Neutron Hardware configuration for OpenStack

The following 2 config files will allow configuring Neutron in a way that puts the “eth0” NIC on the OpenStack br-ext bridge, permitting VMs to communicate with the external physical network/Internet. The platform is IceHouse OpenStack and RHEL/Centos 6.5.

Bridge Configuration

This file is named /etc/sysconfig/network-scripts/ifcfg-br-ex and presents the physical IP address 10.0.1.169 that had been assigned directly to eth0 before reconfiguring for OpenStack.

# ifcfg-br-ex - OpenStack external bridge
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=10.0.0.169
NETMASK=255.255.0.0
GATEWAY=10.0.0.1
DNS1=10.0.0.2
ONBOOT=yes
OVSBOOTPROTO=none

Physical NIC Configuration

This file is named /etc/sysconfig/network-scripts/ifcfg-eth0 and replaces the original direct eth0 ifcfg file.

# file ifcfg-eth1 - LAN attached NIC
DEVICE="eth0"
HWADDR=00:15:17:11:22:33
TYPE=OVSPort
DEVICETYPE=ovs
OVSBRIDGE=br-ex
ONBOOT=yes
NM_CONTROLLED=no

Note that although the IP address is now on the bridge device, I’ve left the HWADDR set. If my observations working with this stuff are correct, this ensures that the low-level devicename assignment function will consistently and accurately map. I’ve had problems with eth0 and eth1 swapping themselves in the past.

Defining the provider network

The provider network for eth0 is configured as a FLAT virtual network. That requires the following values to be set in /etc/neutron/plugins/ml2/ml2_conf.ini

type_drivers = flat
tenant_network_types = flat

[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
flat_networks = physnet1

Note that additional type drivers and tenant network types may also be specified. This is just what’s needed for the flat physical network.

Defining the NIC/physical network association

The fourth and final file we need to configure is the /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini file. As with ml2, there are other options, covered elsewhere, but these are the ones for the flat physical network mapping.

[OVS]
local_ip=10.0.0.169
enable_tunneling=True
integration_bridge=br-int
tunnel_bridge=br-tun
tunnel_id_ranges=1:1000
bridge_mappings=physnet1:br-ex

Once these items are all configured, restart the physical network and (at a minumum) the neutron-server and neutron agent services. Or reboot. You are now ready to define the logical network for external communications. Please note that if you have removed any network drivers, you should delete/undefine the associated resources before restarting or you will end up with broken/orphan resource definitions in the database and no driver to clean them up.

Defining the Logical network and subnet

This is straight out of the OpenStack Icehouse manual. See http://docs.openstack.org/admin-guide-cloud/content/under_the_hood_openvswitch.html

$ tenant=$(keystone tenant-list | awk '/service/ {print $2}')
$ neutron router-create router01
$ neutron net-create --tenant-id $tenant public01 \
          --provider:network_type flat \
          --provider:physical_network physnet1 \
          --router:external True
$ neutron subnet-create --tenant-id $tenant --name public01_subnet01 \
          --gateway 10.0.0.1 public01 10.0.0.0/16 --disable-dhcp
$ neutron router-gateway-set router01 public01

Note the network type (flat) was enabled in the ML2 config file, as was the name “physnet1” for the physical network.

VERY IMPORTANT: A logical network belongs to a tenant. Unless explicitly shared, no other tenants can use it. You will probably want to define the physical network as shared, regardless of what the openvswitch example shows.