42b23e8c84
Closes-Bug: #1249082 Change-Id: I9f68073da5ca25867b2b8c099cce5df34f6a3eec author: diane fleming
651 lines
37 KiB
XML
651 lines
37 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="section_networking-provider-router_with-provate-networks">
|
|
<title>Provider router with private networks</title>
|
|
<para>This section describes how to install the OpenStack
|
|
Networking service and its components for a single router use
|
|
case: a provider router with private networks.</para>
|
|
<para>This figure shows the set up:</para>
|
|
<informalfigure>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata
|
|
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
|
|
contentwidth="6in"/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</informalfigure>
|
|
<note>
|
|
<para>Because you run the DHCP agent and L3 agent on one node,
|
|
you must set <literal>use_namespaces</literal> to
|
|
<literal>True</literal> (which is the default) in the
|
|
configuration files for both agents.</para>
|
|
</note>
|
|
<para>The configuration includes these nodes:</para>
|
|
<table rules="all">
|
|
<caption>Nodes for use case</caption>
|
|
<thead>
|
|
<tr>
|
|
<th>Node</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td><para>Controller</para></td>
|
|
<td><para>Runs the Networking service,
|
|
Identity Service, and all Compute
|
|
services that are required to deploy a
|
|
VM.</para>
|
|
<para>The service must have at least two network
|
|
interfaces. The first should be connected to
|
|
the Management Network to communicate with the
|
|
compute and network nodes. The second
|
|
interface should be connected to the
|
|
API/public network.</para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para>Compute</para></td>
|
|
<td><para>Runs Compute and the
|
|
Networking L2 agent.</para>
|
|
<para>This node does not have access the public
|
|
network.</para>
|
|
<para>The node must have a network interface that
|
|
communicates with the controller node through
|
|
the management network. The VM receives its IP
|
|
address from the DHCP agent on this
|
|
network.</para></td>
|
|
</tr>
|
|
<tr>
|
|
<td><para>Network</para></td>
|
|
<td><para>Runs Networking L2 agent, DHCP
|
|
agent, and L3 agent.</para>
|
|
<para>This node has access to the public network.
|
|
The DHCP agent allocates IP addresses to the
|
|
VMs on the network. The L3 agent performs NAT
|
|
and enables the VMs to access the public
|
|
network.</para>
|
|
<para>The node must have:<itemizedlist>
|
|
<listitem>
|
|
<para>A network interface that
|
|
communicates with the controller
|
|
node through the management
|
|
network</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>A network interface on the data
|
|
network that manages VM
|
|
traffic</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>A network interface that
|
|
connects to the external gateway on
|
|
the network</para>
|
|
</listitem>
|
|
</itemizedlist></para></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<section xml:id="demo_installions">
|
|
<title>Install</title>
|
|
<section xml:id="controller-install-neutron-server">
|
|
<title>Controller</title>
|
|
<procedure>
|
|
<title>To install and configure the controller
|
|
node</title>
|
|
<step>
|
|
<para>Run this command:</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
|
|
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-neutron</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Configure Networking services:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Edit the
|
|
<filename>/etc/neutron/neutron.conf</filename>
|
|
file and add these lines:</para>
|
|
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
|
|
auth_strategy = keystone
|
|
fake_rabbit = False
|
|
rabbit_password = guest
|
|
|
|
[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file and add these lines:</para>
|
|
<programlisting language="ini">[ovs]
|
|
tenant_network_type = vlan
|
|
network_vlan_ranges = physnet1:100:2999</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/api-paste.ini</filename>
|
|
file and add these lines:</para>
|
|
<programlisting language="ini">admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</step>
|
|
<step>
|
|
<para>Start the services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section
|
|
xml:id="network-node-install-plugin-openvswitch-agent">
|
|
<title>Network node</title>
|
|
<procedure>
|
|
<title>To install and configure the network
|
|
node</title>
|
|
<step>
|
|
<para>Install the packages:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent \
|
|
neutron-dhcp-agent neutron-l3-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch \
|
|
openstack-neutron</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent \
|
|
openstack-neutron openstack-neutron-dhcp-agent openstack-neutron-l3-agent</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start Open vSwitch<phrase
|
|
os="rhel;centos;fedora;opensuse;sles"> and
|
|
configure it to start when the system
|
|
boots</phrase>:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
<screen os="opensuse;sles;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add the integration bridge to the Open
|
|
vSwitch:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Update the OpenStack Networking <filename>
|
|
/etc/neutron/neutron.conf</filename>
|
|
configuration file:</para>
|
|
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
|
|
rabbit_host = <replaceable>controller</replaceable>
