Neutron 技術深入探討 /6/2 Lane
|
|
- Violet Carson
- 6 years ago
- Views:
Transcription
1 Neutron 技術深入探討 -2017/6/2 Lane
2 2
3 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 3
4 4
5 Architecture 5
6 Architecture 6
7 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 7
8 Provider Self-Service 8
9 9
10 # virsh list Id Name State instance running # virsh dumpxml 1 <interface type='bridge'> <mac address='fa:16:3e:49:d2:29'/> <source bridge='qbrcef0186b-d3'/> <target dev='tapcef0186b-d3'/> <model type='virtio'/> <driver name='qemu'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>... 10
11 # brctl show bridge name bridge id STP enabled interfaces qbrcef0186b-d c26acc95f1ba no qvbcef0186b-d3 tapcef0186b-d3 11
12 # ip l 6: qbrcef0186b-d3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT qlen : qvocef0186b-d3@qvbcef0186b-d3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP mode DEFAULT qlen : qvbcef0186b-d3@qvocef0186b-d3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbrcef0186b-d3 state UP mode DEFAULT qlen : tapcef0186b-d3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbrcef0186b-d3 state UNKNOWN mode DEFAULT qlen
13 Compute Node # ovs-vsctl show... Bridge br-int... Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Port "qvocef0186b-d3" tag: 1 Interface "qvocef0186b-d3"... Network Node # ovs-vsctl show... Bridge br-int... Port "tapbb3b53c1-41" tag: 2 Interface "tapbb3b53c1-41" type: internal
14 # ps aux grep dnsmasq. nobody ? S 11:38 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/host --addn-hosts=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/opts --dhcp-leasefile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapbb3b53c dhcp-range=set:tag0, ,static,86400s --dhcp-option-force=option:mtu, dhcp-lease-max=256 --conf-file= --domain=openstacklocal # ip netns qdhcp-fa8aaa a98-9b5c-b974ae9ebfbb qrouter e-dea f285de38fd qrouter-c6766baf-e8dc-40a3-9f29-ff95a01b5c
15 Compute Node # ovs-vsctl show... Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun}... Network Node # ovs-vsctl show... Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-ac160491" Interface "vxlan-ac160491" type: vxlan options: {df_default="true", in_key=flow, local_ip=" ", out_key=flow, remote_ip=" "} 15...
16 # ovs-vsctl show Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-ac160491" Interface "vxlan-ac160491" type: vxlan options: {df_default="true", in_key=flow, local_ip=" ", out_key=flow, remote_ip=" "}... 16
17 # ovs-vsctl show Bridge br-int... Port "tapbb3b53c1-41" tag: 2 Interface "tapbb3b53c1-41" type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port "qr-5263d8eb-71" tag: 2 Interface "qr-5263d8eb-71" type: internal Port "qr-451e14ac-c6" tag: 1 Interface "qr-451e14ac-c6" type: internal... 17
18 # ip netns exec qrouter e-dea f285de38fd ip r default via dev qg-71ded6b7-d /24 dev qr-5263d8eb-71 proto kernel scope link src /28 dev qg-71ded6b7-d1 proto kernel scope link src
19 # ovs-vsctl show... Bridge br-ex Port "qg-aa24cf30-a1" Interface "qg-aa24cf30-a1" type: internal Port "qg-71ded6b7-d1" Interface "qg-71ded6b7-d1" type: internal Port br-ex Interface br-ex type: internal... 19
20 20
21 21
22 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 22
23 Tunneling port br-ex br-int br-tun br-tun router 23
24 Tunneling # ovs-ofctl dump-flows br-tun NXST_FLOW reply (xid=0x4): cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=33, n_bytes=3130, idle_age=5205, priority=1,in_port=1 actions=resubmit(,2) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14059, priority=1,in_port=2 actions=resubmit(,4) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=0, n_bytes=0, idle_age=14146, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20) cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=33, n_bytes=3130, idle_age=5205, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=3, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14084, priority=1,tun_id=0x4a actions=mod_vlan_vid:1,resubmit(,10) cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=6, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=10, n_packets=0, n_bytes=0, idle_age=14146, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xb829c9b8de45a59e,nxm_of_vlan_tci[0..11],nxm_of_eth_dst[]=nxm_of_eth _SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 cookie=0xb829c9b8de45a59e, duration= s, table=20, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=16, n_bytes=1640, idle_age=5205, hard_age=14058, dl_vlan=1 actions=strip_vlan,set_tunnel:0x4a,output:2 cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=17, n_bytes=1490, idle_age=5232, priority=0 actions=drop 24
