neutron VPC

The goal of this document is to provide an umbrella blueprint defining how to add support for VPC in Openstack.

A VPC is defined as an entity providing resources access boundaries with the goal of building a logically isolated infrastructure assigned to a tenant.

There are multiple options to implement this entity, either as a formal node in the openstack container hierarchy (domain, projects), or as a tag used to define access policies.

Contents

[hide]

Relationship with other blueprint

  • Hierarchical Multitenancy [1] defines a hierarchical model for resource ownership and containment. This blueprint can be used to implement the VPC concept by considering each VPC as a node in the hierarchy.
  • AWS VPC API support [2] aims at providing an EC2 VPC equivalent API on openstack. This blueprint uses a special project to group the VPC resources, however, it doesn‘t address the needed changes in scoping of different resource to implement a true isolated VPC.
  • Hierarchical Administrative Boundaries [5] defines a model similar to [1] and is focusing on defining administrative delegation.

Use cases

1 - The administrator of a domain can create a VPC composed of network resources. A generic VPC can look like:

Within the VPC, the administrator can :
1.1 - create a shared network. A shared network in the VPC is equivalent to a Neutron public network (it‘s a public network with a restricted scope).
1.2 - create a transit or external network that can be connected to a remote datacenter through, for MPLS or a VPN or to the internet.
1.3 - define specific flavors, images or other openstack resources restricted to be used within this VPC (e.g. DNS Zone, LB Resources, ...).
1.4 - define quota for resources available to a given VPC.
2 - The domain administrator can delegate the management of the VPC to a user or group of the domain
3 - A user of a domain, can create a project within a given VPC. Within this project, the user can

3.1. create a private network using the VPC external or shared network as the next hop. VMs can get a floating IP from the shared or external network
3.2 create a VM within a project attached to a shared network exposed by the VPC.

Resource Model

The above model is showing a relationship between VPC and Project assuming a containment relationship. However, as shown below, depending on the implementation, it could be a more loose relationship.

http://blog.csdn.net/quqi99/article/details/41829605

https://wiki.openstack.org/wiki/Blueprint-VPC

时间: 2024-10-21 10:30:25

neutron VPC的相关文章

2017.4.5 OpenStack简介

OpenStack 管理的资源不是单机的而是一个分布的系统,把分布的计算.存储.网络.设备.资源组织起来,形成一个完整的云计算系统:OpenStack 也提供一个 UI,这里包括一个图形化的 UI:Horizon,也提供命令行的界面,还提供了一套 API 支持用户开发自己的软件- OpenStack是什么? OpenStack是一套框架,有下面这两个特点: 它是一个中间层,可以创建.管理和销毁虚拟机,但是要完成这些操作需要依赖于第三方的 Hypervisor,通过这个 Hypervisor 去完

深入浅出新一代云网络——VPC中的那些功能与基于OpenStack Neutron的实现(二)

在VPC功能实现第一篇中,简单介绍了一下VPC网络对租户间隔离能力的提升以及基于路由提供的一系列网络功能.在这一篇中,将继续介绍VPC网络中十分重要的一个内容:网络带宽的控制,共享以及分离. 首先是对第一篇中,端口转发功能的样例代码,all-in-one http service 风格的实现. 核心功能: find_router_ip = "ip netns exec qrouter-{router_id} ifconfig |grep -A1 qg- | grep inet | awk '{{

Neutron 理解 (1): Neutron 所实现的虚拟化网络 [How Netruon Virtualizes Network]

原文:http://www.cnblogs.com/sammyliu/p/4622563.html 学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GRE/VxLAN 虚拟网络 (4)Neutron OVS OpenFlow 流表 和 L2 Population (5)Neutron DHCP Agent (6)Neutron L3 Agent (7

Openstack Neutron : 安全

目录 - iptable:起源 - tables - chains - rules - 方向 - Security group 安全组: - Firewall 防火墙: - 更高的安全 - 无处安放的安全 - 公共安全 当业务从传统环境迁移到云上之后,安全问题变得更为复杂了.Neutron包含了2大安全组件:安全组(security group).防火墙(firewall).安全组解决的是虚拟机东西向的访问控制问题,而防火墙解决的则是南北向的访问控制问题. 两者都只解决了网络层和传输层的访问控制

Neutron总结-OpenStack中的网络隔离 ----转载

前言 最近,关于xx公有云的用户网络,由于隔离问题引发安全讨论,大家顿时对啥"经典网络"."VPC"等概念兴趣大增,大家的热议中多次提到AWS的VPC,亚马逊的AWS怎么搞的,我们不得而知,但是我们可以聊聊OpenStack的,毕竟它一直在模仿AWS嘛. "隔离"啥 首先,我们先搞清楚,所谓"隔离",到底是在"隔"什么. 我们知道,计算机网络,是分层实现的,不同协议工作在不同层,这些层的设计.制定都有国际标

创建vpc网络

vpc相关功能点: 模块 功能点 描述 备注 VPC 创建vpc网络 创建vpc网络,指定vpc网络名称   修改vpc网络 修改vpc网络名称   删除vpc网络 删除vpc网络   vpc相关命令: net-create Create a network for a given tenant. net-delete Delete a given network. net-external-list List external networks that belong to a given t

Ubuntu16.10安装Ocata之4:Neutron

1.创建neutorn数据库 [email protected]:~/ocata# mysql -uroot -p -e "CREATE DATABASE neutron" Enter password: [email protected]:~/ocata# mysql -uroot -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'zoomtech'"

玩转OpenStack网络Neutron(3)--配置多种不同类型网络

欢迎转载,转载请保留原作者信息 欢迎交流学习,共同进步! 作者:颜海峰 个人博客:http://yanheven.github.io 微博:海峰_云计算 http://weibo.com/344736086 Neutron 网络类型介绍 计算节点配置 Load Balance 网络节点配置 Load Balance 配置Neutron 使用 Load Balance Mechanism Driver 配置Neutron 使用 Flat (扁平)网络 命令行创建 Flat (扁平)网络 控制台创建

openstack neutron 添加router

在neutron网络中,如果需要打通不同租户之间的软件网络,那么需要打开 neutron l3 agent,并且配置router: 配置/etc/neutron/l3_agent.ini #vi /etc/neutron/l3_agent.ini [DEFAULT] router_id = dbad9f1c-7999-4b1e-b307-c3466bb0eed9 use_namespaces = True auth_url = http://172.12.0.189:5000/v2.0/ adm