Menu

Subscribe

Openstack Quantum supported network topologies

on Network, Openstack, Quantum, Router

Quantum support very flexible network topologies, this section we talk about several typical modes.

1. No L3-agent, physical network takes L3 function directly

No-L3-Agent-Physical-Router-used

  • For this kind of network, we only need to create tenant network and its subnet, that’s all, no router needs to be created since physical router takes care of L3 function.
`#Create tenant network and subnet`
`[root``@gateway``-``1``~]# quantum net-create direct-net --provider:network_type=vlan --provider:physical_network=physnet1  --provider:segmentation_id=``2000`
`[root``@gateway``-``1``~]# quantum subnet-create --name direct-subnet direct-net --gateway ``10.68``.``111.1`   `10.68``.``111.0``/``24`
`[root``@gateway``-``1``~]# quantum net-list`
`+--------------------------------------+-------------+-----------------------------------------------------+`
`| id                                   | name        | subnets                                             |`
`+--------------------------------------+-------------+-----------------------------------------------------+`
`| ad385ea8-05c9-``4675``-a17e-90ebb00517c6 | direct-net  | c8756518-b27f-468f-b011-84633a377bae ``10.68``.``111.0``/``24``|`
`+--------------------------------------+-------------+-----------------------------------------------------+`
- Launch VM with this network, and test network
`#Launch a VM with the network we created above`
`[root``@controller``-``1``~(keystone_admin)]# nova boot --flavor m1.small --image  f1e5e50a-``2668``-``4627``-bcd4-769a0dbe28d3 --nic net-id=ad385ea8-05c9-``4675``-a17e-90ebb00517c6 vm-with-direct-net`
` `
`#Check the VM`
`[root``@controller``-``1``~(keystone_admin)]# nova list`
`+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+`
`| ID                                   | Name                      | Status | Networks                                                               |`
`+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+`
`| 7f767aae-b683-488d-af30-863bb4efdbeb | vm-with-direct-net        | ACTIVE | direct-net=``10.68``.``111.2`                                                 `|`
`+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+`
` `
`#From the VM, check routes and  ``try``to access gateway and external world`
`[root``@10``-``68``-``111``-``2``~]# route -n`
`Kernel IP routing table`
`Destination     Gateway         Genmask         Flags Metric Ref    Use Iface`
`10.68``.``111.0`     `0.0``.``0.0`         `255.255``.``255.0`   `U     ``0`      `0`        `0``eth0`
`0.0``.``0.0`         `10.68``.``111.1`     `0.0``.``0.0`         `UG    ``0`      `0`        `0``eth0`
` `
`[root``@10``-``68``-``111``-``2``~]# ping ``10.68``.``111.1`
`PING ``10.68``.``111.1``(``10.68``.``111.1``) ``56``(``84``) bytes of data.`
`64``bytes from ``10.68``.``111.1``: icmp_seq=``1``ttl=``255``time=``0.565``ms`
`64``bytes from ``10.68``.``111.1``: icmp_seq=``2``ttl=``255``time=``0.655``ms`
 
