280ae5b74e
fixes bug: 1230276 Change-Id: I57bb01d491a847fbe2de96c43053d5bf11065954
585 lines
32 KiB
XML
585 lines
32 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="section_networking-provider-router_with-provate-networks">
|
|
<title>Provider router with private networks</title>
|
|
<para>This section describes how to install the OpenStack Networking service and its components
|
|
for a single router use case: a provider router with private networks.</para>
|
|
<para>The following figure shows the setup:</para>
|
|
<note>
|
|
<para>Because you run the DHCP agent and L3 agent on one node, you must set
|
|
<literal>use_namespaces</literal> to <literal>True</literal> (which is the default)
|
|
in both agents' configuration files.</para>
|
|
</note>
|
|
<informalfigure>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata
|
|
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
|
|
contentwidth="6in"/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</informalfigure>
|
|
<para>The following nodes are in the setup:<table rules="all">
|
|
<caption>Nodes for use case</caption>
|
|
<thead>
|
|
<tr>
|
|
<th>Node</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td><para>Controller</para></td>
|
|
<td><para>Runs the OpenStack Networking service,
|
|
OpenStack Identity and all of the
|
|
OpenStack Compute services that are
|
|
required to deploy a VM.</para>
|
|
<para>The service must have at least two
|
|
network interfaces. The first should be
|
|
connected to the "Management Network" to
|
|
communicate with the compute and network
|
|
nodes. The second interface should be
|
|
connected to the API/public
|
|
network.</para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para>Compute</para></td>
|
|
<td><para>Runs OpenStack Compute and the OpenStack
|
|
Networking L2 agent.</para>
|
|
<para>This node will not have access the
|
|
public network.</para>
|
|
<para>The node must have at least two network
|
|
interfaces. The first is used to
|
|
communicate with the controller node,
|
|
through the management network. The VM
|
|
will receive its IP address from the DHCP
|
|
agent on this network.</para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para>Network</para></td>
|
|
<td><para>Runs OpenStack Networking L2 agent, DHCP
|
|
agent, and L3 agent.</para>
|
|
<para>This node will have access to the public
|
|
network. The DHCP agent will allocate IP
|
|
addresses to the VMs on the network. The
|
|
L3 agent will perform NAT and enable the
|
|
VMs to access the public network.</para>
|
|
<para>The node must have at least three
|
|
network interfaces. The first communicates
|
|
with the controller node through the
|
|
management network. The second interface
|
|
is used for the VM traffic and is on the
|
|
data network. The third interface connects
|
|
to the external gateway on the network.
|
|
</para></td>
|
|
</tr>
|
|
</tbody>
|
|
</table></para>
|
|
<section xml:id="demo_installions">
|
|
<title>Install</title>
|
|
<section xml:id="controller-install-neutron-server">
|
|
<title>Controller</title>
|
|
<procedure>
|
|
<title>To install and configure the controller
|
|
node</title>
|
|
<step>
|
|
<para>Run the following command:</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-neutron</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Configure Neutron services:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Edit file <filename>/etc/neutron/neutron.conf</filename>
|
|
and modify:
|
|
<programlisting language="ini">core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
|
|
auth_strategy = keystone
|
|
fake_rabbit = False
|
|
rabbit_password = guest</programlisting>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Edit file <filename>
|
|
/etc/neutron/plugins/ml2/ml2_conf.ini</filename>
|
|
and modify:</para>
|
|
<programlisting language="ini">[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@localhost:3306/neutron
|
|
[ml2]
|
|
tenant_network_type = vlan
|
|
[ml2_type_vlan]
|
|
network_vlan_ranges = physnet1:100:2999</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Edit file <filename>
|
|
/etc/neutron/api-paste.ini</filename>
|
|
and modify:</para>
|
|
<programlisting language="ini">admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</step>
|
|
<step>
|
|
<para>Start the services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section
|
|
xml:id="network-node-install-plugin-openvswitch-agent">
|
|
<title>Network node</title>
|
|
<procedure>
|
|
<title>To install and configure the network
|
|
node</title>
|
|
<step>
|
|
<para>Install the packages:</para>
|
|
<!-- FIXME openSUSE instructions -->
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent \
|
|
neutron-dhcp-agent neutron-l3-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch \
|
|
openstack-neutron</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start Open vSwitch:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add the integration bridge to the Open
|
|
vSwitch:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Update the OpenStack Networking
|
|
configuration file, <filename>
|
|
/etc/neutron/neutron.conf</filename>:</para>
|
|
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
|
|
rabbit_host = controller</programlisting>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \</userinput>
