Neutron 技術深入探討 /6/2 Lane
|
|
|
- Violet Carson
- 6 years ago
- Views:
Transcription
1 Neutron 技術深入探討 -2017/6/2 Lane
2 2
3 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 3
4 4
5 Architecture 5
6 Architecture 6
7 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 7
8 Provider Self-Service 8
9 9
10 # virsh list Id Name State instance running # virsh dumpxml 1 <interface type='bridge'> <mac address='fa:16:3e:49:d2:29'/> <source bridge='qbrcef0186b-d3'/> <target dev='tapcef0186b-d3'/> <model type='virtio'/> <driver name='qemu'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>... 10
11 # brctl show bridge name bridge id STP enabled interfaces qbrcef0186b-d c26acc95f1ba no qvbcef0186b-d3 tapcef0186b-d3 11
12 # ip l 6: qbrcef0186b-d3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT qlen : qvocef0186b-d3@qvbcef0186b-d3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP mode DEFAULT qlen : qvbcef0186b-d3@qvocef0186b-d3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbrcef0186b-d3 state UP mode DEFAULT qlen : tapcef0186b-d3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbrcef0186b-d3 state UNKNOWN mode DEFAULT qlen
13 Compute Node # ovs-vsctl show... Bridge br-int... Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Port "qvocef0186b-d3" tag: 1 Interface "qvocef0186b-d3"... Network Node # ovs-vsctl show... Bridge br-int... Port "tapbb3b53c1-41" tag: 2 Interface "tapbb3b53c1-41" type: internal
14 # ps aux grep dnsmasq. nobody ? S 11:38 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/host --addn-hosts=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/opts --dhcp-leasefile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapbb3b53c dhcp-range=set:tag0, ,static,86400s --dhcp-option-force=option:mtu, dhcp-lease-max=256 --conf-file= --domain=openstacklocal # ip netns qdhcp-fa8aaa a98-9b5c-b974ae9ebfbb qrouter e-dea f285de38fd qrouter-c6766baf-e8dc-40a3-9f29-ff95a01b5c
15 Compute Node # ovs-vsctl show... Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun}... Network Node # ovs-vsctl show... Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-ac160491" Interface "vxlan-ac160491" type: vxlan options: {df_default="true", in_key=flow, local_ip=" ", out_key=flow, remote_ip=" "} 15...
16 # ovs-vsctl show Bridge br-tun Controller "tcp: :6633" is_connected: true fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-ac160491" Interface "vxlan-ac160491" type: vxlan options: {df_default="true", in_key=flow, local_ip=" ", out_key=flow, remote_ip=" "}... 16
17 # ovs-vsctl show Bridge br-int... Port "tapbb3b53c1-41" tag: 2 Interface "tapbb3b53c1-41" type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port "qr-5263d8eb-71" tag: 2 Interface "qr-5263d8eb-71" type: internal Port "qr-451e14ac-c6" tag: 1 Interface "qr-451e14ac-c6" type: internal... 17
18 # ip netns exec qrouter e-dea f285de38fd ip r default via dev qg-71ded6b7-d /24 dev qr-5263d8eb-71 proto kernel scope link src /28 dev qg-71ded6b7-d1 proto kernel scope link src
19 # ovs-vsctl show... Bridge br-ex Port "qg-aa24cf30-a1" Interface "qg-aa24cf30-a1" type: internal Port "qg-71ded6b7-d1" Interface "qg-71ded6b7-d1" type: internal Port br-ex Interface br-ex type: internal... 19
20 20
21 21
22 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 22
23 Tunneling port br-ex br-int br-tun br-tun router 23
