openstack/openstack-manuals
Code Issues Proposed changes
7d39198c1f
openstack-manuals/doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml
Diane Fleming 42b23e8c84 Edits to install guide 
Closes-Bug: #1249082

Change-Id: I9f68073da5ca25867b2b8c099cce5df34f6a3eec
author: diane fleming
2013-11-10 06:43:51 +01:00

897 lines
50 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-routers-with-private-networks">
<title>Per-tenant routers with private networks</title>
<para>This section describes how to install the Networking service
and its components for a per-tenant routers with private
networks use case.</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/UseCase-MultiRouter.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>The following figure shows the setup:</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata contentwidth="6in"
fileref="../common/figures/demo_routers_with_private_networks.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<para>As shown in the figure, the setup includes:</para>
<itemizedlist>
<listitem>
<para>An interface for management traffic on each
node.</para>
</listitem>
<listitem>
<para>Use of the Open vSwitch plug-in.</para>
</listitem>
<listitem>
<para>GRE tunnels for data transport on all agents.</para>
</listitem>
<listitem>
<para>Floating IPs and router gateway ports that are
configured in an external network, and a physical
router that connects the floating IPs and router
gateway ports to the outside world.</para>
</listitem>
</itemizedlist>
<note>
<para>Because this example runs a DHCP agent and L3 agent on
one node, you must set the
<literal>use_namespace</literal> option to
<literal>True</literal> in the configuration file for
each agent. The default is <literal>True</literal>.</para>
</note>
<para>The following table describes the nodes:</para>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="80%"/>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Controller Node</td>
<td><para>Runs Networking, Identity Service, and all
Compute services that are required to deploy
VMs (<systemitem class="service"
>nova-api</systemitem>, <systemitem
class="service"
>nova-scheduler</systemitem>, for
example). The node must have at least one
network interface, which connects to the
Management Network. The host name is
<literal>controlnode</literal>, which
other nodes resolve to the IP of the
controller node.</para><note>
<para>The <systemitem class="service"
>nova-network</systemitem> service
should not be running. This is replaced by
Networking.</para>
</note></td>
</tr>
<tr>
<td>Compute Node</td>
<td>Runs the Networking L2 agent and the Compute
services that run VMs (<systemitem class="service"
>nova-compute</systemitem> specifically, and
optionally other <systemitem class="service"
>nova-*</systemitem> services depending on
configuration). The node must have at least two
network interfaces. One interface communicates
with the controller node through the management
network. The other node is used for the VM traffic
on the data network. The VM receives its IP
address from the DHCP agent on this network.</td>
</tr>
<tr>
<td>Network Node</td>
<td>Runs Networking L2 agent, DHCP agent and L3 agent.
This node has access to the external network. The
DHCP agent allocates IP addresses to the VMs on
data network. (Technically, the addresses are
allocated by the Networking server, and
distributed by the dhcp agent.) The node must have
at least two network interfaces. One interface
communicates with the controller node through the
management network. The other interface is used as
external network. GRE tunnels are set up as data
networks.</td>
</tr>
<tr>
<td>Router</td>
<td>Router has IP 30.0.0.1, which is the default
gateway for all VMs. The router must be able to
access public networks.</td>
</tr>
</tbody>
</informaltable>
<para>The use case assumes the following:</para>
<para><emphasis role="bold">Controller node</emphasis></para>
<orderedlist>
<listitem>
<para>Relevant Compute services are installed, configured,
and running.</para>
</listitem>
<listitem>
<para>Glance is installed, configured, and running. In
addition, an image named tty must be present.</para>
</listitem>
<listitem>
<para>Identity is installed, configured, and running. A
Networking user named <emphasis role="bold"
>neutron</emphasis> should be created on tenant
<emphasis role="bold">service</emphasis> with
password <emphasis role="bold"
>NEUTRON_PASS</emphasis>.</para>
</listitem>
<listitem>
<para>Additional services: <itemizedlist>
<listitem>
<para>RabbitMQ is running with default guest
and its password</para>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>MySQL server (user is <emphasis
role="bold">root</emphasis> and
password is <emphasis role="bold"
>root</emphasis>)</para>
</listitem>
</itemizedlist></para>
</listitem>
</orderedlist>
<para><emphasis role="bold">Compute node</emphasis></para>
<para>Compute is installed and configured.</para>
<section xml:id="demo_routers_with_private_networks_installions">
<title>Install</title>
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Controller
node—Networking server</emphasis></para>
<orderedlist>
<listitem>
<para>Install the Networking
server.</para>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Create database <emphasis
role="bold"
>ovs_neutron</emphasis>.</para>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>,
with plug-in choice and Identity
Service user as necessary:</para>
<programlisting language="ini" os="rhel;centos;fedora;opensuse;sles;ubuntu">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron
[keystone_authtoken]
admin_tenant_name=service
admin_user=neutron
admin_password=<replaceable>NEUTRON_PASS</replaceable>
</programlisting>
<programlisting language="ini" os="debian">[DEFAULT]
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron
</programlisting>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Update the plug-in configuration
file,
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
</programlisting>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Start the Networking server</para>
<para>The Networking server can be a
service of the operating system. The
command to start the service depends
on your operating system. The
following command runs the Networking
server directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Compute node—Compute </emphasis><orderedlist>
<listitem>
<para>Install Compute services.</para>
</listitem>
<listitem>
<para>Update the Compute <filename>
/etc/nova/nova.conf</filename>
