Red Hat Summit4.2. Preparing DCN networking
Configure networking for your distributed compute node (DCN) deployment by setting up network interfaces, routes, and IP address pools. Proper network configuration ensures reliable communication between the central control plane and distributed edge locations.
Prerequisites
- The OpenStack Operator is installed
Procedure
-
Create a
NodeNetworkConfigurationPolicy(nncp) CR definition file on your workstation for each worker node in the RHOCP cluster that hosts OpenStack services. In each
nncpCR file, configure the interfaces for each isolated network. Each service interface must have its own unique address:apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: labels: osp/nncm-config-type: standard name: worker-0 namespace: openstack spec: desiredState: dns-resolver: config: search: [] server: - 192.168.122.1 interfaces: - description: internalapi vlan interface ipv4: address: - ip: 172.17.0.10 prefix-length: "24" dhcp: false enabled: true ipv6: enabled: false mtu: 1496 name: internalapi state: up type: vlan vlan: base-iface: enp7s0 id: "20" - description: storage vlan interface ipv4: address: - ip: 172.18.0.10 prefix-length: "24" dhcp: false enabled: true ipv6: enabled: false mtu: 1496 name: storage state: up type: vlan vlan: base-iface: enp7s0 id: "21" - description: tenant vlan interface ipv4: address: - ip: 172.19.0.10 prefix-length: "24" dhcp: false enabled: true ipv6: enabled: false mtu: 1496 name: tenant state: up type: vlan vlan: base-iface: enp7s0 id: "22" - description: ctlplane interface mtu: 1500 name: enp7s0 state: up type: ethernet - bridge: options: stp: enabled: false port: - name: enp7s0 vlan: {} description: linux-bridge over ctlplane interface ipv4: address: - ip: 192.168.122.10 prefix-length: "24" dhcp: false enabled: true ipv6: enabled: false mtu: 1500 name: ospbr state: up type: linux-bridgeAdd the
route-rulesattribute and the route configuration to networks in each remote location to eachnncpCR file:route-rules: config: [] routes: config: - destination: 192.168.133.0/24 next-hop-address: 192.168.122.1 next-hop-interface: ospbr table-id: 254 - destination: 192.168.144.0/24 next-hop-address: 192.168.122.1 next-hop-interface: ospbr table-id: 254 - destination: 172.17.10.0/24 next-hop-address: 172.17.0.1 next-hop-interface: internalapi table-id: 254 - destination: 172.18.10.0/24 next-hop-address: 172.18.0.1 next-hop-interface: storage table-id: 254 - destination: 172.19.10.0/24 next-hop-address: 172.19.0.1 next-hop-interface: tenant table-id: 254 - destination: 172.17.20.0/24 next-hop-address: 172.17.0.1 next-hop-interface: internalapi table-id: 254 - destination: 172.18.20.0/24 next-hop-address: 172.18.0.1 next-hop-interface: storage table-id: 254 - destination: 172.19.20.0/24 next-hop-address: 172.19.0.1 next-hop-interface: tenant table-id: 254 nodeSelector: kubernetes.io/hostname: worker-0 node-role.kubernetes.io/worker: ""참고Each service network routes to the same network at each remote location. For example, the
internalapinetwork (172.17.0.0/24) has a route to theinternalapinetwork at each remote location (172.17.10.0/24 and 172.17.20.0/24) through a local router at 172.17.0.1.Create the
nncpCRs in the cluster:$ oc create -f worker0-nncp.yaml $ oc create -f worker1-nncp.yaml $ oc create -f worker2-nncp.yamlCreate a
NetworkAttachmentDefinitionCR definition file for each network. Include routes to each remote location to the networks of the same function. For example, theinternalapiNetworkAttachmentDefinition specifies its own subnet range as well as routes to theinternalapinetworks at remote sites.Create a
