Featured

OpenStack Neutron – Networking In Cloud Demystified

Check out this step-by-step article that talks about the behind-the-scenes of networking and how virtual machines are connected to the outside world (internet).

January 5, 2024
image

Introduction

Openstack Neutron – OpenStack Project that deals with software-defined networking services in a cloud environment. When we try to find how the networking components of OpenStack internally work, google is full of pictures all over, beautiful pictures but understanding it will be quite a challenge. So, decided to write an article on it and take it step by step to understand the networking behind the scenes and how virtual machines get connected to the outside world (internet) by creating diagrams of my own that would be easy to understand. Neutron is the most likely the toughest topic of all in the OpenStack architecture to understand for all openstack beginners.

We will be following the below sequence to understand the concept in detail.

  • Physical wiring of ethernet using two ethernet interfaces
    • (Two cables, we will create a bonding)
  • Ethernet bonding
    • (Doubles the speed, and increases reliability, active-active)
  • Ethernet tagging
    • (That’s why we need only 2 interfaces)
  • Network function virtualization (NFV)
    • OpenStack will not help you, you have to put this in place by yourself.
  • Tie all the above together in a single and final picture

(a) Advantages of Bonding

  • Spec: 802.3ad
  • Active-active mechanism
  • Aggregate traffic balances on both cables
  • Individual flows do NOT balance
  • If any connection fails, traffic moves the connection that is active (100 Ms failover time)

(b) How to do ethernet bonding

Network config file/etc/network.interfaces

Note: Below is a Debian system example, if rpm based system makes necessary changes)

auto bond0
       iface bond0 inet manual
       bond-mode 802.3ad
       bond-miimon 200
       bond-slaves none
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

#Bond Slave
auto etho_interface.stdout
       iface eth0_interface.stdout inet manual
       bond-master bond0
       bond-primary eth0_interface.stdout

#Bond Slave
auto eth1_interface.stdout
       iface eth1_interface.stdout inet manual
       bond-master bond0

 

(c) How to set up the VLAN trunk for management & provider network

Network config file/etc/network.interfaces

(Debian system, if the non-Debian system makes necessary changes)

#Management VLAN
auto bond0.1600
       iface bond0.1600 inet manual
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

#Provider VLAN
auto bond0.1200
       iface bond0.1200 inet manual
       up ip link set dev $IFACE up
       down ip link set dev $IFACE down

 

(d) Network Function virtualization (NFV)

1) Create the management bridge

sudo ovs-vsctl add-br br-mgmt

2) Attach the VLAN 1600 interface to the management bridge

sudo ovs-vsctl add-port br-mgmt bond0.1600

3) Create the provider bridge

sudo ovs-vsctl add-br br-ex

4) Attach the VLAN 1200 interface to the management bridge

sudo ovs-vsctl add-port br-ex bond0.1200

5) Create the VLAN bridge

sudo ovs-vsctl add-br br-vlan

6) Attach all VLAN (trunk) to the VLAN bridge

sudo ovs-vsctl add-port br-vlan bond0

 

 

(e) Eight Network Function Virtualization Components

1) Tap interface

  • One end of VM is referred to as Virtual NIC
  • Other end into (5), (6), (7) or (8)

2) veth

  • One-end Openstack Controller, Network, Block or Object Storage nodes
  • Other end into (6), (7) or (8) cannot be plugged into a Virtual Machine

3) Bridge internal (OVS Only)

4) Patch (OVS Only)

5) IP Tables

6) Linux Network Stack (Namespace “ip netns”)

  • If we put IPTables inside of the namespace, we configure IpTables we can make the namespace perform as a router/NAT/LoadBalancer, etc.

7) OVS (OpenvSwitch)

8) Linux Bridge

 

(Namespace creates an isolated virtual linux network stack (It may include dnsmasq, virtual router, private networks & subnets, etc…)

 

 

 

Note: We may use OVS or Linux Bridge (Actually both are competitors)

Linux Bridge Vs Open vSwitch

(f) Conclusion

In summary, the article “OpenStack Neutron – Networking in Cloud Demystified (Network Function Virtualization)” illuminates the vital role of OpenStack Neutron in managing networking services within cloud environments. As the backbone of OpenStack’s networking capabilities, Neutron enables agile and scalable solutions.

The exploration of Network Function Virtualization (NFV) emphasizes how Neutron facilitates the virtualization of network functions, promoting efficiency and cost-effectiveness by decoupling functions from dedicated hardware. The article covers Neutron’s key components and features, highlighting its adaptability to diverse networking needs.

In the dynamic landscape of cloud computing, a well-managed networking infrastructure is crucial. OpenStack Neutron emerges as a powerful tool for addressing cloud networking challenges, offering on-demand, scalable, and programmable services. This article serves as a concise guide for understanding Neutron’s role in Network Function Virtualization, providing insights for building resilient and efficient cloud networks in today’s computing environments.

 

ABOUT PINAKASTRA

Pinakastra is an organization committed to making cloud computing infrastructure more accessible to enterprises, academia & research organizations by helping them in IT infrastructure consolidation through the Pinakastra™ cloud platform.

 

HAPPY LEARNING!

 

Tags: , , ,

Ajith Narayanan
Latest posts by Ajith Narayanan (see all)