SlideShare a Scribd company logo
1 of 30
Download to read offline
Neutron Network
Namespaces and
IPtables: Technical
deep dive
Damian Igbe
Technical Instructor & Consultant
© MIRANTIS 2013

PAGE 1
Presentation Outline

• Introduction to Neutron & Neutron Namespaces
• Deep Dive
• Conclusions

© MIRANTIS 2013

PAGE 2
What are Namespaces
• Namespaces enables multiple instances of a
routing table to co-exist within the same Linux
box
• Network namespaces make it possible to
separate network domains (network interfaces,
routing tables, iptables) into completely
separate and independent domains.

© MIRANTIS 2013

PAGE 3
Namespaces Diagram

© MIRANTIS 2013

PAGE 4
Namespaces Advantages
• Overlapping IPs: A big advantage of namespaces
implementation in neutron is that tenants can
create overlapping IP addresses, a situation that
gives freedom to cloud users because they are
free to create any subnet of choice without fear of
conflicting with that of another tenant. Linux
network namespace is required on nodes running
neutron-l3-agent or neutron-dhcp-agent if
overlapping IPs is in use. Hence the hosts running
these processes must support network
namespaces.
© MIRANTIS 2013

PAGE 5
Namespaces Advantages
L3 Agent: The neutron-l3-agent is designed to
use network namespaces to provide multiple
independent virtual routers per node, that do
not interfere with each other or with routing of
the compute node on which they are hosted

© MIRANTIS 2013

PAGE 6
What if Namespaces NOT supported?
If the kernel does not support namespaces, the following limitations should be
noted with Neutron:
• Neutron-l3-agent is limited to providing a single virtual router per compute
node. If namespaces is supported, a single deployed neutron-l3-agent should
be able to host multiple virtual routers.
• It is necessary to configure each neutron-l3-agent with the Universally Unique
ID (UUID) identifying the router instance that it hosts. This complicates
deployment, makes self-service provisioning of routers by tenants impractical.
If namespaces is supported, the configuration with the UUID(s) of the router(s)
it hosts is not required.
•If the host does not support namespaces then the neutron-l3-agent and
neutron-dhcp-agent should be run on different hosts. This is due to the fact that
there is no isolation between the IP addresses created by the L3 agent and by
the DHCP agent. A downside to this is that by manipulating the routing tables
the user can ensure that these networks have access to one another.

© MIRANTIS 2013

PAGE 7
Recognizing Namespaces
• Every l2-agent/private network has an
associated dhcp namespace and
• Every l3-agent/router has an associated
router namespace.

© MIRANTIS 2013

PAGE 8
Multinode Network Topology

© MIRANTIS 2013

PAGE 9
Ref. Architecture
• Multinode Grizzy on Ubuntu 12.04

• libvirt/QEMU,
• LibvirtHybridOVSBridgeDriver vif driver,
• Quantum security groups,
• Open vSwitch Neutron/Quantum plugin using
• GRE
• dnsmasq
• IP namespaces enabled
© MIRANTIS 2013

PAGE 10
Tenant 1 Network

© MIRANTIS 2013

PAGE 11
Tenant 2 Network

© MIRANTIS 2013

PAGE 12
Multinode Network Topology

© MIRANTIS 2013

PAGE 13
On The Compute Node

© MIRANTIS 2013

PAGE 14
On The Net Node

© MIRANTIS 2013

PAGE 15
Net Namespaces

© MIRANTIS 2013

PAGE 16
Illustration

© MIRANTIS 2013

PAGE 17
Showing Net & Compute Node

© MIRANTIS 2013

PAGE 18
Troubleshooting
Let us summarize the troubleshooting steps into
2:
STEP1: Identify the correct namespace
STEP2: Perform general troubleshooting around
the identified namespace

© MIRANTIS 2013

PAGE 19
Problem

Have spin off an instance and it has an IP
address from Horizon but cannot ssh
(probabely because the interface has no
assigned IP) to it so can only view from VNC