NetworkAttachmentDefinitionCR definition file for theinternalapinetwork:apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: internalapi osp/net-attach-def-type: standard name: internalapi namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "internalapi", "type": "macvlan", "master": "internalapi", "ipam": { "type": "whereabouts", "range": "172.17.0.0/24", "range_start": "172.17.0.30", "range_end": "172.17.0.70", "routes": [ { "dst": "172.17.10.0/24", "gw": "172.17.0.1" }, { "dst": "172.17.20.0/24", "gw": "172.17.0.1" } ] } }Create a
NetworkAttachmentDefinitionCR definition file for thecontrolnetwork:apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: ctlplane osp/net-attach-def-type: standard name: ctlplane namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "ctlplane", "type": "macvlan", "master": "ospbr", "ipam": { "type": "whereabouts", "range": "192.168.122.0/24", "range_start": "192.168.122.30", "range_end": "192.168.122.70", "routes": [ { "dst": "192.168.133.0/24", "gw": "192.168.122.1" }, { "dst": "192.168.144.0/24", "gw": "192.168.122.1" } ] } }Create a
NetworkAttachmentDefinitionCR definition file for thestoragenetwork:apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: storage osp/net-attach-def-type: standard name: storage namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "storage", "type": "macvlan", "master": "storage", "ipam": { "type": "whereabouts", "range": "172.18.0.0/24", "range_start": "172.18.0.30", "range_end": "172.18.0.70", "routes": [ { "dst": "172.18.10.0/24", "gw": "172.18.0.1" }, { "dst": "172.18.20.0/24", "gw": "172.18.0.1" } ] } }Create a
NetworkAttachmentDefinitionCR definition file for thetenantnetwork:apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: tenant osp/net-attach-def-type: standard name: tenant namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "tenant", "type": "macvlan", "master": "tenant", "ipam": { "type": "whereabouts", "range": "172.19.0.0/24", "range_start": "172.19.0.30", "range_end": "172.19.0.70", "routes": [ { "dst": "172.19.10.0/24", "gw": "172.19.0.1" }, { "dst": "172.19.20.0/24", "gw": "172.19.0.1" } ] } }
Create the
NetworkAttachmentDefinitionCRs:$ oc create -f internalapi-net-attach-def.yaml $ oc create -f control-net-attach-def.yaml $ oc create -f storage-net-attach-def.yaml $ oc create -f tenant-net-attach-def.yamlCreate a NetConfig CR definition file to define which IPs can be used as Virtual IPs (VIPs). Each network is defined under the
dnsDomainfield, withallocationRangesfor each geographic region. These ranges cannot overlap with thewhereaboutsIPAM range.Create the file with the added allocation ranges for the control plane networking similar to the following:
apiVersion: network.openstack.org/v1beta1 kind: NetConfig metadata: name: netconfig namespace: openstack spec: networks: - dnsDomain: ctlplane.example.com mtu: 1500 name: ctlplane subnets: - allocationRanges: - end: 192.168.122.120 start: 192.168.122.100 - end: 192.168.122.170 start: 192.168.122.150 cidr: 192.168.122.0/24 gateway: 192.168.122.1 name: subnet1 routes: - destination: 192.168.133.0/24 nexthop: 192.168.122.1 - destination: 192.168.144.0/24 nexthop: 192.168.122.1 - allocationRanges: - end: 192.168.133.120 start: 192.168.133.100 - end: 192.168.133.170 start: 192.168.133.150 cidr: 192.168.133.0/24 gateway: 192.168.133.1 name: subnet2 routes: - destination: 192.168.122.0/24 nexthop: 192.168.133.1 - destination: 192.168.144.0/24 nexthop: 192.168.133.1 - allocationRanges: - end: 192.168.144.120 start: 192.168.144.100 - end: 192.168.144.170 start: 192.168.144.150 cidr: 192.168.144.0/24 gateway: 192.168.144.1 name: subnet3 routes: - destination: 192.168.122.0/24 nexthop: 192.168.144.1 - destination: 192.168.133.0/24 nexthop: 192.168.144.1Add an allocation range for the