25 Tunneling # ovs-ofctl dump-flows br-tun NXST_FLOW reply (xid=0x4): cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=33, n_bytes=3130, idle_age=5205, priority=1,in_port=1 actions=resubmit(,2) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14059, priority=1,in_port=2 actions=resubmit(,4) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=0, n_bytes=0, idle_age=14146, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20) cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=33, n_bytes=3130, idle_age=5205, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=3, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14084, priority=1,tun_id=0x4a actions=mod_vlan_vid:1,resubmit(,10) cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=6, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=10, n_packets=0, n_bytes=0, idle_age=14146, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xb829c9b8de45a59e,nxm_of_vlan_tci[0..11],nxm_of_eth_dst[]=nxm_of_eth _SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 cookie=0xb829c9b8de45a59e, duration= s, table=20, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=16, n_bytes=1640, idle_age=5205, hard_age=14058, dl_vlan=1 actions=strip_vlan,set_tunnel:0x4a,output:2 cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=17, n_bytes=1490, idle_age=5232, priority=0 actions=drop 25
26 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT LBaaS 26
27 DHCP agent # ps aux grep dnsmasq. nobody ? S 11:38 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/host --addn-hosts=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/opts --dhcp-leasefile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapbb3b53c dhcp-range=set:tag0, ,static,86400s --dhcp-option-force=option:mtu, dhcp-lease-max=256 --conf-file= --domain=openstackloca 27
28 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 28
29 ML2 plug-in Type drivers Flat, VLAN, VXLAN, GRE Mechanism drivers Open vswitch, Linux Bridge, L2 population 29
30 ML2 plug-in 30
31 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 31
32 Name Space # ip net qrouter-aa7d326c-38e6-4ad da2442a6 qdhcp-71487f16-4ea3-470c-95ec-9d5b4cebecfc 32
33 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 33
34 Access control # iptables -S neutron-openvswi-i2ba N neutron-openvswi-i2ba A neutron-openvswi-i2ba m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i2ba s /32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i2ba m set --match-set NIPv415079a41-5f60-4cd0-870d- src -j RETURN -A neutron-openvswi-i2ba p tcp -m tcp --dport 22 -j RETURN -A neutron-openvswi-i2ba m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i2ba m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback 34
35 Access control INPUT neutron-openvswi-i2ba OUTPUT neutron-openvswi-o2ba Allow traffic from defined IP/MAC pairs neutron-openvswi-s2ba
36 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 36
37 Metadata Agent qdhcp neutron metadata agent instance nova metadata agent qrouter 37
38 Metadata Agent ssh password: cubswin:) curl 38
39 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 39
40 Floating # ip net exec qrouter-aa7d326c-38e6-4ad da2442a6 iptables -t nat -S... -A neutron-l3-agent-output -d /32 -j DNAT --to-destination A neutron-l3-agent-postrouting! -i qg-cb3ca0f0-ce! -o qg-cb3ca0f0-ce -m conntrack! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-prerouting -d /32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports A neutron-l3-agent-prerouting -d /32 -j DNAT --to-destination A neutron-l3-agent-float-snat -s /32 -j SNAT --to-source A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-cb3ca0f0-ce -j SNAT --to-source A neutron-l3-agent-snat -m mark! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat 40
41 迎棧科技股份有限公司 Thank You! 41
42 課後討論分享 *OpenStack core project以外相關的project可以到stack forge上 找 *OpenStack與HPC相關的技術還在討論中 這裡可以看到相關 討論 c 42
Deep Dive into OpenStack Networking
Deep Dive into OpenStack Networking Damrongsak Reetanon Solutions Architect Red Hat (Thailand) September 22, 2016 Deep Dive into OpenStack Networking Deep Dive into OpenStack
More informationOpen vswitch in Neutron
Open vswitch in Neutron Performance Challenges and Hardware Offload Date: Hong Kong, 6th Nov. 2013 Authors: Yongsheng Gong gongysh@unitedstack.com Bo Liang liang.bo@99cloud.net 1 197 Deployments Hyper-V
More informationDocker Networking: From One to Many. Don Mills
Docker Networking: From One to Many Don Mills What we are going to talk about Overview of traditional Docker networking Some demonstrations Questions New Docker features Some more demonstrations Questions
More informationTest neutron network performance locally
Test neutron network performance locally Table of Contents Linux bridge... 2 Host to virtual machine... 3 VM1 to VM2... 4 OVS bridge with Linux bridge connected via veth... 4 Host to virtual machine...
More informationCloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking
Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering
More informationRed Hat OpenStack Platform 13
Red Hat OpenStack Platform 13 Networking with Open Virtual Network OpenStack Networking with OVN Last Updated: 2018-09-25 Red Hat OpenStack Platform 13 Networking with Open Virtual Network OpenStack Networking
More informationNeutron: peeking behind the curtains
Neutron: peeking behind the curtains (that is to say how Neutron builds virtual networks) Salvatore Orlando VMware Twitter: @taturiello IRC: salv-orlando Email: sorlando(at)vmware.com Before we start Make
More informationDeploy the ExtraHop Discover Appliance on a Linux KVM
Deploy the ExtraHop Discover Appliance on a Linux KVM Published: 2018-07-16 The following procedure guides you through the deployment process of the ExtraHop Discover EDA 1000v or EDA 2000v virtual appliance
More informationLinux Clusters Institute: OpenStack Neutron
Linux Clusters Institute: OpenStack Neutron Yale, August 13 th 17 th 2018 John Michael Lowe Senior Cloud Engineer Indiana University jomlowe@iu.edu Neutron SDN or not Network Namespaces Components Security
More informationNeutron networking with RHEL OpenStack Platform. Nir Yechiel Senior Technical Product Manager, OpenStack Red Hat
Neutron networking with RHEL OpenStack Platform Nir Yechiel (@nyechiel) Senior Technical Product Manager, OpenStack Red Hat About Me OpenStack Community Member Working with customers deploying OpenStack
More informationOpenStack Neutron. Introduction and project status & Use case ML2 plugin with l2 population
OpenStack Neutron Introduction and project status & Use case ML2 plugin with l2 population Summary 1. OpenStack Neutron Why Neutron? What s Neutron? 2. 2014.1 release Please, stabilize it! Features 3.
More informationWhat is new in Neutron QoS?
What is new in Neutron QoS? Miguel Lavalle miguel@mlavalle.com IRC: mlavalle@freenode Slawek Kaplonski skaplons@redhat.com IRC: slaweq@freenode AGENDA Introduction to Neutron QoS Existing QoS features
More informationSecurity Groups in Opendaylight Netvirt
ODL Forum India - Nov 2016 Security Groups in Opendaylight Netvirt Aswin Suryanarayanan (asuryana@redhat.com) Introduction Security group Implementation in OpenDaylight NetVirt. Deep dive into the the
More informationRazique Mahroua Red Hat Training - Services Content Architect
PERFORMANCE OPTIMIZATION IN RED HAT OPENSTACK PLATFORM LUNCH & LEARN Razique Mahroua Red Hat Training - Services Content Architect ABOUT ME Course author of the Red Hat OpenStack Administration courses
More informationL3 Service In OpenDaylight. Abhinav Gupta, Ericsson Hanamantagoud V Kandagal, Ericsson Kiran N Upadhyaya, Ericsson Vivekanandan Narasimhan, Ericsson
L3 Service In OpenDaylight Abhinav Gupta, Ericsson Hanamantagoud V Kandagal, Ericsson Kiran N Upadhyaya, Ericsson Vivekanandan Narasimhan, Ericsson Agenda Overview Neutron Northbound and networking-odl
More informationBCS EXIN Foundation Certificate in OpenStack Software Neutron Syllabus
BCS EXIN Foundation Certificate in OpenStack Software Neutron Syllabus Version 1.2 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales,
More informationOPNFV 101: How To Get From Bare Metal to Cloud. Wenjing Chu, Dell Dan Radez, Red Hat Vinod Pandarinathan, Cisco
OPNFV 101: How To Get From Bare Metal to Cloud Wenjing Chu, Dell Dan Radez, Red Hat Vinod Pandarinathan, Cisco From Bare Metal to an NFV Cloud in 3 Steps 1) Create your own OPNFV pod Wenjing will present
More informationDistributed Virtual Routing for VLAN backed networks on OVN. Ankur Sharma Nutanix Inc.