24 Tunneling # ovs-ofctl dump-flows br-tun NXST_FLOW reply (xid=0x4): cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=33, n_bytes=3130, idle_age=5205, priority=1,in_port=1 actions=resubmit(,2) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14059, priority=1,in_port=2 actions=resubmit(,4) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=0, n_bytes=0, idle_age=14146, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20) cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=33, n_bytes=3130, idle_age=5205, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=3, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14084, priority=1,tun_id=0x4a actions=mod_vlan_vid:1,resubmit(,10) cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=6, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=10, n_packets=0, n_bytes=0, idle_age=14146, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xb829c9b8de45a59e,nxm_of_vlan_tci[0..11],nxm_of_eth_dst[]=nxm_of_eth _SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 cookie=0xb829c9b8de45a59e, duration= s, table=20, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=16, n_bytes=1640, idle_age=5205, hard_age=14058, dl_vlan=1 actions=strip_vlan,set_tunnel:0x4a,output:2 cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=17, n_bytes=1490, idle_age=5232, priority=0 actions=drop 24
25 Tunneling # ovs-ofctl dump-flows br-tun NXST_FLOW reply (xid=0x4): cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=33, n_bytes=3130, idle_age=5205, priority=1,in_port=1 actions=resubmit(,2) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14059, priority=1,in_port=2 actions=resubmit(,4) cookie=0xb829c9b8de45a59e, duration= s, table=0, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=0, n_bytes=0, idle_age=14146, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20) cookie=0xb829c9b8de45a59e, duration= s, table=2, n_packets=33, n_bytes=3130, idle_age=5205, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=3, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14084, priority=1,tun_id=0x4a actions=mod_vlan_vid:1,resubmit(,10) cookie=0xb829c9b8de45a59e, duration= s, table=4, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=6, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=drop cookie=0xb829c9b8de45a59e, duration= s, table=10, n_packets=0, n_bytes=0, idle_age=14146, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xb829c9b8de45a59e,nxm_of_vlan_tci[0..11],nxm_of_eth_dst[]=nxm_of_eth _SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 cookie=0xb829c9b8de45a59e, duration= s, table=20, n_packets=0, n_bytes=0, idle_age=14146, priority=0 actions=resubmit(,22) cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=16, n_bytes=1640, idle_age=5205, hard_age=14058, dl_vlan=1 actions=strip_vlan,set_tunnel:0x4a,output:2 cookie=0xb829c9b8de45a59e, duration= s, table=22, n_packets=17, n_bytes=1490, idle_age=5232, priority=0 actions=drop 25
26 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT LBaaS 26
27 DHCP agent # ps aux grep dnsmasq. nobody ? S 11:38 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/host --addn-hosts=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/opts --dhcp-leasefile=/var/lib/neutron/dhcp/fa8aaa a98-9b5c-b974ae9ebfbb/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tapbb3b53c dhcp-range=set:tag0, ,static,86400s --dhcp-option-force=option:mtu, dhcp-lease-max=256 --conf-file= --domain=openstackloca 27
28 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent NameSpace Access control Metadata Agent NAT 28
29 ML2 plug-in Type drivers Flat, VLAN, VXLAN, GRE Mechanism drivers Open vswitch, Linux Bridge, L2 population 29
30 ML2 plug-in 30
31 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 31
32 Name Space # ip net qrouter-aa7d326c-38e6-4ad da2442a6 qdhcp-71487f16-4ea3-470c-95ec-9d5b4cebecfc 32
33 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 33
34 Access control # iptables -S neutron-openvswi-i2ba N neutron-openvswi-i2ba A neutron-openvswi-i2ba m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN -A neutron-openvswi-i2ba s /32 -p udp -m udp --sport 67 -m udp --dport 68 -j RETURN -A neutron-openvswi-i2ba m set --match-set NIPv415079a41-5f60-4cd0-870d- src -j RETURN -A neutron-openvswi-i2ba p tcp -m tcp --dport 22 -j RETURN -A neutron-openvswi-i2ba m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP -A neutron-openvswi-i2ba m comment --comment "Send unmatched traffic to the fallback chain." -j neutron-openvswi-sg-fallback 34
