Skip to content

Latest commit

 

History

History
108 lines (83 loc) · 5.53 KB

06_network_management.adoc

File metadata and controls

108 lines (83 loc) · 5.53 KB
Raw

Network Management Lab

Table of Contents

1. Introduction to Network Management

By default, all virtual machines are attached to the OpenShift software-defined network (SDN), which enables access from other workloads on the OpenShift cluster, including other VMs and any OpenShift native applications.

  • The SDN provides additional features for abstracting, connecting, and exposing applications in a controlled manner, whether deployed as VMs or Pods in the cluster. These include the Service and Route features of OpenShift.

  • OpenShift’s network policy engine allows the VM user or administrator to create rules which allow or deny network traffic to and from individual VMs or entire projects/namespaces.

However, virtual machines may also connect directly to one or more external networks, such as VLANs, when needed. This is in addition to the SDN, which means that, for example, the administrator can connect to the VM from an external IP address, but the application communicates across the SDN with other VMs hosted by OpenShift Virtualization.

At a high level, this is done by configuring the host networking, such as creating a mode 4 (LACP) bond and a Linux bridge on top. This workshop segment will walk through the next step in that process, creating a network attachment definition to allow VMs to connect to that bridge and, therefore, directly to the external network.

Note
 The OpenShift environment has already been configured with a Linux Bridge on each compute node your virtual machines will connect to, thus allowing for easy connectivity with/from outside network resources.
Goals

  • Create a network attachment definition

  • Connect a VM to the external network

2. Create Network Attachment Definition

In order to use the Linux Bridge with your VM you need to create a Network Attachment Definition. This is what tells OpenShift about the network and allows the virtual machines to connect to it. Network Attachment Definitions are specific to the project/namespace they’re created in, unless they’re created in the default project. This gives you, the administrator, the ability to control which networks are and aren’t available to users who have access to manage their own Vms. Once the Network Attachment Definition has been created, it can then be used by virtual machines when configuring their network adapters.

Note
 Due to time constraints, the host network has already been configured in this lab. If you want to learn more about the host networking, along with how to view and manage the configuration, please use the NMState documentation found here.

  1. Navigate to NetworkingNetwork Attachment Definitions and click Create network attachment definition:

    01 NAD Dashboard
    Important

    Select project vmexamples.

  2. Complete the form for the vmexamples project as follows, then click Create network attachment definition:

    • Name: flatnetwork

    • Network Type: CNV Linux Bridge

    • Bridge Name: br-flat

      02 NAD Create
      Note
      		 The form above has an input for VLAN Tag Number, which is used when connecting to a network that needs to have a VLAN tag assigned. This lab uses an untagged network, so no VLAN number is required here.

      A single Linux Bridge on the host can have many different VLANs. In this scenario, you only need to create a Network Attachment Definiton for each one, not a separate host interface and bridge.

  3. Examine the details of the network attachment definition. Because this was created in the vmexamples project, it will not be available in other projects.

    03 NAD Created

3. Connect a virtual machine to the external network

  1. Navigate to VirtualizationVirtualMachines, select the fedora02 VM. Click Configuration tab and then click the Network Interfaces subtab:

    04 VM Network Tab

  2. Click Add Network Interface, complete the form as shown, then click Save.

    Because this is a bridge connecting to the external network, we don’t need to rely on any OpenShift features or capabilities to enable access, such as masquerade (NAT) for the virtual machines using the network. As a result, type should be Bridge here.

    05 VM Network Attach

  3. Use the Actions menu to restart the VM. After rebooting, navigate to the Console tab:

    06 VM Network Console

    The eth1 interface obtains an IP address from the flat network (192.168.3.x/24). That network has a DHCP server providing IPs to that network.

  4. (Optional) Verify external connectivity of the VM using the bastion host. Connect to the host via SSH as provided in the lab environment materials shared at the start of this workshop.

    1. Open a terminal by pressing the right-top icon:

      OCP Terminal Icon

    2. A console in the bottom part of the screen will appear

      OCP Terminal

    3. Type the following command replacing the IP

      bash-4.4 ~ $ curl 192.168.3.118:22
      Note
      		 Replace the IP which the IP assigned to the node.
      Sample Output
      SSH-2.0-OpenSSH_8.7

4. Summary

In this lab, you connected a VM to an external layer 2 network using a Linux bridge so that it is directly accessible from outside the OpenShift cluster.