Neutron prerequisites for Red Hat Enterprise Linux

This OpenStack tutorial describes prerequisites to prepare your servers to leverage OpenStack Neutron with Red Hat Enterprise Linux (RHEL).

For a general description of Neutron networking concepts, refer to this Tutorial: Networking with OpenStack Neutron Basic Concepts

NOTE: Refer to this Tutorial for hardware requirements for Platform9 Managed OpenStack, if you haven't already.

 Prepare Your Linux/KVM Physical Servers for Neutron

Redundant Neutron Deployment
Redundant Neutron Deployment

To run OpenStack Neutron, each of your physical servers (hypervisors) that run RHEL, as well as the Neutron network node must be prepared with following steps.

Step 1: Register the RHEL server and Subscribe to Red Hat Customer Portal

Platform9 Managed OpenStack supports RHEL versions 7.x and above. Run the following commands to register and attach the RHEL server to the Red Hat Customer Portal for updates, and enable the "server-optional" RPM repository.

subscription-manager register
subscription-manager attach
subscription-manager repos —enable=rhel-7-server-optional-rpms

Step 2: Install, Enable, & Start the NTP Daemon.

This is required for all components to have their time synchronized.

yum install -y ntp
systemctl enable ntpd
systemctl start ntpd

Step 3: Set SELinux to permissive

This is required for Open vSwitch (OVS) to be able to manage networking

sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config
setenforce 0

Step 4: Disable Firewalld and NetworkManager

This is required for KVM and OVS to be able to create iptables rules directly without Firewalld getting in the way.

systemctl disable firewalld
systemctl stop firewalld

systemctl disable NetworkManager
systemctl stop NetworkManager

Step 5: Enable Network

systemctl enable network

Step 6: Load the modules needed for Neutron

modprobe bridge
modprobe 8021q
modprobe bonding
modprobe br_netfilter
echo bridge > /etc/modules-load.d/pf9.conf
echo 8021q >> /etc/modules-load.d/pf9.conf
echo bonding >> /etc/modules-load.d/pf9.conf
echo br_netfilter >> /etc/modules-load.d/pf9.conf

Step 7: Add sysctl options

echo net.ipv4.conf.all.rp_filter=0 >> /etc/sysctl.conf
echo net.ipv4.conf.default.rp_filter=0 >> /etc/sysctl.conf
echo net.bridge.bridge-nf-call-iptables=1 >> /etc/sysctl.conf
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
echo net.ipv4.tcp_mtu_probing=1 >> /etc/sysctl.conf
sysctl -p

Step 8: Add the Platform9 YUM Repo

yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm

Step 9: Install Open vSwitch

yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch

Step 10: Enable and start Open vSwitch

systemctl enable openvswitch
systemctl start openvswitch

Step 11: Configure physical interfaces

We are assuming eth0 and eth1.
Please substitute your correct interface names
We are assuming an MTU of 9000 (VXLAN requires an MTU of at least 1600)
Make sure all physical switches are configured to handle this MTU or you will have problems.

echo DEVICE=eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo MTU=9000 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo MASTER=bond0 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo SLAVE=yes >> /etc/sysconfig/network-scripts/ifcfg-eth0

echo DEVICE=eth1 > /etc/sysconfig/network-scripts/ifcfg-eth1
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-eth1
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-eth1
echo MTU=9000 >> /etc/sysconfig/network-scripts/ifcfg-eth1
echo MASTER=bond0 >> /etc/sysconfig/network-scripts/ifcfg-eth1
echo SLAVE=yes >> /etc/sysconfig/network-scripts/ifcfg-eth1

Step 12: Setup the Bond interface

We are assuming bonding type=6 refer to Bonding Types to learn more.

echo DEVICE=bond0 > /etc/sysconfig/network-scripts/ifcfg-bond0
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo TYPE=OVSPort >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo DEVICETYPE=ovs >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo OVS_BRIDGE=br-vlan >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo BONDING_MASTER=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo 'BONDING_OPTS="mode=6"' >> /etc/sysconfig/network-scripts/ifcfg-bond0
echo MTU=9000 >> /etc/sysconfig/network-scripts/ifcfg-bond0

Step 13: Setup the VLAN trunk Bridge

echo DEVICE=br-vlan > /etc/sysconfig/network-scripts/ifcfg-br-vlan
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-br-vlan
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-br-vlan
echo TYPE=OVSBridge >> /etc/sysconfig/network-scripts/ifcfg-br-vlan
echo DEVICETYPE=ovs >> /etc/sysconfig/network-scripts/ifcfg-br-vlan

Step 14: Setup the Management interface

We are assuming VLAN 101 for the Management network. Please use your correct VLAN ID for your environment.
We are assuming subnet 10.0.101.0/24 for Management. Please use your correct subnet

echo DEVICE=bond0.101 > /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo TYPE=Vlan >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo VLAN=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo IPADDR=10.0.101.11 >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo NETMASK=255.255.255.0 >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo GATEWAY=10.0.101.1 >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo DNS1=10.0.0.5 >> /etc/sysconfig/network-scripts/ifcfg-bond0.101
echo DNS2=10.0.0.10 >> /etc/sysconfig/network-scripts/ifcfg-bond0.101

Step 15: Setup the VXLAN/GRE tunneling interface (Optional)

We are assuming VLAN 102 for VXLAN/GRE tunneling. Please use your correct VLAN
We are assuming subnet 10.0.102.0/24 for VXLAN/GRE tunneling. Please use your correct subnet.

echo DEVICE=bond0.102 > /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo TYPE=Vlan >> /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo VLAN=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo IPADDR=10.0.102.11 >> /etc/sysconfig/network-scripts/ifcfg-bond0.102
echo NETMASK=255.255.255.0 >> /etc/sysconfig/network-scripts/ifcfg-bond0.102

Step 16: Setup the External Interface and External Bridge

We are assuming VLAN 103 for the external network. Please use your correct VLAN.

echo DEVICE=bond0.103 > /etc/sysconfig/network-scripts/ifcfg-bond0.103
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.103
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-bond0.103
echo TYPE=OVSPort >> /etc/sysconfig/network-scripts/ifcfg-bond0.103
echo VLAN=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.103
echo OVS_BRIDGE=br-ext >> /etc/sysconfig/network-scripts/ifcfg-bond0.103

echo DEVICE=br-ext > /etc/sysconfig/network-scripts/ifcfg-br-ext
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-br-ext
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-br-ext
echo TYPE=OVSBridge >> /etc/sysconfig/network-scripts/ifcfg-br-ext
echo DEVICETYPE=ovs >> /etc/sysconfig/network-scripts/ifcfg-br-ext

Step 17: Setup the Storage interface (Optional)

We are assuming VLAN 104 for the storage network. Please use your correct VLAN.
We are assuming subnet 10.0.104.0/24 for the storage network. Please use your correct subnet.

echo DEVICE=bond0.104 > /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo ONBOOT=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo BOOTPROTO=none >> /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo TYPE=Vlan >> /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo VLAN=yes >> /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo IPADDR=10.0.104.11 >> /etc/sysconfig/network-scripts/ifcfg-bond0.104
echo NETMASK=255.255.255.0 >> /etc/sysconfig/network-scripts/ifcfg-bond0.104

Step 18: Restart Networking


Make sure you have console access to your host. You will be disconnected if the configuration is incorrect.

systemctl restart network.service

Step 19: Add tag to external bridge (to enable bridge monitoring)

ovs-vsctl br-set-external-id br-ext bridge-id br-ext


March 25, 2017