|
|
|
|
[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
DEFAULT qpid_hostname controller</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
DEFAULT rabbit_host controller</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Update the plug-in <filename>
|
|
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
|
|
</filename> configuration file:</para>
|
|
<programlisting language="ini">[ovs]
|
|
tenant_network_type=vlan
|
|
network_vlan_ranges = physnet1:1:4094
|
|
bridge_mappings = physnet1:br-eth1</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>br-eth1</literal>
|
|
network bridge. All VM communication between
|
|
the nodes occurs through
|
|
<literal>br-eth1</literal>:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the external network bridge to the
|
|
Open vSwitch:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth2</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/l3_agent.ini</filename> file
|
|
and add these lines:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable>
|
|
metadata_ip = <replaceable>controller</replaceable>
|
|
use_namespaces = True</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/api-paste.ini</filename> file
|
|
and add these lines:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
auth_host = <replaceable>controller</replaceable>
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/dhcp_agent.ini</filename>
|
|
file and add this line:</para>
|
|
<programlisting language="ini">use_namespaces = True</programlisting>
|
|
</step>
|
|
<step os="debian;ubuntu">
|
|
<para>Restart networking services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Start and permanently enable networking
|
|
services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-dhcp-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-dhcp-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-l3-agent on</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-dhcp-agent on</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-l3-agent on</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<!-- FIXME: Required on Debian/Ubuntu? -->
|
|
<para>Enable the <systemitem class="service"
|
|
>neutron-ovs-cleanup</systemitem> service.
|
|
This service starts on boot and ensures that
|
|
Networking has full control over the creation
|
|
and management of <literal>tap</literal>
|
|
devices.</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-ovs-cleanup on</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-ovs-cleanup on</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="compute-node-install-openvswitch">
|
|
<title>Compute Node</title>
|
|
|
|
<procedure>
|
|
<title>To install and configure the compute
|
|
node</title>
|
|
<step>
|
|
<!-- FIXME Review Fedora instructions -->
|
|
<para>Install the packages:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install openvswitch-switch neutron-plugin-openvswitch-agent</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start the OpenvSwitch service<phrase
|
|
os="rhel;centos;fedora;opensuse;sles"> and
|
|
configure it to start when the system
|
|
boots</phrase>:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
<screen os="opensuse;sles;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the integration bridge:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>br-eth1</literal>
|
|
network bridge. All VM communication between
|
|
the nodes occurs through
|
|
<literal>br-eth1</literal>:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Edit the OpenStack Networking <filename>
|
|
/etc/neutron/neutron.conf</filename>
|
|
configuration file and add this line:</para>
|
|
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
|
|
rabbit_host = <replaceable>controller</replaceable>
|
|
|
|
[database]
|
|
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
DEFAULT qpid_hostname controller</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
DEFAULT rabbit_host controller</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
|
|
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>
|
|
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file and add these lines:</para>
|
|
<programlisting language="ini">[ovs]
|
|
tenant_network_type = vlan
|
|
network_vlan_ranges = physnet1:1:4094
|
|
bridge_mappings = physnet1:br-eth1</programlisting>
|
|
</step>
|
|
<step os="debian;ubuntu">
|
|
<para>Restart the OpenvSwitch Neutron plug-in
|
|
agent:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Start and permanently enable networking
|
|
services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
</section>
|
|
<section xml:id="demo_logical_network_config">
|
|
<title>Logical network configuration</title>
|
|
<note>
|
|
<para>Run these commands on the network node.</para>
|
|
<para>Ensure that the following environment variables are
|
|
set. Various clients use these variables to access the
|
|
Identity Service.</para>
|
|
</note>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Create a <filename>novarc</filename>
|
|
file:</para>
|
|
<programlisting language="bash">export OS_TENANT_NAME=provider_tenant
|
|
export OS_USERNAME=admin
|
|
export OS_PASSWORD=password
|
|
export OS_AUTH_URL="http://<replaceable>controller</replaceable>:5000/v2.0/"
|
|
export SERVICE_ENDPOINT="http://<replaceable>controller</replaceable>:35357/v2.0"
|
|
export SERVICE_TOKEN=password</programlisting>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Export the variables:</para>
|
|