© MIRANTIS 2013

PAGE 20
Detailed Troubleshooting
steps for this Problem
•Ensure that dnsmasq process is running:
# pgrep -fl dnsmasq ( restart the quantum-dhcp-agent if not).
• verify the IP address in the namespace, if dnsmasq is running:
# ip netns [list].
•Identify the qdhcp-network <networkUUID> namespace:
# ip netns exec qdhcp-<networkUUID> ip
From the output, ensure that the IP on the interface is present and matches the one
present for dnsmasq. To verify what the expected IP address is, use quantum-port-list
and quantum port-show <portUUID>.
•Determine the leases
# /var/lib/quantum/dhcp/<networkUUID>/host
Note:
•If the dnsmasq configuration is correct, but dnsmasq is not responding with
leases and the bridge/interface is created and running, pkill dnsmasq and restart
quantum-dhcp-agent.
•If dnsmasq does not include the correct leases, verify that quantum-server is
running correctly and that it can communicate with dhcp-agent. If it is running
correctly, and the bridge/interface is created and running, restart quantum-dhcpagent.
© MIRANTIS 2013
PAGE 21
Network Node:
• root@vmnet-mn:~# ovs-vsctl show

• root@vmnet-mn:/# ovs-ofctl dump-flows br-tun
The DHCP agent
• The DHCP agent is configured to use OVS and
dnsmasq:
root@vmnet-mn:/# grep -v '^#|^s*$'
/etc/quantum/dhcp_agent.ini
© MIRANTIS 2013

PAGE 22
Network Node Cont.
• root@vmnet-mn:~#pgrep –fl dnsmasq

• root@vmnet-mn:/# ip netns | grep dhcp
root@vmnet-mn:/# ip netns exec qdhcp-eeeee
ifconfig
• root@vmnet-mn:/# ip netns exec qdhcp6b71dbb8-e91c-47f0-92c4-47882007115d ping
ip

© MIRANTIS 2013

PAGE 23
Network Node
• root@vmnet-mn:/# cat /var/lib/quantum/dhcp/e0fe9037-790a-4cb-9bf44b06f0cfcf5c/host
Note that:
• Dnsmasq logs to /var/log/syslog in this Ubuntu installation.

© MIRANTIS 2013

PAGE 24
Compute Node
• root@vmcom1-mn :/# ip link

• root@vmcom1-mn :/# brctl show
• root@vmcom1-mn :/# ovs-vsctl show
• root@vmcom1-mn :/# ovs-ofctl dump-flows brtun
• root@vmcom1-mn :/# iptables-save

© MIRANTIS 2013

PAGE 25
Compute Node
• root@vmcom1-mn :/# tcpdump -n -i eth2

© MIRANTIS 2013

PAGE 26
Controller Node
• damian@vmcon-mn:/$ quantum net-show net1

• damian@vmcon-mn:/$ quantum subnet-show
ad970f3f-4ceb-4565-b897-1cd0fe34cd5b
• damian@vmcon-mn:/$ nova boot --flavor micro
--image cirros-030-x86_64  --nic netid=6b71dbb8-e91c-47f0-92c4-47882007115d  -security-groups test-vms test-instance1

• damian@vmcon-mn:/$ nova list
© MIRANTIS 2013

PAGE 27
Controller Node
• damian@vmcon-mn:/$ quantum port-list -device_id=44e362ba-e8a4-4bae-b0ea5477666632c9
• damian@vmcon-mn:/$ quantum port-show
9a41d8fa-a745-4411-b9f8-daa182f38527

© MIRANTIS 2013

PAGE 28
CONCLUSIONS

QUESTIONS
AND

ANSWERS

© MIRANTIS 2013

PAGE 29
Note
• When a router or network is created, the
namespaces don’t get created immediately. For
network, the DHCP namespaces get created only
when a vm is attached and for router the
namespace is created when a gateway is set. It
means that an activity must take place before the
namespaces get created.
• When a router or network is deleted, the
associated namespaces are not deleted. They
need to be manually deleted.
© MIRANTIS 2013

PAGE 30

More Related Content

What's hot

Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeDocker, Inc.
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker ContainersAndrey Sibirev
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
Docker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMDocker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMNeependra Khare
 
Multi tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalMulti tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalSadique Puthen
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionPhi Huynh
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep diveMadhu Venugopal
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveMadhu Venugopal
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with MicronautQAware GmbH
 
LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganetikawamuray
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance AnalysisBrendan Gregg
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network IssuesApcera
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 

What's hot (19)

Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the Microscope
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker Containers
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-Plane
 
Docker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMDocker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBM
 
Multi tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalMulti tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-final
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan Hazlett
 
Docker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode IntroductionDocker Networking & Swarm Mode Introduction
Docker Networking & Swarm Mode Introduction
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep dive
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
 
LXC on Ganeti
LXC on GanetiLXC on Ganeti
LXC on Ganeti
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
 
Debugging Network Issues
Debugging Network IssuesDebugging Network Issues
Debugging Network Issues
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 

Viewers also liked

OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutronmarkmcclain
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutronmestery
 
