Configuring VLAN Manager networking – OpenStack Cloud Computing
Setting up your cloud to work in a VLAN tagged environment.
VLAN Manager networking is the default networking mode in OpenStack. It provides a private network segment for each project’s instance that can be accessed via a dedicated VPN connection from the Internet.
When VLAN mode is configured, each project (or tenancy) has its own VLAN and network assigned to it. Any intermediary physical switches must, however support 802.1q VLAN tagging, for this to operate.
VlanManager tries to address two main flaws of flat managers, those being:
- lack of scalability (flat managers rely on a single L2 broadcast domain across the whole OpenStack installation)
- lack of proper tenant isolation (single IP pool to be shared among all the tenants)
Virtual switches in our sandbox environment support, VLAN tagging.
To begin with, ensure you’re logged into the controller. If this was created using Vagrant, we can access this using the following command:
vagrant ssh controller
If using the controller host created in Starting OpenStack Compute, we will have three interfaces in our virtual instance:
eth0 is a NAT to the host running VirtualBox
eth1 is our floating (public) network (172.16.0.0/16)
eth2 is our fixed (private) network (10.0.0.0/8)
In a physical production environment, that first interface wouldn’t be present, and references to this NATed eth0 in the following section can be ignored.
How to achieve it…
To configure VLAN Manager carries out the following steps:
- OpenStack requires bridging in order for any of the network modes to work. The bridge tools are installed as dependencies when installing the OpenStack nova-network package, but if they aren’t installed, you can issue the following commands. As we are also configuring VLANs, the required package to support VLANs must also be installed:
sudo apt-get update
sudo apt-get -y install bridge-utils vlan
- The networking on our host is as follows. This is defined in /etc/network/interfaces on our Ubuntu host:
The primary network interface auto eth0
iface eth0 inet dhcp
iface eth1 inet
# eth2 private
iface eth2 inet
up ifconfig eth2 up
- We then restart our network service to pick up the changes, as follows:
sudo /etc/init.d/networking restart
- By default, if we don’t specify a Network Manager in our /etc/nova/nova.conf file, OpenStack Compute defaults to VLAN networking. To explicitly state this, so there are no ambiguities, we put the following lines in the /etc/nova/nova.conf configuration file as follows:
- Restart the required OpenStack Compute services, to pick up the changes:
sudo restart nova-compute
sudo restart nova-network
- In order to separate private ranges per project (tenant), we get the ID of our tenant that we will use when creating the network. On a client machine with the keystone client installed, run the following command:
This shows output like the following:
- We now create a private network that OpenStack can use, which we are assigning to a project, as follows:
sudo nova-manage network create \ --fixed_range_v4=10.10.3.0/24 \
--label cookbook --vlan=100 \
- Once created, we can configure our public network address space, which we will use to connect to our instances:
sudo nova-manage floating create --ip_range=172.16.1.0/24
- When we launch an instance, now, the private address is assigned to the VLAN interface. We can assign floating IP addresses to this instance, and they get forwarded to the instance’s internal private IP address.
How it works…
VLAN Manager networking is the default mode. For a private cloud environment, in networks accustomed to VLANs, this option is the most flexible. It allows for per-project and secure networking by using VLANs. If you do not have a — network_manager flag in your /etc/nova/nova.conf file, OpenStack Compute will default to VlanManager.
Creating the network is no different in any of the managers; in this instance, with VlanManager, the private network is assigned to a VLAN that is specified in the — vlan=100 option. We then associate this network and VLAN with our cookbook project, by specifying the ID of that tenant, using the –project.
On our OpenStack Compute host, this creates an interface named vlan100, which is the tagged interface to eth2, as specified in —vlan_interface from