Floating IPs in OpenStack are static IPv4 addresses that are mapped to instances behind Neutron routers and provide direct inbound connectivity to those instances. Floating IPs can be used in a similar fashion to Elastic IPs in Amazon Web Services, where users can quickly remap an IP address from one instance to another in the event of failure. The heart of this functionality is network address translation. A floating IP is usually considered an external address that is mapped to the internal address configured on an instance. The NAT is implemented on the Neutron router connected to the instance's network. Floating IPs offer connectivity to instances that would otherwise be isolated behind a Neutron router on a non-routable network.
Recall that instances are connected to ports that reflect the connected network and associated IP address. When creating a floating IP, the following information is required:
- External network name or ID
When assigning a floating IP to a port, the following is necessary:
- Floating IP ID
- Internal port name or ID
For this example, create a new port in the existing tenant network named COOKBOOK_TEST_PORT_2:
openstack port create COOKBOOK_TEST_PORT_2 --network COOKBOOK_TENANT_NET_1
To create a floating IP in OpenStack, issue the following command:
openstack floating ip create --port COOKBOOK_TEST_PORT_2 COOKBOOK_PROVIDER_NET
The output will resemble the following:
Floating IPs are created with the following syntax:
openstack floating ip create EXTERNAL_NETWORK_NAME_OR_ID [--port PORT_NAME_OR_ID]
Floating IPs can then be associated with a port, using the following syntax:
openstack floating ip associate FLOATING_IP_NAME_OR_ID PORT_NAME_OR_ID
When a floating IP is associated with a port, Neutron uses the port information to determine which router to configure the NAT on. Once the NAT is in place, connections to the floating IP will be translated to the internal IP and forwarded to the respective instance. Responses from the instance will be forwarded to the router, translated from the internal to the floating IP, and routed back out to the origin.
In our example, the instance's port is associated with the COOKBOOK_TENANT_NET network, which in turn is connected to the COOKBOOK_ROUTER_STANDALONE router. Within the respective qrouter network namespace, we can see the source and destination NATs applied using iptables:
