Previous post described how to deploy Openstack Ocata with OpenContrail 4.0. At that setup, VM can connect other VM, but VM cannot connect existing network such as Internet.
Basically, OpenContrail requires Gateway router which can speak MPBGP and MPLSoGRE to communicate other networks. (i.e. Juniper MX router or Cisco ASR router)
If you don't have such router, need to use "Simple Gateway" that uses Contrail vRouter as a gateway.
Simple Gateway works like a Network Node of Neutron.
Simple Gateway is created in Compute node and it works together with Contrail vRouter. It takes over overlay Tunnel and Physical NIC.
In case of VM wants to connect Internet, Simple Gateway terminates VM packet, then Simple Gateway routes its pakcets to Compute node kernel. After that, the packets look up routing table on Compute node. Eventually the packets reach to Internet via GW.
Basically, OpenContrail requires Gateway router which can speak MPBGP and MPLSoGRE to communicate other networks. (i.e. Juniper MX router or Cisco ASR router)
If you don't have such router, need to use "Simple Gateway" that uses Contrail vRouter as a gateway.
Simple Gateway works like a Network Node of Neutron.
Simple Gateway is created in Compute node and it works together with Contrail vRouter. It takes over overlay Tunnel and Physical NIC.
In case of VM wants to connect Internet, Simple Gateway terminates VM packet, then Simple Gateway routes its pakcets to Compute node kernel. After that, the packets look up routing table on Compute node. Eventually the packets reach to Internet via GW.
How to setup Simple Gateway
- Create Virtual-network for Public (For External network connection)
- Create Simple Gateway
- Create Virtual-network for Private (For Virtual-machine)
- Spawn Virtual-machine
- set Floating IP to Virtual-machine
- Verify connectivity
1. Create Virtual-network for Public (For External network connection)
Possible to create either Openstack or OpenContrail.
In case of Openstack
Createsource openstackrc
openstack network create public --external
openstack subnet create --network public --subnet-range 203.0.113.0/24 public_subnetopenstack network list --external
+--------------------------------------+--------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------+--------------------------------------+
| 08960915-ef83-4980-ae3d-08aea937d4fb | public | bea3e1c9-4658-4b17-bfb6-9ee8047d04c6 |
+--------------------------------------+--------+--------------------------------------+In case of Contrail
Open Configure > Networking >Networks, Click "+" then set below items and Save
Name: Name of Virtual-network (i.e. public)
Subnet:Network address in "CIDR" (i.e.203.0.113.0/24)
Adbanced Options: Check "External"
2.Create Simple Gateway
Login target node to create SimpleGateway due to Simple Gateway is created on Compute node.
Execute command below after login.
docker exec agent python /opt/contrail/utils/provision_vgw_interface.py --oper create --interface vgw1 --subnets 203.0.113.0/24 --routes 0.0.0.0/0 --vrf default-domain:admin:public:public
Arguments
- --oper: "create" or "delete"
- --interface: Name of Simple Gateway. In case of multiple simple gateways are created, set unique name to each gateway.
- --subnets: Define subnet address of Simple Gateway using. Define subnet address what you want to expose to external.
- --routes: Define destination network that Simple Gateway allows to connect. Define 0.0.0.0/0, in case of unspecified network such as Internet. Define particular network, such ad 10.0.0.0/24, in case of specified network. Multiple networks are allowed.
- --vrf: Define name of VRF that Contrail uses. Syntax is "default-domain:<project name>:<virtual network name>:<virtual-network name>
Network will be seen by "route -n" after creation.
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.84.50.100 0.0.0.0 UG 0 0 0 vhost0
10.84.50.0 0.0.0.0 255.255.255.0 U 0 0 0 vhost0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
203.0.113.0 0.0.0.0 255.255.255.0 U 0 0 0 vgw1
If GW or other nodes need to reach 203.0.113.0/24, add routing table that nexthop address is vhost0 of Compute node.
i.e.)kvm host needs to reach 203.0.113.0/24, below configuration is required.
also, KVM Host needs to connect external (internet), Configure NAT if necessary.
i.e.)kvm host needs to reach 203.0.113.0/24, below configuration is required.
also, KVM Host needs to connect external (internet), Configure NAT if necessary.
route add -net 203.0.113.0 netmask 255.255.255.0 gw 10.84.50.119
iptables -A POSTROUTING -t nat -o em1 -s 203.0.113.0/24 -j MASQUERADE3.Create Virtual-network for Private (For Virtual-machine)
Possible to create either Openstack or OpenContrail.
In case of Openstack
Create
source openstackrc
openstack network create user-VN1
openstack subnet create --network user-VN1 --subnet-range 192.168.0.0/24 user-VN1_subnetopenstack network list --internal
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 7f26e637-e4d2-4ce1-9afc-572837a096d4 | user-VN1 | 019c0a3c-b4a3-492a-8832-633ceffc07a3 |
+--------------------------------------+----------+--------------------------------------+In case of Contrail
Open "Configure > Networking >Networks" Click "+", set blow items and Save
Name: Name of Virtual-network
Subnet:Network address in "CIDR" (i.e.192.168.0.0/24)
4.Spawn Virtual-machine
Create Virtual-machine on "user-VN1" by either Horizon or command
source openstackrc
nova boot --flavor m1.tiny --image cirros --nic net-id=7f26e637-e4d2-4ce1-9afc-572837a096d4 VM1 5.set Floating IP to Virtual-machine
Possible to create either Openstack or OpenContrail.
In case of Openstack
Create
source openstackrc
openstack floating ip create public
openstack server add floating ip VM1 203.0.113.3openstack floating ip list
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ef192165-151f-42f9-b58b-6215e6f92ba1 | 203.0.113.3 | 192.168.0.3 | a3b9d5a8-f33a-48be-92a3-d3b3508f9503 | 08960915-ef83-4980-ae3d-08aea937d4fb | 31ecaa5de0ea4ba783b8e267e6249d79 |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+In case of Contrail
Open "Configure > Networking >Floating IPs", Click "+", set below items and Save
Floating IP Pool: admin:public:default (203.0.113.0/24)
Click right side Icon and Select "Associate Port" after creating Floating IP. Select target IP address of VM and Save
6.Verify connectivity
Verify connectivity from Compute node
if failed, confirm below
- Subnet, route configuration of Simple gateway
- Permit External connection by Security group, if from External Connection if failed.
- Routing teble of KVM host and GW
- NAT is required.
To isolate issues, "tcpdump" on vhost0 of Compute node or KVM host then confirm where the packets are missing.
Fro more help, visit Slack channel of OpenContrail.
No comments:
Post a Comment