You Create an External Neutron Network to enable private networks in the cloud to communicate with the wider network. In a cloud, a tenant can have one or more private networks. When you create an external network for the cloud, you create a provider router that is shared by all the tenant networks.
The router is not visible in the network topology view of the tenant. Because there is only a single router, tenant networks cannot use overlapping IP addresses. In Neutron, it is easy to create many private networks that allow inter-communication between your instances.
To allow access to these though, we must create a router on the Provider Network (an external network) that is routed into our OpenStack environment. This provider network allows us to allocate floating addresses to our instances. For this, we will be utilizing our fourth VirtualBox network interface. In a physical environment, this interface would go to a router that is routed to the Internet.
Ensure that you are logged on to the controller node in our environment. If you created this using Vagrant, you can issue the following command:
Ensure you have set the following credentials set:
To create an external router on our Neutron network for a particular tenant, we need to have tenant admin privileges. We will first create a public network in our admin tenant and then attach this to a tenant’s router that requires external access to our instances. This will be achieved with the assignment of a floating IP to the instance.
Once our environment has been set correctly with admin privileges, follow these steps:
The use of the service tenant is not a strict requirement. We are referring to a tenant outside of all our private tenants that is under the control of our admin user only.
[ Related Article: How to Learn Openstack ]
This produces output like the following. The information we need is the router ID and the Network ID:
We use this Router ID to interrogate the port in use on this router:
This produces output like the following and the information we need will match the IP address listed in the nova list command. In this case, we need the port ID matching the IP address 10.200.0.2 as this is assigned to our instance:
This produces output like the following:
What we have done here is created a network that allows us to assign floating addresses to our instances, which are accessible from this network subnet. This subnet would be one that is routable from the rest of the network outside of OpenStack or public address space directly on the Internet. To do this, we first create a network in an admin tenant that can have a gateway set by using the –router:external=True flag to our quantum-net create command:
As we will be configuring addresses manually to allow us to assign floating IP addresses to instances, we specify a subnet, where we define the range of IP addresses but disable DHCP:
We then assign a router gateway to the network by issuing the following command on an existing router on our network. This router then provides an appropriate NAT when we assign this to an instance on the private network connected to that router:
Once configured, we can now allocate a floating IP address from this new range to our running instance. To do this, we run the following set of commands:
and get the IP address of our running instance
quantum router-show ROUTER_NAME
to give us the router ID
quantum port-list -- --router_id=ROUTER_ID
to display information about connected instances and devices to our router. We use the ID that matches the IP of our instance.
To allocate an IP from our floating IP range to the instance running on that port. At this point, we are able to access this instance from our physical network on this floating IP address.
Ravindra Savaram is a Content Lead at Mindmajix.com. His passion lies in writing articles on the most popular IT platforms including Machine learning, DevOps, Data Science, Artificial Intelligence, RPA, Deep Learning, and so on. You can stay up to date on all these technologies by following him on LinkedIn and Twitter.