Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
We describe how to configure, run, and test the OpenstackNetworking application. If you did not set up your environment including openstack and onos, you must set up your environment following the page: How to set up environment from scratch. Also, if you are NOT This walkthrough demonstrates most SONA features, as well as its typical usage in concert with OpenStack. The walkthrough assumes that you are familiar with how to execute ONOSuse ONOS and OpenStack. If you're not, we strongly recommend you to go though ONOS Tutorial page: through Tutorials and Walkthroughs
How to run OpenstackNetworking application
Configure OpenstackNetworking application: network-cfg.json
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"apps" : {
"org.onosproject.openstackrouting" : {
"openstackrouting" : {
"physicalRouterMac" : "86:1e:e1:b1:85:bd",
"gatewayBridgeId" : "of:0000000000000003",
"gatewayExternalInterfaceName" : "veth0",
"gatewayExternalInterfaceMac" : "d2:b3:eb:36:bd:ae"
}
},
"org.onosproject.openstacknode" : {
"openstacknode" : {
"nodes" : [
{
"hostname" : "compute-01",
"ovsdbIp" : "10.40.101.208",
"ovsdbPort" : "6640",
"bridgeId" : "of:0000000000000001",
"openstackNodeType" : "COMPUTENODE"
},
{
"hostname" : "compute-02",
"ovsdbIp" : "10.40.101.227",
"ovsdbPort" : "6640",
"bridgeId" : "of:0000000000000002",
"openstackNodeType" : "COMPUTENODE"
},
{
"hostname" : "network",
"ovsdbIp" : "10.40.101.240",
"ovsdbPort" : "6640",
"bridgeId" : "of:0000000000000003",
"openstackNodeType" : "GATEWAYNODE",
"gatewayExternalInterfaceName" : "veth0",
"gatewayExternalInterfaceMac" : "d2:b3:eb:36:bd:ae"
}
]
}
},
"org.onosproject.openstackinterface" : {
"openstackinterface" : {
"neutron_server" : "http://10.40.101.209:9696/v2.0/",
"keystone_server" : "http://10.40.101.209:5000/v2.0/",
"user_name" : "admin",
"password" : "nova"
}
}
},
"devices" : {
"of:0000000000000001" : {
"basic" : {
"driver" : "sona"
}
},
"of:0000000000000002" : {
"basic" : {
"driver" : "sona"
}
}
}
} |
We need to configure the OpenstackSwitching application using the standard ONOS Network Configuration framework, network-cfg.json file.
...
org.onosproject.openstackrouting...
physicalRouterMac...
gatewayBridgeId...
gatewayExternalInterfaceName...
gatewayExternalInterfaceMac...
org.onosproject.openstacknode...
openstacknode...
org.onosproject.openstackinterface...
neutron_server...
URL to the neutron server
...
keystone_server...
and http://docs.openstack.org.
If you are more comfortable with Horizon UI, then please refer to SONA Walkthrough with Horizon.
Tip) The following cloud-init script helps to set password of "ubuntu" user to "ubuntu" for UEC image, if you pass this script to Nova with "--user-data" option when you create a new VM.
| Code Block |
|---|
#cloud-config
password: ubuntu
chpasswd: { expire: False }
ssh_pwauth: True |
Switching
Create two tenant networks and virtual machines in OpenStack, and then test tenant network connectivity and isolation.
| Code Block | ||
|---|---|---|
| ||
neutron net-create net-A
neutron subnet-create net-A 192.168.0.0/24
neutron net-create net-B
neutron subnet-create net-B 192.168.1.0/24
nova boot --flavor 2 --image ubuntu-14.04-server-cloudimg-amd64 --user-data passwd.data --nic net-id=[net-A-UUID] net-A-01
nova boot --flavor 2 --image ubuntu-14.04-server-cloudimg-amd64 --user-data passwd.data --nic net-id=[net-A-UUID] net-A-02
nova boot --flavor 2 --image ubuntu-14.04-server-cloudimg-amd64 --user-data passwd.data --nic net-id=[net-B-UUID] net-B-01 |
- Can ping between net-A-01 and net-A-02
- Can't ping between net-A-01 and net-B-01
Routing
Create another network for the external access and floating IP with the subnet range specified in the ONOS-vRouter network config(see SONA Network Configuration Guide).
| Code Block | ||
|---|---|---|
| ||
neutron net-create net-public --router:external True --provider:physical_network external --provider:network_type flat
neutron subnet-create net-public 172.27.0.0/24 |
Create a router, and add gateway and interfaces.
| Code Block | ||
|---|---|---|
| ||
neutron router-create router-01
neutron router-gateway-set router-01 net-public
neutron router-interface-add rotuer-01 [net-A-subnet UUID]
neutron router-interface-add router-01 [net-B-subnet UUID] |
Now the network topology should look like the figure below if you check it in Horizon.
