Subnet Pools and Address Scopes
Why is IPAM important for Neutron?
•No VM connectivity without a valid IP assigned
•Duplicate subnets/IPs in shared or routable space are disastrous
Especially relevant when using provider networks
•Allocation of subnets for large scale deployments can be difficult and time consuming
Especially for Tenants using non-overlapping addresses
Errors in address planning and quota allocation are difficult to reverse
•Users have multiple/heterogeneous environments
Rrack IPs/subnets across multiple clusters
Reclaim IPs/subnets that are no longer in use
Subnet Allocation
•What was introduced in Kilo?
̶Subnet Pool - Range of addresses from which subnets may be allocated
-May be exclusive to a tenant or shared
-Enforces a quota for shared pools
-Simplifies centralized management of subnet allocations to tenants
-Example: 10.0.0.0/16 from which smaller subnets (/20, /23, /24, etc.) are allocated
•How does it work?
̶Pools can be managed via the API or neutron client
̶Optionally specify a pool when allocating a subnet
-Leave out the CIDR and just pass a prefix length (or use the default prefix length)
-Specify a CIDR if you want, as long as it fits in the pool without overlap
1. 创建一个subnet pool,一共256个IP,203.0.113.0/24
admin> neutron subnetpool-create --shared --pool-prefix 203.0.113.0/24 \ --default-prefixlen 26 demo-subnetpool4 Created a new subnetpool: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | default_prefixlen | 26 | | default_quota | | | id | 670eb517-4fd3-4dfc-9bed-da2f99f85c7a | | ip_version | 4 | | max_prefixlen | 32 | | min_prefixlen | 8 | | name | demo-subnetpool4 | | prefixes | 203.0.113.0/24 | | shared | True | | tenant_id | c597484841ff4a8785804c62ba81449b | +-------------------+--------------------------------------+
$ neutron subnetpool-list +---------+------------------+------------------------------------+-------------------+ | id | name | prefixes | default_prefixlen | +---------+------------------+------------------------------------+-------------------+ | 670e... | demo-subnetpool4 | [u'203.0.113.0/24'] | 26 | | 7b69... | demo-subnetpool | [u'2001:db8:1:2', u'2001:db8:1:2'] | 64 | +---------+------------------+------------------------------------+-------------------+
2. subnet 32-25=7, 2^7=128个IP, 已经分配出的IP subnet不能再分配了, Subnet pool之外的ip不能分配
$ neutron subnet-create --name demo-subnet1 --ip_version 4 \ --subnetpool demo-subnetpool4 demo-network1 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | id | 6e38b23f-0b27-4e3c-8e69-fd23a3df1935 | | ip_version | 4 | | cidr | 203.0.113.0/26 | | name | demo-subnet1 | | network_id | b5b729d8-31cc-4d2c-8284-72b3291fec02 | | subnetpool_id | 670eb517-4fd3-4dfc-9bed-da2f99f85c7a | | tenant_id | a8b3054cc1214f18b1186b291525650f | +-------------------+--------------------------------------+
3. 再分配一个128个ip的subnet,这时pool的ip分配完了。
4. 再从该pool分配失败,
5. 再从该pool中分配时,自动找到合适的ip段。
增加pool的ip池,只能增大不能减小,而且可以添加其他断的subnet ip。
admin> neutron subnetpool-update --pool-prefix 203.0.113.0/24 \ --pool-prefix 198.51.100.0/24 demo-subnetpool4 Updated subnetpool: demo-subnetpool4 admin> neutron subnetpool-show demo-subnetpool4 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | default_prefixlen | 26 | | default_quota | | | id | 670eb517-4fd3-4dfc-9bed-da2f99f85c7a | | ip_version | 4 | | max_prefixlen | 32 | | min_prefixlen | 8 | | name | demo-subnetpool4 | | prefixes | 198.51.100.0/24 | | | 203.0.113.0/24 | | shared | True | | tenant_id | c597484841ff4a8785804c62ba81449b | +-------------------+--------------------------------------+
http://blog.episodicgenius.com/post/neutron-subnet-pools/
http://www.slideshare.net/carlbaldwin/subnet-pools-and-pluggable-ipam
http://docs.openstack.org/developer/neutron/devref/address_scopes.html
Neutron Address Scopes
则位于subnetpool之上,可以用来控制哪些IP不走NAT出去,而是直接连到外网上的。
创建一个address scopes:
admin> neutron address-scope-create --shared address-scope-ip4 4
Created a new address_scope:
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| id | 97702525-e145-40c8-8c8f-d415930d12ce |
| ip_version | 4 |
| name | address-scope-ip4 |
| shared | True |
+------------+--------------------------------------+
在该address scopes之中创建一个subnetpool:
admin> neutron subnetpool-create --address-scope address-scope-ip4 \
--shared --pool-prefix 203.0.113.0/21 --default-prefixlen 26 \
subnet-pool-ip4
Created a new subnetpool:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| address_scope_id | 97702525-e145-40c8-8c8f-d415930d12ce |
| default_prefixlen | 26 |
| id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
| ip_version | 4 |
| name | subnet-pool-ip4 |
| prefixes | 203.0.112.0/21 |
| shared | True |
+-------------------+--------------------------------------+