Inside neutron 2
Inside neutron 2Inside neutron 2
Inside neutron 2Robin Gong
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)Dan Wendlandt
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)Mirantis
 
Automating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelAutomating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelTomasz Zen Napierala
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need tosalv_orlando
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteBoyd Hemphill
 
Turning Containers into Cattle
Turning Containers into CattleTurning Containers into Cattle
Turning Containers into CattleSubbu Allamaraju
 
Managing Container Clusters in OpenStack Native Way
Managing Container Clusters in OpenStack Native WayManaging Container Clusters in OpenStack Native Way
Managing Container Clusters in OpenStack Native WayQiming Teng
 
Webinar container management in OpenStack
Webinar container management in OpenStackWebinar container management in OpenStack
Webinar container management in OpenStackCREATE-NET
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Joshua Harlow
 
How to Monitor Application Performance in a Container-Based World
How to Monitor Application Performance in a Container-Based WorldHow to Monitor Application Performance in a Container-Based World
How to Monitor Application Performance in a Container-Based WorldKen Owens
 
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Daniel Krook
 
Architecting Ceph Solutions
Architecting Ceph SolutionsArchitecting Ceph Solutions
Architecting Ceph SolutionsRed_Hat_Storage
 

Viewers also liked (20)

OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutron
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutron
 
Inside neutron 2
Inside neutron 2Inside neutron 2
Inside neutron 2
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
 
Automating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelAutomating OpenStack Deployment with Fuel
Automating OpenStack Deployment with Fuel
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need to
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
OpenStack Super Bootcamp.pdf
OpenStack Super Bootcamp.pdfOpenStack Super Bootcamp.pdf
OpenStack Super Bootcamp.pdf
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
 
Turning Containers into Cattle
Turning Containers into CattleTurning Containers into Cattle
Turning Containers into Cattle
 
Managing Container Clusters in OpenStack Native Way
Managing Container Clusters in OpenStack Native WayManaging Container Clusters in OpenStack Native Way
Managing Container Clusters in OpenStack Native Way
 
Webinar container management in OpenStack
Webinar container management in OpenStackWebinar container management in OpenStack
Webinar container management in OpenStack
 
Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]Cloud init and cloud provisioning [openstack summit vancouver]
Cloud init and cloud provisioning [openstack summit vancouver]
 
How to Monitor Application Performance in a Container-Based World
How to Monitor Application Performance in a Container-Based WorldHow to Monitor Application Performance in a Container-Based World
How to Monitor Application Performance in a Container-Based World
 
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
Open Container Technologies and OpenStack - Sorting Through Kubernetes, the O...
 
Architecting Ceph Solutions
Architecting Ceph SolutionsArchitecting Ceph Solutions
Architecting Ceph Solutions
 

Similar to Neutron Network Namespaces and IPtables--A Technical Deep Dive

Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydneyMiguel Lavalle
 
Link i pv4
Link i pv4Link i pv4
Link i pv4NARESH A
 
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Công TÔ
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker, Inc.
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...Cloud Native Day Tel Aviv
 
Neutron high availability open stack architecture openstack israel event 2015
Neutron high availability  open stack architecture   openstack israel event 2015Neutron high availability  open stack architecture   openstack israel event 2015
Neutron high availability open stack architecture openstack israel event 2015Arthur Berezin
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerThierry Gayet
 
Meetup Docker@Nuxeo - Build a Cloud Platform with Docker
Meetup Docker@Nuxeo - Build a Cloud Platform with DockerMeetup Docker@Nuxeo - Build a Cloud Platform with Docker
Meetup Docker@Nuxeo - Build a Cloud Platform with DockerNuxeo
 
Tungsten University: Configure and provision Tungsten clusters
Tungsten University: Configure and provision Tungsten clustersTungsten University: Configure and provision Tungsten clusters
Tungsten University: Configure and provision Tungsten clustersContinuent
 
Osol Netadmin Solaris Administrator
Osol Netadmin Solaris AdministratorOsol Netadmin Solaris Administrator
Osol Netadmin Solaris AdministratorOpeyemi Olakitan
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 
Ait235 Quizes Essay
Ait235 Quizes EssayAit235 Quizes Essay
Ait235 Quizes EssaySue Jones
 
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebula Project
 

Similar to Neutron Network Namespaces and IPtables--A Technical Deep Dive (20)

Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Janus & docker: friends or foe
Janus & docker: friends or foe Janus & docker: friends or foe
Janus & docker: friends or foe
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
 
Link i pv4
Link i pv4Link i pv4
Link i pv4
 
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slides
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...
Livnat Peer & Arthur Berezin, Red Hat - Neutron High Availability - OpenStack...
 
