Once you install Openstack in single node or multinode setup next
thing is to setup network. To understand networking in Openstack is
little tedious job. This post is to describe basic Openstack networking
concept by creating internal/external networking and testing the same.
First delete all default network like public and private which were created by default after Openstack installation using
#neutron net-delete <net-name>
Let us create new internal network first.
Create subnet for network private-net with subnet address 10.0.0.0/24
Now create new VM with internal network private-net. Now before creating VM we need couple of things. To access VM we need a key, we need image to boot VM and we need network ID of private-net to access VM.
Generally we use id_rsa.pub file as our key to access VMs which can be generated using ssh-keygen. You can create new keypair as well. I use my public key only.
We used by default available cirros image.
We need network ID of private-net network
I don’t want to use existing flavors so I have created new custom flavor with 256MB ram 1 disk and 1 vcpu with id 6 as default we have 5 flavors.
Create new VM with name testvm contains custom flavor, cirros image, private network and my-key keyname.
Check the VM status if it is running fine after creation.
Whenever you create new network you will find network namespace qdhcp-<net-id> is created on neutron node. Unique Network namespace is used to differentiate between network.
You can have same subnet for different network in same project and network namespace will handle all the network traffic without interfering each others network. #ip netns list is command to check network namespace of private-net.
To access internal network of VM we need network namespace of internal network private-net.
Till now we cannot access newly created VM as we don’t SSH and ICMP rule in default security group. Create 2 security rule SSH and ICMP for ssh and ping test with VM.
Check if it is now part of default security group.
Now using network namespace we got it from above step test ping to internal network of VM
It’s working fine.
Now try SSH to internal network of VM using my-key and user cirros. Password of user cirros is cubswin:)
Thats it we can logged in to VM using internal network and check hostname of VM.
Till now we saw how to create new VM in internal/private network now in this post we will see how to add external/public network to VM instance.
First check if our existing VM is in running state.
Now also check available network using CLI and using Openstack Dashboard.
Now create external network public-net.
I am using external subnet address 192.168.122.0/24 with range start from 192.168.122.101 to 192.168.122.150 and gateway 192.168.122.1. I am not using DHCP.
Create external subnet public-subnet.
A Network topology view from Dashboard.
Now to connect internal network with external network we need router and set router’s gateway to external network to communicate outside world.
Create a router demo-router and set gateway to external network.
Check the router details.
Now check the network topology view from dashboard.
You can see that internal and external network are connected through demo-router now.
Now we have to setup physical network connectivity.
Now as I have used Virtualbox I have to create one Host-only Network in Virtualbox and use that in Openstack VM to create/access external network.
If you have external network ready you can use that instead.
I have to add new interface eth2 into Openstack VM with 192.168.122.X series IP and use 192.168.122.1 as gateway IP to access outside world.
Again to work with OVS (Open Vswitch) we have to use external bridge br-ex for external access and need add our physical interface eth2 to external bridge br-ex as external port.
Create network bridge br-ex and eth2 network conf. files as below first.
Now add physical ethernet eth2 to external bridge br-ex
Check if it is added properly into external bridge br-ex.
Restart the network and check if br-ex is getting 192.168.122.212 IP address.
Now we need Floating/Public IP to access our testvm from outside world.
Create floating IP on external/public network and now associate it with vm testvm.
Floating IP 192.168.122.102 is created and associate this IP to testvm.
Floating IP is associated with testvm and now perform PING and SSH test on floating IP.
Note we have already created security rule for TCP and ICMP protocol in first part so we are not creating here.
That’s it Floating/Public IP is working properly. Enjoy :)
First delete all default network like public and private which were created by default after Openstack installation using
#neutron net-delete <net-name>
Let us create new internal network first.
Create subnet for network private-net with subnet address 10.0.0.0/24
Now create new VM with internal network private-net. Now before creating VM we need couple of things. To access VM we need a key, we need image to boot VM and we need network ID of private-net to access VM.
Generally we use id_rsa.pub file as our key to access VMs which can be generated using ssh-keygen. You can create new keypair as well. I use my public key only.
We used by default available cirros image.
We need network ID of private-net network
I don’t want to use existing flavors so I have created new custom flavor with 256MB ram 1 disk and 1 vcpu with id 6 as default we have 5 flavors.
Create new VM with name testvm contains custom flavor, cirros image, private network and my-key keyname.
Check the VM status if it is running fine after creation.
Whenever you create new network you will find network namespace qdhcp-<net-id> is created on neutron node. Unique Network namespace is used to differentiate between network.
You can have same subnet for different network in same project and network namespace will handle all the network traffic without interfering each others network. #ip netns list is command to check network namespace of private-net.
To access internal network of VM we need network namespace of internal network private-net.
Till now we cannot access newly created VM as we don’t SSH and ICMP rule in default security group. Create 2 security rule SSH and ICMP for ssh and ping test with VM.
Check if it is now part of default security group.
Now using network namespace we got it from above step test ping to internal network of VM
It’s working fine.
Now try SSH to internal network of VM using my-key and user cirros. Password of user cirros is cubswin:)
Thats it we can logged in to VM using internal network and check hostname of VM.
Till now we saw how to create new VM in internal/private network now in this post we will see how to add external/public network to VM instance.
First check if our existing VM is in running state.
Now also check available network using CLI and using Openstack Dashboard.
Now create external network public-net.
I am using external subnet address 192.168.122.0/24 with range start from 192.168.122.101 to 192.168.122.150 and gateway 192.168.122.1. I am not using DHCP.
Create external subnet public-subnet.
A Network topology view from Dashboard.
Now to connect internal network with external network we need router and set router’s gateway to external network to communicate outside world.
Create a router demo-router and set gateway to external network.
Check the router details.
Now check the network topology view from dashboard.
You can see that internal and external network are connected through demo-router now.
Now we have to setup physical network connectivity.
Now as I have used Virtualbox I have to create one Host-only Network in Virtualbox and use that in Openstack VM to create/access external network.
If you have external network ready you can use that instead.
I have to add new interface eth2 into Openstack VM with 192.168.122.X series IP and use 192.168.122.1 as gateway IP to access outside world.
Again to work with OVS (Open Vswitch) we have to use external bridge br-ex for external access and need add our physical interface eth2 to external bridge br-ex as external port.
Create network bridge br-ex and eth2 network conf. files as below first.
Now add physical ethernet eth2 to external bridge br-ex
Check if it is added properly into external bridge br-ex.
Restart the network and check if br-ex is getting 192.168.122.212 IP address.
Now we need Floating/Public IP to access our testvm from outside world.
Create floating IP on external/public network and now associate it with vm testvm.
Floating IP 192.168.122.102 is created and associate this IP to testvm.
Floating IP is associated with testvm and now perform PING and SSH test on floating IP.
Note we have already created security rule for TCP and ICMP protocol in first part so we are not creating here.
That’s it Floating/Public IP is working properly. Enjoy :)
Very helpful article. This blog provide very useful information about networking in OpenStack. Thanks for sharing
ReplyDelete