wide-open-spaces-2021-08-31-22-42-30-utc

Neutron Networks

 

openstack lbaas architecture

 

Neutron Networks

In today’s digital age, connectivity has become essential to our personal and professional lives. As the demand for seamless and reliable network connections grows, businesses seek innovative solutions to meet their networking needs. One such solution that has gained significant attention is Neutron Networks. In this blog post, we will delve into Neutron Networks, exploring its features, benefits, and how it is revolutionizing connectivity.

Neutron Networks is an open-source networking project within the OpenStack platform. It acts as a networking-as-a-service (NaaS) solution, providing a programmable interface for creating and managing network resources. Unlike traditional networking methods, Neutron Networks offers a flexible framework that allows users to define and control their network topology, enabling greater customization and scalability.

 

Highlights: Neutron Networks

  • The Role of OpenStack Networking

OpenStack networking and neutron networks offer virtual networking services and connectivity to and from Instances. It plays a significant role in OpenFlow and SDN adoption. The Neutron API manages the configuration of individual networks, subnets, and ports. It enhanced the original Nova-network implementation and introduced support for 3rd party plugins, such as Open vSwitch (OVS) and Linux bridge.

OVS and LinuxBridge provide Layer 2 connectivity with VLANs or Overlay encapsulation technologies, such as GRE or VXLAN. Neutron is pretty basic, but their capability is gaining momentum with each distribution release with the ability to include an OpenStack neutron load balancer.

 

You may find the following helpful post for pre-information:

  1. OpenStack Neutron Security Groups
  2. Neutron Network
  3. OpenStack Architecture

 



OpenStack Neutron Load Balancer.

Key Neutron Networks Discussion Points:


  • Introduction to Neutron networks and what is involved.

  • Highlighting the different components of Neutron networks.

  • Discussing the switching methods.

  • Technical details load balancing and OpenStack lbaas architecture.

  • A final note on HAProxy.

 

Back to Basics with Neutron Networks

OpenStack Networking

OpenStack Networking is a pluggable, API-driven approach to control networks in OpenStack. OpenStack Networking exposes a programmable application interface (API) to users and passes requests to the configured network plugins for additional processing. A virtual switch is a software application that connects virtual machines to virtual networks. The virtual switch operated at the data link layer of the OSI model, Layer 2. A considerable benefit to Neutron is that it supports multiple virtual switching platforms, including Linux bridges provided by the bridge kernel module and Open vSwitch.

 

  • A key point: Ansible and OpenStack

Ansible architecture offers excellent flexibility and can be used ways to leverage Ansible modules and playbook structures to automate frequent operations with OpenStack. With Ansible, you have a module to manage every layer of the OpenStack architecture. At the time of this writing, Ansible 2.2 includes modules to call the following APIs

  • Keystone: users, groups, roles, projects
  • Nova: servers, keypairs, security groups, flavors
  • Neutron: ports, network, subnets, routers, floating IPs
  • Ironic: nodes, introspection
  • Swift Objects
  • Cinder volumes
  • Glance images

 

Key Features of Neutron Networks:

a) Network Abstraction: Neutron Networks abstract the underlying network infrastructure, allowing users to manage and configure virtual networks without worrying about the complexities of the physical infrastructure.

b) Multi-Tenancy Support: Organizations can create isolated virtual networks with Neutron Networks, granting multiple tenants secure access to their network resources within a shared infrastructure.

c) Extensibility: Neutron Networks supports various plugins and drivers, enabling seamless integration with various networking technologies and devices.

d) Load Balancing and Firewalling: Neutron Networks offer built-in load balancing and firewalling capabilities, empowering organizations to enhance network security and optimize traffic distribution.

Benefits of Neutron Networks:

a) Improved Agility: By providing a programmable interface, Neutron Networks enables organizations to quickly adapt their network infrastructure to changing business requirements, reducing time-to-market for new applications and services.

b) Enhanced Security: Neutron Networks’ multi-tenancy support and built-in firewalling capabilities ensure secure isolation and protection of network resources, minimizing the risk of unauthorized access and data breaches.

c) Scalability and Flexibility: With Neutron Networks, businesses can quickly scale their network infrastructure up or down based on demand, ensuring optimal performance and resource utilization.

d) Cost Optimization: Neutron Networks eliminates the need for expensive physical networking equipment by leveraging virtualization, reducing capital and operational expenses associated with traditional networking approaches.

Real-World Applications of Neutron Networks:

Neutron Networks has found applications across various industries, including:

a) Cloud Service Providers: Neutron Networks enables cloud service providers to offer customers customizable and scalable networking solutions, enhancing the overall cloud experience.

b) Software-Defined Networking (SDN): Neutron Networks are a vital component of SDN architectures, allowing organizations to control and manage their network infrastructure programmatically.

c) Internet of Things (IoT): Neutron Networks provide a reliable and scalable networking solution for IoT deployments, facilitating seamless communication and data transfer between connected devices.

 

Neutron Networks

Neutron networks support a wide range of networks. Including Flat, Local, VLAN, and VXLAN/GRE-based networks. Local networks are isolated and local to the Compute node. In a FLat network, there is no VLAN tagging. VLAN-capable networks implement 802.1Q tagging; segmentation is based on VLAN tags. Similar to the physical world, hosts in VLANs are considered to be in the same broadcast domain, and inter-VLAN communication must pass a Layer 3 device.

