Openstack Quantum supported network topologies

Leave a comment

August 8, 2013 by kimizhang

Quantum support very flexible network topologies, this section we talk about several typical modes.

1. No L3-agent, physical network takes L3 function directly

No-L3-Agent-Physical-Router-used

  • For this kind of network, we only need to create tenant network and its subnet, that’s all, no router needs to be created since physical router takes care of L3 function.
#Create tenant network and subnet
[root@gateway-1 ~]# quantum net-create direct-net --provider:network_type=vlan --provider:physical_network=physnet1  --provider:segmentation_id=2000
[root@gateway-1 ~]# quantum subnet-create --name direct-subnet direct-net --gateway 10.68.111.1   10.68.111.0/24
[root@gateway-1 ~]# quantum net-list
+--------------------------------------+-------------+-----------------------------------------------------+
| id                                   | name        | subnets                                             |
+--------------------------------------+-------------+-----------------------------------------------------+
| ad385ea8-05c9-4675-a17e-90ebb00517c6 | direct-net  | c8756518-b27f-468f-b011-84633a377bae 10.68.111.0/24 |
+--------------------------------------+-------------+-----------------------------------------------------+
  • Launch VM with this network, and test network
#Launch a VM with the network we created above
[root@controller-1 ~(keystone_admin)]# nova boot --flavor m1.small --image  f1e5e50a-2668-4627-bcd4-769a0dbe28d3 --nic net-id=ad385ea8-05c9-4675-a17e-90ebb00517c6 vm-with-direct-net
 
#Check the VM
[root@controller-1 ~(keystone_admin)]# nova list
+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+
| ID                                   | Name                      | Status | Networks                                                               |
+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+
| 7f767aae-b683-488d-af30-863bb4efdbeb | vm-with-direct-net        | ACTIVE | direct-net=10.68.111.2                                                 |
+--------------------------------------+---------------------------+--------+------------------------------------------------------------------------+
 
#From the VM, check routes and  try to access gateway and external world
[root@10-68-111-2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.68.111.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         10.68.111.1     0.0.0.0         UG    0      0        0 eth0
 
[root@10-68-111-2 ~]# ping 10.68.111.1
PING 10.68.111.1 (10.68.111.1) 56(84) bytes of data.
64 bytes from 10.68.111.1: icmp_seq=1 ttl=255 time=0.565 ms
64 bytes from 10.68.111.1: icmp_seq=2 ttl=255 time=0.655 ms
 
[root@10-68-111-2 ~]# ping 10.56.130.139
PING 10.56.130.139 (10.56.130.139) 56(84) bytes of data.
64 bytes from 10.56.130.139: icmp_seq=1 ttl=255 time=0.815 ms
64 bytes from 10.56.130.139: icmp_seq=2 ttl=255 time=0.925 ms

In this case, we specify this tenant work to use physical network(vlan 2000) directly without L3-agent, so VM external traffic goes out via physical router directly.

  • Benifit of this mode: Physical network takes care of L3 traffic directly, no L3-agent traffic bottleneck pressure.  Native physical network HA can be used(VRRP/HSRP).
  • Disadvantage of this mode: Since no L3 agent involved, meta-data service can NOT work directly for VMs using this network mode. Workaround is need, which is out of scope of this post. Also Elastic(floating) IP function does not work for this mode.

2. One shared router connecting networks of multiple tenants

Shared-vRouter-for-2-tenants

  • Create tenant A and tenant B networks, here we use admin and ncep tenants as example
#Get tenant list
[root@gateway-1 ~]# keystone tenant-list
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 8ad295a5fac84759b5770fef059861a6 |  admin  |   True  |
| 45f69c2ba1e34f61ab7e86a81605589d |   ncep  |   True  |
| ef1716b3b580460ba0402da01bac8243 | service |   True  |
+----------------------------------+---------+---------+
 
#Create admin-net and ncep-net for admin and ncep tenant
[root@gateway-1 ~]# quantum net-create --tenant-id  8ad295a5fac84759b5770fef059861a6  admin-net 
[root@gateway-1 ~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net                           
 
#Create admin-subnet and ncep-subnet
[root@gateway-1 ~]# quantum subnet-create --tenant-id  8ad295a5fac84759b5770fef059861a6 --name admin-subnet admin-net 192.168.0.0/24
[root@gateway-1 ~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet ncep-net 10.20.20.0/24
  • Create shared router, connect 2 tenants networks to the router
#Create router on tenant admin
[root@gateway-1 ~]# quantum router-create --tenant-id  8ad295a5fac84759b5770fef059861a6 admin-router
 
#Link both admin-subnet and ncep-subnet to admin-router
[root@gateway-1 ~]# quantum  router-interface-add  admin-router admin-subnet
Added interface to router admin-router
[root@gateway-1 ~]# quantum  router-interface-add  admin-router ncep-subnet     
Added interface to router admin-router
 
