The connectivity between elements in the cloud and to external networks is created with the objects network, subnet and router. The topology can also be protected by a bastion host with security features such as firewalls and software for attack prevention.
The procedure to set up a private network with with a router to the Internet (represented by an external network) comprises the steps
Create a network
Create a subnet of the network with a private IP range
Create a server with a NIC attached to the subnet
Add the subnet to the router
Set external gateway
Create network and subnet
When creating a tenant, a local network and subnet may already have been created by default. If there is no such network, or if another network is needed, follow the steps described in this section.
First, in Horizon or from CLI, create a network with a different subnet address range in CIDR notation, for example
The command to create the network is
openstack network create <network-name>
DNS addresses can be assigned directly to the subnet. It is convenient to use the Google addresses
188.8.131.52, but any other DNS IP addresses can be used. The subnet with CIDR and DNS addresses can then be created by the command
openstack subnet create --subnet-range 10.0.0.0/24 --dhcp --network <network-name> --dns-nameserver 184.108.40.206 --dns-nameserver 220.127.116.11 <subnet-name>
In Horizon, select Network/Networks/Create Network to open a dialog window. Choose a network name, and define a subnet by specifying a name and the CIDR IP address range (Figure 1 and 2). Under Subnet Details, enter DNS addresses (Figure 3). Press Create to execute.
On any VM, it is possible to configure more than a single network interface controller (NIC). In a physical server, multiple IP addresses are often assigned to a single NIC. The physical limitation is the number of NIC card slots in the server. For virtual NICs, however, no such limitation exists, so a NIC can be added for each IP address. The limitation in the virtualized cloud is the number of PCI bus addresses. This limit can be reached when a server supports multiple domains with separate public IP addresses.
When creating a tenant, a router may already have been created by default. If there is no router, follow the steps in this section.
Please note that in the Beryllium environment, the router cannot be connected to the gateway if a different network router is already connected to it. In other words, the user is not allowed to attach additional ports to an external network.
At this point, we assume that we have a server
<server> connected to the subnet
<subnet-name>, see Create and manage virtual machines
The router is created by
openstack router create <router-name>
and the local network, or “near end” is connected by adding the subnet
openstack router add subnet <router-name> <subnet-name>
Finally, router connectivity to the Internet is created by setting the external gateway represented by the external network in the tenant
openstack router set <router-name> --external-gateway <external-network>
In Horizon, a router can be created under Network/Routers (Figure 4), after specifying a name and external network.
After creating the router, click on the router name under Network/Routers and go to the tab Interfaces to add an existing subnet by clicking the button Add Interface (Figure 5).
In the menu, select an existing subnet and click Submit (Figure 6).
The router details should now look like in Figure 7.
To any chosen instance, it is now possible to attach a new NIC. In Horizon, this action has the menu entry Attach Interface under Instances/Actions (Figure 8).
From the drop-down menu, select the same network just created. To test the NIC, you can verify the connection by pinging the router from the instance
assuming that the router has been assigned IP address 10.0.0.1 (by default the first address in the private IP address range).
Manage floating IP associations
To assign a floating IP address to an instance, first it has to be assigned and associated. List the status of available floating IPs by
openstack floating ip list
If the list is empty, an IP address has to be assigned from
openstack floating ip create <external-network>
Now, associate a floating IP address with an instance by
openstack server add floating ip <server> <ip-address>
The association can then be verified by
openstack floating ip show <ip-address>
Due to the nature of floating IPs These changes take effect immediately.
A floating IP can be associated and disassociated from Networks/Floating IPs (see Figure 9).
To associate a non-mapped floating IP to an port on an instance, click on Associate to open the association menu (Figure 10), select desired instance interface, and click Associate.
To disassociate a floating IP address from a server, use
openstack server remove floating ip <server> <ip-address>
After this, the same IP address will be available for other associations. In orchestration, floating IPs are usually created from the IP address pool associated with the external network. It is therefore advisable to return unused IP addresses to the pool with
openstack floating ip delete <ip-address>