Not all cloud instances are born equal. When a cloud instance boots, it is usually necessary to customize the instance to some extent, for instance by adding specific SSH keys or by running startup scripts. Most cloud platforms offer a mechanism called instance metadata, and the implementation of this feature in OpenStack is our topic … Continue reading OpenStack Neutron – handling instance metadata
In a cloud environment, a virtual instance typically uses a DHCP server to receive its assigned IP address and DNS services to resolve IP addresses. In this post, we will look at how these services are realized in our OpenStack playground environment. DHCP basics To understand what follows, it is helpful to quickly recap the … Continue reading OpenStack Neutron – DHCP and DNS
In a previous post, we have set up an environment with a flat network (connected to the outside world, in this case to our lab host). In a typical environment, such a network is combined with several internal virtual networks, connected by a router. Today, we will see how an OpenStack router can be used … Continue reading OpenStack Neutron – building virtual routers
So far, our OpenStack control plane setup was rather simple - we had a couple of compute nodes, and all other services were running on the same controller node. In practice, this does not only create a single point of failure, but also a fairly high traffic on the network interfaces. In this post, we … Continue reading OpenStack Neutron – running Neutron with a separate network node
In this post, we will learn how to set up VXLAN overlay networks as tenant networks in Neutron and explore the resulting configuration on our compute nodes. Tenant networks The networks that we have used so far have been provider networks - they have been created by an administrator, specifying the link to the physical … Continue reading OpenStack Neutron – building VXLAN overlay networks with OVS
Having installed Neutron in my last post, we will now analyze flat networks and VLAN networks in detail and see how Neutron actually realizes virtual Ethernet networks. This will also provide the basic understanding that we need for more complex network types in future posts. Setup To follow this post, I recommend to repeat the … Continue reading OpenStack Neutron – deep dive into flat and VLAN networks
In this post, which is part of our series on OpenStack, we will start to investigate OpenStack Neutron - the OpenStack component which provides virtual networking services. Network types and some terms Before getting into the actual Neutron architecture, let us try to understand how Neutron provides virtual networking capabilities to compute instances. First, it … Continue reading OpenStack Neutron – architecture and overview
If you read technical posts like this one, chances are that you have already had some exposure to TLS certificates, for instance because you have deployed a service that uses TLS and needed to create and deploy certificates for the servers and potentially for clients. Dealing with certificates can be a challenge, and a sound … Continue reading Understanding TLS certificates with NGINX and Ansible – part I
When you are trying to understand virtual networking, container networks, micro segmentation and all this, sooner or later the day will come where you will have to deal with iptables, the built-in Linux firewall mechanism. After evading the confrontation with the full complexity of this remarkable beast for many years, I have recently decided to … Continue reading Virtual networking labs – building a virtual router with iptables and Linux namespaces
In the last few posts, we have already touched on the OpenFlow protocol that plays a central role in most SDNs. Today, we will learn more on OpenFlow and again use Open vSwitch to see the protocol in action. OpenFlow - the basics Recall from our previous post that OpenFlow is a protocol that the … Continue reading Virtual networking labs – using OpenFlow
