular Layer 2 (ML2) plug-in
+ and associated services:
+ #openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ core_plugin neutron.plugins.ml2.plugin.Ml2Plugin
+#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
+ service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
+
+ You must comment any lines in the
+ [service_providers] section.
+
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/neutron.conf to assist with
+ troubleshooting.
+
+
+
+ Configure Networking to use the Modular Layer 2 (ML2) plug-in
+ and associated services:
+
+
+ Edit the /etc/neutron/neutron.conf file
+ and add the following keys to the [DEFAULT]
+ section:
+ [DEFAULT]
+...
+core_plugin = ml2
+service_plugins = router
+allow_overlapping_ips = True
+
+
+
+ You must comment any lines in the
+ [service_providers] section.
+
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/neutron.conf to assist with
+ troubleshooting.
+
+
+
+
+ To configure the Layer-3 (L3) agent:
+ The Layer-3 (L3) agent provides routing
+ services for instance virtual networks.
+
+ Run the following commands:
+ #openstack-config --set /etc/neutron/l3_agent.ini DEFAULT \
+ interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+#openstack-config --set /etc/neutron/l3_agent.ini DEFAULT \
+ use_namespaces True
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/l3_agent.ini to assist with
+ troubleshooting.
+
+
+
+ Edit the /etc/neutron/l3_agent.ini file
+ and add the following keys to the [DEFAULT]
+ section:
+ [DEFAULT]
+...
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+use_namespaces = True
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/l3_agent.ini to assist with
+ troubleshooting.
+
+
+
+
+ To configure the DHCP agent:
+ The DHCP agent provides
+ DHCP services for instance virtual
+ networks.
+
+ Run the following commands:
+ #openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
+ interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
+#openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
+ dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
+#openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
+ use_namespaces True
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/dhcp_agent.ini to assist with
+ troubleshooting.
+
+
+
+ Edit the /etc/neutron/dhcp_agent.ini file
+ and add the following keys to the [DEFAULT]
+ section:
+ [DEFAULT]
+...
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+use_namespaces = True
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/dhcp_agent.ini to assist with
+ troubleshooting.
+
+
+
+
+ To configure the metadata agent:
+ The metadata agent provides configuration
+ information such as credentials for remote access to instances.
+
+ Run the following commands:
+ Replace NEUTRON_PASS with the
+ password you chose for the neutron user
+ in the Identity service. Replace
+ METADATA_SECRET with a suitable
+ secret for the metadata proxy.
+ #openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ auth_url http://controller:5000/v2.0
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ auth_region regionOne
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ admin_tenant_name service
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ admin_user neutron
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ admin_password NEUTRON_PASS
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ nova_metadata_ip controller
+#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
+ metadata_proxy_shared_secret METADATA_SECRET
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/metadata_agent.ini to assist with
+ troubleshooting.
+
+
+
+ Edit the /etc/neutron/metadata_agent.ini file
+ and add the following keys to the [DEFAULT]
+ section:
+ Replace NEUTRON_PASS with the
+ password you chose for the neutron user
+ in the Identity service. Replace
+ METADATA_SECRET with a suitable
+ secret for the metadata proxy.
+ [DEFAULT]
+...
+auth_url = http://controller:5000/v2.0
+auth_region = regionOne
+admin_tenant_name = service
+admin_user = neutron
+admin_password = NEUTRON_PASS
+nova_metadata_ip = controller
+metadata_proxy_shared_secret = METADATA_SECRET
+
+ We recommend adding verbose = True to
+ the [DEFAULT] section in
+ /etc/neutron/metadata_agent.ini to assist with
+ troubleshooting.
+
+
+
+ On the controller node, configure Compute to
+ use the metadata service:
+ Replace
+ METADATA_SECRET with the secret you chose
+ for the metadata proxy.
+ #openstack-config --set /etc/nova/nova.conf DEFAULT \
+ service_neutron_metadata_proxy true
+#openstack-config --set /etc/nova/nova.conf DEFAULT \
+ neutron_metadata_proxy_shared_secret METADATA_SECRET
+
+
+ On the controller node, edit the
+ /etc/nova/nova.conf file and add the following
+ keys to the [DEFAULT] section:
+ Replace
+ METADATA_SECRET with the secret you chose
+ for the metadata proxy.
+ [DEFAULT]
+...
+service_neutron_metadata_proxy = true
+neutron_metadata_proxy_shared_secret = METADATA_SECRET
+
+
+ On the controller node, restart the Compute
+ API service:
+ #service openstack-nova-api restart
+ #service nova-api restart
+
+
+
+ To configure the Modular Layer 2 (ML2) plug-in:
+ The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to
+ build virtual networking framework for instances.
