Neutron Prerequisites for Linux/KVM with Overlay Networking (VXLAN/GRE)

This OpenStack tutorial describes hardware requirements and prerequisites to prepare your servers to leverage OpenStack Neutron with Linux/KVM for Overlay tenant networks (VXLAN/GRE)

For a general description of Neutron networking concepts, refer to this Tutorial: Networking with OpenStack Neutron Basic Concepts

IMPORTANT: This prerequisites documents assumes Overlays-based tenant networks. For VLAN-only Neutron tenant networking please refer to this article and for a mixed support of both VLAN and Overlays, please refer to this article.

Hardware Requirements

Prepare Your Linux/KVM Physical Servers for Neutron


Neutron KVM Tunneling PreReq

In order to run OpenStack Neutron, each of your physical hypervisors as well as the Neutron network node must be prepared with following steps.

Step 1: Set appropriate kernel parameters in sysctl.conf

Enable following kernel parameters by editing sysctl.conf and adding following lines to it.

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1

For the Network Node only, add this additional parameter to sysctl.conf

net.ipv4.ip_forward=1

Persist the above changes by running the following command form the command-line:

sysctl -p

Step 2: Install Platform9 yum repository

This is required so that you can pull the Open vSwitch package provided by Platform9.

yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm

IMPORTANT: If SELinux is installed on your host, then it is recommended to be in "permissive" mode when using Open vSwitch (OVS). If the above steps fail and Open vSwitch does not start you will want to check your SELinux settings.

Check the status of SELinux:

getenforce

If the output does not say permissive, you will need to set it to permissive:

setenforce 0

To persist SELinux configuration edit the /etc/sysconfig/selinux file and change the "SELINUX" variable to "PERMISSIVE"

SELINUX=PERMISSIVE

For more information on SELinux and disabling it take a look at this article.

Install the Open vSwitch package provided by the Platform9 yum repository and ensure the service is enabled

yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch
systemctl enable openvswitch
systemctl start openvswitch

Step 3 (On Network node only): Create an OVS bridge for external network

In addition, on the network node, you need to create another bridge and map to the interface that corresponds to external network.

ifconfig <external-interface-name> 0
ovs-vsctl add-br br-ext
# map the bridge to the eth interface that corresponds to the external network
ovs-vsctl add-port br-ext <external-interface-name>

Make sure the configuration persists across reboots. If you are using network scripts, it will look something like the samples below.

vi /etc/sysconfig/network-scripts/ifcfg-br-ext

Here’s a sample content for ifcfg-br-ext (you should tweak this per your networking setup)

DEVICE="br-ext" #### Device name matches the name of the script after the ifcfg- part.
BOOTPROTO="none" #### "dhcp" depending on what you need. If DHCP remove the next 5 entries.
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
IPADDR="192.168.1.20"
NETMASK="255.255.255.0"
DNS1="192.168.1.1"
ONBOOT="yes"
TYPE="OVSBridge"
DEVICETYPE="ovs"

Here’s a sample content for ifcfg-eth2 (you should tweak this per your networking setup)

vi /etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE="eth2"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ext"

At this point, your OpenStack Neutron prerequisites are satisfied, and you are ready to start configuring Neutron via the Platform9 interface!


March 09, 2016