configuration file. Make sure the
following line appears at the end
of this file:</para>
<programlisting language="ini">network_api_class=nova.network.neutronv2.api.API
neutron_admin_username=neutron
neutron_admin_password=<replaceable>NEUTRON_PASS</replaceable>
neutron_admin_auth_url=http://controlnode:35357/v2.0/
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_url=http://controlnode:9696/
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
</programlisting>
</listitem>
<listitem>
<para>Restart relevant Compute
services.</para>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute and Networking
node—L2 agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install and start Open
vSwitch.</para>
</listitem>
<listitem>
<para>Install the L2 agent (Neutron Open
vSwitch agent).</para>
</listitem>
<listitem>
<para>Add the integration bridge to the
Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>:</para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
</listitem>
<listitem>
<para>Update the plug-in configuration
file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Compute node:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.202
</programlisting>
<para>Network node:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.203
</programlisting>
</listitem>
<listitem>
<para>Create the integration bridge
<emphasis role="bold"
>br-int</emphasis>:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl --may-exist add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Start the Networking L2 agent</para>
<para>The Networking Open vSwitch L2 agent
can be a service of operating system.
The command to start depends on your
operating systems. The following
command runs the service
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—DHCP
agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install the DHCP agent.</para>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
allow_overlapping_ips = True</programlisting>
<para><emphasis role="bold">Set
<literal>allow_overlapping_ips</literal>
because TenantA and TenantC use
overlapping
subnets.</emphasis></para>
</listitem>
<listitem>
<para>Update the DHCP <filename>
/etc/neutron/dhcp_agent.ini</filename>
configuration file:</para>
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</programlisting>
</listitem>
<listitem>
<para>Start the DHCP agent.</para>
<para>The Networking DHCP agent can be a
service of operating system. The
command to start the service depends
on your operating system. The
following command runs the service
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/dhcp_agent.ini</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—L3
agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install the L3 agent.</para>
</listitem>
<listitem>
<para>Add the external network
bridge</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
</listitem>
<listitem>
<para>Add the physical interface, for
example eth0, that is connected to the
outside network to this bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth0</userinput></screen>
</listitem>
<listitem>
<para>Update the L3 configuration file
<filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<programlisting language="ini">[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces=True</programlisting>
<para><emphasis role="bold">Set the
<literal>use_namespaces</literal>
option (it is True by default)
because TenantA and TenantC have
overlapping subnets, and the
routers are hosted on one l3 agent
network node.</emphasis></para>
</listitem>
<listitem>
<para>Start the L3 agent</para>
<para>The Networking L3 agent can be a
service of operating system. The
command to start the service depends
on your operating system. The
following command starts the agent
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-l3-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/l3_agent.ini</userinput></screen>
</listitem>
</orderedlist>
</listitem>
</itemizedlist>
</para>
</section>
<section xml:id="demo_per_tenant_router_network_config">
<title>Configure logical network</title>
<para>All of the commands below can be executed on the network
node.</para>
<note>
<para>Ensure that the following environment variables are
set. Various clients use these to access the Identity
Service.</para>
</note>
<programlisting language="bash">export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
<orderedlist>
<listitem>
<para>Get the tenant ID (Used as $TENANT_ID
later):</para>
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput>
<computeroutput>+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 247e478c599f45b5bd297e8ddbbc9b6a | TenantA | True |
| 2b4fec24e62e4ff28a8445ad83150f9d | TenantC | True |
| 3719a4940bf24b5a8124b58c9b0a6ee6 | TenantB | True |
| 5fcfbc3283a142a5bb6978b549a511ac | demo | True |
| b7445f221cda4f4a8ac7db6b218b1339 | admin | True |
+----------------------------------+---------+---------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Get the user information:</para>
<screen><prompt>#</prompt> <userinput>keystone user-list</userinput>
<computeroutput>+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
| 5a9149ed991744fa85f71e4aa92eb7ec | demo | True | |
| 5b419c74980d46a1ab184e7571a8154e | admin | True | admin@example.com |
| 8e37cb8193cb4873a35802d257348431 | UserC | True | |
| c11f6b09ed3c45c09c21cbbc23e93066 | UserB | True | |
| ca567c4f6c0942bdac0e011e97bddbe3 | UserA | True | |
+----------------------------------+-------+---------+-------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create the external network and its subnet by
admin user:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create Ext-Net --provider:network_type local --router:external true</userinput>
<computeroutput>Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| name | Ext-Net |
| provider:network_type | local |
| provider:physical_network | |
| provider:segmentation_id | |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>#</prompt> <userinput>neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} |
| cidr | 30.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 30.0.0.1 |
| host_routes | |
| id | ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 |
| ip_version | 4 |
| name | |
| network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+------------------+--------------------------------------------+
</computeroutput></screen>
<para><emphasis role="bold">
<literal>provider:network_type local</literal>
means that Networking does not have to realize
this network through provider network.