Distributed Virtual Routing for VLAN backed networks on OVN Ankur Sharma Nutanix Inc. Outline Introduction Challenges OVN Enhancements Comparison with overlay DVR Current Status Future Work 2 INTRODUCTION
More informationFloatingIP Enhancement For Public Cloud Infrastructure
FloatingIP Enhancement For Public Cloud Infrastructure June 4, 2015 Yushiro Furukawa Fujitsu Limited 0 Who am I? Yushiro Furukawa (Speaker) Software Engineer of Fujitsu from 2011 Developer of OpenStack
More informationNDN iptables match extension
NDN iptables match extension L. Bracciale, A. Detti, P. Loreti, G. Rossi, N. Blefari Melazzi May 3, 2017 This module implements a match extension for netfilter 1 to match only certain NDN packets according
More informationIPv6 in Avi Vantage for OpenStack
Page 1 of 11 view online Overview Starting with release 18.1.1, OpenStack integration with Avi Vantage is IPv6 capable. The integration discussed in this article has been tested for OpenStack Ocata which
More informationHardware accelerating Linux network functions Roopa Prabhu, Wilson Kok
Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok Agenda Recap: offload models, offload drivers Introduction to switch asic hardware L2 offload to switch ASIC Mac Learning, ageing
More informationIntroduction to Neutron. Network as a Service
Introduction to Neutron Network as a Service Assaf Muller, Associate Software Engineer, Cloud Networking, Red Hat assafmuller.wordpress.com, amuller@redhat.com, amuller on Freenode (#openstack) The Why
More informationNetwork Address Translation
Claudio Cicconetti International Master on Communication Networks Engineering 2006/2007 Network Address Translation (NAT) basically provides a mapping between internal (i.e.,
More informationNetfilter. Fedora Core 5 setting up firewall for NIS and NFS labs. June 2006
Netfilter Fedora Core 5 setting up firewall for NIS and NFS labs June 2006 Netfilter Features Address Translation S NAT, D NAT IP Accounting and Mangling IP Packet filtering (Firewall) Stateful packet
More informationSUPERFLUIDITY. Research and Innovation Action GA Deliverable Type: Report. Dissemination Level: PU
SUPERFLUIDITY A SUPER-FLUID, CLOUD-NATIVE, CONVERGED EDGE SYSTEM Research and Innovation Action GA 671566 DELIVERABLE I6.3B: MODELLING AND DESIGN FOR SYMBOLIC EXECUTION AND MONITORING TOOLS Deliverable
More informationIntro to OpenFlow Tutorial
GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight GENI: geni Intro to OpenFlow Tutorial Overview: This is a simple OpenFlow tutorial that will guide you how to use the Floodlight Controller in conjunction
More informationA Technique for improving the scheduling of network communicating processes in MOSIX
A Technique for improving the scheduling of network communicating processes in MOSIX Rengakrishnan Subramanian Masters Report, Final Defense Guidance by Prof. Dan Andresen Agenda MOSIX Network communicating
More informationCloud Integration with OpenStack (OVSDB/NetVirt)
Cloud Integration with OpenStack (OVSDB/NetVirt) Background 2 Preconditions 3 Main Success Scenario: 3 Step-by-step Tutorial 4 OpenDaylight s Required Features 5 OpenStack Configuration for OpenDaylight
More informationCertification. Securing Networks
Certification Securing Networks UNIT 9 Securing Networks 1 Objectives Explain packet filtering architecture Explain primary filtering command syntax Explain Network Address Translation Provide examples
More informationBCS EXIN Specialist Certificate in OpenStack Software Neutron Specimen Paper A
S EXIN Specialist ertificate in OpenStack Software Neutron Specimen Paper Record your surname/last/family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark
More informationWorksheet 8. Linux as a router, packet filtering, traffic shaping
Worksheet 8 Linux as a router, packet filtering, traffic shaping Linux as a router Capable of acting as a router, firewall, traffic shaper (so are most other modern operating systems) Tools: netfilter/iptables
More informationOpendaylight Service Function Chaining + OVS integration.