`[root``@10``-``68``-``111``-``2``~]# ping ``10.56``.``130.139`
`PING ``10.56``.``130.139``(``10.56``.``130.139``) ``56``(``84``) bytes of data.`
`64``bytes from ``10.56``.``130.139``: icmp_seq=``1``ttl=``255``time=``0.815``ms`
`64``bytes from ``10.56``.``130.139``: icmp_seq=``2``ttl=``255``time=``0.925``ms`
In this case, we specify this tenant work to use physical network(vlan 2000) directly without L3-agent, so VM external traffic goes out via physical router directly. - Benifit of this mode: Physical network takes care of L3 traffic directly, no L3-agent traffic bottleneck pressure.  Native physical network HA can be used(VRRP/HSRP). - Disadvantage of this mode: Since no L3 agent involved, meta-data service can NOT work directly for VMs using this network mode. Workaround is need, which is out of scope of this post. Also Elastic(floating) IP function does not work for this mode. ## 2. One shared router connecting networks of multiple tenants [![Shared-vRouter-for-2-tenants](http://res.cloudinary.com/dht7ndkba/image/upload/v1444739695/shared-vrouter-for-2-tenants_gqlkke.jpg)](http://res.cloudinary.com/dht7ndkba/image/upload/v1444739695/shared-vrouter-for-2-tenants_gqlkke.jpg) - Create tenant A and tenant B networks, here we use admin and ncep tenants as example
`#Get tenant list`
`[root``@gateway``-``1``~]# keystone tenant-list`
`+----------------------------------+---------+---------+`
`|                id                |   name  | enabled |`
`+----------------------------------+---------+---------+`
`| 8ad295a5fac84759b5770fef059861a6 |  admin  |   True  |`
`| 45f69c2ba1e34f61ab7e86a81605589d |   ncep  |   True  |`
`| ef1716b3b580460ba0402da01bac8243 | service |   True  |`
`+----------------------------------+---------+---------+`
` `
`#Create admin-net and ncep-net ``for``admin and ncep tenant`
`[root``@gateway``-``1``~]# quantum net-create --tenant-id  8ad295a5fac84759b5770fef059861a6  admin-net  `
`[root``@gateway``-``1``~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net                            `
` `
`#Create admin-subnet and ncep-subnet`
`[root``@gateway``-``1``~]# quantum subnet-create --tenant-id  8ad295a5fac84759b5770fef059861a6 --name admin-subnet admin-net ``192.168``.``0.0``/``24`
`[root``@gateway``-``1``~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet ncep-net ``10.20``.``20.0``/``24`
- Create shared router, connect 2 tenants networks to the router
`#Create router on tenant admin`
`[root``@gateway``-``1``~]# quantum router-create --tenant-id  8ad295a5fac84759b5770fef059861a6 admin-router`
` `
`#Link both admin-subnet and ncep-subnet to admin-router`
`[root``@gateway``-``1``~]# quantum  router-``interface``-add  admin-router admin-subnet`
`Added ``interface``to router admin-router`
`[root``@gateway``-``1``~]# quantum  router-``interface``-add  admin-router ncep-subnet      `
`Added ``interface``to router admin-router`
` `
`#List ports of admin-router`
`[root``@gateway``-``1``~]# quantum router-port-list admin-router`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| id                                   | name | mac_address       | fixed_ips                                                                            |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| 184bdc43-b832-475c-9fbb-54be53edf3c4 |      | fa:``16``:3e:b5:``45``:``14``| {``"subnet_id"``: ``"78a7f776-e465-41bd-86ef-937363bd09a1"``, ``"ip_address"``: ``"192.168.0.1"``}   |`
`| ceb480b5-``5610``-4f4c-92d0-fad5eaf2afca |      | fa:``16``:3e:``80``:5b:``72``| {``"subnet_id"``: ``"fc0a9d79-1ed0-41ee-b32a-cc57905325b4"``, ``"ip_address"``: ``"10.20.20.1"``}    |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
- Create external network, set it as gateway of admin-router
`#Create external net and subnet with floating IP range`
`[root``@gateway``-``1``~]# quantum net-create ext_net --router:external=True`
`[root``@gateway``-``1``~]# quantum subnet-create --name subext_net ext_net --allocation-pool start=``10.68``.``124.100``,end=``10.68``.``124.200``10.68``.``124.0``/``24``-- --enable_dhcp=False `
` `
`#Set the external network as gateway of admin-router`
`[root``@gateway``-``1``~]# quantum router-gateway-set admin-router ext_net`
`Set gateway ``for``router admin-router`

