Prerequisites
Before you configure OpenStack Networking, you must enable certain kernel networking functions.
Edit
/etc/sysctl.conf
to contain the following:net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
Implement the changes:
# sysctl -p
To install the Networking components
# apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ openvswitch-datapath-dkms
Note Ubuntu installations using Linux kernel version 3.11 or newer do not require the openvswitch-datapath-dkms package.
To configure the Networking common components
The Networking common component configuration includes the authentication mechanism, message broker, and plug-in.
Configure Networking to use the Identity service for authentication:
Edit the
/etc/neutron/neutron.conf
file and add the following key to the[DEFAULT]
section:[DEFAULT] ... auth_strategy = keystone
Add the following keys to the
[keystone_authtoken]
section:Replace
NEUTRON_PASS
with the password you chose for theneutron
user in the Identity service.[keystone_authtoken] ... auth_uri = http://
controller
:5000 auth_host =controller
auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password =NEUTRON_PASS
Configure Networking to use the message broker:
Edit the
/etc/neutron/neutron.conf
file and add the following keys to the[DEFAULT]
section:Replace
RABBIT_PASS
with the password you chose for theguest
account in RabbitMQ.[DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host =
controller
rabbit_password =RABBIT_PASS
Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:
Edit the
/etc/neutron/neutron.conf
file and add the following keys to the[DEFAULT]
section:[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
Note We recommend adding
verbose = True
to the[DEFAULT]
section in/etc/neutron/neutron.conf
to assist with troubleshooting.
Comment out any lines in the
[service_providers]
section.
To configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances.
Edit the
/etc/neutron/plugins/ml2/ml2_conf.ini
file:Add the following keys to the
[ml2]
section:[ml2] ... type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch
Add the following keys to the
[ml2_type_gre]
section:[ml2_type_gre] ... tunnel_id_ranges = 1:1000
Add the
[ovs]
section and the following keys to it:Replace
INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
with the IP address of the instance tunnels network interface on your compute node.[ovs] ... local_ip =
INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
tunnel_type = gre enable_tunneling = TrueAdd the
[securitygroup]
section and the following keys to it:[securitygroup] ... firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True
To configure the Open vSwitch (OVS) service
The OVS service provides the underlying virtual networking framework
for instances. The integration bridge br-int
handles
internal instance network traffic within OVS.
Restart the OVS service:
# service openvswitch-switch restart
Add the integration bridge:
# ovs-vsctl add-br br-int
To configure Compute to use Networking
By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.
Edit the
/etc/nova/nova.conf
and add the following keys to the[DEFAULT]
section:Replace
NEUTRON_PASS
with the password you chose for theneutron
user in the Identity service.[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://
controller
:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password =NEUTRON_PASS
neutron_admin_auth_url = http://controller
:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutronNote By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the
nova.virt.firewall.NoopFirewallDriver
firewall driver.