35 Access control INPUT neutron-openvswi-i2ba OUTPUT neutron-openvswi-o2ba Allow traffic from defined IP/MAC pairs neutron-openvswi-s2ba
36 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 36
37 Metadata Agent qdhcp neutron metadata agent instance nova metadata agent qrouter 37
38 Metadata Agent ssh password: cubswin:) curl 38
39 Agenda Architecture L2 Agent Tunneling DHCP agent ML2 plug-in L3 Agent Name Space Access control Metadata Agent Floating 39
40 Floating # ip net exec qrouter-aa7d326c-38e6-4ad da2442a6 iptables -t nat -S... -A neutron-l3-agent-output -d /32 -j DNAT --to-destination A neutron-l3-agent-postrouting! -i qg-cb3ca0f0-ce! -o qg-cb3ca0f0-ce -m conntrack! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-prerouting -d /32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports A neutron-l3-agent-prerouting -d /32 -j DNAT --to-destination A neutron-l3-agent-float-snat -s /32 -j SNAT --to-source A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-cb3ca0f0-ce -j SNAT --to-source A neutron-l3-agent-snat -m mark! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat 40
41 迎棧科技股份有限公司 Thank You! 41
42 課後討論分享 *OpenStack core project以外相關的project可以到stack forge上 找 *OpenStack與HPC相關的技術還在討論中 這裡可以看到相關 討論 c 42
Deep Dive into OpenStack Networking
Deep Dive into OpenStack Networking Damrongsak Reetanon Solutions Architect Red Hat (Thailand) September 22, 2016 Deep Dive into OpenStack Networking Deep Dive into OpenStack
Open vswitch in Neutron
Open vswitch in Neutron Performance Challenges and Hardware Offload Date: Hong Kong, 6th Nov. 2013 Authors: Yongsheng Gong gongysh@unitedstack.com Bo Liang liang.bo@99cloud.net 1 197 Deployments Hyper-V
Docker Networking: From One to Many. Don Mills
Docker Networking: From One to Many Don Mills What we are going to talk about Overview of traditional Docker networking Some demonstrations Questions New Docker features Some more demonstrations Questions
Test neutron network performance locally
Test neutron network performance locally Table of Contents Linux bridge... 2 Host to virtual machine... 3 VM1 to VM2... 4 OVS bridge with Linux bridge connected via veth... 4 Host to virtual machine...
Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking
Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering
Red Hat OpenStack Platform 13
Red Hat OpenStack Platform 13 Networking with Open Virtual Network OpenStack Networking with OVN Last Updated: 2018-09-25 Red Hat OpenStack Platform 13 Networking with Open Virtual Network OpenStack Networking
Neutron: peeking behind the curtains
Neutron: peeking behind the curtains (that is to say how Neutron builds virtual networks) Salvatore Orlando VMware Twitter: @taturiello IRC: salv-orlando Email: sorlando(at)vmware.com Before we start Make
Deploy the ExtraHop Discover Appliance on a Linux KVM
Deploy the ExtraHop Discover Appliance on a Linux KVM Published: 2018-07-16 The following procedure guides you through the deployment process of the ExtraHop Discover EDA 1000v or EDA 2000v virtual appliance
Linux Clusters Institute: OpenStack Neutron
Linux Clusters Institute: OpenStack Neutron Yale, August 13 th 17 th 2018 John Michael Lowe Senior Cloud Engineer Indiana University jomlowe@iu.edu Neutron SDN or not Network Namespaces Components Security
Neutron networking with RHEL OpenStack Platform. Nir Yechiel Senior Technical Product Manager, OpenStack Red Hat
Neutron networking with RHEL OpenStack Platform Nir Yechiel (@nyechiel) Senior Technical Product Manager, OpenStack Red Hat About Me OpenStack Community Member Working with customers deploying OpenStack
OpenStack Neutron. Introduction and project status & Use case ML2 plugin with l2 population
OpenStack Neutron Introduction and project status & Use case ML2 plugin with l2 population Summary 1. OpenStack Neutron Why Neutron? What s Neutron? 2. 2014.1 release Please, stabilize it! Features 3.
What is new in Neutron QoS?
