Neutron prerequisites for Red Hat Enterprise Linux

This OpenStack tutorial describes prerequisites to prepare your servers to leverage OpenStack Neutron with Red Hat Enterprise Linux (RHEL).

For a general description of Neutron networking concepts, refer to the tutorial Networking with OpenStack Neutron Basic Concepts.

Refer to Platform9 Managed OpenStack prerequisites for Linux/KVM for hardware requirements for Platform9 Managed OpenStack.

 Prepare Your Linux/KVM Physical Servers for Neutron

Figure 1. Neutron Network Configuration Example

To run OpenStack Neutron, each of your physical servers (hypervisors) that run RHEL, as well as the Neutron network node must be prepared with following steps.

Step 1: Register the RHEL server and Subscribe to Red Hat Customer Portal

Platform9 Managed OpenStack supports RHEL versions 7.x and above. Run the following commands to register and attach the RHEL server to the Red Hat Customer Portal for updates, and enable the "server-optional" RPM repository.

subscription-manager register
subscription-manager attach
subscription-manager repos —enable=rhel-7-server-optional-rpms

Step 2: Install, Enable, & Start the NTP Daemon.

This is required for all components to have their time synchronized.

yum install -y ntp
systemctl enable ntpd
systemctl start ntpd

Step 3: Set SELinux to permissive

This is required for Open vSwitch (OVS) to be able to manage networking

sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config
setenforce 0

Step 4: Disable Firewalld and NetworkManager

This is required for KVM and OVS to be able to create iptables rules directly without Firewalld getting in the way.

systemctl disable firewalld
systemctl stop firewalld

systemctl disable NetworkManager
systemctl stop NetworkManager

Step 5: Enable Network

systemctl enable network

Step 6: Load the modules needed for Neutron

modprobe bridge
modprobe 8021q
modprobe bonding
modprobe br_netfilter
echo bridge > /etc/modules-load.d/pf9.conf
echo 8021q >> /etc/modules-load.d/pf9.conf
echo bonding >> /etc/modules-load.d/pf9.conf
echo br_netfilter >> /etc/modules-load.d/pf9.conf

Step 7: Add sysctl options

echo net.ipv4.conf.all.rp_filter=0 >> /etc/sysctl.conf
echo net.ipv4.conf.default.rp_filter=0 >> /etc/sysctl.conf
echo net.bridge.bridge-nf-call-iptables=1 >> /etc/sysctl.conf
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
echo net.ipv4.tcp_mtu_probing=2 >> /etc/sysctl.conf
sysctl -p

Step 8: Add the Platform9 YUM Repo

yum -y install https://s3-us-west-1.amazonaws.com/platform9-neutron/noarch/platform9-neutron-repo-1-0.noarch.rpm

Step 9: Install Open vSwitch

yum -y install --disablerepo="*" --enablerepo="platform9-neutron-el7-repo" openvswitch

Step 10: Enable and start Open vSwitch

systemctl enable openvswitch
systemctl start openvswitch

Step 11: Configure physical interfaces

We are assuming eth0 and eth1.
Please substitute your correct interface names
We are assuming an MTU of 9000 (VXLAN requires an MTU of at least 1600)
Make sure all physical switches are configured to handle this MTU or you will have problems.
/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
MTU=9000
MASTER=bond0
SLAVE=yes

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
MTU=9000
MASTER=bond0
SLAVE=yes

Step 12: Setup the Bond interface

We are assuming bonding type=4 (LACP) refer to Bonding Types to learn more.
/etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-vlan
BONDING_MASTER=yes
BONDING_OPTS="mode=4"
MTU=9000

Step 13: Setup the VLAN trunk Bridge

/etc/sysconfig/network-scripts/ifcfg-br-vlan

DEVICE=br-vlan
BOOTPROTO=none
ONBOOT=yes
TYPE=OVSBridge
DEVICETYPE=ovs

Step 14: Setup the Management interface

We are assuming VLAN 101 for the Management network. Please use your correct VLAN ID for your environment.
We are assuming subnet 192.0.2.0/24 for Management. Please use your correct subnet
/etc/sysconfig/network-scripts/ifcfg-bond0.101

DEVICE=bond0.101
ONBOOT=yes
BOOTPROTO=none
TYPE=Vlan
VLAN=yes
IPADDR=192.0.2.10
NETMASK=255.255.255.0
GATEWAY=192.0.2.1
DNS1=192.0.2.100
DNS2=192.0.2.200

Step 15: Setup the VXLAN/GRE tunneling interface (Optional)

We are assuming VLAN 102 for VXLAN/GRE tunneling. Please use your correct VLAN
We are assuming subnet 198.51.100.0/24 for VXLAN/GRE tunneling. Please use your correct subnet.
/etc/sysconfig/network-scripts/ifcfg-bond0.102

DEVICE=bond0.102
ONBOOT=yes
BOOTPROTO=none
TYPE=Vlan
VLAN=yes
IPADDR=198.51.100.10
NETMASK=255.255.255.0

Step 16: Setup the External Interface and External Bridge

We are assuming VLAN 103 for the external network. Please use your correct VLAN.
/etc/sysconfig/network-scripts/ifcfg-bond0.103

DEVICE=bond0.103
ONBOOT=yes
BOOTPROTO=none
TYPE=OVSPort
VLAN=yes
OVS_BRIDGE=br-ext

/etc/sysconfig/network-scripts/ifcfg-br-ext

DEVICE=br-ext
ONBOOT=yes
BOOTPROTO=none
TYPE=OVSBridge
DEVICETYPE=ovs

Step 17: Setup the Storage interface (Optional)

We are assuming VLAN 104 for the storage network. Please use your correct VLAN.
We are assuming subnet 203.0.113.0/24 for the storage network. Please use your correct subnet.
/etc/sysconfig/network-scripts/ifcfg-bond0.104

DEVICE=bond0.104
ONBOOT=yes
BOOTPROTO=none
TYPE=Vlan
VLAN=yes
IPADDR=203.0.113.10
NETMASK=255.255.255.0

Step 18: Restart Networking

systemctl restart network.service

Step 19: Add tag to external bridge (to enable bridge monitoring)

ovs-vsctl br-set-external-id br-ext bridge-id br-ext


March 25, 2017