Openstack Neutron – Networking In Cloud Demystified (Network Function Virtualization)

Hi All,

Blogging after a very very long time again!!

This time decided to blog on OpenStack and believe me this is the toughest topic of all in the openstack architecture to understand.

PROJECT NEUTRON – Openstack Project that deals with networking services in a cloud environment.

When we try to find the how networking components of Openstack internally works, google is full of pictures all over, beautiful pictures but understanding it will be quite a challenge. So, decided to blog on it and take it step by step to understand the networking behind the scenes and how virtual machines gets connected to outside world

We will be following the below sequence to understand the concept in detail

Physical wiring of ethernet using 2 ethernet interfaces
* (2 cables, we will create a bonding)
Ethernet bonding
* (Doubles the speed, and increased reliability, active-active)
Ethernet tagging
* (Thats why we need only 2 interfaces)
Network function virtualization (NFV)
* Openstack will not help you, you have to put this in place by yourself.
Tie all the above together in a single and final picture

Advantages of Bonding

-Spec: 802.3ad

-Active-active mechanism

-Aggregate traffic balances on both cables

-Individual flows do NOT balance

-If any connection fails, traffic moves the connection that is active

(100 Ms failover time)

How to do ethernet bonding?

Network config file /etc/network.interfaces
(Debian system, if non-debian system make necessary changes)

auto bond0
       iface bond0 inet manual
       bond-mode 802.3ad
       bond-miimon 200
       bond-slaves none
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

#Bond Slave
auto etho_interface.stdout
       iface eth0_interface.stdout inet manual
       bond-master bond0
       bond-primary eth0_interface.stdout

#Bond Slave
auto eth1_interface.stdout
       iface eth1_interface.stdout inet manual
       bond-master bond0

How to setup the VLAN trunk for management & provider network?

Network config file /etc/network.interfaces
(Debian system, if non-debian system make necessary changes)

#Management VLAN
auto bond0.1600
       iface bond0.1600 inet manual
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

#Provider VLAN
auto bond0.1200
       iface bond0.1200 inet manual
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

Network Function virtualization (NFV)

1) Create the management bridge

sudo ovs-vsctl add-br br-mgmt

2) Attach the VLAN 1600 interface to management bridge

sudo ovs-vsctl add-port br-mgmt bond0.1600

3) Create the provider bridge

sudo ovs-vsctl add-br br-ex

4) Attach the VLAN 1200 interface to management bridge

sudo ovs-vsctl add-port br-ex bond0.1200

5) Create the VLAN bridge

sudo ovs-vsctl add-br br-vlan

6) Attach all VLAN (trunk) to the VLAN bridge

sudo ovs-vsctl add-port br-vlan bond0

Eight Network Function Virtualization Components

Step 8: Verify VM’s Private IP Address

1) Tap interface
– One end to VM referred as Virtual NIC
– Other end into (5) or (6) or (7) or (8)

2) veth
– One end Openstack Controller, Network, Block or Object Storage nodes
– Other end into (6) or (7) or (8). cannot be plugged into Virtual Machine

3) Bridge internal (OVS Only)

4) Patch (OVS Only)

5) IP Tables

6) Linux Network Stack (Namespace “ip netns”)
– If we put IPTables inside of namespace, we configure IpTables we can make namespace perform as a router/NAT/LoadBalancer etc.

7) OVS (OpenvSwitch)

8) Linux Bridge