Integrating OpenStack Nova-network with Infoblox IP Address Management

Dina Belova - October 7, 2012 -

What is Infoblox?

I think everybody reading this post knows or has heard about such network services as DNS and DHCP. These are core services and they are used everywhere. In a virtual environment such as OpenStack they built into the foundations.

Infoblox is an appliance-based, integrated DNS, DHCP, and IP address management product that solves a growing, critical problem in enterprise networking: keeping core network services infrastructure running nonstop. Infoblox also provides automatic network control solutions to enable cloud readiness all across your network.

You may want to use Infoblox with your OpenStack cloud to help make network address management more productive, stable and secure.

Nova-network and how it works

At the moment, nova-network is the daemon that deals with network configuration of host machines. It also provides virtual networks to enable instances to interact with each other and with the public network. Every instance is assigned to a private IP address from each nova-network service. These IP addresses are called fixed IPs, and OpenStack uses the term floating IP to refer to an IP address that can be dynamically added to a running instance.

Currently Nova supports three kinds of networks, implemented in three types of network managers:

  • Flat Network Manager

Each instance receives a fixed IP from the pool and all instances are attached to the same bridge by default. The bridge must be configured manually, while the networking configuration is injected into the instance before it is booted. And there is no floating IP feature in this mode.

  • Flat DHCP Network Manager

All instances are attached to a single bridge on the compute node. In addition, a DHCP server is running to configure instances. OpenStack starts a DHCP server to pass out IP addresses to VM instances from the specified subnet, in addition to manually configuring the networking bridge. Instances receive their fixed IPs by doing a dhcpdiscover. Moreover, a floating IP feature is provided.

  • VLAN Network Manager

In this mode, Nova creates a VLAN and bridge for each tenant. The project gets a range of private IPs that are only accessible from inside the VLAN. A DHCP server is started for each VLAN to pass out IP addresses to VM instances from the subnet assigned to the project.

The latter two use dnsmasq as the DHCP server, and the nova-network service is responsible for starting up dnsmasq processes. Dnsmasq serves the virtual machines’ requests and sorts out their issues. That’s why dnsmasq is an isolated system in some ways.

With DNS, for every instance in the OpenStack cloud, there is a “name-address” pair and a group of managers that publish information to the DNS server if it is used (there no special DNS server for working with virtual machines by default). In order to enter these instances from the outside world, we needed a tool.

Address management in OpenStack

We decided to fix this and make some changes in nova architecture to use Infoblox or something similar for this purpose. You can find our implementation here.

The first step is to switch from dnsmasq as the provider of DNS and DHCP services, so we created a special hierarchy with just a DHCP driver in root for this purpose. Our solution lies in using different drivers for different DHCP and DNS servers, and Infoblox can be one of them.

To do so, you create drivers to manage Infoblox DHCP and Infoblox DNS, which makes communication between nova-network and Infoblox possible. Thus, if you want to expand your cloud network configuration options and use something other than dnsmasq, Infoblox may be just what you need.

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)

Note: this blog post was originally published by Avinash Desireddy on Medium. You can view the original post here. Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a …

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)
Software Supply Chain Security on Any Kubernetes with Mirantis Secure Registry 3.0

Security and cloud infrastructure availability concerns have been in the news of late with the recent Log4j vulnerabilities and outages at some of the world’s largest public cloud providers. The security and integrity of your container-based images has never been more important. Many have taken to Kubernetes to assist in the deployment and management of their container-based workloads, and are leveraging …

Software Supply Chain Security on Any Kubernetes with Mirantis Secure Registry 3.0
A Year in Review: A Look Back at the Most Powerful Mirantis Resources from 2021

2021 has been quite the year - and while there have been plenty of not-so-good times, we at Mirantis would like to take a moment to focus on the good. We are thankful for the opportunity to provide our readers with informative, accurate, and, above all, educational content via our company blog. We try not only to include helpful information …

A Year in Review: A Look Back at the Most Powerful Mirantis Resources from 2021
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST
Istio in the Enterprise: Security & Scale Out Challenges for Microservices in k8s

Presented with Tetrate