VlanManager

The most powerful one of those three network modes in Nova

Let's have a look at VlanManager

Benefits:

Support VPN
End user could access their own project instances with VPN feature. Through a cloud-pipe instance which is a simple image include OPENVPN. It make user manage instance easier without lots of public ip.

Isolation Vlan netwotk
Per project/Per Vlan , a bunch of instance within a project will not communicate with other project instance.

1. enable Vlan support in kernel
root@nova:~# dmesg | grep -i 802
[    8.346579] 802.1Q VLAN Support v1.8 Ben Greear

If the vlan folder exist , means your kernel support Vlan
root@nova:~# ls -l /proc/net/vlan
total 0
-rw------- 1 root root 0 2011-07-05 21:57 config


root@nova:~# modprobe -v 8021q
root@nova:~# lsmod | grep 8021q
8021q                  24326  0
garp                   14471  1 8021q





2. Install Vlan both nova-compute and nova-network host
apt-get install vlan


3.Add a Vlan in Switch with same VID


4./etc/nova.conf

--network_manager=nova.network.manager.VlanManager
--fixed_range=10.0.0.0/24
--flat_network_dhcp_start=10.0.0.10
--vlan_interface=eth1
--public_interface=eth0
--flat_injected=False

5. Create network for each project
Project
Network
Vlan
Bridge
pro1
10.0.1.0/24
vlan100
br100
pro2
10.0.2.0/24
vlan200
br200
pro3
10.0.3.0/24
vlan300
br300
  
#nova-manage project create  
#nova-manage network create  <> <>

6.Hack DB to setup networks


Config file
Hugo@GitHub

Comments

  1. Giuseppe CivitellaJuly 6, 2011 at 3:16 PM

    Hi,

    what about bridges creation? Is it managed by nova or they need to be already present on nova-compute and nova-network nodes?
    I see I can have vlan numbers not in strict ascending order, is there a way to choose the vlan number while creating a project or I have to create a project using nova-manage and then do an "alter table" to point his network on the right vlan?
    Can the vpn_public_address be a floating ip or has to be a nova-network's node ip?

    Thanks a lot for your help. I find the informations you share on you blog very helpful.

    Regards
    Giuseppe

    ReplyDelete
  2. Hugo KuoJuly 6, 2011 at 6:29 PM

    Ciao Giuseppe Civitella,
    bridge interface will be handled by nova-network and nova-compute.

    About the vlan number , just hack networks table in nova db. Check the photo in the post. As I know in current Cactus release , there's no way to specify Vlan number while creating project . We have to change it in DB. I did not check the trunk version yet.
    vpn_public_address is nova-network's ip by default, I check the description of --vpn_public_address , it seems possible to specify VPN ip instead of nova-network ip .

    Hope it help...

    Cheers
    Hugo Kuo

    ReplyDelete
  3. Giuseppe CivitellaJuly 7, 2011 at 3:39 PM

    It definitely helps.

    Thanks a lot.

    Giuseppe

    ReplyDelete
  4. AnonymousJuly 29, 2011 at 4:15 AM

    Hello,

    First and foremost: Keep up the good work Hugo! You're blog is really helping me understand OpenStack!

    As for the VLAN creation, doesn't the fourth parameter passed in 'nova-manage network create' place the network on a particular VLAN?

    I usually just run 'nova-manage network create x.x.x.x/28 1 30 10' to create a network on VLAN 10.

    Please ignore me if the question has already been answered or if this incorrect. I just figure it'll help someone who may later view this post.

    Cheers,
    Jason

    ReplyDelete
  5. Hugo KuoJuly 29, 2011 at 10:17 AM

    Hello Jason
    Thanks for your encouragement....
    In honest , I don't know about the fourth parameter for a particular VLAN ID....
    There's a result of my test:
    http://pastebin.com/Y8Tsynkq
    It seems no effect with the last parameter.

    I think there's no such support of VlanID in nova-manage cmd group currtently......
    Maybe it could be a nice choice in the future.

    Cheers
    Hugo Kuo

    ReplyDelete
  6. AnonymousAugust 2, 2011 at 4:55 AM

    Hi Hugo,

    Hmmm, that's a bit odd. I could've sworn I was able to create a network on a particular VLAN. I'll have to test it out again and get back to you. (Unfortunately, I had to tear down my last deployment so it may take a moment).

    All the best,
    Jason

    ReplyDelete
  7. Hugo KuoAugust 2, 2011 at 10:57 AM

    Take your time .
    There's som possiblities over this odd situation.

    1. I missed a particular flag for specify Vlan ID.
    2. We r in different reversion

    ReplyDelete
  8. ankitprasad.sharmaDecember 22, 2011 at 4:47 AM

    Hi Hugo..
    I am new to openstack.. i have installed all the nova-packages on my system using vlanmanager. I wanted to know whether is it possible to add a compute node for implementing a dual node cloud. If yes then please help me with its procedure.

    Thank you
    Ankitprasad

    ReplyDelete

Post a Comment

Popular posts from this blog

The method of Web Service HA+LB in OPENSTACK NOVA for private cloud only

Image
Cloud Server HA+LB  in NOVA Our purpose is to provide uninterrupted   web services  with low cost in OPENSTACK. Due to all instances traffic through Nova-Network host in a basic deployment of NOVA . And it's hard to do HA+LB for Nova-Network. As I know it will be very hard to implement.  After read "Bootstrapping OpenStack Clouds" doc writed by DELL....The fault zone concept it much easier and cheaper.  There're three diagrams .... I. Two zones topology , share nothing between each zones. But combine two instance network in same network segment. Zone1 using 192.168.1.0/25,   Zone2 using 192.168.1.128/25 . We do  not using floating ip.  Let instance route from Core Network  Switch directly.
Read more

OpenStack Swift - Container Sync (New & Old ways)

Image
OpenStack Swift Container-Sync  Swift 內建功能利用背景工作, 讓 Container to Container 如同鏡像一樣同步所有資料. 不僅僅是自己的Container, 還可以跟其他人Account內的Container相互同步資料. 這個功能也被部分企業用來將資料從舊的Swift Cluster轉移到新的環境上. 提示 如果User request是對object做POST的操作, 操作內容不一定會被同步, 除非object_post_as_copy = true 在 Proxy server 的設定, 目前這個值預設為開啟 true. 同步的設定可以有幾種模式 : One-way sync : 單向同步 containerA --> containerB Two-way sync : 雙向同步 containerA <--> containerB Chain : 鏈狀同步 containerA --> containerB --> containerC --> containerA 首先你必須要知道目前有兩種方法(新/舊)來設定 Container Sync First of all, you need to know there are two styles for setting container-sync currently.  OLD-style(舊): Supported since Swift's initial release. 任何版本,包含新版本 NEW-style(新): Implemented in Swift 1.12  or later. 在1.12版本後才釋出 不論新舊styles, 都有一個重要的前提, 原資料所在的Container Server, 必須要能跟遠端目標Container 的 Proxy Server 透過網路連結的到. NEW-Style - 多了realm(域)的觀念. 新的做法需要先建立一個設定檔 ( /etc/swift/container-sync-realms.conf )在兩個叢集的"所有"節點. 具體一點來說, 只要會涉及到這個同步過程的所有Pro
Read more