This section outlines common OpenStack networking tasks for quick reference only. For more details on using Neutron and how Neutron works – including details of when and where to use features such as Floating IPs and Routers, refer to Chapter 4, Neutron – OpenStack Networking.
Ensure that you have the OpenStack clients installed, as described in the first recipes in this chapter.
Carry out the following steps to create and modify networks in OpenStack:
There are usually two steps to create a network: creating the equivalent of an L2 network, followed by assigning a subnet (and details to it).
- First, create the network:
openstack network create NETWORK_NAME - Now create the subnet on this network:
openstack subnet create SUBNET_NAME --network NETWORK_NAME--subnet-range CIDR
To create a floating IP provider network, carry out the following commands. This command assumes that our provider interface, as seen from OpenStack (and configured in Neutron), is using the "flat" interface. Typical deployments in a datacenter would likely use "vlan" as the provider type and device, so adjust to suit your environment.
- First, create the network (in this example, we're specifying a provider type of
flat):openstack network create --share --project admin --external --default --provider-network-type flat --provider-physical-network flat GATEWAY_NET
- Now we specify some options of the subnet that make sense for this network to be accessed from outside of OpenStack:
openstack subnet create --project admin --subnet-range 192.168.100.0/24 --dhcp --gateway 192.168.100.1 --allocation-pool start=192.168.100.200,end=192.168.100.250 --network GATEWAY_NET GATEWAY_SUBNET
Creating a new security group, for example, webserver in the project development, is achieved as follows:
openstack security group create --project development webserver
To add a rule to a security group called webserver created in the previous step, such as allowing inbound access from anywhere to port 80, carry out the following:
openstack security group rule create --remote-ip 0.0.0.0/0 --dst-port 80:80 --protocol tcp --ingress --project development webserver
To create a router called myRouter in our project, execute the following command:
openstack router add myRouter
To add a private tenant subnet, called private-subnet, to our router called myRouter, issue the following command:
openstack router add subnet myRouter private-subnet
To add a gateway to our router, we first must ensure that the gateway network has been created with the --external flag as described in the Creating a provider network section in this chapter (for use with Floating IPs). We will then execute the following command to set the external gateway network to be that of GATEWAY_NET on our router called myRouter:
openstack router set myRouter --external-gateway GATEWAY_NET