OpenStack Liberty Neutron Deployment (Part 6 start a VM in the tenant defined network)

Now it is time to start a VM. Up to now, no DHCP server is running for the tenant’s network n1.

After starting the VM, the set up looks like:

After staring the first VM

After staring the first VM

The following components have been configured:

On the network node:

  • neutron starts a DHCP server on the network node to provide a DHCP service for the tenants’s network n1. This DHCP server runs in it’s own network namespace [qdhcp-*] and is attached to Vlan 3.

On the compute node:

  • Allocate a Vlan on br-int from the free list of vlans. This Vlan is associated and attached to the global vxlan id 0x10001. As no vlans have been used before, vlan 1 is used.
  • On br-tun mapping entries are created to map the local vlan id 1 to the global vxlan id 0x10001.
  • The VM is not attached directly to br-int. The reason is, that there is no mechanism to attach iptable rules to an ovs port. iptable rules are used to implement the Openstack security groups. The workaround is to create a linux bridge, attach the tap interface of the vm to the linux bridge and attach the linux bridge using a veth pair to br-int.
  • Start the VM

Attach a floating IP

The set up is now:

Add a floating IP address for the VM

Add a floating IP address for the VM

The floating IP address of the VM is attached as an additional IP address on the uplink of the router. In addition 1:1 NAT rules are created on the router to provide a unique mapping for the fixed IP address of the VM.

Continue reading (part 7)

Updated: 17/01/2016 — 13:57