Neutron high availability open stack architecture openstack israel event 2015
Neutron high availability  open stack architecture   openstack israel event 2015Neutron high availability  open stack architecture   openstack israel event 2015
Neutron high availability open stack architecture openstack israel event 2015
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on Docker
 
Meetup Docker@Nuxeo - Build a Cloud Platform with Docker
Meetup Docker@Nuxeo - Build a Cloud Platform with DockerMeetup Docker@Nuxeo - Build a Cloud Platform with Docker
Meetup Docker@Nuxeo - Build a Cloud Platform with Docker
 
Tungsten University: Configure and provision Tungsten clusters
Tungsten University: Configure and provision Tungsten clustersTungsten University: Configure and provision Tungsten clusters
Tungsten University: Configure and provision Tungsten clusters
 
Osol Netadmin Solaris Administrator
Osol Netadmin Solaris AdministratorOsol Netadmin Solaris Administrator
Osol Netadmin Solaris Administrator
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Ait235 Quizes Essay
Ait235 Quizes EssayAit235 Quizes Essay
Ait235 Quizes Essay
 
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 

More from Mirantis

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 

More from Mirantis (20)

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security Workshop
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge Cloud
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 

Recently uploaded

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 

Recently uploaded (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 

Neutron Network Namespaces and IPtables--A Technical Deep Dive

  • 1. Neutron Network Namespaces and IPtables: Technical deep dive Damian Igbe Technical Instructor & Consultant © MIRANTIS 2013 PAGE 1
  • 2. Presentation Outline • Introduction to Neutron & Neutron Namespaces • Deep Dive • Conclusions © MIRANTIS 2013 PAGE 2
  • 3. What are Namespaces • Namespaces enables multiple instances of a routing table to co-exist within the same Linux box • Network namespaces make it possible to separate network domains (network interfaces, routing tables, iptables) into completely separate and independent domains. © MIRANTIS 2013 PAGE 3
  • 5. Namespaces Advantages • Overlapping IPs: A big advantage of namespaces implementation in neutron is that tenants can create overlapping IP addresses, a situation that gives freedom to cloud users because they are free to create any subnet of choice without fear of conflicting with that of another tenant. Linux network namespace is required on nodes running neutron-l3-agent or neutron-dhcp-agent if overlapping IPs is in use. Hence the hosts running these processes must support network namespaces. © MIRANTIS 2013 PAGE 5
  • 6. Namespaces Advantages L3 Agent: The neutron-l3-agent is designed to use network namespaces to provide multiple independent virtual routers per node, that do not interfere with each other or with routing of the compute node on which they are hosted © MIRANTIS 2013 PAGE 6
  • 7. What if Namespaces NOT supported? If the kernel does not support namespaces, the following limitations should be noted with Neutron: • Neutron-l3-agent is limited to providing a single virtual router per compute node. If namespaces is supported, a single deployed neutron-l3-agent should be able to host multiple virtual routers. • It is necessary to configure each neutron-l3-agent with the Universally Unique ID (UUID) identifying the router instance that it hosts. This complicates deployment, makes self-service provisioning of routers by tenants impractical. If namespaces is supported, the configuration with the UUID(s) of the router(s) it hosts is not required. •If the host does not support namespaces then the neutron-l3-agent and neutron-dhcp-agent should be run on different hosts. This is due to the fact that there is no isolation between the IP addresses created by the L3 agent and by the DHCP agent. A downside to this is that by manipulating the routing tables the user can ensure that these networks have access to one another. © MIRANTIS 2013 PAGE 7