|
|
<userinput>DEFAULT qpid_hostname controller</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Update the plug-in configuration file,
|
|
<filename>
|
|
/etc/neutron/plugins/ml2/ml2_conf.ini
|
|
</filename>:</para>
|
|
<programlisting language="ini">[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@controller:3306/neutron
|
|
[ml2]
|
|
tenant_network_type=vlan
|
|
[ml2_type_vlan]
|
|
network_vlan_ranges = physnet1:1:4094
|
|
[ovs]
|
|
bridge_mappings = physnet1:br-eth1</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Create the network bridge <emphasis
|
|
role="bold">br-eth1</emphasis> (All VM
|
|
communication between the nodes occurs through
|
|
eth1):</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the external network bridge to the
|
|
Open vSwitch:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth2</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Edit the file <filename>
|
|
/etc/neutron/l3_agent.ini</filename>
|
|
and modify:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
auth_url = http://controller:35357/v2.0
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable>
|
|
metadata_ip = controller
|
|
use_namespaces = True</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Edit the file <filename>
|
|
/etc/neutron/api-paste.ini</filename>
|
|
and modify:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
auth_host = controller
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Edit the file <filename>
|
|
/etc/neutron/dhcp_agent.ini</filename>
|
|
and modify:</para>
|
|
<programlisting language="ini">use_namespaces = True</programlisting>
|
|
</step>
|
|
<step os="debian;ubuntu">
|
|
<para>Restart networking services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora">
|
|
<para>Start and permanently enable networking services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-dhcp-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-dhcp-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-l3-agent on</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora">
|
|
<!-- FIXME: Required on Debian/Ubuntu/openSUSE? -->
|
|
<para>
|
|
Enable the <systemitem class="service">neutron-ovs-cleanup</systemitem>
|
|
service. This service starts on boot and ensures that
|
|
Neutron has full control over the creation and management
|
|
of <literal>tap</literal> devices.
|
|
</para>
|
|
<screen><prompt>#</prompt> <userinput>chkconfig neutron-ovs-cleanup on</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="compute-node-install-openvswitch">
|
|
<title>Compute Node</title>
|
|
|
|
<procedure>
|
|
<title>To install and configure the compute node</title>
|
|
<step>
|
|
<!-- FIXME openSUSE, Fedora instructions -->
|
|
<para>Install the
|
|
packages:<screen><prompt>#</prompt> <userinput>apt-get install openvswitch-switch neutron-plugin-openvswitch-agent</userinput></screen></para>
|
|
</step>
|
|
<step>
|
|
<para>Start the OpenvSwitch
|
|
service:<screen><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen></para>
|
|
</step>
|
|
<step>
|
|
<para>Create the integration
|
|
bridge:<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen></para>
|
|
</step>
|
|
<step>
|
|
<para>Create the network bridge <emphasis
|
|
role="bold">br-eth1</emphasis> (All VM
|
|
communication between the nodes occurs through
|
|
eth1):</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Update the OpenStack Networking
|
|
configuration file <filename>
|
|
/etc/neutron/neutron.conf</filename>:</para>
|
|
<programlisting language="ini">rabbit_password = guest
|
|
rabbit_host = controller</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Update the file <filename>
|
|
/etc/neutron/plugins/ml2/ml2_conf.ini</filename>:</para>
|
|
<programlisting language="ini">[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@controller:3306/neutron
|
|
[ml2]
|
|
tenant_network_type = vlan
|
|
[ml2_type_vlan]
|
|
network_vlan_ranges = physnet1:1:4094
|
|
[ovs]
|
|
bridge_mappings = physnet1:br-eth1</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Restart the OpenvSwitch Neutron plug-in agent:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
</section>
|
|
<section xml:id="demo_logical_network_config">
|
|
<title>Logical Network Configuration</title>
|
|
<para>You can run the commands in the following procedures on
|
|
the network node.</para>
|
|
<note>
|
|
<para>Ensure that the following environment variables are
|
|
set. Various clients use these variables to access
|
|
OpenStack Identity.</para>
|
|
</note>
|
|
<para><itemizedlist>
|
|
<listitem>
|
|
<para>Create a <filename>novarc</filename> file:
|
|
<programlisting language="bash">export OS_TENANT_NAME=provider_tenant
|
|
export OS_USERNAME=admin
|
|
export OS_PASSWORD=password
|
|
export OS_AUTH_URL="http://controller:5000/v2.0/"
|
|
export SERVICE_ENDPOINT="http://controller:35357/v2.0"
|
|
export SERVICE_TOKEN=password</programlisting></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Export the
|
|
variables:<screen><prompt>#</prompt> <userinput>source novarc echo "source novarc">>.bashrc</userinput></screen>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>The admin user creates a network and subnet on behalf of
|
|
tenant_A. A user from tenant_A can also complete these