What is new in Neutron QoS? Miguel Lavalle miguel@mlavalle.com IRC: mlavalle@freenode Slawek Kaplonski skaplons@redhat.com IRC: slaweq@freenode AGENDA Introduction to Neutron QoS Existing QoS features
Security Groups in Opendaylight Netvirt
ODL Forum India - Nov 2016 Security Groups in Opendaylight Netvirt Aswin Suryanarayanan (asuryana@redhat.com) Introduction Security group Implementation in OpenDaylight NetVirt. Deep dive into the the
Razique Mahroua Red Hat Training - Services Content Architect
PERFORMANCE OPTIMIZATION IN RED HAT OPENSTACK PLATFORM LUNCH & LEARN Razique Mahroua Red Hat Training - Services Content Architect ABOUT ME Course author of the Red Hat OpenStack Administration courses
L3 Service In OpenDaylight. Abhinav Gupta, Ericsson Hanamantagoud V Kandagal, Ericsson Kiran N Upadhyaya, Ericsson Vivekanandan Narasimhan, Ericsson
L3 Service In OpenDaylight Abhinav Gupta, Ericsson Hanamantagoud V Kandagal, Ericsson Kiran N Upadhyaya, Ericsson Vivekanandan Narasimhan, Ericsson Agenda Overview Neutron Northbound and networking-odl
BCS EXIN Foundation Certificate in OpenStack Software Neutron Syllabus
BCS EXIN Foundation Certificate in OpenStack Software Neutron Syllabus Version 1.2 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales,
OPNFV 101: How To Get From Bare Metal to Cloud. Wenjing Chu, Dell Dan Radez, Red Hat Vinod Pandarinathan, Cisco
OPNFV 101: How To Get From Bare Metal to Cloud Wenjing Chu, Dell Dan Radez, Red Hat Vinod Pandarinathan, Cisco From Bare Metal to an NFV Cloud in 3 Steps 1) Create your own OPNFV pod Wenjing will present
Distributed Virtual Routing for VLAN backed networks on OVN. Ankur Sharma Nutanix Inc.
Distributed Virtual Routing for VLAN backed networks on OVN Ankur Sharma Nutanix Inc. Outline Introduction Challenges OVN Enhancements Comparison with overlay DVR Current Status Future Work 2 INTRODUCTION
FloatingIP Enhancement For Public Cloud Infrastructure
FloatingIP Enhancement For Public Cloud Infrastructure June 4, 2015 Yushiro Furukawa Fujitsu Limited 0 Who am I? Yushiro Furukawa (Speaker) Software Engineer of Fujitsu from 2011 Developer of OpenStack
NDN iptables match extension
NDN iptables match extension L. Bracciale, A. Detti, P. Loreti, G. Rossi, N. Blefari Melazzi May 3, 2017 This module implements a match extension for netfilter 1 to match only certain NDN packets according
IPv6 in Avi Vantage for OpenStack
Page 1 of 11 view online Overview Starting with release 18.1.1, OpenStack integration with Avi Vantage is IPv6 capable. The integration discussed in this article has been tested for OpenStack Ocata which
Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok
Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok Agenda Recap: offload models, offload drivers Introduction to switch asic hardware L2 offload to switch ASIC Mac Learning, ageing
Introduction to Neutron. Network as a Service
Introduction to Neutron Network as a Service Assaf Muller, Associate Software Engineer, Cloud Networking, Red Hat assafmuller.wordpress.com, amuller@redhat.com, amuller on Freenode (#openstack) The Why
Network Address Translation
Claudio Cicconetti International Master on Communication Networks Engineering 2006/2007 Network Address Translation (NAT) basically provides a mapping between internal (i.e.,
Netfilter. Fedora Core 5 setting up firewall for NIS and NFS labs. June 2006
Netfilter Fedora Core 5 setting up firewall for NIS and NFS labs June 2006 Netfilter Features Address Translation S NAT, D NAT IP Accounting and Mangling IP Packet filtering (Firewall) Stateful packet
SUPERFLUIDITY. Research and Innovation Action GA Deliverable Type: Report. Dissemination Level: PU
SUPERFLUIDITY A SUPER-FLUID, CLOUD-NATIVE, CONVERGED EDGE SYSTEM Research and Innovation Action GA 671566 DELIVERABLE I6.3B: MODELLING AND DESIGN FOR SYMBOLIC EXECUTION AND MONITORING TOOLS Deliverable
Intro to OpenFlow Tutorial
GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight GENI: geni Intro to OpenFlow Tutorial Overview: This is a simple OpenFlow tutorial that will guide you how to use the Floodlight Controller in conjunction
A Technique for improving the scheduling of network communicating processes in MOSIX
A Technique for improving the scheduling of network communicating processes in MOSIX Rengakrishnan Subramanian Masters Report, Final Defense Guidance by Prof. Dan Andresen Agenda MOSIX Network communicating
Cloud Integration with OpenStack (OVSDB/NetVirt)
Cloud Integration with OpenStack (OVSDB/NetVirt) Background 2 Preconditions 3 Main Success Scenario: 3 Step-by-step Tutorial 4 OpenDaylight s Required Features 5 OpenStack Configuration for OpenDaylight
Certification. Securing Networks
Certification Securing Networks UNIT 9 Securing Networks 1 Objectives Explain packet filtering architecture Explain primary filtering command syntax Explain Network Address Translation Provide examples
BCS EXIN Specialist Certificate in OpenStack Software Neutron Specimen Paper A
S EXIN Specialist ertificate in OpenStack Software Neutron Specimen Paper Record your surname/last/family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark
Worksheet 8. Linux as a router, packet filtering, traffic shaping
Worksheet 8 Linux as a router, packet filtering, traffic shaping Linux as a router Capable of acting as a router, firewall, traffic shaper (so are most other modern operating systems) Tools: netfilter/iptables
Opendaylight Service Function Chaining + OVS integration.
