Browse code
Merge "docs: Add more networking details to single interface section"
Jenkins authored on 2015/11/12 14:40:25Showing 1 changed files
| ... | ... |
@@ -35,7 +35,7 @@ network and is on a shared subnet with other machines. |
| 35 | 35 |
network hardware_network {
|
| 36 | 36 |
address = "172.18.161.0/24" |
| 37 | 37 |
router [ address = "172.18.161.1" ]; |
| 38 |
- devstack_laptop [ address = "172.18.161.6" ]; |
|
| 38 |
+ devstack-1 [ address = "172.18.161.6" ]; |
|
| 39 | 39 |
} |
| 40 | 40 |
} |
| 41 | 41 |
|
| ... | ... |
@@ -43,9 +43,13 @@ network and is on a shared subnet with other machines. |
| 43 | 43 |
DevStack Configuration |
| 44 | 44 |
---------------------- |
| 45 | 45 |
|
| 46 |
+The following is a complete `local.conf` for the host named |
|
| 47 |
+`devstack-1`. It will run all the API and services, as well as |
|
| 48 |
+serving as a hypervisor for guest instances. |
|
| 46 | 49 |
|
| 47 | 50 |
:: |
| 48 | 51 |
|
| 52 |
+ [[local|localrc]] |
|
| 49 | 53 |
HOST_IP=172.18.161.6 |
| 50 | 54 |
SERVICE_HOST=172.18.161.6 |
| 51 | 55 |
MYSQL_HOST=172.18.161.6 |
| ... | ... |
@@ -57,6 +61,12 @@ DevStack Configuration |
| 57 | 57 |
SERVICE_PASSWORD=secrete |
| 58 | 58 |
SERVICE_TOKEN=secrete |
| 59 | 59 |
|
| 60 |
+ # Do not use Nova-Network |
|
| 61 |
+ disable_service n-net |
|
| 62 |
+ # Enable Neutron |
|
| 63 |
+ ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3 |
|
| 64 |
+ |
|
| 65 |
+ |
|
| 60 | 66 |
## Neutron options |
| 61 | 67 |
Q_USE_SECGROUP=True |
| 62 | 68 |
FLOATING_RANGE="172.18.161.0/24" |
| ... | ... |
@@ -71,6 +81,166 @@ DevStack Configuration |
| 71 | 71 |
OVS_BRIDGE_MAPPINGS=public:br-ex |
| 72 | 72 |
|
| 73 | 73 |
|
| 74 |
+Adding Additional Compute Nodes |
|
| 75 |
+------------------------------- |
|
| 76 |
+ |
|
| 77 |
+Let's suppose that after installing DevStack on the first host, you |
|
| 78 |
+also want to do multinode testing and networking. |
|
| 79 |
+ |
|
| 80 |
+Physical Network Setup |
|
| 81 |
+~~~~~~~~~~~~~~~~~~~~~~ |
|
| 82 |
+ |
|
| 83 |
+.. nwdiag:: |
|
| 84 |
+ |
|
| 85 |
+ nwdiag {
|
|
| 86 |
+ inet [ shape = cloud ]; |
|
| 87 |
+ router; |
|
| 88 |
+ inet -- router; |
|
| 89 |
+ |
|
| 90 |
+ network hardware_network {
|
|
| 91 |
+ address = "172.18.161.0/24" |
|
| 92 |
+ router [ address = "172.18.161.1" ]; |
|
| 93 |
+ devstack-1 [ address = "172.18.161.6" ]; |
|
| 94 |
+ devstack-2 [ address = "172.18.161.7" ]; |
|
| 95 |
+ } |
|
| 96 |
+ } |
|
| 97 |
+ |
|
| 98 |
+ |
|
| 99 |
+After DevStack installs and configures Neutron, traffic from guest VMs |
|
| 100 |
+flows out of `devstack-2` (the compute node) and is encapsulated in a |
