|
| 1 | +## Opensatck |
| 2 | + |
| 3 | +- What is OpenStack? |
| 4 | +OpenStack is a cloud management system that controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. |
| 5 | + |
| 6 | + |
| 7 | +What is Neutron? |
| 8 | +- Networking project in Openstack |
| 9 | +- Setup virtual network infrastructure |
| 10 | +- Switching and Routing |
| 11 | +- Also specialised virtual network functions like VPNaaS, FWaaS, LBaaS |
| 12 | +- Flexibility through plugins, drivers andd agents |
| 13 | + |
| 14 | +Openstack Networking Components |
| 15 | +- neutron server(neutron-server and neutron-*-plugin) |
| 16 | +- plugin agent(neutron-*-agent) |
| 17 | +- DHCP agent(neutron-dhcp-agent) |
| 18 | +- L3 agent(neutron-l3-agent) |
| 19 | + |
| 20 | + |
| 21 | +VLAN is a logical slice of physical network. |
| 22 | +OS nw is also broadcast domain |
| 23 | +os nw provides logical space isolation |
| 24 | + |
| 25 | +segmenatation |
| 26 | +separation of virtual network is known as segmenatation |
| 27 | + |
| 28 | +Segmenatation method includes |
| 29 | +- VLANs |
| 30 | +- VXLAN |
| 31 | +- GRE |
| 32 | +- Network Namespaces |
| 33 | +- Openflow Rules |
| 34 | + |
| 35 | +https://docs.openstack.org/liberty/networking-guide/intro-os-networking-overview.html#openstack-networking-concepts |
| 36 | + |
| 37 | +## OpenStack Networking concepts |
| 38 | + |
| 39 | +To configure rich network topologies, you can create and configure networks and subnets and instruct other OpenStack services like Compute to attach virtual devices to ports on these networks. OpenStack Compute is a prominent consumer of OpenStack Networking to provide connectivity for its instances. In particular, OpenStack Networking supports each tenant having multiple private networks and enables tenants to choose their own IP addressing scheme, even if those IP addresses overlap with those that other tenants use. There are two types of network, tenant and provider networks. It is possible to share any of these types of networks among tenants as part of the network creation process. |
| 40 | + |
| 41 | +- Tenant networks |
| 42 | +Users create tenant networks for connectivity within projects. By default, they are fully isolated and are not shared with other projects. OpenStack Networking supports the following types of network isolation and overlay technologies. |
| 43 | + |
| 44 | +- Flat |
| 45 | +All instances reside on the same network, which can also be shared with the hosts. No VLAN tagging or other network segregation takes place. |
| 46 | + |
| 47 | +- VLAN |
| 48 | +Networking allows users to create multiple provider or tenant networks using VLAN IDs (802.1Q tagged) that correspond to VLANs present in the physical network. This allows instances to communicate with each other across the environment. They can also communicate with dedicated servers, firewalls, load balancers, and other networking infrastructure on the same layer 2 VLAN. |
| 49 | + |
| 50 | +- GRE and VXLAN |
| 51 | +VXLAN and GRE are encapsulation protocols that create overlay networks to activate and control communication between compute instances. A Networking router is required to allow traffic to flow outside of the GRE or VXLAN tenant network. A router is also required to connect directly-connected tenant networks with external networks, including the Internet. The router provides the ability to connect to instances directly from an external network using floating IP addresses. |
| 52 | + |
| 53 | +- Provider networks |
| 54 | +The OpenStack administrator creates provider networks. These networks map to existing physical networks in the data center. Useful network types in this category are flat (untagged) and VLAN (802.1Q tagged). |
| 55 | + |
| 56 | +To configure rich network topologies, you can create and configure networks and subnets and other OpenStack services like Compute will request to be connected to these networks by requesting virtual ports. In particular, Networking supports each tenant having multiple private networks and enables tenants to choose their own IP addressing scheme, even if those IP addresses overlap with those that other tenants use. |
| 57 | + |
| 58 | +- Subnets |
| 59 | +A block of IP addresses and associated configuration state. This is also known as the native IPAM (IP Address Management) provided by the networking service for both tenant and provider networks. Subnets are used to allocate IP addresses when new ports are created on a network. |
| 60 | + |
| 61 | +- Ports |
| 62 | +A port is a connection point for attaching a single device, such as the NIC of a virtual server, to a virtual network. The port also describes the associated network configuration, such as the MAC and IP addresses to be used on that port. |
| 63 | + |
| 64 | +- Routers |
| 65 | +This is a logical component that forwards data packets between networks. It also provides L3 and NAT forwarding to provide external network access for VMs on tenant networks. Required by certain plug-ins only. |
| 66 | + |
| 67 | +- Security groups |
| 68 | +A security group acts as a virtual firewall for your compute instances to control inbound and outbound traffic. Security groups act at the port level, not the subnet level. Therefore, each port in a subnet could be assigned to a different set of security groups. If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for that network. |
| 69 | + |
| 70 | +Security groups and security group rules give administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A security group is a container for security group rules. When a port is created, it is associated with a security group. If a security group is not specified, the port is associated with a ‘default’ security group. By default, this group drops all ingress traffic and allows all egress. Rules can be added to this group in order to change the behavior. |
| 71 | + |
| 72 | +- Extensions |
| 73 | +The OpenStack Networking service is extensible. Extensions serve two purposes: they allow the introduction of new features in the API without requiring a version change and they allow the introduction of vendor specific niche functionality. Applications can programmatically list available extensions by performing a GET on the /extensions URI. Note that this is a versioned request; that is, an extension available in one API version might not be available in another. |
| 74 | + |
| 75 | + |
| 76 | +Service and component hierarchy |
| 77 | +Server |
| 78 | +Overview and concepts |
| 79 | +Provides API, manages database, etc. |
| 80 | +Plug-ins |
| 81 | +Overview and concepts |
| 82 | +Manages agents |
| 83 | +Agents |
| 84 | +Overview and concepts |
| 85 | +Provides layer 2/3 connectivity to instances |
| 86 | +Handles physical-virtual network transition |
| 87 | +Handles metadata, etc. |
| 88 | +Layer 2 (Ethernet and Switching) |
| 89 | +Linux Bridge |
| 90 | +Overview and concepts |
| 91 | +OVS |
| 92 | +Overview and concepts |
| 93 | +Layer 3 (IP and Routing) |
| 94 | +L3 |
| 95 | +Overview and concepts |
| 96 | +DHCP |
| 97 | +Overview and concepts |
| 98 | +Miscellaneous |
| 99 | +Metadata |
| 100 | +Overview and concepts |
| 101 | + |
| 102 | +Services |
| 103 | +Routing services |
| 104 | +- VPNaaS |
| 105 | +The Virtual Private Network-as-a-Service (VPNaaS) is a neutron extension that introduces the VPN feature set. |
| 106 | + |
| 107 | +- LbaaS |
| 108 | +The Load-Balancer-as-a-Service (LBaaS) API provisions and configures load balancers. The reference implementation is based on the HAProxy software load balancer. |
| 109 | + |
| 110 | +- FwaaS |
| 111 | +The Firewall-as-a-Service (FWaaS) API is an experimental API that enables early adopters and vendors to test their networking implementations. |
0 commit comments