Opendaylight Service Function Chaining + OVS integration rapenno@gmail.com Rapid and stable code development 4th gen programming language No Changes to OVS in switches or ODL No integration of ODL SFC
Introduction to Firewalls using IPTables
Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your
Project Calico v3.1. Overview. Architecture and Key Components
Project Calico v3.1 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
iptables and ip6tables An introduction to LINUX firewall
7 19-22 November, 2017 Dhaka, Bangladesh iptables and ip6tables An introduction to LINUX firewall Imtiaz Rahman SBAC Bank Ltd AGENDA iptables and ip6tables Structure Policy (DROP/ACCEPT) Syntax Hands on
ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight
ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight Sridhar Gaddam (sgaddam@redhat.com) Dayavanti Gopal Kamath (dayavanti.gopal.kamat@ericsson.com) Agenda IPv6 Intro. IPv6 Neighbor Discovery. IPv6
OpenStack and OVN What s New with OVS 2.7 OpenStack Summit -- Boston 2017
OpenStack and OVN What s New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) Virtual Networking Overview Provides a
Setting Up a Service VM as an IPv6 vrouter
Setting Up a Service VM as an IPv6 vrouter Release draft (7c6658f) OPNFV August 22, 2016 CONTENTS 1 Architectural Design 3 2 Scenario 1 - Native OpenStack Environment 5 2.1 Prerequisite................................................
A 10 years journey in Linux firewalling Pass the Salt, summer 2018 Lille, France Pablo Neira Ayuso
A 10 years journey in Linux firewalling Pass the Salt, summer 2018 Lille, France Pablo Neira Ayuso What is Netfilter? Not just iptables Image from Wikipedia (J. Engelhardt, 2018)
Deploy the ExtraHop Explore Appliance on a Linux KVM
Deploy the ExtraHop Explore Appliance on a Linux KVM Published: 2018-07-17 In this guide, you will learn how to deploy an ExtraHop Explore virtual appliance on a Linux kernel-based virtual machine (KVM)
Deploy the ExtraHop Explore Appliance on a Linux KVM
Deploy the ExtraHop Explore Appliance on a Linux KVM Published: 2018-12-14 In this guide, you will learn how to deploy an ExtraHop Explore virtual appliance on a Linux kernel-based virtual machine (KVM)
Dan Williams Networking Services, Red Hat
Networking Containers with Kubernetes and OpenShift Dan Williams Networking Services, Red Hat Kubernetes Components Web UI Pod apiserver etcd Container 1 Container 2 scheduler controller Command-line interface
Virtualization Design
VMM Integration with UCS-B, on page 1 VMM Integration with AVS or VDS, on page 3 VMM Domain Resolution Immediacy, on page 6 OpenStack and Cisco ACI, on page 8 VMM Integration with UCS-B About VMM Integration
Acropolis Hypervisor Administration Guide
Acropolis Hypervisor Administration Guide Acropolis 4.5 06-Apr-2016 Notice Copyright Copyright 2016 Nutanix, Inc. Nutanix, Inc. 1740 Technology Drive, Suite 150 San Jose, CA 95110 All rights reserved.
Lecture 5. Switching
TEL3214 Computer Communication Networks Lecture 5 Switching 10.10.10.30/24 (eth0.10) Trunk SW_B VLAN 10 (eth0.20) VLAN 20 CEng, FIEI, FIET, CISSP 20.20.20.30/24 diarmuid@obriain.com Bridging Device used
Mininet/Openflow. Objectives. Network Topology. You will need a Number
Mininet/Openflow Objectives In this lab, you will start by learning the basics of running Mininet in a virtual machine. Mininet facilitates creating and manipulating Software Defined Networking components.
