How to configure neutron networking in your OpenStack lab (Liberty)

Author: Tony Vattathil, Senior Cloud Engineer and Khalid Rahi, Associate System Engineer
Source: Planet OpenStack

This blog describes how to work with OpenStack networking on Ravello Systems, which enables OpenStack lab environments in the cloud. When configuring networks in an OpenStack environment on Ravello, you are essentially setting up nested KVM and overlay networks. Ravello’s nested virtualization technology abstracts the underlying the AWS and Google Cloud networking and presents a clean Layer 2 network. So, the OpenStack environment that’s running in Ravello utilizes this overlay network and configures its own overlay using the neutron networking service (did we say Inception!!!). I will use a pre-configured blueprint to describe how to setup OpenStack networking in Ravello. You can download this blueprint from Ravello Repo.

Start by launching the blueprint, then use ssh to connect to your instance (use the keypair provided by Ravello). Follow the instructions below to create neutron networks, public and private subnets, use neutron router to route traffic between subnets.

Tuning network interfaces in an OpenStack environment on Ravello Systems

In our configuration we used VXLAN as our tunneling protocol. There are some things to consider when nesting overlay networks. An overlay network is basically a network that is layered on top of an existing network. When using VXLAN, headers are added to all packets sent by your instances. This information is stripped off by the time the packets reaches its destination. Since the network is software defined, it allows flexibility and rapid deployment of custom network configurations. However, the added overhead can cause fragmentation with can manifests as poor network performance. Due to the additional information added to packets the overall size will be bigger than the default max transfer unit of MTU. To compensate we can make the MTU at the instance level smaller. On the neturon-server adjust the default interface MTU setting to 1300 instead of 1500. As a result, this will significantly reduce fragmentation resulting in better performance.

Execute the following command to set the instance MTU to 1200

echo "dhcp-option-force=26,1300" >/etc/neutron/dnsmasq-neutron.conf

Note: The type of application driving network traffic must also be taken in consideration while tuning. What type of data are you working with (Steaming large files/OLTP/Small files). For production workloads I suggest more specific tuning of the MTU. Modify and measure to see what setting works best best.

Physical Layer (Overview)

Public Network 192.168.0.0/16
Tenant Network 10.10.0.0/16

Working with Neutron

Start by change directory to root’s home directory.

cd /root

Next, restarting all OpenStack services.

openstack-service restart

Now authenticate as keystone admin.

source keystonerc_admin

Note: Your prompt will change to show that you have sourced the keystone admin credentials

Delete all demo networks

Before we can start creating our network, we need to make sure that all demo networks are removed. We start by deleting the existing ports.

neutron port-list | awk -F"|" '{print $2}'| grep -v id | grep -v "^$" | while read PORT; do neutron port-delete $PORT; done

Next we clear the default router.

neutron router-gateway-clear router1

After the default router has been cleared, we then remove the private interface from the router.

neutron router-port-list router1 | awk -F"|" '{print $2}'| grep -v id | grep -v "^$" | while read PORT; do neutron router-interface-delete router1;neutron subnet-list |grep private_subnet | awk -F'| ' '{print $2}' done

Next we can delete the default router.

neutron router-delete router1

Now we delete the public network.

neutron net-delete public

Next we delete the private network.

neutron net-delete private

Before moving on to the next step, we should verify that all network components have been successfully deleted.

neutron net-list

Note: This command should return an empty list.

Create all three networks (public, private and associated subnets)

As we proceed with the network build-out, you can see how the neutron network comes together piece by piece.
We start by creating our public network.

neutron net-create public --shared --router:external