Create a security group to allow external access, and add it to the net-A-01 and net-B-01.
| Code Block | ||
|---|---|---|
| ||
neutron security-group-create allow-external
neutron security-group-rule-create --direction ingress --remote-ip-prefix 0.0.0.0/0 allow-external
neutron port-update [net-A-01 port UUID] --security-group [default-security-group UUID] --security-group allow-external
neutron port-update [net-B-01 port UUID] --security-group [default-security-group UUID] --security-group allow-external |
- Can ping from net-A-01 and net-B-01 to 8.8.8.8
- Can ping between net-A-01 and net-B-01
| Note |
|---|
Currently, SONA security group implementation has a small limitation that it does not allow ingress traffic via a connected session by default. So, you'll need to add allowing rule for ingress direction with remote address "0.0.0.0/0" explicitly for your VM to be able to access the Internet. |
Create a floating IP and associate it to net-A-01.
| Code Block | ||
|---|---|---|
| ||
neutron floatingip-create net-public
neutron floatingip-associate [floating-ip-id] [net-A-01 port UUID] |
- Can ping to net-A-01 with the associated floating IP from the external
Copy the network-cfg.json file to ~/onos/tools/package/config. If you updated or just copied the file, then you need to compile the onos again to distribute the network-json file.
...
Compile and install ONOS
| Code Block | ||
|---|---|---|
| ||
~/onos$ mcis
~/onos$ onos-package
~/onos$ onos-install -f $OC1 |
You need to set up you own cell information before you install the ONOS.
...
Login to the ONOS CLI and activate OpenstackSwitching application
| Code Block | ||
|---|---|---|
| ||
onos> app activate org.onosproject.openstackinterface
onos> app activate org.onosproject.openstacknetworking |
| Note |
|---|
If this is the first time to install OpenstackNetworking application and vxlan bridge is not created yet, please follow the How to set up environment before activating OpenstackNetworking application. |
...
You can see the three devices (control node and two compute nodes) from ONOS CLI, if everything has been configured successfully.
| Code Block | ||
|---|---|---|
| ||
app activate org.onosproject.onos> devices
id=of:0000000000000001, available=true, role=MASTER, type=SWITCH, mfr=Nicira, Inc., hw=Open vSwitch, sw=2.3.2, serial=None, managementAddress=10.40.101.208, protocol=OF_13, driver=sona, name=of:0000000000000001, channelId=10.40.101.208:51477
id=of:0000000000000002, available=true, role=MASTER, type=SWITCH, mfr=Nicira, Inc., hw=Open vSwitch, sw=2.3.2, serial=None, managementAddress=10.40.101.227, protocol=OF_13, driver=sona, name=of:0000000000000002, channelId=10.40.101.227:36684
id=of:0000000000000003, available=true, role=MASTER, type=SWITCH, mfr=Nicira, Inc., hw=Open vSwitch, sw=2.3.2, serial=None, managementAddress=10.40.101.240, protocol=OF_13, channelId=10.40.101.240:40002 |
Also, you should be able to see that br-int bridge and vxlan port have been created in all three nodes as below.
| Code Block | ||
|---|---|---|
| ||
$ sudo ovs-vsctl show
1265d109-8a0a-40d5-bfee-f8ee9c7438c1
Manager "ptcp:6640"
is_connected: true
Bridge br-int
Controller "tcp:10.40.101.153:6653"
is_connected: true
fail_mode: secure
Port br-int
Interface br-int
Port vxlan
Interface vxlan
type: vxlan
options: {key=flow, remote_ip=flow} |
...
Tutorials
Walkthrough 1: L2 Switching
Walkthrough 2: L3 Routing 1
Walthrought 3: L3 Routing 2
Walkthrough 4: L3 Routing 3
- HA Test
- Security Group
...