  • 8. Recognizing Namespaces • Every l2-agent/private network has an associated dhcp namespace and • Every l3-agent/router has an associated router namespace. © MIRANTIS 2013 PAGE 8
  • 9. Multinode Network Topology © MIRANTIS 2013 PAGE 9
  • 10. Ref. Architecture • Multinode Grizzy on Ubuntu 12.04 • libvirt/QEMU, • LibvirtHybridOVSBridgeDriver vif driver, • Quantum security groups, • Open vSwitch Neutron/Quantum plugin using • GRE • dnsmasq • IP namespaces enabled © MIRANTIS 2013 PAGE 10
  • 11. Tenant 1 Network © MIRANTIS 2013 PAGE 11
  • 12. Tenant 2 Network © MIRANTIS 2013 PAGE 12
  • 13. Multinode Network Topology © MIRANTIS 2013 PAGE 13
  • 14. On The Compute Node © MIRANTIS 2013 PAGE 14
  • 15. On The Net Node © MIRANTIS 2013 PAGE 15
  • 18. Showing Net & Compute Node © MIRANTIS 2013 PAGE 18
  • 19. Troubleshooting Let us summarize the troubleshooting steps into 2: STEP1: Identify the correct namespace STEP2: Perform general troubleshooting around the identified namespace © MIRANTIS 2013 PAGE 19
  • 20. Problem Have spin off an instance and it has an IP address from Horizon but cannot ssh (probabely because the interface has no assigned IP) to it so can only view from VNC © MIRANTIS 2013 PAGE 20
  • 21. Detailed Troubleshooting steps for this Problem •Ensure that dnsmasq process is running: # pgrep -fl dnsmasq ( restart the quantum-dhcp-agent if not). • verify the IP address in the namespace, if dnsmasq is running: # ip netns [list]. •Identify the qdhcp-network <networkUUID> namespace: # ip netns exec qdhcp-<networkUUID> ip From the output, ensure that the IP on the interface is present and matches the one present for dnsmasq. To verify what the expected IP address is, use quantum-port-list and quantum port-show <portUUID>. •Determine the leases # /var/lib/quantum/dhcp/<networkUUID>/host Note: •If the dnsmasq configuration is correct, but dnsmasq is not responding with leases and the bridge/interface is created and running, pkill dnsmasq and restart quantum-dhcp-agent. •If dnsmasq does not include the correct leases, verify that quantum-server is running correctly and that it can communicate with dhcp-agent. If it is running correctly, and the bridge/interface is created and running, restart quantum-dhcpagent. © MIRANTIS 2013 PAGE 21
  • 22. Network Node: • root@vmnet-mn:~# ovs-vsctl show • root@vmnet-mn:/# ovs-ofctl dump-flows br-tun The DHCP agent • The DHCP agent is configured to use OVS and dnsmasq: root@vmnet-mn:/# grep -v '^#|^s*$' /etc/quantum/dhcp_agent.ini © MIRANTIS 2013 PAGE 22
  • 23. Network Node Cont. • root@vmnet-mn:~#pgrep –fl dnsmasq • root@vmnet-mn:/# ip netns | grep dhcp root@vmnet-mn:/# ip netns exec qdhcp-eeeee ifconfig • root@vmnet-mn:/# ip netns exec qdhcp6b71dbb8-e91c-47f0-92c4-47882007115d ping ip © MIRANTIS 2013 PAGE 23
  • 24. Network Node • root@vmnet-mn:/# cat /var/lib/quantum/dhcp/e0fe9037-790a-4cb-9bf44b06f0cfcf5c/host Note that: • Dnsmasq logs to /var/log/syslog in this Ubuntu installation. © MIRANTIS 2013 PAGE 24
  • 25. Compute Node • root@vmcom1-mn :/# ip link • root@vmcom1-mn :/# brctl show • root@vmcom1-mn :/# ovs-vsctl show • root@vmcom1-mn :/# ovs-ofctl dump-flows brtun • root@vmcom1-mn :/# iptables-save © MIRANTIS 2013 PAGE 25
  • 26. Compute Node • root@vmcom1-mn :/# tcpdump -n -i eth2 © MIRANTIS 2013 PAGE 26
  • 27. Controller Node • damian@vmcon-mn:/$ quantum net-show net1 • damian@vmcon-mn:/$ quantum subnet-show ad970f3f-4ceb-4565-b897-1cd0fe34cd5b • damian@vmcon-mn:/$ nova boot --flavor micro --image cirros-030-x86_64 --nic netid=6b71dbb8-e91c-47f0-92c4-47882007115d -security-groups test-vms test-instance1 • damian@vmcon-mn:/$ nova list © MIRANTIS 2013 PAGE 27
  • 28. Controller Node • damian@vmcon-mn:/$ quantum port-list -device_id=44e362ba-e8a4-4bae-b0ea5477666632c9 • damian@vmcon-mn:/$ quantum port-show 9a41d8fa-a745-4411-b9f8-daa182f38527 © MIRANTIS 2013 PAGE 28
  • 30. Note • When a router or network is created, the namespaces don’t get created immediately. For network, the DHCP namespaces get created only when a vm is attached and for router the namespace is created when a gateway is set. It means that an activity must take place before the namespaces get created. • When a router or network is deleted, the associated namespaces are not deleted. They need to be manually deleted. © MIRANTIS 2013 PAGE 30