Creating an external Neutron network – OpenStack

You Create an External Neutron Network to enable private networks in the cloud to communicate with the wider network. In a cloud, a tenant can have one or more private networks. When you create an external network for the cloud, you create a provider router that is shared by all the tenant networks.

The router is not visible in the network topology view of the tenant. Because there is only a single router, tenant networks cannot use overlapping IP addresses. In Neutron, it is easy to create many private networks that allow inter-communication between your instances.

To allow access to these though, we must create a router on the Provider Network (an external network) that is routed into our OpenStack environment. This provider network allows us to allocate floating addresses to our instances. For this, we will be utilizing our fourth VirtualBox network interface. In a physical environment, this interface would go to a router that is routed to the Internet.

If you would like to Enrich your career with an OpenStack certified professional, then visit Mindmajix - A Global online training platform: “Openstack Training Online”  Course.  This course will help you to achieve excellence in this domain.

How to Create an External Neutron Network

Ensure that you are logged on to the controller node in our environment. If you created this using Vagrant, you can issue the following command:

 

Ensure you have set the following credentials set:

 

 

 

To create an external router on our Neutron network for a particular tenant, we need to have tenant admin privileges. We will first create a public network in our admin tenant and then attach this to a tenant’s router that requires external access to our instances. This will be achieved with the assignment of a floating IP to the instance.
Once our environment has been set correctly with admin privileges, follow these steps:

• We first need to get the service tenant ID that we can reference when creating the public shared network. To do so, issue the following:

 

Neutron network

The use of the service tenant is not a strict requirement. We are referring to a tenant outside of all our private tenants that is under the control of our admin user only.

• We can now create a new public network, which we will call a floating net, to provide our external routing capability. To do this, we issue the following command:

 

 

• We then create our external/floating range on this network. In this example, this external subnet is 168.100.0/24. To do this, we specify a range of address that we will manually assign to instances as a floating address, ensuring that the allocation pool (the list of allowed IPs) does not conflict with any IPs used currently in our physical environment:

 

 

 

 

• We now need to set a gateway on our Cookbook router (described in step 4 of the Creating a Neutron Network recipe), to this floating network

 

• With the networking elements complete, we can now utilize this floating network. To do so, we assign a floating IP to our running instance, so first, we need to see what IP has been assigned to our instance on the cook booklet network by issuing a nova list command:

 

• This brings back information as the following screenshot:

Related Article: How to Learn OpenStack

• We also gather some information about our routers and Neutron network ports used in our environment. To collect information about our cookbook route issue the following command:

 

This produces output like the following. The information we need is the router ID and the Network ID:

We use this Router ID to interrogate the port in use on this router:

This produces output like the following and the information we need will match the IP address listed in the nova list command. In this case, we need the port ID matching the IP address 10.200.0.2 as this is assigned to our instance:

• To assign a floating IP to the instance attached to this port, we issue the following command which creates a new floating IP for our use and attaches it:

 

 

This produces output like the following:

• The result of this is that we are now able to access our instance using the assigned Floating IP address of 168.100.11, which previously only had limited access from our Network node:

Related Article: OpenStack Interview Questions

Assigning floating addresses in Neutron Network

What we have done here is create a network that allows us to assign floating addresses to our instances, which are accessible from this network subnet. This subnet would be one that is routable from the rest of the network outside of OpenStack or public address space directly on the Internet. To do this, we first create a network in an admin tenant that can have a gateway set by using the –router:external=True flag to our quantum-net create command:

 

 

 

As we will be configuring addresses manually to allow us to assign floating IP addresses to instances, we specify a subnet, where we define the range of IP addresses but disable DHCP:

 

 

 

 

We then assign a router gateway to the network by issuing the following command on an existing router on our network. This router then provides an appropriate NAT when we assign this to an instance on the private network connected to that router:

 

 

Once configured, we can now allocate a floating IP address from this new range to our running instance. To do this, we run the following set of commands:

nova list

and get the IP address of our running instance

quantum router-show ROUTER_NAME

to give us the router ID

quantum port-list -- 
--router_id=ROUTER_ID

to display information about connected instances and devices to our router. We use the ID that matches the IP of our instance.

 

 

To allocate an IP from our floating IP range to the instance running on that port. At this point, we are able to access this instance from our physical network on this floating IP address.

HTTP://DOCS.OPENSTACK.ORG/JUNO/INSTALL-GUIDE/INSTALL/APT/CONTENT/NEUTRON_INITIAL-EXTERNAL-NETWORK.HTML