OpenStack Neutron and Networking

It joins virtual machines onto a layer 2 broadcast domain

bridge

Transmits packets between network namespaces

veth-pair

Can be configured with an IP address

port

Creates a bridge

brctl addbr {br_x}

Attaches an interface to a bridge

brctl addif {br_x} {eth_y}

Cloud Controller

When a bridge on each host serves as the default gateway for outbound traffic.

Multi-host networking

Requires two physical NICs on each host

Multi-host networking

Are plug-ins to Neutron (??? or to Nova networking)

Network Managers

Create linux bridges for OpenStack

Network Managers

Regulate DHCP in OpenStack

Network Managers

Control VLANs in OpenStack

Network Managers

Can implement traffic filtering

Network Managers

Requires pre-provisioned bridges

Flat Manager

Connects instances to bridges on a compute node

Flat Manager

Injects IP into an instance

Flat Manager

Implements DHCP

dnsmasq

Allocates DHCP addresses from a fixed pool

Flat DHCP Manager

The IP address of the physical port of a bridge

The bridge's IP address

Reason each computer node runs dnsmasq

Instances on different hosts need different gateways

Requires one dnsmasq per tenant

VLAN Manager

Isolates tenant networks using VLANs

VLAN Manager

Given to each instance at boot time

Fixed IP

Are mapped by 1-1 NAT to a Fixed IP

Floating IP

Are a public IP addresses

Floating IP

Are attached to instances manually

Floating IP

Pools of these are allocated by the Cloud administrator

Floating IP

Runs on compute and networking nodes

Layer 3 Agent

Uses xxxxx

Nova Networking

Uses yyyy

Neutron Networking

Are like virtual patch cables

veth-pair

Links network namespaces

veth-pair

Virtual machines are connected to it

br-int

Connects to the external network

br-ext

Wraps IP packets in entirely new packets

GRE

A Neutron agent that runs on the compute node

q-agt

The neutron server requires a plug-in to talk to it

q-agt

Another name for the Neutron agent

q-agt

An Open vSwitch process running on compute nodes

ovs-daemon

Configures networking on compute nodes when using the Open vSwitch plugin

ovs-daemon

Mode of operation that shares the same physical broadcast domain

flat

Mode of operation that separates networks using 802.1Q

VLAN

Mode of operation that separates networks using tunnels and encapsulated packets

GRE

Ranges from 1 to 4094

VLAN tag

Implements a security group

ip table

An isolated environment with its own networking stack

network namespace

Replaces plug-ins with L2 modules

ML2 plug-in

Replaces plug-ins for Open vSwitch, Linux Bridge, and Hyper V

ML2 plug-in

Acts like a MAC-learning switch

bridge

Used by inbound port and 1-1 NAT devices

DNAT

Used by an outbound port NAT device

SNAT

Requires the alteration of destination IP address

DNAT

Requires the alteration of source IP address

SNAT

Allows OpenStack to use difference mechanisms of IP address allocation

DHCP agent

Sets up bridges, ports, and tap devices

L2 Agent

Joins segments into a layer 2 broadcast domain

bridge

Forwards packets between different L2 broadcast domains

router

Configures NAT

L3 agent

Implements floating IP

L3 agent

Runs the br-ext bridge

Network node

Has an interface with a Floating IP address

Network node

Implements DNAT rules

Network node

Requires a health monitor

LBaaS

The component of LBaaS that forwards packets to instances

HA proxy

Creates a bridge

brctl addbr

Adds an interface to a bridge

brctl addif

Manages dnsmasq

DHCP Agent

Proxy to the Nova metadata service

Metadata Agent

Creates the linux bridges that OpenStack needs

L2 Agent

Runs on the Neutron network node

DHCP Agent

A L3 address scope

Subnet

Executes a command within a network namespace

ip netns exec

Unix/Linux network commands base on ???

ip

Adds a network namespace

ip netns add

The iproute2 way to list interfaces and MAC addresses

ip link

The iproute2 way to list IP addresses

ip a

The iproute2 way to list route tables

ip routes

The predecessor to iproute2 commands

nettools

Lists network namespaces

ip netns

Utility for controlling OpenVSwitch

ovsctl

Adds an OpenVSwitch

ovsctl add-br

This process gives ports multiple interfaces

bonding

A process that improves network bandwidth by performing L2 load balancing from the switch to some NICs.

bonding

The default datum for L2 load balancing

MAC address

Type of port capable of carrying traffic for multiple VLANs

trunk port

Type of port that inserts/removes 802.1Q tags from packet headers

trunk port

Type of port oblivious to 802.1Q tagging

access port

Describes methods using multiple parallel network connections to increase throughput beyond the limit that one link can achieve

link aggregation (LAG)

The OpenVSwitch command corresponding to brctl addbr

ovs-vsctl add-br

List Linux bridges

brctl show

List OpenVSwitch bridges

ovs-vsctl show

Implements an interface that sends and receives raw L2 packets to and from userland.

tap device

The free port that comes with every virtual bridge

internal port

The OpenVSwitch command that makes a port internal

ovs-vsctl set interface {port} type=internal

Creates a veth pair

ip link add {vname} type veth peer name {vname2}