OpenStack Tutorial: Neutron Prerequisites for Linux/KVM

This OpenStack tutorial describes hardware requirements and prerequisites to prepare your servers to leverage OpenStack Neutron with Linux/KVM.

For a general description of Neutron networking concepts, refer to this Tutorial: Networking with OpenStack Neutron Basic Concepts

IMPORTANT: This pre-requisites documents assumes VLAN based networking.

Hardware Requirements

Prepare Your Linux/KVM Physical Servers for Neutron


Neutron KVM pre-setup

In order to run OpenStack Neutron, each of your physical hypervisors as well as the Neutron network node must be prepared with following steps.

Step 1 - Set appropriate kernel parameters in sysctl.conf

Enable following kernel parameters by editing sysctl.conf and adding following lines to it.

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1

For the Network Node only, add this additional parameter to sysctl.conf

net.ipv4.ip_forward=1

Persist the above changes

sysctl -p

Step 2 - Install Platform9 yum repository

This is required so that you can pull the Open vSwitch package provided by Platform9.

yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm

IMPORTANT: If selinux is installed on your host, then it is recommended to be in "permissive" mode when using Open vSwitch (OVS). If the above steps fail and openvswitch does not start you will want to check your SELinux settings.

Check the status of SELinux

getenforce

If the output does not say permissive, you will need to set it to permissive:

setenforce 0

To persist selinux configuration edit the /etc/sysconfig/selinux file and change the "SELINUX" variable to "PERMISSIVE"

SELINUX=PERMISSIVE

For more information on SELINUX and disabling it take a look at this article.

Install the Open vSwitch package provided by the Platform9 yum repository and ensure the service is enabled

yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch
systemctl enable openvswitch
systemctl start openvswitch

Step 3 - Load the VLAN kernel module

modprobe 8021q

At this point, you have Open vSwitch enabled and running on your physical server.

Step 4 - Create an OVS bridge for data network

Now you need to create bridges associated with the Open vSwitch that will be used by Neutron

The first bridge (br-vlan) is for VM data network and to integrate with VLANs.

Follow these commands to create the bridge and map it to your data network interface:

ifconfig <interface-name> 0
ovs-vsctl add-br br-vlan
# map the bridge to the physical interface dedicated to VLANs
ovs-vsctl add-port br-vlan <interface-name>

Persist the configuration for the bridge so it stay across server reboots.

(A) If this is a brand new server - and the physical interface being associated with the bridge does not have an IP address mapped to it, just create a new network script file for the bridge we just created, and persist with appropriate properties.

vi /etc/sysconfig/network-scripts/ifcfg-br-vlan

Here's a sample content for ifcfg-br-vlan (you should tweak this per your networking setup)

#### Device name matches the name of the script after the ifcfg- part.
DEVICE="br-vlan"
#### BOOTPROTO "none" for static IPs, or "dhcp" for dynamic. If "dhcp", remove the next 5 entries.
BOOTPROTO="none"
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
IPADDR="192.168.1.20"
NETMASK="255.255.255.0"
DNS1="192.168.1.1"
ONBOOT="yes"
TYPE="OVSBridge"
DEVICETYPE="ovs"

vi /etc/sysconfig/network-scripts/ifcfg-eth1

Here's a sample content for ifcfg-eth1 (you should tweak this per your networking setup)

DEVICE="eth1"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-vlan"

(B) If the physical interface are associating with this bridge already has an IP address assigned and this configuration is persisted, you need to ensure that the address successfully transfers to the bridge, once the bridge is assigned to the interface.

ls /etc/sysconfig/network-scripts

If a file existing for the physical interface (ifcfg-), we recommend that you copy over the content to the new network script file being created for the new bridge, then modify the network script file for the network interface as shown above (ifcfg-eth1)

Finally, validate that a network script file exists for the new bridge.

ls /etc/sysconfig/network-scripts

Restart networking.

systemctl restart network.service

IMPORTANT: You might have captured IP address mapping for your network interfaces in your init file as another way to make it persist across reboots. If so, it's important to remove that entry for the network interfaces.

Step 4 (On Network node only) - Create an OVS bridge for external network

In addition, on the network node, you need to create another bridge and map to the interface that corresponds to external network.

ifconfig <external-interface-name> 0
ovs-vsctl add-br br-ext
# map the bridge to the eth interface that corresponds to the external network
ovs-vsctl add-port br-ext <external-interface-name>

Follow Step 4 A/B for br-ext.

At this point, your OpenStack Neutron prerequisites are satisfied, and you are ready to start configuring Neutron via the Platform9 interface!


November 16, 2015