Note: Some inaccurate information was corrected in this article – see here for the details.
The past articles regarding Open vSwitch have kind of been a precursor to this one, because to understand how OpenStack networking worked, the concepts regarding some of the underlaying components needed to be understood for me first.
When I started looking into this last week, I really had no idea where to start. As I dug deeper, I found that this guide was probably the best in explaining the basics on how Neutron worked: Neutron in the RHEL/CentOS/Fedora deployment guide.
The diagram above was probably one of the tools that helped me out the most. You can see how Neutron works on both the compute and network nodes, and the role that Open vSwitch plays in the deployment at large.
Note that both GRE and VXLAN are supported for tunnels, and in fact packstack will configure your setup with VXLAN. Some features are still being developed with VXLAN, and because I haven’t delved into it too much I’m not too sure what is still missing (although one feature seems to be VLAN pruning). I really don’t have the experience to say which one is the currently the better choice as of Juno.
For now, I am focusing on the basics – what I needed to do to get my dev server set up. This entailed a few things:
- Re-configuring my external bridge so that I could run my management interface and the “external” network on the same physical interface – see this previous article
- Setting up neutron to map the external network to the external bridge, explicitly
- Setting up my external and internal networks
There are currently five network types that you can set up in OpenStack.
- Local: I equated this to “non-routed”, but it can be used on single server setups for tenant networking. However, it cannot scale past one host.
- Flat: A untagged direct network-to-physical mapping. This was ultimately the best choice for my external network since my requirements are not that complicated at this point in time.
- VLAN: This is like Flat with VLAN tagging. This would, of course, allow you to run multiple segregated external networks over a single interface.
- GRE/VXLAN: Your tunneling options. Generally used on the integration bridge to pass traffic between nodes. Best used for tenant networks.
For my setup, as I mentioned, I ultimately settled on using a flat network for our external bridge, and I haven’t touched the internal network setups (it really is not necessary at this point in time, seeing as I only have one host).
Keep in mind that I don’t cover how to do the Open vSwitch stuff here. If you need that info see this previous article – An Intro to Open vSwitch.
With that in mind, if you are using a separate interface you can simply add it to the Open vSwitch database without much in the way of extra configuration – just run the following:
ovs-vsctl add port br-ex eth1
Assuming that eth1 is your extra interface.
On to the Neutron configuration. Generally, this is stored in /etc/neutron/plugin.ini. Note that we are using the ML2 (Modular Layer 2) plugin here, which has to be symlinked appropriately:
lrwxrwxrwx. 1 root root 37 Jan 29 23:24 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
Make sure you define the network types you will allow:
type_drivers = flat,vxlan
Pick a network type for your tenant networks, generally one is fine:
tenant_network_types = vxlan
Mechanism drivers – using Open vSwitch for now, of course. This will be set up for you by default if you are using packstack.
mechanism_drivers = openvswitch
From here I am going to skip to the changes I needed to make in my packstack setup to get the external bridge working. Most of the config that I had I left at the defaults, so if you are using packstack as well it does not need to be changed much.
The only thing left is to define your external network as a flat network:
[ml2_type_flat] flat_networks = external
Once this is all done, you can save and restart nova and neutron services. Restarted the services below based on the node that is being updated.
# Controller Node systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service systemctl restart neutron-server.service # Network Node systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service # Compute Node systemctl restart openstack-nova-compute.service systemctl restart neutron-openvswitch-agent.service # All-in-One Node systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-compute.service systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-server.service
Now, we are ready to set up our external and internal networks. I will cover this tomorrow in a couple of other articles!