openstack/openstack-manuals
Code Issues Proposed changes
94a351c640
openstack-manuals/doc/install-guide/source/neutron-compute-install-option1.rst
Matthew Kassawara 374a38f49a [install] Initial networking architecture changes 
Implement initial networking architecture changes for Liberty
as follows:

1) Remove nova-network.
2) Develop architecture for provider networks with Linux
   bridge agent.
3) Develop architecture for self-service networks with
   Linux bridge agent.
4) Munge the neutron controller and network node configuration
   together.
5) Rejigger neutron to use the Linux bridge agent.
6) Restructure launch an instance content to account for
   two networking options.
7) Other restructuring as necessary to meet the primary
   goal.

For simplicity, both architectures require only two nodes,
each with two network interfaces, to deploy core OpenStack
services. Also, to address recurring issues about the lack
of support for connecting instances directly to the
public/external network, the self-service architecture
augments the provider networks architecture which allows
connection to both private and public networks.

Change-Id: Ie3ab9a15ebfe82c0ce54f709c87a66d7cc46db3f
Implements: blueprint installguide-liberty
2015-09-22 10:59:55 -05:00

1.3 KiB
Raw Blame History

Networking Option 1: Provider networks

Install and configure the Networking components on a compute node.

Configure the Linux bridge agent

The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances including VXLAN tunnels for private networks and handles security groups.

Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.conf file.

  1. In the [linux_bridge] section, map the public virtual network to the public physical network interface:

    [linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME

    Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.

  2. In the [vxlan] section, disable VXLAN overlay networks:

    [vxlan]
enable_vxlan = False

  3. In the [securitygroup] section, enable security groups, enable ipset, and configure the Linux bridge iptables firewall driver:

    [securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

Return to Networking compute node configuration <neutron-compute-compute>.