Learn how OpenStack manages various virtual network resources

1. Overview

Before you get started!

Welcome to OpenStack!

In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just your workstation, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.

This tutorial is the eighth in the “Phase I - Single-node OpenStack on your workstation” series.

Explore other tutorials >

What is OpenStack?

OpenStack is a collection of open-source projects designed to work together to form the basis of a cloud. OpenStack can be used for both private and public cloud implementation.

What is Sunbeam?

Sunbeam is an OpenStack project created to set the foundation for zero-ops OpenStack. By using highly opinionated architecture and native Kubernetes principles, Sunbeam delivers distilled OpenStack excellence on top of K8s.

What is MicroStack?

MicroStack (based on Sunbeam) is an OpenStack flavour designed for small-scale cloud environments, edge deployments, testing and development, with full commercial support available from Canonical.

In this tutorial, you will learn how to:

Distinguish between the various network resources in OpenStack
Display network topology
Manage networks and subnets
Manage routers
Manage floating IPs
Manage security groups

You will only need:

One fresh physical or virtual machine with:

The latest Ubuntu LTS installed,
Static IP address assigned to its primary network interface,
OpenSSH server installed and configured,
4+ core amd64 CPU,
16 GB of RAM,
50 GB of storage,
OpenStack cloud bootstrapped, configured and sample instance launched,
OpenStack client set up,
Sample identities created.

2. Credentials

Make sure you’re logged in as the myuser user we created in tutorial 6. Identities

To log in as the myuser user through the OpenStack client, open a new terminal window, execute the following command, and type mypassword when asked for the password:


$ source ~/Downloads/myproject-openrc.sh

To log in as the myuser user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:

Domain - Type mydomain
User Name - Type myuser
Password - Type mypassword

3. Display network topology

OpenStack Neutron service enables the management of various resource types. The following ones are usually required to be able to launch instances:

Networks are overlay networks created on top of the physical network based on the underlying SDN platform.
Subnets provide IP addressing services inside of virtual networks, including the gateway, static routes, DHCP and DNS.
Routers connect subnets, enabling inter-tenant communication and access to networks external to OpenStack, including Internet.
Floating IPs enable access to instances from networks external to OpenStack through the NAT mechanism.
Security Groups are an implementation of network access control lists (ACLs), which can be used to limit access from/to instances.

To display network topology, navigate to Project -> Network -> Network Topology:

At the moment, you are only be able to see the external-network network there, but you can review it again after completing all the steps in this tutorial.

4. Manage networks and subnets

In the following steps, we’ll create a new network called mynetwork and a new subnet in this network called mysubnet with the IP range of 192.168.0.0/24, DHCP pool of 192.168.0.101 - 192.168.0.200 and the DNS of 8.8.8.8.

Manage networks and subnets through the OpenStack client

To create a the network, execute the following command:


$ openstack network create mynetwork

To list all networks, execute the following command:


$ openstack network list

Sample output:


+--------------------------------------+------------------+--------------------------------------+
| ID                                   | Name             | Subnets                              |
+--------------------------------------+------------------+--------------------------------------+
| a78fd33a-d6cd-4362-9bfd-9a5b1c29b5c4 | mynetwork        |                                      |
| da8de4f1-2760-40ae-92f1-f483a18c67e8 | external-network | 6bfcf386-5d49-486e-b9e1-e8ddbb10f17f |
+--------------------------------------+------------------+--------------------------------------+

To create the subnet, execute the following command:


$ openstack subnet create --network mynetwork --subnet-range 192.168.0.0/24 --allocation-pool start=192.168.0.101,end=192.168.0.200 --dns-nameserver 8.8.8.8 mysubnet

To list all subnets, execute the following command:


$ openstack subnet list

Sample output:


+--------------------------------------+----------+--------------------------------------+----------------+
| ID                                   | Name     | Network                              | Subnet         |
+--------------------------------------+----------+--------------------------------------+----------------+
| 68fd7e4f-88d9-4793-a370-decc440f2fa4 | mysubnet | a78fd33a-d6cd-4362-9bfd-9a5b1c29b5c4 | 192.168.0.0/24 |
+--------------------------------------+----------+--------------------------------------+----------------+

Manage networks and subnets through the OpenStack dashboard

Navigate to Project -> Network -> Networks and click the Create Network button on the right:

To create the network and the subnet, fill in the form as follows:

Network Name - Type mynetwork

Then choose Subnet from the menu on the top:

Fill in the form as follows:

Subnet Name - Type mysubnet
Network Address - Type 192.168.0.0/24

Then choose Subnet Details from the menu on the top:

Fill in the form as follows:

Allocation Pools - Type 192.168.0.101,192.168.0.200
DNS Name Servers - Type 8.8.8.8

Then click the Create button:

You are now able to see the new network and subnet in Neutron’s database:

5. Manage routers

In the following steps, we’ll create a new router called myrouter, attach it to the mysubnet subnet and set the external-network network as the gateway.

