Virtual Architecture [Dev/Test]

  1. For the Dev/Test setup, you can have one (good/powerful) server or a few OK ones.
    The minimum requirement is that it must have 1 network card and run Ubuntu 14.04 LTS.
  2. Your main OS has 3 bridges
    • br-net — we create this and put the public IP address here
    • virbr0 – this gets created when you install libvirt
    • lxcbr0 – this gets created when you install lxc
  3. Public IP address usage
    • ip #1 – this is the main IP address of the server, which is added on the br-net bridge.
    • ip #2 – this is the public IP address of the VYOS router
    • ip #3 – this is the IP that also exists in the VYOS and is used as your openstack public IP address
    • ip #4 .. #n – this can be any IP addresses that you may want to nat 1:1 from the VYOS to your internal IP address to make services accessible from outside.
  4. Bridge Setup [Host]
    • br-net bridge contains eth0 .
    • os-pxe, os-mgmt, os-stor, os-vlan and os-vxlan are 5 virtual bridges .. connected to the vyos
    • IP address
      • br-net : x.x.x.1/24
      • virbr0 :  [automatically populated]
      • lxcbr0 :  [automatically populated]
      • os-pxe :
      • os-mgmt:
  5. Bridge setup [VYOS]  [see config in github]
    • br-net is connected to eth0 of the VYOS
    • os-pxe, os-mgmt, os-stor, os-vlan and os-vxlan also connect to the vyos
    • IP address:
      • eth0 [br-net] : x.x.x.2/24 [a public ip address]
      • eth1 [os-pxe] :
      • eth2 [os-mgmt]:
      • eth3 [os-stor] :
      • eth4 [os-vlan] : no ip address
        • eth4.101 : vlan 101  :
        • eth4.102 : vlan 102 :
        • eth4.201 : vlan 201 :
        • eth4.202 : vlan 202 :
      • eth5 [br-vxlan] :
  6. The main strength of this setup is that since all machines uses the VYOS router to connect outside, you can simulate real-world IPs and VLANS of any size and range. This ensures that you can just have the same exact configuration for your real deployment in this configuration.


Physical Architecture [Acceptance/Production]


  • Use good hardware
  • Consider having access via  iDRAC/ILO/IPMI
  • Use kickstart/automation to install/reinstall your physical servers.
  • VYOS is just one example. pfSense and Mikrotik as well as <insert your router name here> will also work. The features you need from the router are not much:  basic firewall, nat, vlans, dhcp server etc.
  • This will act as a physical replica to our Dev/Test setup. The only change might be in the number of network interfaces and if you use bonds.
  • Having a vyos/pfsense/mikrotik/cisco/juniper <insert your own router brand> with your own control will allow you to be in control and provide site-2-site VPN and connectivity to your home/office/aws/google etc.
  • Unless you are doing VOIP or something specific that needs direct IP address, having a private IP and using 1:1 nat from the router gives you two advantage.. you are in control of what and how your infrastructure is  accessible from outside, and you can actually use all your assigned public IPs. [instead of losing 1 ip to each of the routers created

The default openstack playbooks do not have data nodes.  I am more involved in big public clouds, so I require this extra category. Plus you are also going to learn how to move components around so that you are in control when for any reasons you want  service X to run on server  Y.

I have divided the nodes into 5 different categories:

  • Data Nodes => will host galera, memcache and rabbitMQ   [ faster cpu, more memory, ssd disks ]
  • Controller Nodes =>
  • Compute Nodes =>
  • Storage Nodes => [CEPH]
  • Network Nodes =>  [special network cards for checksum offloading, physical ports for vlan and vxlan]

About The Author