<screen><prompt>#</prompt> <userinput>source novarc echo "source novarc">>.bashrc</userinput></screen>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>The admin user creates a network and subnet on behalf of
|
|
tenant_A. A tenant_A user can also complete these
|
|
steps.</para>
|
|
<procedure>
|
|
<title>To configure internal networking</title>
|
|
<step>
|
|
<para>Get the tenant ID (Used as $TENANT_ID
|
|
later).</para>
|
|
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput>
|
|
<computeroutput>+----------------------------------+--------------------+---------+
|
|
| id | name | enabled |
|
|
+----------------------------------+--------------------+---------+
|
|
| 48fb81ab2f6b409bafac8961a594980f | provider_tenant | True |
|
|
| cbb574ac1e654a0a992bfc0554237abf | service | True |
|
|
| e371436fe2854ed89cca6c33ae7a83cd | invisible_to_admin | True |
|
|
| e40fa60181524f9f9ee7aa1038748f08 | tenant_A | True |
|
|
+----------------------------------+--------------------+---------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create an internal network named <emphasis
|
|
role="bold">net1</emphasis> for tenant_A
|
|
($TENANT_ID will be
|
|
e40fa60181524f9f9ee7aa1038748f08):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron net-create --tenant-id $TENANT_ID net1</userinput>
|
|
<computeroutput>+---------------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
|
|
| name | net1 |
|
|
| provider:network_type | vlan |
|
|
| provider:physical_network | physnet1 |
|
|
| provider:segmentation_id | 1024 |
|
|
| router:external | False |
|
|
| shared | False |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create a subnet on the network <emphasis
|
|
role="bold">net1</emphasis> (ID field below is
|
|
used as $SUBNET_ID later):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron subnet-create --tenant-id $TENANT_ID net1 10.5.5.0/24</userinput>
|
|
<computeroutput>+------------------+--------------------------------------------+
|
|
| Field | Value |
|
|
+------------------+--------------------------------------------+
|
|
| allocation_pools | {"start": "10.5.5.2", "end": "10.5.5.254"} |
|
|
| cidr | 10.5.5.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | True |
|
|
| gateway_ip | 10.5.5.1 |
|
|
| host_routes | |
|
|
| id | c395cb5d-ba03-41ee-8a12-7e792d51a167 |
|
|
| ip_version | 4 |
|
|
| name | |
|
|
| network_id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+------------------+--------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>A user with the admin role must complete these steps. In
|
|
this procedure, the user is admin from
|
|
provider_tenant.</para>
|
|
<procedure>
|
|
<title>To configure the router and external
|
|
networking</title>
|
|
<step>
|
|
<para>Create a <emphasis role="bold"
|
|
>router1</emphasis> route. The ID is used as
|
|
$ROUTER_ID later:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-create router1</userinput>
|
|
<computeroutput>+-----------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+-----------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| external_gateway_info | |
|
|
| id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
|
|
| name | router1 |
|
|
| status | ACTIVE |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+-----------------------+--------------------------------------+</computeroutput></screen>
|
|
<note>
|
|
<para>The <parameter>--tenant-id</parameter>
|
|
parameter is not specified, so this router is
|
|
assigned to the provider_tenant tenant.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Add an interface to the
|
|
<literal>router1</literal> router and attach
|
|
it to the subnet from
|
|
<literal>net1</literal>:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-interface-add $ROUTER_ID $SUBNET_ID</userinput>
|
|
<computeroutput>Added interface to router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
|
|
<note>
|
|
<para>You can repeat this step to add more
|
|
interfaces for other networks that belong to
|
|
other tenants.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>ext_net</literal> external
|
|
network:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron net-create ext_net --router:external=True</userinput>
|
|
<computeroutput>+---------------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| name | ext_net |
|
|
| provider:network_type | vlan |
|
|
| provider:physical_network | physnet1 |
|
|
| provider:segmentation_id | 1 |
|
|
| router:external | True |
|
|
| shared | False |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+---------------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the subnet for floating IPs.</para>
|
|
<note>
|
|
<para>The DHCP service is disabled for this
|
|
subnet.</para>
|
|
</note>
|
|
<screen><prompt>#</prompt> <userinput>neutron subnet-create ext_net \
|
|
--allocation-pool start=7.7.7.130,end=7.7.7.150 \
|
|
--gateway 7.7.7.1 7.7.7.0/24 --disable-dhcp</userinput>
|
|
<computeroutput>+------------------+--------------------------------------------------+
|
|
| Field | Value |
|
|
+------------------+--------------------------------------------------+
|
|
| allocation_pools | {"start": "7.7.7.130", "end": "7.7.7.150"} |
|
|
| cidr | 7.7.7.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | False |
|
|
| gateway_ip | 7.7.7.1 |
|
|
| host_routes | |
|
|
| id | aef60b55-cbff-405d-a81d-406283ac6cff |
|
|
| ip_version | 4 |
|
|
| name | |
|
|
| network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
