The previous article introduced Neutron's architecture. This and the following article will continue to explain some of Neutron's core concepts and terminology.
Table of Contents
Neutron Concepts
Neutron enables users to create networks and subnets, and allows other OpenStack services (such as Compute) to attach their endpoints to these networks. The most common example is connecting an instance to a network. Neutron supports multiple private networks per project, allows projects to choose their own IP addressing scheme, and ensures IP addresses used within different networks do not conflict with those used by other projects. There are two types of networks: provider networks and self-service networks, which can be shared across projects.
Provider Networks
Provider networks provide Layer 2 (L2) connectivity for instances and support DHCP and metadata services. These networks are connected to existing Layer 2 networks in the data center, typically using VLAN (802.1q) tagging to distinguish and isolate them.
Provider networks typically offer simplicity, performance, and reliability in exchange for a fixed cost. Under default configurations, only administrators can create or update provider networks, as their setup requires close alignment with the underlying physical network infrastructure, which general users usually do not have access to.
Additionally, provider networks only handle L2 network connectivity for instances, and therefore do not support Neutron features such as routers, floating IPs, or other advanced networking capabilities.
Routed Provider Networks
Routed provider networks resemble traditional provider networks, but they can route traffic across different L3 networks within the data center, treating each as a separate network segment. Each network segment is essentially a provider network with its own independent L3 gateway, enabling connectivity to external networks.
This model is less commonly seen, and is typically considered only when spanning multiple racks or requiring complex L2 network topologies.
Self-service Networks
Self-service networks are similar to AWS VPCs, allowing users to manage their own networks without involving administrators. These networks are fully isolated and require a virtual router to route traffic to external networks provided by the service provider.
In most cases, self-service networks use VXLAN, GRE, or GENEVE tunneling to create overlay networks, as they can support more segmentation than VLAN tagging (802.1Q) and VLANs typically require additional configuration on physical networks.
Users can create their own networks under their own projects. By default, these networks are completely isolated from others and do not share resources (except for flat networks). OpenStack Networking supports various types of network isolation and overlay technologies.
Flat
All instances are on the same L2 network and can also share the host network. There is no VLAN tagging or other network isolation.
VLAN
Networks allow users to create multiple provider or project networks that correspond to VLAN IDs (802.1Q tagging) existing in the physical network. This enables instances to communicate across the entire environment and also allows them to interoperate with other servers, firewalls, and network infrastructure on the same L2 VLAN.
GRE, VXLAN, GENEVE
VXLAN, GRE, and GENEVE are encapsulation protocols that create overlay networks to control communication between different compute instances. We need a virtual router to enable instances in project networks to communicate externally, which also requires the router to connect to project networks and external networks (including the Internet). OpenStack Neutron's virtual router also provides floating IP addresses via DNAT, allowing instances to be accessed from external networks.
Project Overlay Network Diagram:
These are the three types of networks in Neutron.
The switch forwards the packet from compute node 1 to compute node 2
This article introduced the three types of networks in Neutron; the next article will cover the remaining concepts and terminology in Neutron, such as Subnets, Routers, and more.
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless otherwise stated.