[Openstack] Neutron networking in ten sentences?

Kevin Benton kevin at benton.pub
Thu Jun 16 01:16:06 UTC 2016 

>So where do the routers and "ports" come into this?

So routers are just like normal routers in that they attach to multiple
networks and route between them. Ports are the basic unit that represent
access to a network. A VM can have an arbitrary number of ports attached to
different networks and each will have its own IP, MAC address, security
groups, etc.

>And into the real network?

It depends on how you have Neutron configured. Neutron networks can
correspond to VLANs, VXLAN tunnels, GRE tunnels, or even just a direct
mapping to an interface on the host (so no encapsulation).

I think the configuration you need will depend quite a bit on what topology
you want to have. If you just want a bunch of pre-configured networks that
map to real VLANs in your datacenter, then you want to setup what we refer
to as "provider networks":
http://docs.openstack.org/mitaka/networking-guide/scenario-provider-ovs.html

In general, I would suggest a read through of the basics and some of the
scenarios in the networking guide:
http://docs.openstack.org/mitaka/networking-guide/


On Wed, Jun 15, 2016 at 5:39 PM, Turbo Fredriksson <turbo at bayour.com> wrote:

> On Jun 16, 2016, at 1:10 AM, Kevin Benton wrote:
>
> > It's essentially the equivalent of Amazon VPC:
> https://aws.amazon.com/vpc/
>
> Ah, perfect. That cleared up a lot, I've worked with
> VPCs before. Not much, but enough to get the picture.
> Thanx!
>
> So where do the routers and "ports" come into this?
> And into the real network?
>
>
> This is what my current network looks like:
>
> + [external_ip - internet]
>   +- Gateway/Firewall (DHCP, DNS, NTP)
>      + [192.168.4/24]  -+- Old VMs, Static IPs
>      + [192.168.5/24]  -+- Old VMs, Dynamic IPs
>      + [192.168.63/24] -+- Guest network
>      + [192.168.69/24] -+- Physical machines
>                            +- SAN (Block Storage - 30TB+/ZoL, LDAP,
> Kerberos V, SMB, AFP, AFS, NFS, iSCSI)
>                            +- Current VM host
>      + [10.0.0/16]     -+- Blade Center
>                            + [10.0.1/24] -+- Management/iLO network (Blade
> Center 1)
>                            + [10.0.2/24] -+- Management/iLO network (Blade
> Center 2)
>                            + [10.0.3/24] -+- Blade Center 1 - Blade hosts,
> eth0
>                            + [10.0.4/24] -+- Blade Center 1 - Blade hosts,
> eth1
>                            + [10.0.5/24] -+- Blade Center 2 - Blade hosts,
> eth0
>                            + [10.0.6/24] -+- Blade Center 2 - Blade hosts,
> eth1
>      + [10.9x.0/24]    -+- Virtual Machines
>
> So my (currently only) Control node (where I, among other things, run
> Neutron) have the IP "10.0.4.1", which is connected to the physical network
> via eth1, and routed to/via "the gateway/firewall" machine.
>
> I was thinking that eth0 on the Control node(s) would be my (internal?)
> "Openstack Network" (?) and provide the 10.9x/24 networks to the virtual
> machines (I might not need 10 C-class networks, but I'm pretty sure I'll
> be needing more than one in a "not to distant future" so better safe than
> sorry).
>
>
> So in OS I create the 10.9x/24 network(s) (?), served by a DHCP server
> listening on eth0 only (because there's a DHCP "broadcasting" on eth1
> serving the physical network), add a router with IP 10.99.0.1 (?) and
> "bind" it to the physical machines eth0 (?).
>
>
> This is where it again gets really fuzzy. How do I do that? How do I
> make that router "connect" to the physical network? As in, route between
> eth0 and eth1?
>
> As in, one leg on the physical network (eth1) and the other on my VM
> network (eth0). No, that didn't make much sense, but I hope you understand
> what I mean..
>
> And I guess I need some kind of firewall on that as well, just for good
> measure.
>
>
> And, yes, I now see a logical error I've made. I've allocated a 10.0/16
> network for all the eth0 interfaces.
>
> I was kind'a in a hurry when I started allocating the 10/8 network and
> I didn't know what OS wanted of me so I didn't think that through
> completely.
> Although it doesn't matter that much. It's fairly simple for me to change
> that. It doesn't matter in this context though. Using the 10.9x/24 networks
> for my VMs should be fine anyway.
> --
> Life sucks and then you die
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160615/ccdcae93/attachment.html>

More information about the Openstack mailing list