|
|
+------------------+--------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Set the gateway for the router to the external
|
|
network:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID</userinput>
|
|
<computeroutput>Set gateway for router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>A user from tenant_A completes these steps, so the
|
|
credentials in the environment variables are different
|
|
than those in the previous procedure.</para>
|
|
<procedure>
|
|
<title>To allocate floating IP addresses</title>
|
|
<step>
|
|
<para>You can associate a floating IP address with a
|
|
VM after it starts. Find the ID of the port
|
|
($PORT_ID) that was allocated for the VM, as
|
|
follows:</para>
|
|
<screen><prompt>#</prompt> <userinput>nova list</userinput>
|
|
<computeroutput>+--------------------------------------+--------+--------+---------------+
|
|
| ID | Name | Status | Networks |
|
|
+--------------------------------------+--------+--------+---------------+
|
|
| 1cdc671d-a296-4476-9a75-f9ca1d92fd26 | testvm | ACTIVE | net1=10.5.5.3 |
|
|
+--------------------------------------+--------+--------+---------------+
|
|
</computeroutput>
|
|
<userinput>neutron port-list -- --device_id 1cdc671d-a296-4476-9a75-f9ca1d92fd26</userinput>
|
|
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
|
|
| id | name | mac_address | fixed_ips |
|
|
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
|
|
| 9aa47099-b87b-488c-8c1d-32f993626a30 | | fa:16:3e:b4:d6:6c | {"subnet_id": "c395cb5d-ba03-41ee-8a12-7e792d51a167", "ip_address": "10.5.5.3"} |
|
|
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Allocate a floating IP (Used as
|
|
$FLOATING_ID):</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-create ext_net</userinput>
|
|
<computeroutput>+---------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------+--------------------------------------+
|
|
| fixed_ip_address | |
|
|
| floating_ip_address | 7.7.7.131 |
|
|
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
|
|
| port_id | |
|
|
| router_id | |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Associate the floating IP with the port for the
|
|
VM:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-associate $FLOATING_ID $PORT_ID</userinput>
|
|
<computeroutput>Associated floatingip 40952c83-2541-4d0c-b58e-812c835079a5</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Show the floating IP:</para>
|
|
<screen><prompt>#</prompt> <userinput>neutron floatingip-show $FLOATING_ID</userinput>
|
|
<computeroutput>+---------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------+--------------------------------------+
|
|
| fixed_ip_address | 10.5.5.3 |
|
|
| floating_ip_address | 7.7.7.131 |
|
|
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
|
|
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
|
|
| port_id | 9aa47099-b87b-488c-8c1d-32f993626a30 |
|
|
| router_id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
|
|
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
|
|
+---------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Test the floating IP:</para>
|
|
<screen><prompt>#</prompt> <userinput>ping 7.7.7.131</userinput>
|
|
<computeroutput>PING 7.7.7.131 (7.7.7.131) 56(84) bytes of data.
|
|
64 bytes from 7.7.7.131: icmp_req=2 ttl=64 time=0.152 ms
|
|
64 bytes from 7.7.7.131: icmp_req=3 ttl=64 time=0.049 ms
|
|
</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="section_use-cases-single-router">
|
|
<title>Use case: provider router with private networks</title>
|
|
<para>This use case provides each tenant with one or more
|
|
private networks that connect to the outside world through
|
|
an OpenStack Networking router. When each tenant gets
|
|
exactly one network, this architecture maps to the same
|
|
logical topology as the VlanManager in Compute
|
|
(although of course, Networking does not require
|
|
VLANs). Using the Networking API, the tenant can
|
|
only see a network for each private network assigned to
|
|
that tenant. The router object in the API is created and
|
|
owned by the cloud administrator.</para>
|
|
<para>This model supports assigning public addresses to VMs by
|
|
using <firstterm>floating IPs</firstterm>; the router maps
|
|
public addresses from the external network to fixed IPs on
|
|
private networks. Hosts without floating IPs can still
|
|
create outbound connections to the external network
|
|
because the provider router performs SNAT to the router's
|
|
external IP. The IP address of the physical router is used
|
|
as the <literal>gateway_ip</literal> of the external
|
|
network subnet, so the provider has a default router for
|
|
Internet traffic.</para>
|
|
<para>The router provides L3 connectivity among private
|
|
networks. Tenants can reach instances for other tenants
|
|
unless you use additional filtering, such as, security
|
|
groups). With a single router, tenant networks cannot use
|
|
overlapping IPs. To resolve this issue, the administrator
|
|
can create private networks on behalf of the
|
|
tenants.</para>
|
|
<para>
|
|
<informalfigure>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata scale="55"
|
|
fileref="../common/figures/UseCase-SingleRouter.png"
|
|
/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</informalfigure>
|
|
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1DKxeZZXml_fNZHRoGPKkC7sGdkPJZCtWytYZqHIp_ZE/edit --></para>
|
|
</section>
|
|
</section>
|