Identifying State Inconsistency in OpenStack
Identifying State Inconsistency in OpenStack Yang Xu, Yong Liu ECE Department, New York University yx388@nyu.edu/yongliu@nyu.edu Rahul Singh, Shu Tao IBM T. J. Watson Research Center rahulsi@us.ibm.com/shutao@us.ibm.com
THE INTERNET PROTOCOL INTERFACES
THE INTERNET PROTOCOL The Internet Protocol Stefan D. Bruda Winter 2018 A (connectionless) network protocol Designed for use in interconnected systems of packet-switched computer communication networks
Network security Exercise 9 How to build a wall of fire Linux Netfilter
Network security Exercise 9 How to build a wall of fire Linux Netfilter Tobias Limmer Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 2.2.
The Internet Protocol
The Internet Protocol Stefan D. Bruda Winter 2018 THE INTERNET PROTOCOL A (connectionless) network layer protocol Designed for use in interconnected systems of packet-switched computer communication networks
Project Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.
Project Calico v3.2 Overview Benefits Simplicity. Traditional Software Defined Networks (SDNs) are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified
Docker Networking Deep Dive online meetup
Docker Networking Deep Dive online meetup 08/24/2016 @MadhuVenugopal Agenda What is libnetwork CNM 1.12 Features Multihost networking Secured Control plane & Data plane Service Discovery Native Loadbalacing
Assignment 3 Firewalls
LEIC/MEIC - IST Alameda LEIC/MEIC IST Taguspark Network and Computer Security 2013/2014 Assignment 3 Firewalls Goal: Configure a firewall using iptables and fwbuilder. 1 Introduction This lab assignment
Using PCE for path computation, PCEP for device config and BGP-LS for topology discovery vcpe
Requirement Configuration and management of DC networks using OpenStack Neutron Using overlay L2/L3 network for VM/IaaS connectivity Configuration and management of Open vswitch instances; deploying all
OpenStack Havana On IPv6
OpenStack Havana On IPv6 Shixiong Shang Randy Tuttle Ciprian Popoviciu! Version 1.9.3 Agenda Introduction IPv6 and Cloud IPv6 Refreshment Proof of Concept Proposed Blueprint Next Steps 2 Introduction Nephos6!
OpenStack Icehouse on IPv6
OpenStack Icehouse on IPv6 Shixiong Shang v1.3 Agenda Introduction Overview Use Cases Design and Implementation Demo Next Steps 2 Introduction Nephos6 Founded in June, 2011 Service assurance company Twitter:
Hálózati szolgáltatások OpenStack környezetben
Hálózati szolgáltatások OpenStack környezetben Szabó Gábor Mérnök-tanácsadó, Cisco Magyarország Kft. 2014. február 27-28. Agenda OpenStack Introduction Networking in OpenStack OpenStack Neutron Under The
Integrating OpenDaylight VTN Manager with OpenStack
Integrating OpenDaylight VTN Manager with OpenStack OpenDaylight is the largest open source SDN controller. The OpenDaylight virtual tenant network (VTN) is an application that provides a multi-tenant
For personnal use only
Network Namespaces in RHEL7 Finnbarr P. Murphy (fpm@fpmurphy.com) Linux namespaces are somewhat like Solaris zones in many ways from a user perspective but have significant differences under the hood.
