23
Presentation By: Roozbeh Shafiee Winter 2015 IRAN OpenStack Users Group MASTERING OPENSTACK (Episode 12) Network Design

Mastering OpenStack - Episode 12 - Network Design

Embed Size (px)

Citation preview

Page 1: Mastering OpenStack - Episode 12 - Network Design

Presentation By: Roozbeh Shafiee

Winter 2015

IRAN OpenStack Users Group

MASTERING OPENSTACK

(Episode 12)

Network Design

Page 2: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Agenda:

• Management Network

• Manage IP Addressing

• IP Address Planning

• Iran OpenStack Community

OpenStack Network Design

Page 3: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Network Design

OpenStack Network Design

Page 4: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Perquisites before network design

Before beginning, you must plan the number of IP addresses that you need for both your guest instances as well as management infrastructure.

Additionally, you must research and discuss cloud network connectivity through proxy servers and firewalls.

Today, we will give some examples of network implementations to consider and provide information about some of the network layouts that OpenStack uses. Finally, we have some brief notes on the networking services that are essential for stable operation.

OpenStack Network Design

Page 5: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Management Network

OpenStack Network Design

Page 6: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Management Network

A management network (a separate network for use by your cloud operators) typically consists of a separate switch and separate NICs (network interface cards), and is a recommended option.

This segregation prevents system administration and the monitoring of system access from being disrupted by traffic generated by guests.

OpenStack Network Design

Page 7: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Management Network

Using a virtual local area network (VLAN) works well for these scenarios because it provides a method for creating multiple virtual networks on a physical network.

Consider creating other private networks for communication between internal components of OpenStack, such as the message queue and OpenStack Compute.

OpenStack Network Design

Page 8: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Manage IP Addressing

OpenStack Network Design

Page 9: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Manage IP Addressing

There are two main types of IP addresses for guest virtual machines:

• Fixed IPs

• Floating IPs

Each instance has a private, Fixed IP address and can also have a public, or Floating IP address. Private IP addresses are used for communication between instances, and public addresses are used for communication with networks outside the cloud, including the Internet.

OpenStack Network Design

Page 10: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Manage IP Addressing

When you launch an instance, it is automatically assigned a private IP address that stays the same until you explicitly terminate the instance. Rebooting an instance has no effect on the private IP address.A pool of floating IP addresses, configured by the cloud administrator, is available in OpenStack Compute.

OpenStack Network Design

Page 11: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Manage IP Addressing

Fixed IP addresses are required, whereas it is possible to run OpenStack without floating IPs. One of the most common use cases for floating IPs is to provide public IP addresses to a private cloud, where there are a limited number of IP addresses available. Another is for a public cloud user to have a static IP address that can be reassigned when an instance is upgraded or moved.

OpenStack Network Design

Page 12: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

IP Address Planning

OpenStack Network Design

Page 13: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

IP Address Planning

An IP address plan might be broken down into the following sections:

• Subnet router

• Control services public interfaces

• Object Storage cluster internal communications

• Compute and storage communications

• Out of band remote management

• In-band remote management

• Spare space for future growth

OpenStack Network Design

Page 14: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Subnet Router

Packets leaving the subnet go via this address, which could be a dedicated router or a nova-network service.

OpenStack Network Design

Page 15: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Control Services Public Interfaces

Public access to swift-proxy, nova-api, glance-api, and horizon come to these addresses, which could be on one side of a load balancer or pointing at individual machines.

OpenStack Network Design

Page 16: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Object Storage Cluster Internal Communications

Traffic among object/account/container servers and between these and the proxy server’s internal interface uses this private network.

OpenStack Network Design

Page 17: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Compute and Storage Communications

If ephemeral or block storage is external to the compute node, this network is used.

OpenStack Network Design

Page 18: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Out of Band Remote Management

If a dedicated remote access controller chip is included in servers, often these are on a separate network.

OpenStack Network Design

Page 19: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

In-Band Remote Management

Often, an extra (such as 1 GB) interface on compute or storage nodes is used for system administrators or monitoring tools to access the host instead of going through the public interface.

OpenStack Network Design

Page 20: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Spare space For Future Growth

Adding more public-facing control services or guest instance IPs should always be part of your plan.

OpenStack Network Design

Page 21: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Iran OpenStack Community

OpenStack Network Design

Page 22: Mastering OpenStack - Episode 12 - Network Design

IRAN Community| OpenStack.ir

Stay in Touch and Join Us:

• Home Page: OpenStack.ir

• Meetup Page: Meetup.com/Iran-OpenStack

• Mailing List: [email protected]

• Twitter: @OpenStackIR , #OpenStackIRAN

• IRC Channel on FreeNode: #OpenStack-ir

OpenStack Network Design

Page 23: Mastering OpenStack - Episode 12 - Network Design

Roozbeh Shafiee

Iran OpenStack Community Manager

[email protected]

OpenStack.ir

Thank You

We need to work together to build a better community