|
|
steps. <procedure>
|
|
<title>To configure internal networking</title>
|
|
|
|
<step>
|
|
<para>Get the tenant ID (Used as $TENANT_ID
|
|
later).</para>
|
|
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput>
|
|
<computeroutput>+----------------------------------+--------------------+---------+
|
|
| id | name | enabled |
|
|
+----------------------------------+--------------------+---------+
|
|
| 48fb81ab2f6b409bafac8961a594980f | provider_tenant | True |
|
|
| cbb574ac1e654a0a992bfc0554237abf | service | True |
|
|
| e371436fe2854ed89cca6c33ae7a83cd | invisible_to_admin | True |
|
|
| e40fa60181524f9f9ee7aa1038748f08 | tenant_A | True |
|
|
+----------------------------------+--------------------+---------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create an internal network named <emphasis
|
|
role="bold">net1</emphasis> for tenant_A
|
|
($TENANT_ID will be
|
|
e40fa60181524f9f9ee7aa1038748f08):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron net-create --tenant-id $TENANT_ID net1</userinput>
|
|
<computeroutput>+---------------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
|
|
| name | net1 |
|
|
| provider:network_type | vlan |
|
|
| provider:physical_network | physnet1 |
|
|
| provider:segmentation_id | 1024 |
|
|
| router:external | False |
|
|
| shared | False |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create a subnet on the network <emphasis
|
|
role="bold">net1</emphasis> (ID field
|
|
below is used as $SUBNET_ID later):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron subnet-create --tenant-id $TENANT_ID net1 10.5.5.0/24</userinput>
|
|
<computeroutput>+------------------+--------------------------------------------+
|
|
| Field | Value |
|
|
+------------------+--------------------------------------------+
|
|
| allocation_pools | {"start": "10.5.5.2", "end": "10.5.5.254"} |
|
|
| cidr | 10.5.5.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | True |
|
|
| gateway_ip | 10.5.5.1 |
|
|
| host_routes | |
|
|
| id | c395cb5d-ba03-41ee-8a12-7e792d51a167 |
|
|
| ip_version | 4 |
|
|
| name | |
|
|
| network_id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+------------------+--------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure></para>
|
|
<para>A user with the admin role must complete the following
|
|
steps. In this procedure, the user is admin from provider_tenant.<procedure>
|
|
<title>To configure the router and external
|
|
networking</title>
|
|
<step>
|
|
<para>Create a router named <emphasis role="bold"
|
|
>router1</emphasis> (ID is used as
|
|
$ROUTER_ID later):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-create router1</userinput>
|
|
<computeroutput>+-----------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+-----------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| external_gateway_info | |
|
|
| id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
|
|
| name | router1 |
|
|
| status | ACTIVE |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+-----------------------+--------------------------------------+</computeroutput></screen>
|
|
<note>
|
|
<para>The <parameter>--tenant-id</parameter>
|
|
parameter is not specified, so this router
|
|
is assigned to the provider_tenant
|
|
tenant.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Add an interface to <emphasis role="bold"
|
|
>router1</emphasis> and attach it to the
|
|
subnet from <emphasis role="bold"
|
|
>net1</emphasis>:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-interface-add $ROUTER_ID $SUBNET_ID</userinput>
|
|
<computeroutput>Added interface to router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
|
|
<note>
|
|
<para>You can repeat this step to add more
|
|
interfaces for other networks that belong
|
|
to other tenants.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Create the external network named <emphasis
|
|
role="bold">ext_net</emphasis>:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron net-create ext_net --router:external=True</userinput>
|
|
<computeroutput>+---------------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| name | ext_net |
|
|
| provider:network_type | vlan |
|
|
| provider:physical_network | physnet1 |
|
|
| provider:segmentation_id | 1 |
|
|
| router:external | True |
|
|
| shared | False |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+---------------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the subnet for floating IPs.</para>
|
|
<note>
|
|
<para>The DHCP service is disabled for this
|
|
subnet.</para>
|
|
</note>
|
|
<screen><prompt>#</prompt> <userinput>neutron subnet-create ext_net \
|
|
--allocation-pool start=7.7.7.130,end=7.7.7.150 \
|
|
--gateway 7.7.7.1 7.7.7.0/24 --disable-dhcp</userinput>
|
|
<computeroutput>+------------------+--------------------------------------------------+
|
|
| Field | Value |
|
|
+------------------+--------------------------------------------------+
|
|
| allocation_pools | {"start": "7.7.7.130", "end": "7.7.7.150"} |
|
|
| cidr | 7.7.7.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | False |
|
|
| gateway_ip | 7.7.7.1 |
|
|
| host_routes | |
|
|
| id | aef60b55-cbff-405d-a81d-406283ac6cff |
|
|
| ip_version | 4 |
|
|
| name | |
|
|
| network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+------------------+--------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Set the router's gateway to be the external
|
|
network:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID</userinput>
|
|
<computeroutput>Set gateway for router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
|
|
</step>
|
|
</procedure></para>
|
|
<para>A user from tenant_A completes the following steps, so
|
|
the credentials in the environment variables are different
|
|
than those in the previous procedure. <procedure>
|
|
<title>To allocate floating IP addresses</title>
|
|
<step>
|
|
<para>A floating IP address can be associated with
|
|
a VM after it starts. The ID of the port
|
|
($PORT_ID) that was allocated for the VM is
|
|
required and can be found as follows:</para>
|
|
<screen><prompt>#</prompt> <userinput>nova list</userinput>
|
|
<computeroutput>+--------------------------------------+--------+--------+---------------+
|
|
| ID | Name | Status | Networks |
|
|
+--------------------------------------+--------+--------+---------------+
|
|
| 1cdc671d-a296-4476-9a75-f9ca1d92fd26 | testvm | ACTIVE | net1=10.5.5.3 |
|
|
+--------------------------------------+--------+--------+---------------+
|
|
</computeroutput>
|
|
<userinput>neutron port-list -- --device_id 1cdc671d-a296-4476-9a75-f9ca1d92fd26</userinput>
|
|
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
|
|
| id | name | mac_address | fixed_ips |
|
|
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
|
|
| 9aa47099-b87b-488c-8c1d-32f993626a30 | | fa:16:3e:b4:d6:6c | {"subnet_id": "c395cb5d-ba03-41ee-8a12-7e792d51a167", "ip_address": "10.5.5.3"} |
|
|
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Allocate a floating IP (Used as
|
|
$FLOATING_ID):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-create ext_net</userinput>
|
|
<computeroutput>+---------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------+--------------------------------------+
|
|
| fixed_ip_address | |
|
|
| floating_ip_address | 7.7.7.131 |
|
|
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
|
|
| port_id | |
|
|
| router_id | |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Associate the floating IP with the VM's
|
|
port:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-associate $FLOATING_ID $PORT_ID</userinput>
|
|
<computeroutput>Associated floatingip 40952c83-2541-4d0c-b58e-812c835079a5</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Show the floating IP:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-show $FLOATING_ID</userinput>
|
|
<computeroutput>+---------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------+--------------------------------------+
|
|
| fixed_ip_address | 10.5.5.3 |
|
|
| floating_ip_address | 7.7.7.131 |
|
|
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
|
|
| port_id | 9aa47099-b87b-488c-8c1d-32f993626a30 |
|
|
| router_id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Test the floating IP:</para>
|
|
<screen><prompt>#</prompt> <userinput>ping 7.7.7.131</userinput>
|
|
<computeroutput>PING 7.7.7.131 (7.7.7.131) 56(84) bytes of data.
|
|
64 bytes from 7.7.7.131: icmp_req=2 ttl=64 time=0.152 ms
|
|
64 bytes from 7.7.7.131: icmp_req=3 ttl=64 time=0.049 ms
|
|
</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</para>
|
|
</section>
|
|
<section xml:id="section_use-cases-single-router">
|
|
<title>Use case: provider router with private networks</title>
|
|
<para>This use case provides each tenant with one or more private networks, which connect to
|
|
the outside world via an OpenStack Networking router. When each tenant gets exactly one
|
|
network, this architecture maps to the same logical topology as the VlanManager in
|
|
OpenStack Compute (although of course, OpenStack Networking doesn't require VLANs).
|
|
Using the OpenStack Networking API, the tenant can only see a network for each private
|
|
network assigned to that tenant. The router object in the API is created and owned by
|
|
the cloud administrator.</para>
|
|
<para>This model supports giving VMs public addresses using "floating IPs", in which the
|
|
router maps public addresses from the external network to fixed IPs on private networks.
|
|
Hosts without floating IPs can still create outbound connections to the external
|
|
network, because the provider router performs SNAT to the router's external IP. The IP
|
|
address of the physical router is used as the <literal>gateway_ip</literal> of the
|
|
external network subnet, so the provider has a default router for Internet traffic.</para>
|
|
<para>
|
|
The router provides L3 connectivity between private networks, meaning
|
|
that different tenants can reach each other's instances unless additional
|
|
filtering is used (for example, security groups). Because there is only a single
|
|
router, tenant networks cannot use overlapping IPs. Thus, it is likely
|
|
that the administrator would create the private networks on behalf of the tenants.
|
|
</para>
|
|
<para>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata scale="55" fileref="../common/figures/UseCase-SingleRouter.png"/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1DKxeZZXml_fNZHRoGPKkC7sGdkPJZCtWytYZqHIp_ZE/edit -->
|
|
</para>
|
|
</section>
|
|
</section>
|