THE INTERNET PROTOCOL/1
THE INTERNET PROTOCOL a (connectionless) network layer protocol designed for use in interconnected systems of packet-switched computer communication networks (store-and-forward paradigm) provides for transmitting
Network and Filesystem Security
Network and Filesystem Security Powell Molleti powell@in.ibm.com 1 Agenda Netfilter and TCP Wrappers for Network Security including SNORT for NIDS and tools for checking network vulnerabilities Filesystem
The Research and Application of Firewall based on Netfilter
Available online at www.sciencedirect.com Physics Procedia 25 (2012 ) 1231 1235 2012 International Conference on Solid State Devices and Materials Science The Research and Application of Firewall based
Definition of firewall
Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering
MidoNet Operations Guide
docs.midonet.org MidoNet Operations Guide 5.4 (2017-04-19 11:09 UTC) Copyright 2017 Midokura SARL All rights reserved. MidoNet is a network virtualization software for Infrastructure-as-a-Service (IaaS)
OpenSwitch OF-DPA User Guide
OpenSwitch OF-DPA User Guide OpenSwitch OF-DPA User Guide Table of Contents 1. Overview... 1 1.1. OF-DPA Pipeline... 2 1.2. Supported OF-DPA Flow Tables... 3 1.3. Supported OF-DPA Groups... 4 2. OpenFlow
How to Restrict a Login Shell Using Linux Namespaces
How to Restrict a Login Shell Using Linux Namespaces Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using
This is Google's cache of http://www.rigacci.org/wiki/lib/exe/fetch.php/doc/appunti/linux/sa/iptables/conntrack.html. It is a snapshot of the page as it appeared on 24 Oct 2012 08:53:12 GMT. The current
Cisco ACI with OpenStack OpFlex Architectural Overview
First Published: February 11, 2016 Last Modified: March 30, 2016 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
Rajeev Grover. Maruti Kamat. Vivek Narasimhan
Distributed Routing in Ironic Integrated OpenStack Cloud Rajeev Grover Maruti Kamat Vivek Narasimhan Jonathan Bryce Executive Director Openstack Foundation Embracing Datacenter Diversity Austin Summit
sottotitolo A.A. 2016/17 Federico Reghenzani, Alessandro Barenghi
Titolo presentazione Piattaforme Software per la Rete sottotitolo Firewall and NAT Milano, XX mese 20XX A.A. 2016/17, Alessandro Barenghi Outline 1) Packet Filtering 2) Firewall management 3) NAT review
Fix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel
Fix VxLAN Issue in SFC Integration by Using Eth+NSH and VxLAN-gpe+NSH Hybrid Mode Yi Yang, Intel (yi.y.yang@intel.com) Agenda VxLAN Issue in OVSDB+SFC How to Fix Current VxLAN issue by Eth+NSH Demo Introduction
Lab Exercise Sheet 2 (Sample Solution)
Lab Exercise Sheet 2 (Sample Solution) Document and analyze your experimental procedures by using your Wireshark and terminal recordings. Note all relevant intermediate steps. Mark and explain all relevant
DHCP Client. Finding Feature Information. Restrictions for the DHCP Client
The Cisco Dynamic Host Configuration Protocol (DHCP) Client feature allows a Cisco device to act as a host requesting configuration parameters, such as an IP address, from a DHCP server. Finding Feature
My installation at Maple Park Development Corp.
My installation at Maple Park Development Corp. U-verse ADSL (6 MB) (2) Grandstream HT702 VOIP adaptors (4) Hardwired PCs (or devices) (1) WRT54G (as a hub) 3-6 wireless guests/other @99.26.133.45 (Dynamic)
NSX-T Container Plug-in for OpenShift - Installation and Administration Guide. Modified on 15 SEP 2017 VMware NSX-T 2.0
NSX-T Container Plug-in for OpenShift - Installation and Administration Guide Modified on 15 SEP 2017 VMware NSX-T 2.0 NSX-T Container Plug-in for OpenShift - Installation and Administration Guide You
Using SR-IOV on OpenStack
Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Using SR-IOV on OpenStack Alexander Duyck www.mirantis.com Agenda Proceedings of NetDev
ENDEAVOUR: Towards a flexible software-defined network ecosystem
ENDEAVOUR: Towards a flexible software-defined network ecosystem Project name ENDEAVOUR Project ID H2020-ICT-2014-1 Project No. 644960 Working Package Number 2 Deliverable Number 2.3 Document title Implementation
Network Security. Routing and Firewalls. Radboud University, The Netherlands. Spring 2018
Network Security Routing and Firewalls Radboud University, The Netherlands Spring 2018 The coming weeks... Monday, May 21: Whit Monday, no lecture Monday, May 28: Security in Times of Surveillance https://www.win.tue.nl/eipsi/surveillance.html
Socket (Session) Aware Change of IP SACIP network functionality. Samo Pogačnik
Socket (Session) Aware Change of IP SACIP network functionality Samo Pogačnik Key notes about SACIP On the fly changes of network access point of a (mobile) user / endpoint device Possibility for preserving