Opendaylight Service Function Chaining + OVS integration rapenno@gmail.com Rapid and stable code development 4th gen programming language No Changes to OVS in switches or ODL No integration of ODL SFC
More informationIntroduction to Firewalls using IPTables
Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your
More informationProject Calico v3.1. Overview. Architecture and Key Components
Project Calico v3.1 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
More informationiptables and ip6tables An introduction to LINUX firewall
7 19-22 November, 2017 Dhaka, Bangladesh iptables and ip6tables An introduction to LINUX firewall Imtiaz Rahman SBAC Bank Ltd AGENDA iptables and ip6tables Structure Policy (DROP/ACCEPT) Syntax Hands on
More informationODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight
ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight Sridhar Gaddam (sgaddam@redhat.com) Dayavanti Gopal Kamath (dayavanti.gopal.kamat@ericsson.com) Agenda IPv6 Intro. IPv6 Neighbor Discovery. IPv6
More informationOpenStack and OVN What s New with OVS 2.7 OpenStack Summit -- Boston 2017
OpenStack and OVN What s New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) Virtual Networking Overview Provides a
More informationSetting Up a Service VM as an IPv6 vrouter
Setting Up a Service VM as an IPv6 vrouter Release draft (7c6658f) OPNFV August 22, 2016 CONTENTS 1 Architectural Design 3 2 Scenario 1 - Native OpenStack Environment 5 2.1 Prerequisite................................................
More informationA 10 years journey in Linux firewalling Pass the Salt, summer 2018 Lille, France Pablo Neira Ayuso
A 10 years journey in Linux firewalling Pass the Salt, summer 2018 Lille, France Pablo Neira Ayuso What is Netfilter? Not just iptables Image from Wikipedia (J. Engelhardt, 2018)
More informationDeploy the ExtraHop Explore Appliance on a Linux KVM
Deploy the ExtraHop Explore Appliance on a Linux KVM Published: 2018-07-17 In this guide, you will learn how to deploy an ExtraHop Explore virtual appliance on a Linux kernel-based virtual machine (KVM)
More informationDeploy the ExtraHop Explore Appliance on a Linux KVM
Deploy the ExtraHop Explore Appliance on a Linux KVM Published: 2018-12-14 In this guide, you will learn how to deploy an ExtraHop Explore virtual appliance on a Linux kernel-based virtual machine (KVM)
More informationDan Williams Networking Services, Red Hat
Networking Containers with Kubernetes and OpenShift Dan Williams Networking Services, Red Hat Kubernetes Components Web UI Pod apiserver etcd Container 1 Container 2 scheduler controller Command-line interface
More informationVirtualization Design
VMM Integration with UCS-B, on page 1 VMM Integration with AVS or VDS, on page 3 VMM Domain Resolution Immediacy, on page 6 OpenStack and Cisco ACI, on page 8 VMM Integration with UCS-B About VMM Integration
More informationAcropolis Hypervisor Administration Guide
Acropolis Hypervisor Administration Guide Acropolis 4.5 06-Apr-2016 Notice Copyright Copyright 2016 Nutanix, Inc. Nutanix, Inc. 1740 Technology Drive, Suite 150 San Jose, CA 95110 All rights reserved.
More informationLecture 5. Switching
TEL3214 Computer Communication Networks Lecture 5 Switching 10.10.10.30/24 (eth0.10) Trunk SW_B VLAN 10 (eth0.20) VLAN 20 CEng, FIEI, FIET, CISSP 20.20.20.30/24 diarmuid@obriain.com Bridging Device used
More informationMininet/Openflow. Objectives. Network Topology. You will need a Number
Mininet/Openflow Objectives In this lab, you will start by learning the basics of running Mininet in a virtual machine. Mininet facilitates creating and manipulating Software Defined Networking components.
