Neutron - Networking services

Neutron provides a real Network as a Service (NaaS) capability between interface devices that are managed by OpenStack services such as Nova. There are various characteristics that should be considered for Neutron:

• It allows users to create their own networks and then attaches server interfaces to them
• Its pluggable backend architecture lets users take advantage of commodity gear or vendor-supported equipment
• It provides extensions to allow additional network services to be integrated

Neutron has many core network features that are constantly growing and maturing. Some of these features are useful for routers, virtual switches, and SDN networking controllers.

Neutron introduces the following core resources:

• Ports: Ports in Neutron refer to the virtual switch connections. These connections are where instances and network services are attached to networks. When attached to subnets, the defined MAC and IP addresses of the interfaces are plugged into them.
• Networks: Neutron defines networks as isolated Layer 2 network segments. Operators will see networks as logical switches that are implemented by the Linux bridging tools, Open vSwitch, or some other virtual switch software. Unlike physical networks, either the operators or users in OpenStack can define this.
• Subnet: Subnets in Neutron represent a block of IP addresses associated with a network. IP addresses from this block are allocated to the ports.

Neutron provides additional resources as extensions. The following are some of the commonly used extensions:

• Routers: Routers provide gateways between various networks.
• Private IPs: Neutron defines two types of networks. They are as follows:
  • Tenant networks: Tenant networks use private IP addresses. Private IP addresses are visible within the instance and this allows the tenant's instances to communicate while maintaining isolation from the other tenant's traffic. Private IP addresses are not visible to the Internet.
  • External networks: External networks are visible and routable from the Internet. They must use routable subnet blocks.
  • Floating IPs: A floating IP is an IP address allocated on an external network that Neutron maps to the private IP of an instance. Floating IP addresses are assigned to an instance so that they can connect to external networks and access the Internet. Neutron achieves the mapping of floating IPs to the private IP of the instance by using Network Address Translation (NAT).

Neutron also provides advanced services to rule additional network OpenStack capabilities as follows:

• Load Balancing as a Service (LBaaS) to distribute the traffic among multiple compute node instances.
• Firewall as a Service (FWaaS) to secure layer 3 and 4 network perimeter access.
• Virtual Private Network as a Service (VPNaaS) to build secured tunnels between instances or hosts.

You can refer to the latest updated Mitaka release documentation for more information on networking in OpenStack at http://docs.openstack.org/mitaka/networking-guide/.