<literal>router:external true</literal>
means that an external network is created
where you can create floating IP and router
gateway port.</emphasis></para>
</listitem>
<listitem>
<para>Add an IP on external network to br-ex.</para>
<para>Because br-ex is the external network bridge,
add an IP 30.0.0.100/24 to br-ex and ping the
floating IP of the VM from our network
node.</para>
<screen><prompt>#</prompt> <userinput>ip addr add 30.0.0.100/24 dev br-ex</userinput>
<prompt>#</prompt> <userinput>ip link set br-ex up</userinput></screen>
</listitem>
<listitem>
<para>Serve TenantA.</para>
<para>For TenantA, create a private network, subnet,
server, router, and floating IP.</para>
<orderedlist>
<listitem>
<para>Create a network for TenantA:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantA-Net</userinput>
<computeroutput>Created a new network:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | True |
| id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| name | TenantA-Net |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------+--------------------------------------+</computeroutput></screen>
<para>After that, you can use admin user to
query the provider network
information:</para>
<screen><prompt>#</prompt> <userinput>neutron net-show TenantA-Net</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| name | TenantA-Net |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<para>The network has GRE tunnel ID (for
example, provider:segmentation_id)
1.</para>
</listitem>
<listitem>
<para>Create a subnet on the network
TenantA-Net:</para>
<screen><prompt>#</prompt> <userinput>
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 51e2c223-0492-4385-b6e9-83d4e6d10657 |
| ip_version | 4 |
| name | |
| network_id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+------------------+--------------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Create a server for TenantA:</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 TenantA_VM1</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------+--------+----------------------+
| 7c5e6499-7ef7-4e36-8216-62c2941d21ff | TenantA_VM1 | ACTIVE | TenantA-Net=10.0.0.3 |
+--------------------------------------+-------------+--------+----------------------+
</computeroutput></screen>
<note>
<para>It is important to understand that
you should not attach the instance to
Ext-Net directly. Instead, you must
use a floating IP to make it
accessible from the external
network.</para>
</note>
</listitem>
<listitem>
<para>Create and configure a router for
TenantA:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantA-R1</userinput>
<computeroutput>Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 59cd02cb-6ee6-41e1-9165-d251214594fd |
| name | TenantA-R1 |
| status | ACTIVE |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657</userinput></screen>
<para>Added interface to router
TenantA-R1</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantA-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
<para>Associate a floating IP for
TenantA_VM1.</para>
<para>1. Create a floating IP:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net</userinput>
<computeroutput>Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 30.0.0.2 |
| floating_network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| id | 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 |
| port_id | |
| router_id | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------+--------------------------------------+
</computeroutput></screen>
<para>2. Get the port ID of the VM with ID
7c5e6499-7ef7-4e36-8216-62c2941d21ff:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 port-list -- \
--device_id 7c5e6499-7ef7-4e36-8216-62c2941d21ff</userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
</computeroutput></screen>
<para>3. Associate the floating IP with the VM
port:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-associate \
5a1f90ed-aa3c-4df3-82cb-116556e96bf1 6071d430-c66e-4125-b972-9a937c427520</userinput>
<computeroutput>Associated floatingip 5a1f90ed-aa3c-4df3-82cb-116556e96bf1
</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>neutron floatingip-list</userinput>
<computeroutput>+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | 10.0.0.3 | 30.0.0.2 | 6071d430-c66e-4125-b972-9a937c427520 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping the public network from the server
of TenantA.</para>
<para>In my environment, 192.168.1.0/24 is my
public network connected with my physical
router, which also connects to the
external network 30.0.0.0/24. With the
floating IP and virtual router, we can
ping the public network within the server
of tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
<computeroutput>PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=1.74 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=1.50 ms
64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=1.23 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping floating IP of the TenantA's
server:</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
<computeroutput>PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms
64 bytes from 30.0.0.2: icmp_req=2 ttl=63 time=0.898 ms
64 bytes from 30.0.0.2: icmp_req=3 ttl=63 time=0.940 ms
^C
--- 30.0.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Create other servers for TenantA.</para>
<para>We can create more servers for TenantA
and add floating IPs for them.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Serve TenantC.</para>