More informationIdentifying State Inconsistency in OpenStack
Identifying State Inconsistency in OpenStack Yang Xu, Yong Liu ECE Department, New York University yx388@nyu.edu/yongliu@nyu.edu Rahul Singh, Shu Tao IBM T. J. Watson Research Center rahulsi@us.ibm.com/shutao@us.ibm.com
More informationTHE INTERNET PROTOCOL INTERFACES
THE INTERNET PROTOCOL The Internet Protocol Stefan D. Bruda Winter 2018 A (connectionless) network protocol Designed for use in interconnected systems of packet-switched computer communication networks
More informationNetwork security Exercise 9 How to build a wall of fire Linux Netfilter
Network security Exercise 9 How to build a wall of fire Linux Netfilter Tobias Limmer Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 2.2.
More informationThe Internet Protocol
The Internet Protocol Stefan D. Bruda Winter 2018 THE INTERNET PROTOCOL A (connectionless) network layer protocol Designed for use in interconnected systems of packet-switched computer communication networks
More informationProject Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.
Project Calico v3.2 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
More informationDocker Networking Deep Dive online meetup
Docker Networking Deep Dive online meetup 08/24/2016 @MadhuVenugopal Agenda What is libnetwork CNM 1.12 Features Multihost networking Secured Control plane & Data plane Service Discovery Native Loadbalacing
More informationAssignment 3 Firewalls
LEIC/MEIC - IST Alameda LEIC/MEIC IST Taguspark Network and Computer Security 2013/2014 Assignment 3 Firewalls Goal: Configure a firewall using iptables and fwbuilder. 1 Introduction This lab assignment
More informationUsing PCE for path computation, PCEP for device config and BGP-LS for topology discovery vcpe
Requirement Configuration and management of DC networks using OpenStack Neutron Using overlay L2/L3 network for VM/IaaS connectivity Configuration and management of Open vswitch instances; deploying all
More informationOpenStack Havana On IPv6
OpenStack Havana On IPv6 Shixiong Shang Randy Tuttle Ciprian Popoviciu! Version 1.9.3 Agenda Introduction IPv6 and Cloud IPv6 Refreshment Proof of Concept Proposed Blueprint Next Steps 2 Introduction Nephos6!
More informationOpenStack Icehouse on IPv6
OpenStack Icehouse on IPv6 Shixiong Shang v1.3 Agenda Introduction Overview Use Cases Design and Implementation Demo Next Steps 2 Introduction Nephos6 Founded in June, 2011 Service assurance company Twitter:
More informationHálózati szolgáltatások OpenStack környezetben
Hálózati szolgáltatások OpenStack környezetben Szabó Gábor Mérnök-tanácsadó, Cisco Magyarország Kft. 2014. február 27-28. Agenda OpenStack Introduction Networking in OpenStack OpenStack Neutron Under The
More informationIntegrating OpenDaylight VTN Manager with OpenStack
Integrating OpenDaylight VTN Manager with OpenStack OpenDaylight is the largest open source SDN controller. The OpenDaylight virtual tenant network (VTN) is an application that provides a multi-tenant
More informationFor personnal use only
Network Namespaces in RHEL7 Finnbarr P. Murphy (fpm@fpmurphy.com) Linux namespaces are somewhat like Solaris zones in many ways from a user perspective but have significant differences under the hood.