#List ports of admin-router
[root@gateway-1 ~]# quantum router-port-list admin-router
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 184bdc43-b832-475c-9fbb-54be53edf3c4 |      | fa:16:3e:b5:45:14 | {"subnet_id": "78a7f776-e465-41bd-86ef-937363bd09a1", "ip_address": "192.168.0.1"}   |
| ceb480b5-5610-4f4c-92d0-fad5eaf2afca |      | fa:16:3e:80:5b:72 | {"subnet_id": "fc0a9d79-1ed0-41ee-b32a-cc57905325b4", "ip_address": "10.20.20.1"}    |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
  • Create external network, set it as gateway of admin-router
#Create external net and subnet with floating IP range
[root@gateway-1 ~]# quantum net-create ext_net --router:external=True
[root@gateway-1 ~]# quantum subnet-create --name subext_net ext_net --allocation-pool start=10.68.124.100,end=10.68.124.200 10.68.124.0/24 -- --enable_dhcp=False 
 
#Set the external network as gateway of admin-router
[root@gateway-1 ~]# quantum router-gateway-set admin-router ext_net
Set gateway for router admin-router

3. Per-tenant routers with own tenant networks

Per-Tenant-Routers

  • Create one tenant A network and 2 tenant B networks, here we use admin and ncep tenants as example
#Get tenant list
[root@gateway-1 ~]# keystone tenant-list
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 8ad295a5fac84759b5770fef059861a6 |  admin  |   True  |
| 45f69c2ba1e34f61ab7e86a81605589d |   ncep  |   True  |
| ef1716b3b580460ba0402da01bac8243 | service |   True  |
+----------------------------------+---------+---------+
 
#Create admin-net for admin tenant, ncep-net and ncep-netn-2 for ncep tenant
[root@gateway-1 ~]# quantum net-create --tenant-id  8ad295a5fac84759b5770fef059861a6  admin-net 
[root@gateway-1 ~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net
[root@gateway-1 ~]# quantum net-create --tenant-id  45f69c2ba1e34f61ab7e86a81605589d  ncep-net-2
 
#Create admin-subnet, ncep-subnet and ncep-subnet-2
[root@gateway-1 ~]# quantum subnet-create --tenant-id  8ad295a5fac84759b5770fef059861a6 --name admin-subnet admin-net 192.168.0.0/24
[root@gateway-1 ~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet ncep-net 10.20.20.0/24
[root@gateway-1 ~]# quantum subnet-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d  --name ncep-subnet-2 ncep-net-2 192.168.0.0/24
 
##Since we enabled namespace, admin-subnet and ncep-net-2 can use overlapping IP range.
  • Create  2 routers for each tenant, link subnets to their own tenant routers
#Create admin-router and ncep-router for each tenant
[root@gateway-1 ~]# quantum router-create --tenant-id  8ad295a5fac84759b5770fef059861a6 admin-router
[root@gateway-1 ~]# quantum router-create --tenant-id 45f69c2ba1e34f61ab7e86a81605589d   ncep-router                              
 
#Link admin-subnet to admin-router, ncep-subnet to ncep-router
[root@gateway-1 ~]# quantum  router-interface-add  admin-router admin-subnet
Added interface to router admin-router
[root@gateway-1 ~]# quantum  router-interface-add  ncep-router ncep-subnet     
Added interface to router ncep-router
[root@gateway-1 ~]# quantum  router-interface-add  ncep-router ncep-subnet-2
Added interface to router ncep-router
  • Create external network, set it as gateway of admin-router and ncep-router
#Create external net and subnet with floating IP range
[root@gateway-1 ~]# quantum net-create ext_net --router:external=True
[root@gateway-1 ~]# quantum subnet-create --name subext_net ext_net --allocation-pool start=10.68.124.100,end=10.68.124.200 10.68.124.0/24 -- --enable_dhcp=False 
 
#Set the external network as gateway of admin-router and ncep-router
[root@gateway-1 ~]# quantum router-gateway-set admin-router ext_net
Set gateway for router admin-router
 [root@gateway-1 ~]# quantum router-gateway-set ncep-router ext_net
Set gateway for router admin-router
  • Let’s check port list of each router
[root@gateway-1 ~]# quantum router-port-list admin-router        
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 184bdc43-b832-475c-9fbb-54be53edf3c4 |      | fa:16:3e:b5:45:14 | {"subnet_id": "78a7f776-e465-41bd-86ef-937363bd09a1", "ip_address": "192.168.0.1"}   |
| 3482fb00-c951-4c36-86ab-04054dc51534 |      | fa:16:3e:14:2c:0f | {"subnet_id": "cfa7243a-1d02-429f-95fa-d384d6112c04", "ip_address": "10.68.124.100"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
 
 
[root@gateway-1 ~]# quantum router-port-list ncep-router
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 041535fb-46b3-412d-8e96-e392eb005d23 |      | fa:16:3e:fc:fe:49 | {"subnet_id": "fc0a9d79-1ed0-41ee-b32a-cc57905325b4", "ip_address": "10.20.20.1"}    |
| 58de8679-95d5-447f-b9e7-f2a48e4ccf06 |      | fa:16:3e:7e:9e:ea | {"subnet_id": "cfa7243a-1d02-429f-95fa-d384d6112c04", "ip_address": "10.68.124.101"} |
| 65f41f9c-693b-4d76-a7db-713ed3a780be |      | fa:16:3e:5c:38:09 | {"subnet_id": "4c687636-5c61-43bd-8dcf-cd626f09baef", "ip_address": "192.168.0.1"}   |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: