LLMpediaThe first transparent, open encyclopedia generated by LLMs

OpenStack Neutron

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Open vSwitch Hop 5
Expansion Funnel Raw 51 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted51
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
OpenStack Neutron
NameNeutron
DeveloperOpenStack Foundation
Released2012
Programming languagePython (programming language)
Operating systemLinux
LicenseApache License

OpenStack Neutron OpenStack Neutron provides programmable network connectivity as a service for cloud platforms managed by OpenStack Foundation. Designed to decouple networking from compute and storage, Neutron enables operators and developers to create complex topologies and services used in deployments by organizations such as NASA, Walmart, CERN, PayPal, and Wikimedia Foundation. It interoperates with ecosystem projects and vendors including Red Hat, Canonical (company), Mirantis, Cisco Systems, and VMware to deliver virtual networking across heterogeneous infrastructures.

Overview

Neutron evolved from initial Neutron proposals within the OpenStack ecosystem and was formalized to replace earlier networking efforts used by Rackspace. It defines a service API and a pluggable architecture that supports diverse backends, from software routers and overlays to hardware switches by Arista Networks. Key goals include self-service provisioning for tenants, support for IPv4 and IPv6 addressing models, and integration with cloud orchestration stacks like Heat (software) and image services such as Glance (OpenStack).

Architecture and Components

Neutron implements a modular control-plane and data-plane split. The control-plane comprises services including the Neutron server, core plugins, and API endpoints, often deployed alongside Keystone (OpenStack) for identity. Core components include the API service, the plugin manager, and the ML2 (Modular Layer 2) framework which brokers drivers for technologies like Open vSwitch, Linux Bridge, and vendor-specific networking appliances. Data-plane implementations use agents such as the Open vSwitch agent, L3 agent for routing, DHCP agent for address assignment, and metadata agent to support Nova (OpenStack Compute). Integration points extend to Ceph, Kubernetes, and Linux kernel networking subsystems for datapath acceleration and storage networking.

Networking Models and Features

Neutron supports multiple models: flat, VLAN, VXLAN overlays, GRE tunnels, and provider networks that map tenant networks onto physical fabrics used by vendors like Juniper Networks. Feature sets include security groups, floating IPs, load balancing as a service (LBaaS), firewall as a service (FWaaS), and virtual private networks (VPNaaS). Advanced offerings provide service chaining, distributed virtual routing, and Quality of Service (QoS) policies. Neutron works with SDN controllers and ecosystems such as OpenDaylight, ONOS (software) and integrates with orchestration tools like Ansible and Terraform for declarative network life-cycle management.

Deployment and Integration

Operators deploy Neutron in conjunction with compute nodes managed by Nova (OpenStack Compute) and storage services like Cinder (OpenStack Block Storage). Typical topologies separate controller and compute planes, employing technologies such as SR-IOV, DPDK, and Open vSwitch with hardware offloads for performance. Integration with hardware switching uses plugins or mechanisms like ML2 drivers and vendor integrations from Brocade, HPE, and Dell EMC; cloud operators often pair Neutron with monitoring stacks such as Prometheus and Grafana and CI/CD systems like Jenkins for continuous deployment.

Security and Multitenancy

Neutron enforces tenant isolation through network namespaces, VLAN segmentation, and encrypted overlays using protocols endorsed by bodies like the IETF. Security groups provide instance-level firewalling; role-based access control is mediated through Keystone (OpenStack) and policy.json rules. For compliance workloads, Neutron can integrate with identity providers including LDAP and systems leveraging OAuth or SAML (Security Assertion Markup Language). Features such as auditor logging, flow export with sFlow, and integration with security appliances from Palo Alto Networks and Fortinet support enterprise security controls.

Performance and Scalability

Scalability strategies for Neutron include using distributed agents, hierarchical routing, and pooling of network resources; high-scale deployments adopt technologies like VXLAN EVPN and BGP EVPN with control-plane offload via controllers such as Quagga or FRRouting. Performance optimizations leverage SR-IOV, DPDK-based datapaths, and kernel bypass techniques to achieve line-rate forwarding for I/O intensive workloads found in environments like High Performance Computing centers and large public clouds. Capacity planning often references metrics collected from Ceilometer and telemetry backends to size control-plane and data-plane components.

Development and Community

Neutron development is driven through the OpenStack community with contributions from corporations, independent contributors, and projects hosted by the OpenInfra Foundation. The project lifecycle uses governance models, specifications, and regular release cycles aligned with the broader OpenStack releases; collaboration occurs on platforms such as Gerrit and mailing lists. Adjacent projects and plug-ins—spanning orchestration, observability, and vendor integrations—extend Neutron's capabilities, with ecosystem events like the OpenStack Summit and working groups providing roadmaps and interop tests.

Category:OpenStack