More informationTHE INTERNET PROTOCOL/1
THE INTERNET PROTOCOL a (connectionless) network layer protocol designed for use in interconnected systems of packet-switched computer communication networks (store-and-forward paradigm) provides for transmitting
More informationNetwork and Filesystem Security
Network and Filesystem Security Powell Molleti powell@in.ibm.com 1 Agenda Netfilter and TCP Wrappers for Network Security including SNORT for NIDS and tools for checking network vulnerabilities Filesystem
More informationThe Research and Application of Firewall based on Netfilter
Available online at www.sciencedirect.com Physics Procedia 25 (2012 ) 1231 1235 2012 International Conference on Solid State Devices and Materials Science The Research and Application of Firewall based
More informationDefinition of firewall
Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering
More informationMidoNet Operations Guide
docs.midonet.org MidoNet Operations Guide 5.4 (2017-04-19 11:09 UTC) Copyright 2017 Midokura SARL All rights reserved. MidoNet is a network virtualization software for Infrastructure-as-a-Service (IaaS)
More informationOpenSwitch OF-DPA User Guide
OpenSwitch OF-DPA User Guide OpenSwitch OF-DPA User Guide Table of Contents 1. Overview... 1 1.1. OF-DPA Pipeline... 2 1.2. Supported OF-DPA Flow Tables... 3 1.3. Supported OF-DPA Groups... 4 2. OpenFlow
More informationHow to Restrict a Login Shell Using Linux Namespaces
How to Restrict a Login Shell Using Linux Namespaces Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using
More informationThis is Google's cache of http://www.rigacci.org/wiki/lib/exe/fetch.php/doc/appunti/linux/sa/iptables/conntrack.html. It is a snapshot of the page as it appeared on 24 Oct 2012 08:53:12 GMT. The current
More informationCisco ACI with OpenStack OpFlex Architectural Overview
First Published: February 11, 2016 Last Modified: March 30, 2016 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationRajeev Grover. Maruti Kamat. Vivek Narasimhan
Distributed Routing in Ironic Integrated OpenStack Cloud Rajeev Grover Maruti Kamat Vivek Narasimhan Jonathan Bryce Executive Director Openstack Foundation Embracing Datacenter Diversity Austin Summit
More informationsottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi
Titolo presentazione Piattaforme Software per la Rete sottotitolo Firewall and NAT Milano, XX mese 20XX A.A. 2016/17, Alessandro Barenghi Outline 1) Packet Filtering 2) Firewall management 3) NAT review
More informationFix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel
Fix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel (yi.y.yang@intel.com) Agenda VxLAN Issue in OVSDB+SFC How to Fix Current VxLAN issue by Eth+NSH Demo Introduction
More informationLab Exercise Sheet 2 (Sample Solution)
Lab Exercise Sheet 2 (Sample Solution) Document and analyze your experimental procedures by using your Wireshark and terminal recordings. Note all relevant intermediate steps. Mark and explain all relevant
More informationDHCP Client. Finding Feature Information. Restrictions for the DHCP Client
The Cisco Dynamic Host Configuration Protocol (DHCP) Client feature allows a Cisco device to act as a host requesting configuration parameters, such as an IP address, from a DHCP server. Finding Feature
More informationMy installation at Maple Park Development Corp.
My installation at Maple Park Development Corp. U-verse ADSL (6 MB) (2) Grandstream HT702 VOIP adaptors (4) Hardwired PCs (or devices) (1) WRT54G (as a hub) 3-6 wireless guests/other @99.26.133.45 (Dynamic)
More informationNSX-T Container Plug-in for OpenShift - Installation and Administration Guide. Modified on 15 SEP 2017 VMware NSX-T 2.0
NSX-T Container Plug-in for OpenShift - Installation and Administration Guide Modified on 15 SEP 2017 VMware NSX-T 2.0 NSX-T Container Plug-in for OpenShift - Installation and Administration Guide You
More informationUsing SR-IOV on OpenStack
Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Using SR-IOV on OpenStack Alexander Duyck www.mirantis.com Agenda Proceedings of NetDev
More informationENDEAVOUR: Towards a flexible software-defined network ecosystem
ENDEAVOUR: Towards a flexible software-defined network ecosystem Project name ENDEAVOUR Project ID H2020-ICT-2014-1 Project No. 644960 Working Package Number 2 Deliverable Number 2.3 Document title Implementation
More informationNetwork Security. Routing and Firewalls. Radboud University, The Netherlands. Spring 2018
Network Security Routing and Firewalls Radboud University, The Netherlands Spring 2018 The coming weeks... Monday, May 21: Whit Monday, no lecture Monday, May 28: Security in Times of Surveillance https://www.win.tue.nl/eipsi/surveillance.html
More informationSocket (Session) Aware Change of IP SACIP network functionality. Samo Pogačnik
Socket (Session) Aware Change of IP SACIP network functionality Samo Pogačnik Key notes about SACIP On the fly changes of network access point of a (mobile) user / endpoint device Possibility for preserving
More informationAdvanced IP Routing. Policy Routing QoS RVSP
Advanced IP Routing Policy Routing QoS RVSP Traditional Routing What is traditional routing? Best effort. All routing is a destination driven process. Router cares only about the destination address when
More informationIPv6 NAT. Open Source Days 9th-10th March 2013 Copenhagen, Denmark. Patrick McHardy
IPv6 NAT Open Source Days 9th-10th March 2013 Copenhagen, Denmark Patrick McHardy Netfilter and IPv6 NAT historically http://lists.netfilter.org/pipermail/netfilter/2005-march/059463.html
More informationLife of a Packet. KubeCon Europe Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick. logo. Google Cloud Platform
logo Life of a Packet KubeCon Europe 2017 Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick Google Cloud Platform Kubernetes is about clusters Because of that, networking
More informationManaging Demand Spikes in a highly flexible and agile deployment
Managing Demand Spikes in a highly flexible and agile deployment Yuki Sato S2 (Akita, Japan) Jan Hilberath Midokura (Tokyo, Japan) Agenda Company Introduction Why SUSE OpenStack with MidoNet? MidoNet Introduction
More information11 aid sheets., A non-programmable calculator.
