Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.. _networking-guide:
============================
Enabling Neutron Extensions
============================
Overview
========
Kolla deploys Neutron by default as OpenStack networking component. This guide
describes configuring and running Neutron extensions like LBaaS,
Networking-SFC, QoS, etc.
Networking-SFC
==============
Preparation and deployment
--------------------------
Modify the configuration file ``/etc/kolla/globals.yml`` and change
the following:
::
neutron_plugin_agent: "sfc"
Networking-SFC is an additional Neutron plugin. For SFC to work, this plugin
has to be installed in ``neutron-server`` container as well. Modify the
configuration file ``/etc/kolla/kolla-build.conf`` and add the following
contents:
::
[neutron-server-plugin-networking-sfc]
type = git
location = https://github.com/openstack/networking-sfc.git
reference = mitaka
Verification
------------
Verify the build and deploy operation of Networking-SFC container. Successful
deployment will bring up an SFC container in the list of running containers.
Run the following command to login into the ``neutron-server`` container:
::
docker exec -it neutron_server bash
Neutron should provide the following CLI extensions.
::
#neutron help|grep port
port-chain-create [port_chain] Create a Port Chain.
port-chain-delete [port_chain] Delete a given Port Chain.
port-chain-list [port_chain] List Port Chains that belong
to a given tenant.
port-chain-show [port_chain] Show information of a
given Port Chain.
port-chain-update [port_chain] Update Port Chain's
information.
port-pair-create [port_pair] Create a Port Pair.
port-pair-delete [port_pair] Delete a given Port Pair.
port-pair-group-create [port_pair_group] Create a Port Pair
Group.
port-pair-group-delete [port_pair_group] Delete a given
Port Pair Group.
port-pair-group-list [port_pair_group] List Port Pair Groups
that belongs to a given tenant.
port-pair-group-show [port_pair_group] Show information of a
given Port Pair Group.
port-pair-group-update [port_pair_group] Update Port Pair
Group's information.
port-pair-list [port_pair] List Port Pairs that belongs
to a given tenant.
port-pair-show [port_pair] Show information of a given
Port Pair.
port-pair-update [port_pair] Update Port Pair's
information.
For setting up a testbed environment and creating a port chain, please refer
to the following link:
https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining
For the source code, please refer to the following link:
https://github.com/openstack/networking-sfc
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Neutron VPNaaS (VPN-as-a-Service)
================================
Preparation and deployment
--------------------------
Modify the configuration file ``/etc/kolla/globals.yml`` and change
the following:
::
enable_neutron_vpnaas: "yes"
Verification
------------
VPNaaS is a complex subject, hence this document provides directions for a
simple smoke test to verify the service is up and running.
On the network node(s), the ``neutron_vpnaas_agent`` should be up (image naming
and versioning may differ depending on deploy configuration):
::
docker ps --filter name=neutron_vpnaas_agent
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
97d25657d55e
operator:5000/kolla/oraclelinux-source-neutron-vpnaas-agent:4.0.0
"kolla_start" 44 minutes ago Up 44 minutes
neutron_vpnaas_agent
kolla-ansible includes a small script that can be used in tandem with
``tools/init-runonce`` to verify the VPN using two routers and two Nova VMs:
::
tools/init-runonce
tools/init-vpn
Verify both VPN services are active:
::
neutron vpn-service-list
+--------------------------------------+----------+--------------------------------------+--------+
| id | name | router_id | status |
+--------------------------------------+----------+--------------------------------------+--------+
| ad941ec4-5f3d-4a30-aae2-1ab3f4347eb1 | vpn_west | 051f7ce3-4301-43cc-bfbd-7ffd59af539e | ACTIVE |
| edce15db-696f-46d8-9bad-03d087f1f682 | vpn_east | 058842e0-1d01-4230-af8d-0ba6d0da8b1f | ACTIVE |
+--------------------------------------+----------+--------------------------------------+--------+
Two VMs can now be booted, one on vpn_east, the other on vpn_west, and
encrypted ping packets observed being sent from one to the other.
For more information on this and VPNaaS in Neutron refer to the VPNaaS area on
the OpenStack wiki:
https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall
https://wiki.openstack.org/wiki/Neutron/VPNaaS