internalapinetwork:- dnsDomain: internalapi.example.com mtu: 1496 name: internalapi subnets: - allocationRanges: - end: 172.17.0.250 start: 172.17.0.100 cidr: 172.17.0.0/24 name: subnet1 routes: - destination: 172.17.10.0/24 nexthop: 172.17.0.1 - destination: 172.17.20.0/24 nexthop: 172.17.0.1 vlan: 20 - allocationRanges: - end: 172.17.10.250 start: 172.17.10.100 cidr: 172.17.0.0/24 name: subnet2 routes: - destination: 172.17.0.0/24 nexthop: 172.17.10.1 - destination: 172.17.20.0/24 nexthop: 172.17.10.1 vlan: 30 - allocationRanges: - end: 172.17.20.250 start: 172.17.20.100 cidr: 172.17.20.0/24 name: subnet3 routes: - destination: 172.17.0.0/24 nexthop: 172.17.20.1 - destination: 172.17.10.0/24 nexthop: 172.17.20.1 vlan: 40Add an allocation range for the
externalnetwork:- dnsDomain: external.example.com mtu: 1500 name: external subnets: - allocationRanges: - end: 10.0.0.250 start: 10.0.0.100 cidr: 10.0.0.0/24 name: subnet1 vlan: 22 - dnsDomain: external.example.com mtu: 1500 name: external subnets: - allocationRanges: - end: 10.0.10.250 start: 10.0.10.100 cidr: 10.0.10.0/24 name: subnet2 vlan: 22 - dnsDomain: external.example.com mtu: 1500 name: external subnets: - allocationRanges: - end: 10.0.20.250 start: 10.0.20.100 cidr: 10.0.20.0/24 name: subnet3 vlan: 22 - dnsDomain: storage.example.com mtu: 1496 name: storage subnets: - allocationRanges: - end: 172.18.0.250 start: 172.18.0.100 cidr: 172.18.0.0/24 name: subnet1 routes: - destination: 172.18.10.0/24 nexthop: 172.18.0.1 - destination: 172.18.20.0/24 nexthop: 172.18.0.1 vlan: 21 - allocationRanges: - end: 172.18.10.250 start: 172.18.10.100 cidr: 172.18.10.0/24 name: subnet2 routes: - destination: 172.18.0.0/24 nexthop: 172.18.10.1 - destination: 172.18.20.0/24 nexthop: 172.18.10.1 vlan: 31 - allocationRanges: - end: 172.18.20.250 start: 172.18.20.100 cidr: 172.18.20.0/24 name: subnet3 routes: - destination: 172.18.0.0/24 nexthop: 172.18.20.1 - destination: 172.18.10.0/24 nexthop: 172.18.20.1 vlan: 41Add an allocation range for the
tenantnetwork:- dnsDomain: tenant.example.com mtu: 1496 name: tenant subnets: - allocationRanges: - end: 172.19.0.250 start: 172.19.0.100 cidr: 172.19.0.0/24 name: subnet1 routes: - destination: 172.19.10.0/24 nexthop: 172.19.0.1 - destination: 172.19.20.0/24 nexthop: 172.19.0.1 vlan: 22 - allocationRanges: - end: 172.19.10.250 start: 172.19.10.100 cidr: 172.19.10.0/24 name: subnet2 routes: - destination: 172.19.0.0/24 nexthop: 172.19.10.1 - destination: 172.19.20.0/24 nexthop: 172.19.10.1 vlan: 32 - allocationRanges: - end: 172.19.20.250 start: 172.19.20.100 cidr: 172.19.20.0/24 name: subnet3 routes: - destination: 172.19.0.0/24 nexthop: 172.19.20.1 - destination: 172.19.10.0/24 nexthop: 172.19.20.1 vlan: 42Add an allocation range for the
storagemgmtnetwork:- dnsDomain: storagemgmt.example.com mtu: 1500 name: storagemgmt subnets: - allocationRanges: - end: 172.20.0.250 start: 172.20.0.100 cidr: 172.20.0.0/24 name: subnet1 routes: - destination: 172.20.10.0/24 nexthop: 172.20.0.1 - destination: 172.20.20.0/24 nexthop: 172.20.0.1 vlan: 23 - allocationRanges: - end: 172.20.10.250 start: 172.20.10.100 cidr: 172.20.10.0/24 name: subnet2 routes: - destination: 172.20.0.0/24 nexthop: 172.20.10.1 - destination: 172.20.20.0/24 nexthop: 172.20.10.1 vlan: 33 - allocationRanges: - end: 172.20.20.250 start: 172.20.20.100 cidr: 172.20.20.0/24 name: subnet3 routes: - destination: 172.20.0.0/24 nexthop: 172.20.20.1 - destination: 172.20.10.0/24 nexthop: 172.20.20.1 vlan: 43
Create the NetConfig CR:
oc create -f netconfig
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}