Automatically assigning and modifying fixed networks of tenants – OpenStack

OpenStack Networking provides a rich tenant-facing API for defining network connectivity and addressing in the cloud. The OpenStack Networking project gives operators the ability to leverage different networking technologies to power their cloud networking. It is a virtual network service that provides a powerful API to define the network connectivity and addressing used by devices from other services, such as OpenStack Compute. It has a rich API that consists of the following components.

When using VlanManager to separate tenants, we can manually assign VLANs and network ranges to them by creating a secure multi-tenant environment. We can also have OpenStack to manage this association for us so that when we create a project it automatically gets assigned to these details.

Logging into the Controller Server using Vagrant

To begin with, ensure you’re logged in to the Controller server (our OpenStack VirtualBox Virtual Machine, controller, created in, Starting Openstack Compute). If this was created using Vagrant, you can log into this box using the following command:

vagrant ssh controller

Carry out the following steps to configure networking in OpenStack to automatically assign new tenants’ individual VLANs and private (fixed) IP ranges:

• In the file /etc/nova/nova.conf, ensure there is a flag called vlan_start with a VLAN ID, for example:

vlan_start=100

• We can now create a range of networks, each with 256 addresses available, by issuing the following command:

• This creates 10 networks, with 256 IP addresses starting from 0.0.0/24 to 10.0.9.0/24 and starting from VLAN ID 100 to VLAN ID 110.

You can specify an alternative VLAN start ID on the command line by adding in the —vlan=id option, where an id is a number.

Specifying Networks of Tenants

By specifying the —num_networks option and specifying the —network_size option (the number of IPs in each of the created networks), we can tell our OpenStack environment to create multiple networks within the range specified by — fixed_range_v4. When projects are created now, rather than having to manually associate an address range with a tenant, they are automatically assigned a VLAN, starting from the –vlan_start ID, as specified in /etc/nova/nova.conf.

To ensure that our OpenStack environment is able to separate traffic from one tenant to another, we assign different fixed ranges to each. When a fixed network is no longer required, or we want to assign a particular tenant to a specific network, we can use the nova-manage command to modify these details.

To begin with, ensure you’re logged in to the OpenStack API server as well as to a client that can access the keystone environment.

To assign a particular network to a tenant, carry out the following steps:

• On a client that has access to the keystone command, run the following commands to list the projects available:

An example of running the previous commands is as follows:

• To view the list of networks and ranges available, issue the following command on an OpenStack API host:

sudo nova-manage network list                                    

Modifying a Tenant’s Fixed Network

An example of running the previous commands is as follows:

• The output shown lists network ranges and their associated project IDs. From this, we can see that we have 10.0.3.0/24 not assigned to a project (where it says None under the project column). To assign this network range to the development tenant, we issue the following commands:

• When we view the output now for that network range, we will have this project ID assigned to it and any instances spawned under this tenant will be assigned an address in this range.

Related Pages:
OpenStack Tutorial