Neutron, a network service for OpenStack, is a pluggable, scalable and API-driven system for managing networks and IP addresses. It also provides a variety of network services ranging from L3 forwarding and NAT to load balancing, edge firewalls and IPSEC VPN.
Neutron manages software-defined networking and can be configured for advanced virtual network topologies, such as per-tenant private networks and others. Its object abstractions include networks, subnets and routers. Each has functionality that mimics its physical counterpart: networks contain subnets, and routers route traffic between different subnets and networks.
Neutron setup includes two types of networks:
External network represents network that is accessible outside the OpenStack installation. IP addresses on the Neutron external network are accessible by anyone outside the network and DHCP is disabled.
Internal networks are software-defined networks connect directly to VMs. Only VMs on any given internal network, or those on subnets connected through interfaces to a similar router, can access VMs directly connected to that network. Outside network to access VMs, and vice versa, requires routers between them. Each router has one gateway connected to a network and many interfaces connected to subnets. Like a physical router, subnets can access machines on other subnets that are connected to the same router, and machines can access the outside network through the router gateway.
IP addresses on an external network are allocated to ports on the internal network, which allows entities outside the network to access VM using external IP. Whenever something is connected to a subnet, that connection is called a port.
Neutron also supports security groups that enable administrators to define firewall rules in groups. A VM can belong to one or more security groups, and Neutron applies the rules in those security groups to block or unblock ports, port ranges or traffic types for that VM.
Additionally, Firewall-as-a-Service (FWaaS) and Load-Balancing-as-a-Service (LBaaS) plug-ins are available.
Install Neutron services.
# apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-l3-agent
Create database. Neutron uses a database to store information. We’ll use MySQL as the default database.
> create database neutron;
> grant all privileges on neutron.* to neutronUser@localhost identified by ‘StrongPass’;
> grant all privileges on neutron.* to neutronUser@'%' identified by ‘StrongPass’;
Create neutron user and add this user to tenant service with role admin.
# keystone user-create --name=neutron --pass=90b68569e6da --email@example.com
# keystone user-role-add --user=neutron --tenant=service --role=admin
Register neutron service at keystone.
# keystone service-create --name=neutron --type=network --description="OpenStack Networking Service"
Create neutron endpoint by using the previously generated neutron service id as the service-id.
# keystone endpoint-create --service-id a3f9c625a3b9443f8e66bf4e5de2349f --publicurl http://192.168.100.10:9696 --adminurl http://192.168.100.10:9696 --internalurl http://192.168.100.10:9696
Watch out for the next post on how to install Nova.