Neutron Prerequisites for Linux/KVM with Overlay Networking (VXLAN/GRE)
This OpenStack tutorial describes hardware requirements and prerequisites to prepare your servers to leverage OpenStack Neutron with Linux/KVM for Overlay tenant networks (VXLAN/GRE)
For a general description of Neutron networking concepts, refer to this Tutorial: Networking with OpenStack Neutron Basic Concepts
IMPORTANT: This prerequisites documents assumes Overlays-based tenant networks. For VLAN-only Neutron tenant networking please refer to this article and for a mixed support of both VLAN and Overlays, please refer to this article.
Hardware Requirements
- One dedicated server node to act as ‘network node.’ This node is utilized for deploying OpenStack default routing components, DHCP server(s) for tenant networks, etc. We recommend creating a dedicated network node, that isn’t otherwise utilized to run virtual machines if:
- You plan to run more than 50 virtual machines in your Platform9 setup, and/or
- You plan to deploy more than 10 networks
- You plan to use OpenStack default implementation of Neutron – i.e., not leverage a third-party vendor for Neutron implementation
- The Neutron node server should have the following config:
- CentOS 7.1 installed
- CentOS kernel version must be at least at version 3.10.0-229.el7.x86_64
- At least three network interfaces –
- First one dedicated to virtual machine traffic – This interface will be used to route traffic for the VXLAN or GRE based private/tenant networks created via Neutron.Therefore it must have IP level connectivity with other hosts through the interface IP.
- Second one dedicated to management network traffic – This network is usually configured with its own VLAN ID. We also recommend that you make this the interface that also allows outbound https access for the Platform9 host agent to communicate with the controller.
- Third interface dedicated to external network traffic – This network is usually configured with its own VLAN ID. This interface will be used to route all outbound traffic for all VMs that get a floating IP address. Therefore your default route for this server must be configured with the same gateway that this interface is configured with.
- Each hypervisor server you plan to add to Platform9 as compute node should have the following config:
- CentOS 7.1 installed
- CentOS kernel version must be at least at version 3.10.0-229.el7.x86_64
- At least two network interfaces –
- One dedicated to virtual machine traffic -This interface will be used to route traffic for the VXLAN or GRE based private/tenant networks created via Neutron. Therefore it must have IP level connectivity with other hosts through the interface IP.
- Second one dedicated to management network traffic -This network is usually configured with it’s own VLAN ID. We also recommend that you make this the interface that also allows outbound https access for the Platform9 host agent to communicate with the controller.
Prepare Your Linux/KVM Physical Servers for Neutron
In order to run OpenStack Neutron, each of your physical hypervisors as well as the Neutron network node must be prepared with following steps.
Step 1: Set appropriate kernel parameters in sysctl.conf
Enable following kernel parameters by editing sysctl.conf and adding following lines to it.
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
For the Network Node only, add this additional parameter to sysctl.conf
net.ipv4.ip_forward=1Persist the above changes by running the following command form the command-line:
sysctl -p
Step 2: Install Platform9 yum repository
This is required so that you can pull the Open vSwitch package provided by Platform9.
yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm
IMPORTANT: If SELinux is installed on your host, then it is recommended to be in “permissive” mode when using Open vSwitch (OVS). If the above steps fail and Open vSwitch does not start you will want to check your SELinux settings.
Check the status of SELinux:
getenforce
If the output does not say permissive, you will need to set it to permissive:
setenforce 0
To persist SELinux configuration edit the /etc/sysconfig/selinux file and change the “SELINUX” variable to “PERMISSIVE”
SELINUX=PERMISSIVE
For more information on SELinux and disabling it take a look at this article.
Install the Open vSwitch package provided by the Platform9 yum repository and ensure the service is enabled
yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch
systemctl enable openvswitch
systemctl start openvswitch
Step 3 (On Network node only): Create an OVS bridge for external network
In addition, on the network node, you need to create another bridge and map to the interface that corresponds to external network.
ifconfig0
ovs-vsctl add-br br-ext
# map the bridge to the eth interface that corresponds to the external network
ovs-vsctl add-port br-ext
Make sure the configuration persists across reboots. If you are using network scripts, it will look something like the samples below.
vi /etc/sysconfig/network-scripts/ifcfg-br-ext
DEVICE="br-ext" #### Device name matches the name of the script after the ifcfg- part.
BOOTPROTO="none" #### "dhcp" depending on what you need. If DHCP remove the next 5 entries.
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
IPADDR="192.168.1.20"
NETMASK="255.255.255.0"
DNS1="192.168.1.1"
ONBOOT="yes"
TYPE="OVSBridge"
DEVICETYPE="ovs"
Here’s a sample content for ifcfg-eth2 (you should tweak this per your networking setup)
vi /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE="eth2"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ext"
At this point, your OpenStack Neutron prerequisites are satisfied, and you are ready to start configuring Neutron via the Platform9 interface!