|
| 101 |
+VXLAN tunnel back to `devstack-1` (the control node) where the L3 |
|
| 102 |
+agent is running. |
|
| 103 |
+ |
|
| 104 |
+:: |
|
| 105 |
+ |
|
| 106 |
+ stack@devstack-2:~/devstack$ sudo ovs-vsctl show |
|
| 107 |
+ 8992d965-0ba0-42fd-90e9-20ecc528bc29 |
|
| 108 |
+ Bridge br-int |
|
| 109 |
+ fail_mode: secure |
|
| 110 |
+ Port br-int |
|
| 111 |
+ Interface br-int |
|
| 112 |
+ type: internal |
|
| 113 |
+ Port patch-tun |
|
| 114 |
+ Interface patch-tun |
|
| 115 |
+ type: patch |
|
| 116 |
+ options: {peer=patch-int}
|
|
| 117 |
+ Bridge br-tun |
|
| 118 |
+ fail_mode: secure |
|
| 119 |
+ Port "vxlan-c0a801f6" |
|
| 120 |
+ Interface "vxlan-c0a801f6" |
|
| 121 |
+ type: vxlan |
|
| 122 |
+ options: {df_default="true", in_key=flow, local_ip="172.18.161.7", out_key=flow, remote_ip="172.18.161.6"}
|
|
| 123 |
+ Port patch-int |
|
| 124 |
+ Interface patch-int |
|
| 125 |
+ type: patch |
|
| 126 |
+ options: {peer=patch-tun}
|
|
| 127 |
+ Port br-tun |
|
| 128 |
+ Interface br-tun |
|
| 129 |
+ type: internal |
|
| 130 |
+ ovs_version: "2.0.2" |
|
| 131 |
+ |
|
| 132 |
+Open vSwitch on the control node, where the L3 agent runs, is |
|
| 133 |
+configured to de-encapsulate traffic from compute nodes, then forward |
|
| 134 |
+it over the `br-ex` bridge, where `eth0` is attached. |
|
| 135 |
+ |
|
| 136 |
+:: |
|
| 137 |
+ |
|
| 138 |
+ stack@devstack-1:~/devstack$ sudo ovs-vsctl show |
|
| 139 |
+ 422adeea-48d1-4a1f-98b1-8e7239077964 |
|
| 140 |
+ Bridge br-tun |
|
| 141 |
+ fail_mode: secure |
|
| 142 |
+ Port br-tun |
|
| 143 |
+ Interface br-tun |
|
| 144 |
+ type: internal |
|
| 145 |
+ Port patch-int |
|
| 146 |
+ Interface patch-int |
|
| 147 |
+ type: patch |
|
| 148 |
+ options: {peer=patch-tun}
|
|
| 149 |
+ Port "vxlan-c0a801d8" |
|
| 150 |
+ Interface "vxlan-c0a801d8" |
|
| 151 |
+ type: vxlan |
|
| 152 |
+ options: {df_default="true", in_key=flow, local_ip="172.18.161.6", out_key=flow, remote_ip="172.18.161.7"}
|
|
| 153 |
+ Bridge br-ex |
|
| 154 |
+ Port phy-br-ex |
|
| 155 |
+ Interface phy-br-ex |
|
| 156 |
+ type: patch |
|
| 157 |
+ options: {peer=int-br-ex}
|
|
| 158 |
+ Port "eth0" |
|
| 159 |
+ Interface "eth0" |
|
| 160 |
+ Port br-ex |
|
| 161 |
+ Interface br-ex |
|
| 162 |
+ type: internal |
|
| 163 |
+ Bridge br-int |
|
| 164 |
+ fail_mode: secure |
|
| 165 |
+ Port "tapce66332d-ea" |
|
| 166 |
+ tag: 1 |
|
| 167 |
+ Interface "tapce66332d-ea" |
|
| 168 |
+ type: internal |
|
| 169 |
+ Port "qg-65e5a4b9-15" |
|
| 170 |
+ tag: 2 |
|
| 171 |
+ Interface "qg-65e5a4b9-15" |
|
| 172 |
+ type: internal |
|
| 173 |