3. Per-tenant routers with own tenant networks

Per-Tenant-Routers

  • Create one tenant A network and 2 tenant B networks, here we use admin and ncep tenants as example
`#Get tenant list`
`[root``@gateway``-``1``~]# keystone tenant-list`
`+----------------------------------+---------+---------+`
`|                id                |   name  | enabled |`
`+----------------------------------+---------+---------+`
`| 8ad295a5fac84759b5770fef059861a6 |  admin  |   True  |`
`| 45f69c2ba1e34f61ab7e86a81605589d |   ncep  |   True  |`
`| ef1716b3b580460ba0402da01bac8243 | service |   True  |`
`+----------------------------------+---------+---------+`
` `
`#Create admin-net ``for``admin tenant, ncep-net and ncep-netn-``2``for``ncep tenant`
`[root``@gateway``-``1``~]# quantum net-create --tenant-id  8ad295a5fac84759b5770fef059861a6  admin-net  `
`[root``@gateway``-``1``~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net`
`[root``@gateway``-``1``~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net-``2`
` `
`#Create admin-subnet, ncep-subnet and ncep-subnet-``2`
`[root``@gateway``-``1``~]# quantum subnet-create --tenant-id  8ad295a5fac84759b5770fef059861a6 --name admin-subnet admin-net ``192.168``.``0.0``/``24`
`[root``@gateway``-``1``~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet ncep-net ``10.20``.``20.0``/``24`
`[root``@gateway``-``1``~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet-``2``ncep-net-``2``192.168``.``0.0``/``24`
` `
`##Since we enabled namespace, admin-subnet and ncep-net-``2``can use overlapping IP range.`
- Create  2 routers for each tenant, link subnets to their own tenant routers
`#Create admin-router and ncep-router ``for``each tenant`
`[root``@gateway``-``1``~]# quantum router-create --tenant-id  8ad295a5fac84759b5770fef059861a6 admin-router`
`[root``@gateway``-``1``~]# quantum router-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d   ncep-router                               `
` `
`#Link admin-subnet to admin-router, ncep-subnet to ncep-router`
`[root``@gateway``-``1``~]# quantum  router-``interface``-add  admin-router admin-subnet`
`Added ``interface``to router admin-router`
`[root``@gateway``-``1``~]# quantum  router-``interface``-add  ncep-router ncep-subnet      `
`Added ``interface``to router ncep-router`
`[root``@gateway``-``1``~]# quantum  router-``interface``-add  ncep-router ncep-subnet-``2`
`Added ``interface``to router ncep-router`
- Create external network, set it as gateway of admin-router and ncep-router
`#Create external net and subnet with floating IP range`
`[root``@gateway``-``1``~]# quantum net-create ext_net --router:external=True`
`[root``@gateway``-``1``~]# quantum subnet-create --name subext_net ext_net --allocation-pool start=``10.68``.``124.100``,end=``10.68``.``124.200``10.68``.``124.0``/``24``-- --enable_dhcp=False `
` `
`#Set the external network as gateway of admin-router and ncep-router`
`[root``@gateway``-``1``~]# quantum router-gateway-set admin-router ext_net`
`Set gateway ``for``router admin-router`
` [root``@gateway``-``1``~]# quantum router-gateway-set ncep-router ext_net`
`Set gateway ``for``router admin-router`
- Let’s check port list of each router
`[root``@gateway``-``1``~]# quantum router-port-list admin-router         `
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| id                                   | name | mac_address       | fixed_ips                                                                            |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| 184bdc43-b832-475c-9fbb-54be53edf3c4 |      | fa:``16``:3e:b5:``45``:``14``| {``"subnet_id"``: ``"78a7f776-e465-41bd-86ef-937363bd09a1"``, ``"ip_address"``: ``"192.168.0.1"``}   |`
`| 3482fb00-c951-4c36-86ab-04054dc51534 |      | fa:``16``:3e:``14``:2c:0f | {``"subnet_id"``: ``"cfa7243a-1d02-429f-95fa-d384d6112c04"``, ``"ip_address"``: ``"10.68.124.100"``} |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
 
 
`[root``@gateway``-``1``~]# quantum router-port-list ncep-router `
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| id                                   | name | mac_address       | fixed_ips                                                                            |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`
`| 041535fb-46b3-412d-8e96-e392eb005d23 |      | fa:``16``:3e:fc:fe:``49``| {``"subnet_id"``: ``"fc0a9d79-1ed0-41ee-b32a-cc57905325b4"``, ``"ip_address"``: ``"10.20.20.1"``}    |`
`| 58de8679-95d5-447f-b9e7-f2a48e4ccf06 |      | fa:``16``:3e:7e:9e:ea | {``"subnet_id"``: ``"cfa7243a-1d02-429f-95fa-d384d6112c04"``, ``"ip_address"``: ``"10.68.124.101"``} |`
`| 65f41f9c-693b-4d76-a7db-713ed3a780be |      | fa:``16``:3e:5c:``38``:``09``| {``"subnet_id"``: ``"4c687636-5c61-43bd-8dcf-cd626f09baef"``, ``"ip_address"``: ``"192.168.0.1"``}   |`
`+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+`