UNIVERSITY OF TORONTO MISSISSAUGA DECEMBER 2008 FINAL EXAMINATION CSC 347H5F Introduction to Information Security Arnold Rosenbloom Duration 3 hours Aids: Two double sided 8 1 2 11 aid sheets., A non-programmable
More informationFirewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation
Firewalls Firewall types Packet filter linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation Proxy server specialized server program on internal machine client talks
More informationSeccomp, network and namespaces. Francesco Tornieri <francesco.tornieri AT kiratech.it>
Seccomp, network and namespaces Francesco Tornieri VM vs Container 2 Namespaces ecc 3 Namespaces ecc man namespaces: A namespaces wraps a global system resource in a
More informationUniversità Ca Foscari Venezia
Firewalls Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Networks are complex (image from https://netcube.ru) 2 Example: traversal control Three subnetworks:
More informationSome of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewalls Chester Rebeiro IIT Madras Firewall Block unauthorized traffic flowing from one network to another
More informationConfiguring NAT for IP Address Conservation
This module describes how to configure Network Address Translation (NAT) for IP address conservation and how to configure the inside and outside source addresses. This module also provides information
More informationFirewall Configuration and Assessment
FW Firewall Configuration and Assessment Goals of this lab: Get hands-on experience implementing a network security policy Get hands-on experience testing a firewall REVISION: 1.5 [2017-02-0303] 2007-2011
More informationLoad Balancing Bloxx Web Filter. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Bloxx Web Filter Deployment Guide v1.3.5 Copyright Loadbalancer.org Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
More informationWritten by Muhammad Kamran Azeem Wednesday, 02 July :48 - Last Updated Saturday, 25 December :45
Assalam-u-alaikum, I have been receiving many mails for few years now to provide with a firewall script. Lately I received one such mail and I decided to publish, what I replied him with. The names and
More informationMediant Virtual Edition SBC
Installation Manual AudioCodes Mediant Family of Session Border Controllers (SBC) Mediant Virtual Edition SBC Version 7.0 Installation Manual Contents Table of Contents 1 Introduction... 9 1.1 Mediant
More informationBuilding NFV Solutions with OpenStack and Cisco ACI
Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco
More informationOpenContrail Overview Architecture & Demo
www.opencontrail.org OpenContrail Overview Architecture & Demo Qasim Arham Oct, 2014 Agenda Introduction OpenStack Architecture and Overview OpenContrail and OpenStack Integration OpenStack Neutron Overview
More informationWolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload
Wolfram Richter Red Hat OpenShift Container Netzwerk aus Sicht der Workload Why this session? OpenShift is great for web applications, but we want to do X will this work? X { Analytics, Non-HTTP, High-
More informationfirewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name
firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal"
More informationNexus 1000V in Context of SDN. Martin Divis, CSE,
Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch
More informationCisco Application Policy Infrastructure Controller OpenStack and Container Plugins Release 3.2(2), Release Notes
Cisco Application Policy Infrastructure Controller OpenStack and Container Plugins Release 3.2(2), Release Notes This document describes the features, caveats, and limitations for the Cisco Application
More information