Upload
roozbeh-shafiee
View
1.361
Download
0
Embed Size (px)
Citation preview
Presentation By: Roozbeh Shafiee
Winter 2015
IRAN OpenStack Users Group
MASTERING OPENSTACK
(Episode 12)
Network Design
IRAN Community| OpenStack.ir
Agenda:
• Management Network
• Manage IP Addressing
• IP Address Planning
• Iran OpenStack Community
OpenStack Network Design
IRAN Community| OpenStack.ir
Network Design
OpenStack Network Design
IRAN Community| OpenStack.ir
Perquisites before network design
Before beginning, you must plan the number of IP addresses that you need for both your guest instances as well as management infrastructure.
Additionally, you must research and discuss cloud network connectivity through proxy servers and firewalls.
Today, we will give some examples of network implementations to consider and provide information about some of the network layouts that OpenStack uses. Finally, we have some brief notes on the networking services that are essential for stable operation.
OpenStack Network Design
IRAN Community| OpenStack.ir
Management Network
OpenStack Network Design
IRAN Community| OpenStack.ir
Management Network
A management network (a separate network for use by your cloud operators) typically consists of a separate switch and separate NICs (network interface cards), and is a recommended option.
This segregation prevents system administration and the monitoring of system access from being disrupted by traffic generated by guests.
OpenStack Network Design
IRAN Community| OpenStack.ir
Management Network
Using a virtual local area network (VLAN) works well for these scenarios because it provides a method for creating multiple virtual networks on a physical network.
Consider creating other private networks for communication between internal components of OpenStack, such as the message queue and OpenStack Compute.
OpenStack Network Design
IRAN Community| OpenStack.ir
Manage IP Addressing
OpenStack Network Design
IRAN Community| OpenStack.ir
Manage IP Addressing
There are two main types of IP addresses for guest virtual machines:
• Fixed IPs
• Floating IPs
Each instance has a private, Fixed IP address and can also have a public, or Floating IP address. Private IP addresses are used for communication between instances, and public addresses are used for communication with networks outside the cloud, including the Internet.
OpenStack Network Design
IRAN Community| OpenStack.ir
Manage IP Addressing
When you launch an instance, it is automatically assigned a private IP address that stays the same until you explicitly terminate the instance. Rebooting an instance has no effect on the private IP address.A pool of floating IP addresses, configured by the cloud administrator, is available in OpenStack Compute.
OpenStack Network Design
IRAN Community| OpenStack.ir
Manage IP Addressing
Fixed IP addresses are required, whereas it is possible to run OpenStack without floating IPs. One of the most common use cases for floating IPs is to provide public IP addresses to a private cloud, where there are a limited number of IP addresses available. Another is for a public cloud user to have a static IP address that can be reassigned when an instance is upgraded or moved.
OpenStack Network Design
IRAN Community| OpenStack.ir
IP Address Planning
OpenStack Network Design
IRAN Community| OpenStack.ir
IP Address Planning
An IP address plan might be broken down into the following sections:
• Subnet router
• Control services public interfaces
• Object Storage cluster internal communications
• Compute and storage communications
• Out of band remote management
• In-band remote management
• Spare space for future growth
OpenStack Network Design
IRAN Community| OpenStack.ir
Subnet Router
Packets leaving the subnet go via this address, which could be a dedicated router or a nova-network service.
OpenStack Network Design
IRAN Community| OpenStack.ir
Control Services Public Interfaces
Public access to swift-proxy, nova-api, glance-api, and horizon come to these addresses, which could be on one side of a load balancer or pointing at individual machines.
OpenStack Network Design
IRAN Community| OpenStack.ir
Object Storage Cluster Internal Communications
Traffic among object/account/container servers and between these and the proxy server’s internal interface uses this private network.
OpenStack Network Design
IRAN Community| OpenStack.ir
Compute and Storage Communications
If ephemeral or block storage is external to the compute node, this network is used.
OpenStack Network Design
IRAN Community| OpenStack.ir
Out of Band Remote Management
If a dedicated remote access controller chip is included in servers, often these are on a separate network.
OpenStack Network Design
IRAN Community| OpenStack.ir
In-Band Remote Management
Often, an extra (such as 1 GB) interface on compute or storage nodes is used for system administrators or monitoring tools to access the host instead of going through the public interface.
OpenStack Network Design
IRAN Community| OpenStack.ir
Spare space For Future Growth
Adding more public-facing control services or guest instance IPs should always be part of your plan.
OpenStack Network Design
IRAN Community| OpenStack.ir
Iran OpenStack Community
OpenStack Network Design
IRAN Community| OpenStack.ir
Stay in Touch and Join Us:
• Home Page: OpenStack.ir
• Meetup Page: Meetup.com/Iran-OpenStack
• Mailing List: [email protected]
• Twitter: @OpenStackIR , #OpenStackIRAN
• IRC Channel on FreeNode: #OpenStack-ir
OpenStack Network Design
Roozbeh Shafiee
Iran OpenStack Community Manager
OpenStack.ir
Thank You
We need to work together to build a better community