Common OpenStack networking tasks

This section outlines common OpenStack networking tasks for quick reference only. For more details on using Neutron and how Neutron works – including details of when and where to use features such as Floating IPs and Routers, refer to Chapter 4, Neutron – OpenStack Networking.

Getting ready

Ensure that you have the OpenStack clients installed, as described in the first recipes in this chapter.

How to do it…

Carry out the following steps to create and modify networks in OpenStack:

Creating a network

There are usually two steps to create a network: creating the equivalent of an L2 network, followed by assigning a subnet (and details to it).

  1. First, create the network:
    openstack network create NETWORK_NAME
    
  2. Now create the subnet on this network:
    openstack subnet create SUBNET_NAME
        --network NETWORK_NAME--subnet-range CIDR
    

Creating a provider network (for use with Floating IPs)

To create a floating IP provider network, carry out the following commands. This command assumes that our provider interface, as seen from OpenStack (and configured in Neutron), is using the "flat" interface. Typical deployments in a datacenter would likely use "vlan" as the provider type and device, so adjust to suit your environment.

  1. First, create the network (in this example, we're specifying a provider type of flat):
    openstack network create 
        --share 
        --project admin 
        --external 
        --default 
        --provider-network-type flat 
        --provider-physical-network flat 
        GATEWAY_NET
    
  2. Now we specify some options of the subnet that make sense for this network to be accessed from outside of OpenStack:
    openstack subnet create
        --project admin
        --subnet-range 192.168.100.0/24
        --dhcp
        --gateway 192.168.100.1
        --allocation-pool start=192.168.100.200,end=192.168.100.250
        --network GATEWAY_NET
        GATEWAY_SUBNET
    

Creating a new security group

Creating a new security group, for example, webserver in the project development, is achieved as follows:

openstack security group create 
    --project development 
    webserver

Adding a rule to a security group

To add a rule to a security group called webserver created in the previous step, such as allowing inbound access from anywhere to port 80, carry out the following:

openstack security group rule create
    --remote-ip 0.0.0.0/0
    --dst-port 80:80
    --protocol tcp
    --ingress
    --project development
    webserver

Creating a router

To create a router called myRouter in our project, execute the following command:

openstack router add myRouter

Adding a subnet to a router

To add a private tenant subnet, called private-subnet, to our router called myRouter, issue the following command:

openstack router add subnet myRouter private-subnet
Setting a gateway on the router

To add a gateway to our router, we first must ensure that the gateway network has been created with the --external flag as described in the Creating a provider network section in this chapter (for use with Floating IPs). We will then execute the following command to set the external gateway network to be that of GATEWAY_NET on our router called myRouter:

openstack router set myRouter 
--external-gateway GATEWAY_NET
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.143.4.117