Revision history [back]

click to hide/show revision 1
initial version

How to implement dhcp, wds and ad servers in openstack ( internal -external network relations)

Hello,

I am trying to implement network services for our local area network on openstack. These services are a linux dhcp server, and a microsoft active directory and windows deployement server. I use juno with neutron. I have two openstack infrastructure.

  1. One production infra with two servers: one compute node and one network-controller node with neutron
  2. One test server with compute-network-controller node also with neutron

That i do so far:

IMPLEMENTATION WITH THE INTERNAL NETWORK I implement the local area services in a private network with floating ip.

  • dhcp do no work because of network segmentation
  • Active directory is working. I must howether add an entry in the ad dns as AD must know the floating ip adress.
  • Wds is not working : The tftp server is sending the file wdsnbp to the external clients, but it seems it is configured with the internal ip only. Clients cannot download windows installation files (boot.wim).

IMPLEMENTATION WITH THE EXTERNAL NETWORK I implement active directory and wds server on the external network. This is only working with the test infrastructure. (where the compute and the network services are on the same server) I think the reason is network must access the br-ex bridge. When the compute node is only accessible with GRE tunnel, the server won't boot.

The ad server is also implemented with dhcp, and i put an dhcp agent on the external network. Howether there is some strange problems with the existing external dhcp servers. Clients have their ip address from the external dhcp servers, but does not have the dns servers any more.

WHAT I AM PLANNING TO DO: I am planning to use another KVM server for implementing local area services. Perhaps i can find a solution with opentack in the future ? I could send the instances from the kvm server to the openstack servers.

WHAT DO YOU THINK I COULD DO ? perhaps there is a better option ?

Regards, Serge

How to implement dhcp, wds and ad servers in openstack ( internal -external network relations)

Hello,

I am trying to implement network services for our local area network on openstack. These services are a linux dhcp server, and a microsoft active directory and windows deployement server. I use juno with neutron. I have two openstack infrastructure.

  1. One production infra with two servers: one compute node and one network-controller node with neutron
  2. One test server with compute-network-controller node also with neutron

That what i do did so far:

IMPLEMENTATION WITH THE INTERNAL NETWORK I implement the local area services in a private network with floating ip.

  • dhcp do no work because of network segmentation
  • Active directory is working. I must howether add an entry in the ad dns as AD must know the floating ip adress.
  • Wds is not working : The tftp server is sending the file wdsnbp to the external clients, but it seems it is configured with the internal ip only. Clients cannot download windows installation files (boot.wim).

IMPLEMENTATION WITH THE EXTERNAL NETWORK I implement active directory and wds server on the external network. This is only working with the test infrastructure. (where the compute and the network services are on the same server) I think the reason is network must access the br-ex bridge. When the compute node is only accessible with GRE tunnel, the server won't boot.

The ad server is also implemented with dhcp, and i put an dhcp agent on the external network. Howether there is some strange problems with the existing external dhcp servers. Clients have their ip address from the external dhcp servers, but does not have the dns servers any more.

TCP DUMP (NEW) The download of the file wdsnbp.com is working correctly:

10:39:21.238178 IP PC-131-05.msem.xxx.xx.ah-esp-encap > 162.xx.xx.88.tftp:  36 RRQ "boot\x64\wdsnbp.com" octet tsize 0
10:39:21.255168 ARP, Request who-has PC-131-05.xxx.xxxx.xx tell PC-131-05.msem.xxxx.xxx, length 46
10:39:21.256289 ARP, Reply PC-131-05.msem.xxxxx.xxxx is-at 28:80:23:0a:3f:6d (oui Unknown), length 46
10:39:21.257277 IP 162.xxx.xxx.88.64685 > PC-131-05.msem.xxxx.xxx.ah-esp-encap: UDP, length 14
1

The download of the file pxeboot is NOT working:

10:39:21.320136 IP PC-131-05.msem.xxxx.xxx.bootpc > 162.xxxx.xxxx.88.pxe: BOOTP/DHCP, Request from 88:51:fb:4f:ad:97 (oui Unknown), length 283
10:39:25.817627 IP 162.xxx.xxxx.88.pxe > PC-131-05.msem.xxxx.xxx.bootpc: BOOTP/DHCP, Reply, length 1024
10:39:25.823966 IP PC-131-05.msem.xxxxxx.xxxx > 162.xxxx.xxxx.88: ICMP PC-131-05.msem.xxxxx.xxxx udp port bootpc unreachable, length 36

The port 68,69 and 4011 are open on the security group. And it is working on external network

WHAT I AM PLANNING TO DO: I am planning to use another KVM server for implementing local area services. Perhaps i can find a solution with opentack in the future ? I could send the instances from the kvm server to the openstack servers.

WHAT DO YOU THINK I COULD DO ? perhaps there is a better option ?

Regards, Serge