Friday, October 31, 2014

Neutron Router is namespace

1)
http://pinrojas.com/2014/07/29/theres-real-magic-behind-openstack-neutron/

Routers and dnsmasq are independent namespaces with their own Linux Network Stack. Namespaces helps to manage traffic with overlapping private IPs between different routers associated to different tenants or projects. Routers helps to route traffic between tenant’s subnets and also to/from the external World. Also routers are using Linux iptables to filter traffic and also to make floating IP works through NAT (Network Address Translation) to chosen instances. dnsmasq is also working on a Linux Network Stack with DHCP and DNS processes serving exclusively to the associated tenant.

2)
https://developer.rackspace.com/blog/neutron-networking-l3-agent/

Neutron has an API extension to allow administrators and tenants to create "routers" that connect to L2 networks. Known as the "neutron-l3-agent", it uses the Linux IP stack and iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses, neutron-l3-agent defaults to using Linux network namespaces to provide isolated forwarding contexts. Like the DHCP namespaces that exist for every network defined in Neutron, each router will have its own namespace with a name based on its UUID.

3)

http://docs.openstack.org/developer/neutron/devref/layer3.html

The neutron-l3-agent uses the Linux IP stack and iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses, neutron-l3-agent defaults to using Linux network namespaces to provide isolated forwarding contexts. As a result, the IP addresses of routers will not be visible simply by running “ip addr list” or “ifconfig” on the node. Similarly, you will not be able to directly ping fixed IPs.

To do either of these things, you must run the command within a particular router’s network namespace. The namespace will have the name “qrouter-.

OpenStack Networking L2 and L3 Agent

1)
A bite of virtual linux networking
http://fosskb.wordpress.com/2014/06/25/a-bite-of-virtual-linux-networking/

2)L2 Agent
neutron-openvswitch-agent (provide l2 connectivity to the instances)

a)
L2 connectivity in OpenStack using OpenvSwitch mechanism driver
http://fosskb.wordpress.com/2014/06/19/l2-connectivity-in-openstack-using-openvswitch-mechanism-driver/ <== IMP

* neutron-openvswitch-agent to provide l2 connectivity to the instances running on compute nodes.
* The neutron-openvswitch-agent emulate as though the virtual machines on multiple compute hosts are on the same L2 segment.

b)
VLANs at layer 2 are equivalent to Subnets at layer 3. Use VLAN to group VMs at Layer 2 and Use subnet to group VMs at Layer 3.

3)
L3 Agent
neutron-l3-agent (provide l3 connectivity)

a)
L3 connectivity using neutron-l3-agent
http://fosskb.wordpress.com/2014/09/15/l3-connectivity-using-neutron-l3-agent/


b)
http://docs.openstack.org/admin-guide-cloud/content/install_neutron-l3.html

The OpenStack Networking Service has a widely used API extension to allow administrators and tenants to create routers to interconnect L2 networks, and floating IPs to make ports on private networks publicly accessible.

Many plug-ins rely on the L3 service agent to implement the L3 functionality. However, the following plug-ins already have built-in L3 capabilities:
* Big Switch/Floodlight plug-in
* IBM SDN-VE plug-in
* NSX plug-in
* PLUMgrid plug-in

*** Do not configure or use "neutron-l3-agent" if you use one of these plug-ins.

* To install the L3 agent "neutron-l3-agent" for all other plug-ins like OpenVswitch, linuxbridge, follow
http://docs.openstack.org/admin-guide-cloud/content/install_neutron-l3.html

c)
http://docs.openstack.org/developer/neutron/devref/layer3.html












Thursday, October 30, 2014

How Test and Debug a DHCP server

1)
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

2)
#sudo dhcping -s 192.168.0.1 -c 192.168.0.2
Got answer from: 192.168.0.1

How to Create KVM Virtual Machine and Attach to OpenvSwitch Bridge

1)
Install OpenvSwitch, Create an OpenvSwitch Bridge and attach eth0/wlan0
http://fosshelp.blogspot.com/2014/10/add-eth0-wlan0-openvswitch-bridge.html





2)
Script for create the interface "tap0" and attach it to OpenvSwitch Bridge "br-int"
#sudo vim /etc/ovs-ifup

#!/bin/sh
switch='br-int'
/sbin/ifconfig $1 0.0.0.0 up
ovs-vsctl add-port ${switch} $1

3)
Script for delete the interface "tap0" and detach it from OpenvSwitch Bridge "br-int"
#vim /etc/ovs-ifdown

#!/bin/sh
switch='br-int'
/sbin/ifconfig $1 0.0.0.0 down
ovs-vsctl del-port ${switch} $1

4)
Create a KVM VM with cirros image and attach to OpenvSwitch Bridge "br-int"
#sudo kvm -m 2048 -net nic,macaddr=00:00:00:00:cc:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown cirros-0.3.2-x86_64-disk.img




5)
Login to the cirros VM and set the IP. (Ip of the VM should be in the network of "br-int")
#sudo ifconfig eth0 192.168.0.135 netmask 255.255.255.0






6)
From cirros VM : Check routing table
#route -n

7)
From cirros VM : Ping to "br-int", Should work
#ping 192.168.0.131

8)
From cirros VM : Ping to google, Should not work
#ping ip-of-google

9)
List all POSTROUTING iptables rule
#sudo iptables -t nat -L POSTROUTING -nv

10)
Add  MASQUERADE target rule for OpenvSwitch Bridge "br-int" to make ping to IP of google working
#sudo iptables -t nat -A POSTROUTING -o br-int -j MASQUERADE
 


10)
Ping to IP of Google 




11)
Ping to www.google.com

Login to cirros VM and open /etc/resolve.conf and add
nameserver 8.8.8.8





12)
From Host System : SSH to cirros VM, Should work
#ssh cirros@192.168.0.135




13)
Ref
http://networkstatic.net/openflow-openvswitch-lab/

How to add eth0 and wlan0 to OpenvSwitch Bridge

1)
Find configuration of "wlan0"
#ifconfig wlan0




2)
Note the route table entries
#route -n

3)
Add an OpenvSwitch Bridge
#sudo ovs-vsctl add-br br-int



4)
Add the interface "wlan0" to OpenvSwitch Bridge "br-int" and Zero out your wlan0 interface
#sudo ovs-vsctl add-port br-int wlan0
#sudo ifconfig wlan0 0





5)
Assign IP to OpenvSwitch Bridge "br-int"
$sudo ifconfig br-int 192.168.0.131 netmask 255.255.255.0


6)
Change your default route
#sudo route add default gw 192.168.0.1 br-int



7)
Check the configuration of "wlan0" and "br-int"
#ifconfig wlan0
#ifconfig br-int

8)
Check the route table entries
#route -n

9)
a)
Before


b)
Commands

sudo ovs-vsctl add-br br-int
sudo ovs-vsctl add-port br-int wlan0
sudo ifconfig wlan0 0
sudo ifconfig br-int 192.168.0.131 netmask 255.255.255.0
sudo route add default gw 192.168.0.1 br-int


c)
After



10)
Delete OpenvSwitch Bridge "br-int"
#sudo ovs-vsctl del-br br-int
#route -n
*Wifi: Disconnect and connect again