OpenStack Tutorial: Neutron Prerequisites for Linux/KVM
This OpenStack tutorial describes hardware requirements and prerequisites to prepare your servers to leverage OpenStack Neutron with Linux/KVM.
For a general description of Neutron networking concepts, refer to this Tutorial: Networking with OpenStack Neutron Basic Concepts
IMPORTANT: This pre-requisites documents assumes VLAN based networking.
Hardware Requirements
- 1 dedicated server node to act as ‘network node.’ This node is utilized for deploying OpenStack default routing components, DHCP server(s) for tenant networks, etc. We recommend creating a dedicated network node, that isn’t otherwise utilized to run virtual machines if:
- you plan to run more than 50 virtual machines in your Platform9 setup, and/or
- you plan to deploy more than 10 networks
- you plan to use OpenStack default implementation of Neutron – i.e., not leverage a third-party vendor for Neutron implementation
- The Neutron node server should have the following config:
- CentOS 7.1 installed
- CentOS kernel version must be at least at version 3.10.0-229.el7.x86_64
- Atleast 3 network interfaces –
- 1 dedicated to virtual machine traffic – This interface will be used to route traffic for the VLAN based private/tenant networks created via Neutron.Therefore it must be trunked for all VLAN IDs that you plan to supply to Neutron for Tenant/private networking.
- 2nd dedicated to management network traffic – This network is usually configured with it’s own VLAN ID. We also recommend that you make this the interface that also allows outbound https access for the Platform9 host agent to communicate with the controller.
- 3rd interface dedicated to external network traffic – This network is usually configured with it’s own VLAN ID. This interface will be used to route all outbound traffic for all VMs that get a floating IP address. Therefore your default route for this server must be configured with the same gateway that this interface is configured with.
- Each Hypervisor server you plan to add to Platform9 as compute node should have the following config:
- CentOS 7.1 installed
- CentOS kernel version must be at least at version 3.10.0-229.el7.x86_64
- At least 2 network interfaces –
- 1 dedicated to virtual machine traffic -This interface will be used to route traffic for the VLAN based private/tenant networks created via Neutron.Therefore it must be trunked for all VLAN IDs that you plan to supply to Neutron for Tenant/private networking.
- 2nd dedicated to management network traffic -This network is usually configured with it’s own VLAN ID. We also recommend that you make this the interface that also allows outbound https access for the Platform9 host agent to communicate with the controller.
Prepare Your Linux/KVM Physical Servers for Neutron
In order to run OpenStack Neutron, each of your physical hypervisors as well as the Neutron network node must be prepared with following steps.
Step 1 – Set appropriate kernel parameters in sysctl.conf
Enable following kernel parameters by editing sysctl.conf and adding following lines to it.
[bash]net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1[/bash]
For the Network Node only, add this additional parameter to sysctl.conf
[bash]net.ipv4.ip_forward=1[/bash]
Persist the above changes
Step 2 – Install Platform9 yum repository
This is required so that you can pull the Open vSwitch package provided by Platform9.
[bash]yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm[/bash]IMPORTANT: If selinux is installed on your host, then it is recommended to be in “permissive” mode when using Open vSwitch (OVS). If the above steps fail and openvswitch does not start you will want to check your SELinux settings.
Check the status of SELinux
[bash]getenforce[/bash]If the output does not say permissive, you will need to set it to permissive:
[bash]setenforce 0[/bash]To persist selinux configuration edit the /etc/sysconfig/selinux file and change the “SELINUX” variable to “PERMISSIVE”
[bash]SELINUX=PERMISSIVE[/bash]For more information on SELINUX and disabling it take a look at this article.
Install the Open vSwitch package provided by the Platform9 yum repository and ensure the service is enabled
[bash]yum -y install –disablerepo=”*” –enablerepo=”platform9-neutron-el7-repo” openvswitchsystemctl enable openvswitch
systemctl start openvswitch[/bash]
Step 3 – Load the VLAN kernel module
[bash]modprobe 8021q[/bash]At this point, you have Open vSwitch enabled and running on your physical server.
Step 4 – Create an OVS bridge for data network
Now you need to create bridges associated with the Open vSwitch that will be used by Neutron
The first bridge (br-vlan) is for VM data network and to integrate with VLANs.
Follow these commands to create the bridge and map it to your data network interface:
[bash linenum=”false”]ifconfig <interface-name> 0ovs-vsctl add-br br-vlan
# map the bridge to the physical interface dedicated to VLANs
ovs-vsctl add-port br-vlan <interface-name>[/bash]
Persist the configuration for the bridge so it stay across server reboots.
(A) If this is a brand new server – and the physical interface being associated with the bridge does not have an IP address mapped to it, just create a new network script file for the bridge we just created, and persist with appropriate properties.
[bash]vi /etc/sysconfig/network-scripts/ifcfg-br-vlan[/bash]Here’s a sample content for ifcfg-br-vlan (you should tweak this per your networking setup)
[code lang=”plaintext” linenum=”false”]#### Device name matches the name of the script after the ifcfg- part.
DEVICE=”br-vlan”
#### BOOTPROTO “none” for static IPs, or “dhcp” for dynamic. If “dhcp”, remove the next 5 entries.
BOOTPROTO=”none”
BROADCAST=”192.168.1.255″
GATEWAY=”192.168.1.1″
IPADDR=”192.168.1.20″
NETMASK=”255.255.255.0″
DNS1=”192.168.1.1″
ONBOOT=”yes”
TYPE=”OVSBridge”
DEVICETYPE=”ovs”[/code]
[bash]vi /etc/sysconfig/network-scripts/ifcfg-eth1[/bash]
Here’s a sample content for ifcfg-eth1 (you should tweak this per your networking setup)
[code lang=”plaintext” linenum=”false”]DEVICE=”eth1″
ONBOOT=”yes”
TYPE=”OVSPort”
DEVICETYPE=”ovs”
OVS_BRIDGE=”br-vlan”[/code]
(B) If the physical interface are associating with this bridge already has an IP address assigned and this configuration is persisted, you need to ensure that the address successfully transfers to the bridge, once the bridge is assigned to the interface.
If a file existing for the physical interface (ifcfg-<interface-name>), we recommend that you copy over the content to the new network script file being created for the new bridge, then modify the network script file for the network interface as shown above (ifcfg-eth1)
Finally, validate that a network script file exists for the new bridge.
[bash]ls /etc/sysconfig/network-scripts[/bash]Restart networking.
[bash]systemctl restart network.service[/bash]IMPORTANT: You might have captured IP address mapping for your network interfaces in your init file as another way to make it persist across reboots. If so, it’s important to remove that entry for the network interfaces.
Step 4 (On Network node only) – Create an OVS bridge for external network
In addition, on the network node, you need to create another bridge and map to the interface that corresponds to external network.
[bash]ifconfig <external-interface-name> 0ovs-vsctl add-br br-ext
# map the bridge to the eth interface that corresponds to the external network
ovs-vsctl add-port br-ext <external-interface-name>[/bash]
Follow Step 4 A/B for br-ext.
At this point, your OpenStack Neutron prerequisites are satisfied, and you are ready to start configuring Neutron via the Platform9 interface!