GRE and VXLAN encapsulation technologies create the concept known as overlay networking. Network Overlays interconnect layer 2 segments over an Underlay network, commonly an IP fabric but could also be represented as a Layer 2 fabric. Their use case derives from multi-tenancy requirements and the scale limitations of VLAN-based networks.

 

The virtual switches: Open vSwitch and Linux Bridge

Open vSwitch and Linux Bridge plugins are monolithic and cannot be used simultaneously. A new plugin, introduced in Havana, called Modular Layer 2 ( ML2 ), allows the use of multiple Layer 2 plugins simultaneously. It works with existing OVS and LinuxBridge agents and is intended to replace the associated plugins.

OpenStack foundations are pretty flexible. OVS and other vendor appliances could be used parallel to manage virtual networks in an OpenStack Neutron deployment. Plugins can replace OVS with a physically managed switch to handle the virtual networks. 

 

Open vSwitch

The OVS bridge is a popular software-based switch orchestrating the underlying virtualized networking infrastructure. It comprises a kernel module, a vSwitch daemon, and a database server. The kernel module is the data plane, similar to an ASIC on a physical switch. The vSwitch daemon is a Linux process creating controls so the kernel can forward traffic.

The database server is the Open vSwitch Database Server ( OVSDB) and is local on every host. OVS consists of 4 distinct elements, – Tap devices, Linux bridges, Virtual Ethernet cables, OVS bridges, and OVS patch ports. Virtual Ethernet cables, known as veth mimic network patch cords. They connect to other bridges and namespaces (namespaces discussed later). An OVS bridge is a virtualized switch. It behaves similarly to a physical switch and maintains MAC addresses.

 

openstack networking

 

OpenStack networking deployment details

A few OpenStack deployment methods exist, such as Maas, Mirantis Fuel, Kickstack, and Packstack. They all have their advantages and disadvantages. Packstack suits small deployments, Proof of Concepts, and other test environments. It’s a simple Puppet-based installer. It uses SSH to connect to the nodes and invokes a puppet run to install OpenStack.

Additional configurations can be passed to Packstack via an answer file. As part of the Packstack run, a file called keystonerc_admin is created. Keystone is the identity management component of OpenStack. Each component in OpenStack registers with Keystone. It’s easier to source the file than those values in the source file are automatically placed in the shell environment.

Cat this file to see its content and get the login credentials. You will need this information to authenticate and interact with OpenStack.

openstack neutron load balancer

 

OpenStack lbaas Architecture

Neutron networks 

OpenStack is a multi-tenant platform; each tenant can have multiple private networks and network services isolated through network namespaces. Network namespaces allow tenants to have overlapping networks with other tenants. Consider a namespace to an enhanced VRF instance connected to one or more virtual switches. Neutron uses a “qrouter”“glbaas” and “qdhcp” namespace.

Regardless of the network plugins installed, you need to install the neutron-server service at a minimum. This service will expose the Neutron API for external administration. It is configured to listen to API calls on ALL addresses by default. This can be changed in the Neutron.conf file by editing the bind_host – 0.0.0.0.

  • “Neutron configuration file is found at /etc/neutron/neutron.conf”

OpenStack networking provides extensions that allow the creation of virtual routers and virtual load balancers with an OpenStack neutron load balancer. Virtual routers are created with the neutron-l3-agent. They perform Layer 3 forwarding and NAT.

A router default performs Source NAT on traffic from an instance destined to an external service. Source NAT modifies the packet source appearing to upstream devices as if it came from the router’s external interface. When users want direct inbound access to an instance, Neutron uses what is known as a Floating IP address. It is similar to the analogy of Static NAT; one-to-one mapping of an external to an internal address. 

  • “Neutron stores its L3 configuration in the l3_agent.ini files.”

The following screenshot displays that the L3 agent must first be associated with an interface driver before you can start it. The interface driver must correspond to the chosen network plugin, for example, LinuxBridge or OVS. The crudini commands set this.openstack lbaas architecture

OpenStack neutron load balancer

The OpenStack lbaas architecture consists of the neutron-lbaas-agent and leverages the open-source HAProxy to load balance traffic destined to VIPs. HAProxy is a free, open-source load balancer. LBaaS supports third-party drivers, and they will be discussed in later posts.

Load Balancing as a service enables tenants to scale their applications programmatically through Neutron API. It supports basic load-balancing algorithms and monitoring capabilities.

The OpenStack lbaas architecture load balancing algorithms are restricted to round-robin, least connections, and source IP. It can do basic TCP connect tests for monitoring and complete Layer 7 tests that support HTTP status codes.

 

HAProxy installation

As far as I’m aware, it doesn’t support SSL offloading. The HAProxy driver is installed in one ARM mode, which uses the same interface for ingress and egress traffic. It is not the default gateway for instances, so it relies on Source NAT for proper return traffic forwarding. Neutron stores its configuration in the lbaas_agent.ini files.

Like the l3 agent, it must associate with an interface driver before starting it – “crudini –set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver”. Both agents use network namespaces for isolated forwarding and load-balancing contexts.

 

Conclusion:

In conclusion, Neutron Networks has emerged as a game-changer in the networking world, offering organizations the flexibility, scalability, and security they need in today’s digital landscape. With its innovative features and benefits, Neutron Networks is paving the way for a new era of connectivity, empowering businesses to unlock the full potential of their network infrastructure. As the demand for reliable and efficient networking solutions continues to grow, Neutron Networks is well-positioned to shape the future of connectivity.

openstack neutron load balancer