Manage routers through the OpenStack client

To create the router, execute the following command:


$ openstack router create myrouter

To list all routers, execute the following command:


$ openstack router list

Sample output:


+--------------------------------------+----------+--------+-------+----------------------------------+
| ID                                   | Name     | Status | State | Project                          |
+--------------------------------------+----------+--------+-------+----------------------------------+
| 26fba280-6e9b-4729-9f97-eca0a2d4f87f | myrouter | ACTIVE | UP    | 364813a371c84cb8baa7556e280e2ea7 |
+--------------------------------------+----------+--------+-------+----------------------------------+

To set the external-network network as a gateway for the router, execute the following command:


$ openstack router set --external-gateway external-network myrouter

To attach the router to the mysubnet subnet, execute the following command:


$ openstack router add subnet myrouter mysubnet

Manage routers through the OpenStack dashboard

Navigate to Project -> Network -> Routers and click the Create Router button on the right:

To create the router, fill in the form as follows:

Router Name - Type myrouter
External Network - Select external-network

Then click the Create Router button:

You are now able to see the new router in Neutron’s database:

Click on its name, navigate to the Interfaces tab and click the Add Interface button on the right:

To attach the router to the mysubnet subnet, fill in the form as follows:

Subnet - Select mynetwork: 192.168.0.0/24 (mysubnet)

Then press the Submit button:

You are now able to see the new interface in Neutron’s database:

Please note that the interface name may be different in your environment.

6. Manage floating IPs

In the following steps, we’ll allocate floating IP from the external-network network.

Manage floating IPs through the OpenStack client

To allocate floating IP, execute the following command:


$ openstack floating ip create external-network

To list all floating IPs, execute the following command:


$ openstack floating ip list

Sample output:


+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 873d1414-3633-46b9-b1a8-3b67cd79e963 | 10.20.20.19         | None             | None | da8de4f1-2760-40ae-92f1-f483a18c67e8 | 364813a371c84cb8baa7556e280e2ea7 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

Manage floating IPs through the OpenStack dashboard

Navigate to Project -> Network -> Floating IPs and click the Allocate IP to Project button on the right:

To allocate floating IP, click the Allocate IP button:

You are now able to see the floating IP in Neutron’s database:

Note that the IP address may be different in your environment.

7. Manage security groups

In the following steps, we’ll create a new security group called mysecuritygroup, enabling ingress SSH connections.

Manage security groups through the OpenStack client

To create the security group, execute the following command:


$ openstack security group create mysecuritygroup

To list all security groups, execute the following command:


$ openstack security group list

Sample output:


+--------------------------------------+-----------------+------------------------+----------------------------------+------+
| ID                                   | Name            | Description            | Project                          | Tags |
+--------------------------------------+-----------------+------------------------+----------------------------------+------+
| 10b16d8e-e803-406e-8e9b-c80f5af4572e | default         | Default security group | 364813a371c84cb8baa7556e280e2ea7 | []   |
| b3fe35ec-85e2-4dc5-a029-2cc88620428d | mysecuritygroup | mysecuritygroup        | 364813a371c84cb8baa7556e280e2ea7 | []   |
+--------------------------------------+-----------------+------------------------+----------------------------------+------+

To add the rule to the security group, execute the following command:


$ openstack security group rule create --remote-ip 0.0.0.0/0 --dst-port 22:22 --protocol tcp --ingress mysecuritygroup

To list all rules in the security group, execute the following command:


$ openstack security group rule list mysecuritygroup

Sample output:


+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+
| ID                                   | IP Protocol | Ethertype | IP Range  | Port Range | Direction | Remote Security Group | Remote Address Group |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+
| b4fa20d2-1975-418f-8146-a7e9f1864c5e | None        | IPv6      | ::/0      |            | egress    | None                  | None                 |
| b77b70bc-2626-441f-bbc1-07e2a9c91e9d | tcp         | IPv4      | 0.0.0.0/0 | 22:22      | ingress   | None                  | None                 |
| fe944e4f-6526-4d46-8476-b62394e9765a | None        | IPv4      | 0.0.0.0/0 |            | egress    | None                  | None                 |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+