<para>For TenantC, we will create two private networks
with subnet 10.0.0.0/24 and subnet 10.0.1.0/24,
some servers, one router to connect to these two
subnets and some floating IPs.</para>
<orderedlist>
<listitem>
<para>Create networks and subnets for
TenantC:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net1</userinput>
<prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net1 \
10.0.0.0/24 --name TenantC-Subnet1</userinput>
<prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net2</userinput>
<prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net2 \
10.0.1.0/24 --name TenantC-Subnet2</userinput>
</screen>
<para>After that we can use admin user to
query the network's provider network
information:</para>
<screen><prompt>#</prompt> <userinput>neutron net-show TenantC-Net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 91309738-c317-40a3-81bb-bed7a3917a85 |
| name | TenantC-Net1 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 2 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | cf03fd1e-164b-4527-bc87-2b2631634b83 |
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+
</computeroutput></screen>
<screen><prompt>#</prompt> <userinput>neutron net-show TenantC-Net2</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 5b373ad2-7866-44f4-8087-f87148abd623 |
| name | TenantC-Net2 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 3 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 38f0b2f0-9f98-4bf6-9520-f4abede03300 |
| tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d |
+---------------------------+--------------------------------------+</computeroutput></screen>
<para>You can see GRE tunnel IDs (such as,
provider:segmentation_id) 2 and 3. And
also note the network IDs and subnet IDs
because you use them to create VMs and
router.</para>
</listitem>
<listitem>
<para>Create a server TenantC-VM1 for TenantC
on TenantC-Net1.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1</userinput></screen>
</listitem>
<listitem>
<para>Create a server TenantC-VM3 for TenantC
on TenantC-Net2.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3</userinput></screen>
</listitem>
<listitem>
<para>List servers of TenantC.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>+--------------------------------------+-------------+--------+-----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------+--------+-----------------------+
| b739fa09-902f-4b37-bcb4-06e8a2506823 | TenantC_VM1 | ACTIVE | TenantC-Net1=10.0.0.3 |
| 17e255b2-b14f-48b3-ab32-5df36566d2e8 | TenantC_VM3 | ACTIVE | TenantC-Net2=10.0.1.3 |
+--------------------------------------+-------------+--------+-----------------------+</computeroutput></screen>
<para>Note the server IDs because you use them
later.</para>
</listitem>
<listitem>
<para>Make sure servers get their IPs.</para>
<para>You can use VNC to log on the VMs to
check if they get IPs. If not, you must
make sure that the Networking components
are running correctly and the GRE tunnels
work.</para>
</listitem>
<listitem>
<para>Create and configure a router for
TenantC:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-create TenantC-R1</userinput></screen>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantC-R1 cf03fd1e-164b-4527-bc87-2b2631634b83</userinput>
<prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantC-R1 38f0b2f0-9f98-4bf6-9520-f4abede03300</userinput></screen>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantC-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
<para>Checkpoint: ping from within TenantC's
servers.</para>
<para>Because a router connects to two
subnets, the VMs on these subnets can ping
each other. And because the gateway for
the router is set, TenantC's servers can
ping external network IPs, such as
192.168.1.1, 30.0.0.1, and so on.</para>
</listitem>
<listitem>
<para>Associate floating IPs for TenantC's
servers.</para>
<para>Because a router connects to two
subnets, the VMs on these subnets can ping
each other. And because the gateway
interface for the router is set, TenantC's
servers can ping external network IPs,
such as 192.168.1.1, 30.0.0.1, and so
on.</para>
</listitem>
<listitem>
<para>Associate floating IPs for TenantC's
servers.</para>
<para>You can use similar commands to the ones
used in the section for TenantA.</para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</section>
<section xml:id="section_use-cases-tenant-router">
<title>Use case: per-tenant routers with private
networks</title>
<para>This use case represents a more advanced router scenario
in which each tenant gets at least one router, and
potentially has access to the Networking API to create
additional routers. The tenant can create their own
networks, potentially uplinking those networks to a
router. This model enables tenant-defined, multi-tier
applications, with each tier being a separate network
behind the router. Since there are multiple routers,
tenant subnets can overlap without conflicting, since
access to external networks all happens via SNAT or
Floating IPs. Each router uplink and floating IP is
allocated from the external network subnet.</para>
<para>
<mediaobject>
<imageobject>
<imagedata scale="55"
fileref="../common/figures/UseCase-MultiRouter.png"
align="left"/>
</imageobject>
</mediaobject>
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1mmQc8cBUoTEfEns-ehIyQSTvOrjUdl5xeGDv9suVyAY/edit -->
</para>
</section>
</section>
View Git Blame Copy Permalink