+
+ Run the following commands:
+ Replace
+ INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
+ with the IP address of the instance tunnels network interface on
+ your network node.
+ #openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
+ type_drivers gre
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
+ tenant_network_types gre
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
+ mechanism_drivers openvswitch
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
+ tunnel_id_ranges 1:1000
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
+ local_ip INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
+ tunnel_type gre
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
+ enable_tunneling True
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
+ firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini security_group \
+ enable_security_group True
+
+
+ Edit the
+ /etc/neutron/plugins/ml2/ml2_conf.ini
+ file.
+ Add the following keys to the [ml2]
+ section:
+ [ml2]
+...
+type_drivers = gre
+tenant_network_types = gre
+mechanism_drivers = openvswitch
+ Add the following keys to the
+ [ml2_type_gre] section:
+ [ml2_type_gre]
+...
+tunnel_id_ranges = 1:1000
+ Add the [ovs] section and the following
+ keys to it:
+ Replace
+ INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
+ with the IP address of the instance tunnels network interface on
+ your network node.
+ [ovs]
+...
+local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
+tunnel_type = gre
+enable_tunneling = True
+ Add the [securitygroup] section and the
+ following keys to it:
+ [securitygroup]
+...
+firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+ Add the following key to the
+ [security_group] section:
+ [security_group]
+...
+enable_security_group = True
+
+
+
+ To configure the Open vSwitch (OVS) service:
+ The OVS service provides the underlying virtual networking framework
+ for instances. The integration bridge br-int handles
+ internal instance network traffic within OVS. The external bridge
+ br-ext handles external instance network traffic
+ within OVS. The external bridge requires a port on the physical external
+ network interface to provide instances with external network access.
+ In essence, this port bridges the virtual and physical external
+ networks in your environment.
+
+ Start the OVS service and configure it to start when the system
+ boots:
+ #service openvswitch start
+#chkconfig openvswitch on
+
+
+ Start the OVS service and configure it to start when the system
+ boots:
+ #service openvswitch-switch start
+#chkconfig openvswitch-switch on
+
+
+ Restart the OVS service:
+ #service openvswitch-switch restart
+
+
+ Restart the OVS service:
+ #service openvswitch restart
+
+
+ Add the integration bridge:
+ #ovs-vsctl add-br br-int
+
+
+ Add the external bridge:
+ #ovs-vsctl add-br br-ex
+
+
+ Add a port to the external bridge that connects to the physical
+ external network interface (eth2):
+ #ovs-vsctl add-port br-ex eth2
+
+ Depending on your network interface driver, you may need to
+ disable Generic Receive Offload (GRO) to
+ achieve suitable throughput between your instances and the external
+ network.
+ To temporarily disable GRO on the external network interface
+ while testing your environment:
+ #ethtool -K eth2 gro off
+
+
+
+
+ To finalize the installation:
+
+ The Networking service initialization scripts expect a symbolic
+ link /etc/neutron/plugin.ini pointing to the
+ configuration file associated with your chosen plug-in. Using
+ ML2, for example, the symbolic link must point to
+ /etc/neutron/plugins/ml2/ml2_conf.ini.
+ If this symbolic link does not exist, create it using the
+ following commands:
+ #cd /etc/neutron
+#ln -s plugins/ml2/ml2_conf.ini plugin.ini
+
+
+ The Networking service initialization scripts expect the variable
+ NEUTRON_PLUGIN_CONF in the
+ /etc/sysconfig/neutron file to reference the
+ configuration file associated with your chosen plug-in. Using
+ ML2, for example, edit the
+ /etc/sysconfig/neutron file and add the
+ following:
+ NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
+
+
+ Start the Networking services and configure them to start when
+ the system boots:
+ #service neutron-openvswitch-agent start
+#service neutron-l3-agent start
+#service neutron-dhcp-agent start
+#service neutron-metadata-agent start
+#chkconfig neutron-openvswitch-agent on
+#chkconfig neutron-l3-agent on
+#chkconfig neutron-dhcp-agent on
+#chkconfig neutron-metadata-agent on
+ #service openstack-neutron-openvswitch-agent start
+#service openstack-neutron-l3-agent start
+#service openstack-neutron-dhcp-agent start
+#service openstack-neutron-metadata-agent start
+#chkconfig openstack-neutron-openvswitch-agent on
+#chkconfig openstack-neutron-l3-agent on
+#chkconfig openstack-neutron-dhcp-agent on
+#chkconfig openstack-neutron-metadata-agent on
+
+
+ Restart the Networking services:
+ #service neutron-plugin-openvswitch-agent restart
+#service neutron-l3-agent restart
+#service neutron-dhcp-agent restart
+#service neutron-metadata-agent restart
+
+
+