Kembali ke Beranda
Networking
jsturana9 Juni 2026

Konfigurasi Neutron, Provider Network, OVS, dan Bridge

Tutorial networking OpenStack yang membahas provider network, external network, physnet, konfigurasi ML2 Neutron, Linux Bridge Agent, Open vSwitch Agent, pembuatan bridge external br-ex, penggunaan legacy iptables/arptables/ebtables, pembukaan firewall untuk Keystone dan Glance, serta troubleshooting issue ICMP Redirect Host pada jaringan OpenStack.

Tutorial ini mengelompokkan catatan networking OpenStack: provider network, physnet, Open vSwitch, bridge, dan konfigurasi agent.

1. Prinsip Provider Network

Catatan penting:

TEXT 
external network setting. lihat bagian type flat, nama external harus sama dengan konfigurasi

Contoh network:

TEXT 
router-asnet-cloud-01
admin public-network-01
subnet-103.18.79.113 103.18.79.112/28
admin id-bgr-asnet-cloud1
subnet-192.168.40.0 192.168.40.0/24

2. Cek Konfigurasi ML2 pada Neutron API

Masuk ke unit neutron-api:

BASH 
juju ssh neutron-api/0

Edit file ML2:

BASH 
sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini

Catatan:

TEXT 
Physical Network: physnet1 -- neutron gateway

Contoh konfigurasi ML2:

INI 
path_mtu = 1500

[ml2typegre]
tunnelidranges = 1:1000


[ml2typevxlan]
vni_ranges = 1001:2000


[ml2typevlan]
networkvlanranges = physnet1:1000:2000


[ml2typeflat]
flat_networks = physnet1

3. Linux Bridge Agent

BASH 
sudo nano /etc/neutron/plugins/ml2/linuxbridge_agent.ini

Isi mapping:

INI 
physicalinterfacemappings = physnet1:eth0

4. Open vSwitch Agent

BASH 
sudo nano /etc/neutron/plugins/ml2/openvswitch_agent.ini

Contoh konfigurasi:

INI 
[ovs]
local_ip = 192.168.50.83
enable_tunneling = True
bridge_mappings = physnet1:br-int

[agent]
tunnel_types = gre
l2_population = True
enabledistributedrouting = False
preventarpspoofing = True
polling_interval = 2


[securitygroup]
enablesecuritygroup = True
firewalldriver = iptableshybrid

Contoh konfigurasi lain:

INI 
[ovs]
enable_tunneling = True
local_ip = 192.168.10.236

[agent]
tunnel_types = gre


[securitygroup]
enablesecuritygroup = True

5. Install Open vSwitch

BASH 
sudo apt install openvswitch-switch

6. Membuat Bridge External br-ex

Lakukan ini dulu untuk bridge:

BASH 
ifconfig eno1 0
ifconfig br-ex 0
dhclient br-ex
ip addr add <PUBLIC_IP>/<PREFIX> dev br-ex
sudo ovs-vsctl add-port br-ex eno1

7. Legacy iptables/arptables/ebtables

Install package:

BASH 
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install iptables
sudo apt-get install arptables
sudo apt-get install ebtables

Set ke legacy:

BASH 
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy || true
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true
sudo update-alternatives --set arptables /usr/sbin/arptables-legacy || true
sudo update-alternatives --set ebtables /usr/sbin/ebtables-legacy || true

8. Firewall Port Keystone/Glance

BASH 
iptables -A INPUT -p tcp --dport 5000 -j ACCEPT
service iptables save
service iptables restart
service glance-api restart

9. Issue ICMP Redirect Host

Contoh gejala:

TEXT 
From <IP>: icmp_seq=4 Redirect Host(New nexthop: <IP>)
From <IP>: icmp_seq=5 Redirect Host(New nexthop: <IP>)
From <IP>: icmp_seq=6 Redirect Host(New nexthop: <IP>)

Periksa routing, gateway, dan apakah host mendapat redirect dari router upstream.

openstackneutronnetworkingprovider networkexternal networkphysnetml2linux bridgeopen vswitchovsbr-exgrevxlanvlanflat networkiptablesarptablesebtableskeystoneglancefirewallicmp redirectcloud networkingtroubleshooting