Ask Your Question
0

How VMs will communicate in Openstack(Packet Flow)

asked 2015-12-10 02:24:08 -0500

Veerendra gravatar image

updated 2015-12-10 02:24:50 -0500

Our configuration:

VM Name           Internal IP      Floating IP
***************************************************
MySQL              10.0.5.15            -
Apache2            10.0.5.14        172.25.1.142
Apache1            10.0.5.16            -
VM-11(HaProxy)     10.0.5.7         172.25.1.144
jmeter             10.0.5.17            -

Router Gateway     172.25.1.132(From "neutron router-list" command)

Server5 - Neutron

Server1 - Controller + Compute

We configured Netflow on "int-br"(OVS) in Server1 and Server5

Now, the dummy request are sending continuously from jmeter(10.0.5.17) to HaProxy(172.25.1.144)

What we saw in Netflow(nfdump -r FILE)

On Server1


Bridge's   Source IP   Source  Bridge's  Destination   Destination  Protocol
Ingress                Port    Egress        IP             Port
Port                           Port
*****************************************************************************************
4614        10.0.5.17  39781   4611      172.25.1.144     80          TCP
4610         10.0.5.7     80   4611      172.25.1.132   39781         TCP

On Server5

15371     172.25.1.132  33675  15362         10.0.5.7     80         TCP
15371     172.25.1.144     80  15362        10.0.5.17  33675         TCP

So, What is the packet flow here? Where the NAT translations are happening?

edit retag flag offensive close merge delete

Comments

To improve Network workflow understanding take a look at
https://www.linkedin.com/pulse/open-s...
https://www.hastexo.com/system/files/...

andrew.shvartz gravatar imageandrew.shvartz ( 2015-12-10 03:01:27 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-12-10 02:51:31 -0500

updated 2015-12-10 02:53:02 -0500

Assuming you have created Neutron Router between 10.0.5.0/24 ( tenant's) and 172.25.1.0/24 (external)
On Network Node issue commands

neutron router-list
ip netns | grep router_id
ip netns exec qrouter-<router_id> iptables -S -t nat

Your configuration will result neutron traffic like this, which seems a bit strange

Controller/Compute => Network=> Controller/Compute

In case VXLAN or GRE tunneling

ovs-ofctl dump-flows br-tun

on each one of nodes
In case VLAN been used for (vm/data) network

ovs-ofctl dump-flows br-ethX

which one was configured for (vm/data) network between nodes.

edit flag offensive delete link more
0

answered 2015-12-10 03:09:00 -0500

RHK gravatar image

Networking integrates with OpenStack components in a number of ways:

Networking relies on the Identity service (keystone) for the authentication and authorization of all API requests. As part of creating a VM, the nova-compute service communicates with the Networking API to plug each virtual NIC on the VM into a particular network.
The dashboard (horizon) integrates with the Networking API, enabling administrators and tenant users to create and manage network services through a web-based GUI.

VM1 <--> VM2

Packet gets initiated from vNic0 of the Nova instance of customer

vNic0 is connected to to the ovs bridge ( br-int)

br-int forwards packet to br-tun and br-tun adds header to the packet and sends to compute node 02 over GRE tunnel

Compute Node 02 (br-tun recieves the packet and remove the header and forwards to br-int )

br-int would send it vNic0 0f vm-02

VM1 <--> Network Node --> Internet

Packet gets initiated from vNic0 of the Nova instance of customer

vNic0 is connected to to the ovs bridge ( br-int)

br-int forwards packet to br-tun and br-tun adds header to the packet and sends to Network node over GRE tunnel

Network Node (br-tun recieves the packet and remove the header and forwards to br-int )

The packet is forwarded to qrouter namespace > br-ex and then goes to eth1 public interface and then to internet

edit flag offensive delete link more

Comments

1

Looks like you decided to repeat link content been provide above your post :-
https://www.linkedin.com/pulse/open-s...
Good job.

dbaxps gravatar imagedbaxps ( 2015-12-10 03:26:56 -0500 )edit

Yes, this is very good information from Vijayabalan.

RHK gravatar imageRHK ( 2015-12-10 05:19:37 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-12-10 02:24:08 -0500

Seen: 1,925 times

Last updated: Dec 10 '15