When creating a provider network in OpenStack, one must provide attributes that describe how the network is connected to the physical infrastructure. These attributes include the network type, network interface used by the server, and the segmentation ID of the network. Typically, provider networks are only created and managed by users with administrator-level permissions. Provider networks can be shared or private, and they can also be used as floating IP networks when connected to Neutron routers when the network's router:external attribute has been set to True.
When creating a provider network, you must be authenticated as an administrator. You will need the following details, at a minimum, for the network:
- Network name
- Provider label
- Network type
- Segmentation ID
For our example, the following will be used:
- Network name:
COOKBOOK_PROVIDER_NET - Provider label:
vlan - Network type:
vlan - Segmentation ID:
200
You will need the following details, at a minimum, for the corresponding subnet:
- Subnet name
- Network name or ID
- Subnet range (CIDR)
For our example, the following will be used:
- Subnet name:
COOKBOOK_PROVIDER_SUBNET - Network name or ID:
COOKBOOK_PROVIDER_NET - Subnet range (CIDR):
192.168.200.0/24
With the OpenStack client installed on our system, we are now able to create a provider network with the following steps:
- Create the network:
openstack network create COOKBOOK_PROVIDER_NET --provider-network-type vlan --provider-physical-network vlan --provider-segment 200
The output will resemble the following:
- Create the subnet:
openstack subnet create COOKBOOK_PROVIDER_SUBNET --network COOKBOOK_PROVIDER_NET --subnet-range 192.168.200.0/24
The output will resemble the following:
Provider networks are created with the following syntax:
openstack network create NETWORK_NAME --provider-network-type NETWORK_TYPE --provider-physical-network PROVIDER_LABEL --provider-segment SEGMENTATION_ID [--external | --internal]
Creating a network creates a logical layer 2 segment, whose details are used to construct virtual network connections within the Cloud that connect virtual machines and other virtual network objects to the physical infrastructure.
The provider-network-type parameter defines the type of network. Options include vlan, vxlan, gre, flat, geneve, and local, and these must be supported by the configured network driver.
The provider-physical-network parameter defines the interface used for the network. In Neutron, interfaces are not referenced directly, but are mapped to a provider label. In an OpenStack-Ansible deployment, the default provider label is vlan and maps to a physical interface such as bond1 or eth1.
The provider-segment parameter defines the layer 2 segmentation ID used by the network. For the vlan network types, the segmentation ID is VLAN ID. For the vxlan network types, the segmentation ID is VXLAN VNI. Segmentation IDs may not be used by all network types, and if not specified, may be automatically assigned by Neutron if required.
When specified, the --external option qualifies a network as a gateway network for a router. The network will serve as a floating IP network for attached instances. Networks are considered internal by default.
There are other optional network parameters that can be discovered using the --help flag shown here:
openstack network create --help
Subnets are created with the following syntax:
openstack subnet create SUBNET_NAME --network NETWORK_NAME --subnet-range SUBNET_RANGE
Creating a subnet creates a logical layer 3 routing domain, whose details are used to provide IP services to virtual machines and other virtual network objects. The network parameter maps the subnet to a layer 2 network defined in OpenStack. The subnet-range parameter defines the L3 address range used by the subnet and is written in CIDR notation. More than one subnet can be associated with a network, which is often the case when all addresses in a particular subnet have been consumed. While logically separated, multiple subnets in a network are all part of the same layer 2 broadcast domain.
When a network and subnet are created in OpenStack, and DHCP is enabled, a corresponding network namespace is created on one or more nodes running the DHCP agent. The namespace can be identified using the ip netns command shown as follows:
# ip netns list ... qdhcp-c881ce20-1649-4f03-bea7-40da536e21b2 ...
A DHCP namespace has a prefix of qdhcp- and a suffix that corresponds to the network ID.