+ Port "qr-33e5e471-88" |
|
| 174 |
+ tag: 1 |
|
| 175 |
+ Interface "qr-33e5e471-88" |
|
| 176 |
+ type: internal |
|
| 177 |
+ Port "qr-acbe9951-70" |
|
| 178 |
+ tag: 1 |
|
| 179 |
+ Interface "qr-acbe9951-70" |
|
| 180 |
+ type: internal |
|
| 181 |
+ Port br-int |
|
| 182 |
+ Interface br-int |
|
| 183 |
+ type: internal |
|
| 184 |
+ Port patch-tun |
|
| 185 |
+ Interface patch-tun |
|
| 186 |
+ type: patch |
|
| 187 |
+ options: {peer=patch-int}
|
|
| 188 |
+ Port int-br-ex |
|
| 189 |
+ Interface int-br-ex |
|
| 190 |
+ type: patch |
|
| 191 |
+ options: {peer=phy-br-ex}
|
|
| 192 |
+ ovs_version: "2.0.2" |
|
| 193 |
+ |
|
| 194 |
+`br-int` is a bridge that the Open vSwitch mechanism driver creates, |
|
| 195 |
+which is used as the "integration bridge" where ports are created, and |
|
| 196 |
+plugged into the virtual switching fabric. `br-ex` is an OVS bridge |
|
| 197 |
+that is used to connect physical ports (like `eth0`), so that floating |
|
| 198 |
+IP traffic for tenants can be received from the physical network |
|
| 199 |
+infrastructure (and the internet), and routed to tenant network ports. |
|
| 200 |
+`br-tun` is a tunnel bridge that is used to connect OpenStack nodes |
|
| 201 |
+(like `devstack-2`) together. This bridge is used so that tenant |
|
| 202 |
+network traffic, using the VXLAN tunneling protocol, flows between |
|
| 203 |
+each compute node where tenant instances run. |
|
| 204 |
+ |
|
| 205 |
+ |
|
| 206 |
+ |
|
| 207 |
+DevStack Compute Configuration |
|
| 208 |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
| 209 |
+ |
|
| 210 |
+The host `devstack-2` has a very minimal `local.conf`. |
|
| 211 |
+ |
|
| 212 |
+:: |
|
| 213 |
+ |
|
| 214 |
+ [[local|localrc]] |
|
| 215 |
+ HOST_IP=172.18.161.7 |
|
| 216 |
+ SERVICE_HOST=172.18.161.6 |
|
| 217 |
+ MYSQL_HOST=172.18.161.6 |
|
| 218 |
+ RABBIT_HOST=172.18.161.6 |
|
| 219 |
+ GLANCE_HOSTPORT=172.18.161.6:9292 |
|
| 220 |
+ ADMIN_PASSWORD=secrete |
|
| 221 |
+ MYSQL_PASSWORD=secrete |
|
| 222 |
+ RABBIT_PASSWORD=secrete |
|
| 223 |
+ SERVICE_PASSWORD=secrete |
|
| 224 |
+ SERVICE_TOKEN=secrete |
|
| 225 |
+ |
|
| 226 |
+ ## Neutron options |
|
| 227 |
+ PUBLIC_INTERFACE=eth0 |
|
| 228 |
+ ENABLED_SERVICES=n-cpu,rabbit,q-agt |
|
| 229 |
+ |
|
| 230 |
+Network traffic from `eth0` on the compute nodes is then NAT'd by the |
|
| 231 |
+controller node that runs Neutron's `neutron-l3-agent` and provides L3 |
|
| 232 |
+connectivity. |
|
| 233 |
+ |
|
| 74 | 234 |
|
| 75 | 235 |
Neutron Networking with Open vSwitch and Provider Networks |
| 76 | 236 |
========================================================== |