Advanced IP Routing. Policy Routing QoS RVSP
Advanced IP Routing Policy Routing QoS RVSP Traditional Routing What is traditional routing? Best effort. All routing is a destination driven process. Router cares only about the destination address when
IPv6 NAT. Open Source Days 9th-10th March 2013 Copenhagen, Denmark. Patrick McHardy
IPv6 NAT Open Source Days 9th-10th March 2013 Copenhagen, Denmark Patrick McHardy Netfilter and IPv6 NAT historically http://lists.netfilter.org/pipermail/netfilter/2005-march/059463.html
Life of a Packet. KubeCon Europe Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick. logo. Google Cloud Platform
logo Life of a Packet KubeCon Europe 2017 Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick Google Cloud Platform Kubernetes is about clusters Because of that, networking
Managing Demand Spikes in a highly flexible and agile deployment
Managing Demand Spikes in a highly flexible and agile deployment Yuki Sato S2 (Akita, Japan) Jan Hilberath Midokura (Tokyo, Japan) Agenda Company Introduction Why SUSE OpenStack with MidoNet? MidoNet Introduction
11 aid sheets., A non-programmable calculator.
UNIVERSITY OF TORONTO MISSISSAUGA DECEMBER 2008 FINAL EXAMINATION CSC 347H5F Introduction to Information Security Arnold Rosenbloom Duration 3 hours Aids: Two double sided 8 1 2 11 aid sheets., A non-programmable
Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation
Firewalls Firewall types Packet filter linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation Proxy server specialized server program on internal machine client talks
Seccomp, network and namespaces. Francesco Tornieri <francesco.tornieri AT kiratech.it>
Seccomp, network and namespaces Francesco Tornieri VM vs Container 2 Namespaces ecc 3 Namespaces ecc man namespaces: A namespaces wraps a global system resource in a
Università Ca Foscari Venezia
Firewalls Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Networks are complex (image from https://netcube.ru) 2 Example: traversal control Three subnetworks:
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewalls Chester Rebeiro IIT Madras Firewall Block unauthorized traffic flowing from one network to another
Configuring NAT for IP Address Conservation
This module describes how to configure Network Address Translation (NAT) for IP address conservation and how to configure the inside and outside source addresses. This module also provides information
Firewall Configuration and Assessment
FW Firewall Configuration and Assessment Goals of this lab: Get hands-on experience implementing a network security policy Get hands-on experience testing a firewall REVISION: 1.5 [2017-02-0303] 2007-2011
Load Balancing Bloxx Web Filter. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Bloxx Web Filter Deployment Guide v1.3.5 Copyright Loadbalancer.org Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
Written by Muhammad Kamran Azeem Wednesday, 02 July :48 - Last Updated Saturday, 25 December :45
Assalam-u-alaikum, I have been receiving many mails for few years now to provide with a firewall script. Lately I received one such mail and I decided to publish, what I replied him with. The names and
Mediant Virtual Edition SBC
Installation Manual AudioCodes Mediant Family of Session Border Controllers (SBC) Mediant Virtual Edition SBC Version 7.0 Installation Manual Contents Table of Contents 1 Introduction... 9 1.1 Mediant
Building NFV Solutions with OpenStack and Cisco ACI
Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco
OpenContrail Overview Architecture & Demo
www.opencontrail.org OpenContrail Overview Architecture & Demo Qasim Arham Oct, 2014 Agenda Introduction OpenStack Architecture and Overview OpenContrail and OpenStack Integration OpenStack Neutron Overview
Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload
Wolfram Richter Red Hat OpenShift Container Netzwerk aus Sicht der Workload Why this session? OpenShift is great for web applications, but we want to do X will this work? X { Analytics, Non-HTTP, High-
firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name
firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal"
Nexus 1000V in Context of SDN. Martin Divis, CSE,
Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch
Cisco Application Policy Infrastructure Controller OpenStack and Container Plugins Release 3.2(2), Release Notes
Cisco Application Policy Infrastructure Controller OpenStack and Container Plugins Release 3.2(2), Release Notes This document describes the features, caveats, and limitations for the Cisco Application