Neutron Overview
Traditional network management is largely dependent on the administrator to manually configure and maintain a variety of network hardware devices;
The network in the cloud has become very complex, especially in multi-tenant scenario, users may need to create at any time, connectivity and isolation modify and delete networks, the network might not have been too manually configured to ensure the.
How to respond quickly to business needs for network management put forward higher requirements.
Traditional network management has been difficult to do the job, and the "software-defined network (software-defined networking, SDN)" has the advantage of flexibility and automation make it a mainstream cloud era of network management.
Neutron design goal is to achieve "Network as a Service (Networking as a Service)".
To achieve this goal, the design follows the principles-based SDN network virtualization, which is, in the realization of full use of a variety of network-related technologies on Linux systems.
Neutron function
Neutron provide network support for the entire OpenStack environment, including the floor of the exchange, three routing, load balancing, firewalls and VPN.
Neutron provides a flexible framework to configure, either open source or commercial software can be used to implement these functions.
Layer switching Switching
Nova the Layer Instance is connected to the virtual network by a virtual switch.
Neutron supports multiple virtual switches, including Linux Bridge Linux native and Open vSwitch.
Open vSwitch (OVS) is an open source virtual switch that supports standard management interfaces and protocols.
Use Linux Bridge and OVS, Neutron can be created in addition to the traditional VLAN network, you can also create Overlay Network-based tunneling technologies, such as VxLAN and GRE (Linux Bridge currently only supports VxLAN).
Three routing Routing
Instance can configure different IP subnet, Neutron's router (virtual router) instance to achieve inter-network communications.
NAT router and routing is achieved via IP forwarding, iptables technology.
Load Balancing Load Balancing
Openstack version of the Grizzly first introduced Load-Balancing-as-a-Service (LBaaS), provides the ability to distribute the load to multiple instance of.
LBaaS support a variety of load-balancing products and solutions, in the form of different implementations integrated Plugin to Neutron, the current default Plugin is HAProxy.
Firewall Firewalling
Neutron instance to protect the security of the network and by the following two ways.
Security Group restricted access network packets instance by iptables.
-AS-A-Firewall Service FWaaS, restricted access virtual router network packets, but also to achieve by iptables.
-------------------------------------------------- quoted from ------------------------------------------------ -----------
https://www.cnblogs.com/CloudMan6/p/5709636.html
https://mp.weixin.qq.com/s?__biz=MzIwMTM5MjUwMg==&mid=2653587695&idx=1&sn=17a595f7225b1cf3bb5e6b6879d6d005&chksm=8d3080f6ba4709e0692ec0c9f26f4832c0ccf92b9f77b7f7c375a80940ec107aefb7fe9d9aee&scene=21#wechat_redirect