Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Learn how OpenStack manages various virtual network resources

1. Overview

Before you get started!

Welcome to OpenStack!

In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just your workstation, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.

This tutorial is the eighth in the “Phase I - Single-node OpenStack on your workstation” series.

Explore other tutorials >

What is OpenStack?

OpenStack is the most popular open source cloud platform that aggregates distributed compute, network and storage resources in the data centre and enables on-demand provisioning of virtual machines through a self-service portal. OpenStack powers thousands of public and private clouds all over the world, providing rapid access for greater innovation and better economics.

Learn more about OpenStack >

What is MicroStack?

MicroStack is a micro cloud platform based on OpenStack, designed for the edge and small-scale data centre deployments, that can be installed and maintained with minimal effort. MicroStack eliminates the complexity behind OpenStack, providing an opinionated approach to OpenStack architecture design and a straightforward installation method.

Learn more about MicroStack >

What is Charmed OpenStack?

Charmed OpenStack is an enterprise cloud platform based on OpenStack, designed for large-scale data centre deployments, that provides full automation around the initial installation and day-2 operations. Charmed OpenStack abstracts the complexity behind OpenStack, using a composable approach to OpenStack architecture design with model-driven operators (charms).

Learn more about Charmed OpenStack >

In this tutorial, you will learn how to:

  • Distinguish between the various network resources in OpenStack

  • Display network topology

  • Manage networks and subnets

  • Manage routers

  • Manage floating IPs

  • Manage security groups

You will only need:

One physical machine with:

MicroStack

These instructions use MicroStack - OpenStack in a snap. MicroStack is also available on other Linux distros, Windows and macOS. Refer to the MicroStack website for more information on how to install MicroStack on an OS other than Ubuntu.

2. Credentials

Make sure you’re logged in as the myuser user we created in tutorial 6. Identities

To log in as the myuser user through the OpenStack client, open a new terminal window, execute the following command, and type mypassword when asked for the password:


$ source ~/Downloads/myproject-openrc.sh

To log in as the myuser user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:

  • Domain - Type mydomain

  • User Name - Type myuser

  • Password - Type mypassword

3. Display network topology

OpenStack Neutron service enables the management of various resource types. The following ones are usually required to be able to launch instances:

  • Networks are overlay networks created on top of the physical network based on the underlying SDN platform.

  • Subnets provide IP addressing services inside of virtual networks, including the gateway, static routes, DHCP and DNS.

  • Routers connect subnets, enabling inter-tenant communication and access to networks external to OpenStack, including Internet.

  • Floating IPs enable access to instances from networks external to OpenStack through the NAT mechanism.

  • Security Groups are an implementation of network access control lists (ACLs), which can be used to limit access from/to instances.

To display network topology, navigate to Project -> Network -> Network Topology:

1.8.1

At the moment, you are only be able to see the external network there, but you can review it again after completing all the steps in this tutorial.

4. Manage networks and subnets

In the following steps, we’ll create a new network called mynetwork and a new subnet in this network called mysubnet with the IP range of 192.168.0.0/24, DHCP pool of 192.168.0.101 - 192.168.0.200 and the DNS of 8.8.8.8.

Manage networks and subnets through the OpenStack client

To create a the network, execute the following command:


$ openstack --insecure network create mynetwork

To list all networks, execute the following command:


$ openstack --insecure network list

Sample output:


+--------------------------------------+-----------+--------------------------------------+

| ID | Name | Subnets |

+--------------------------------------+-----------+--------------------------------------+

| 305e4536-42bf-4eb5-962c-d32e6b5b0b0f | external | 1a739e72-12c2-4eb1-9566-cf19ff217120 |

| 93089d1f-441c-4d77-b17e-31065c0d99eb | mynetwork | |

+--------------------------------------+-----------+--------------------------------------+

To create the subnet, execute the following command:


$ openstack --insecure subnet create --network mynetwork --subnet-range 192.168.0.0/24 --allocation-pool start=192.168.0.101,end=192.168.0.200 --dns-nameserver 8.8.8.8 mysubnet

To list all subnets, execute the following command:


$ openstack --insecure subnet list

Sample output:


+--------------------------------------+----------+--------------------------------------+----------------+

| ID | Name | Network | Subnet |

+--------------------------------------+----------+--------------------------------------+----------------+

| 40250d82-6b96-4e81-9300-25a23f5d41c7 | mysubnet | 93089d1f-441c-4d77-b17e-31065c0d99eb | 192.168.0.0/24 |

+--------------------------------------+----------+--------------------------------------+----------------+

Manage networks and subnets through the OpenStack dashboard

Navigate to Project -> Network -> Networks and click the Create Network button on the right:

1.8.2

To create the network and the subnet, fill in the form as follows:

  • Network Name - Type mynetwork

Then choose Subnet from the menu on the top:

1.8.3

Fill in the form as follows:

  • Subnet Name - Type mysubnet

  • Network Address - Type 192.168.0.0/24

Then choose Subnet Details from the menu on the top:

1.8.4

Fill in the form as follows:

  • Allocation Pools - Type 192.168.0.101,192.168.0.200

  • DNS Name Servers - Type 8.8.8.8

Then click the Create button:

1.8.5

You are now able to see the new network and subnet in Neutron’s database:

1.8.6

5. Manage routers

In the following steps, we’ll create a new router called myrouter, attach it to the mysubnet subnet and set the external network as the gateway.

Manage routers through the OpenStack client

To create the router, execute the following command:


$ openstack --insecure router create myrouter

To list all routers, execute the following command:


$ openstack --insecure router list

Sample output:


+--------------------------------------+----------+--------+-------+----------------------------------+

| ID | Name | Status | State | Project |

+--------------------------------------+----------+--------+-------+----------------------------------+

| 9d616c55-0076-4284-9293-f7bd9ccc13ff | myrouter | ACTIVE | UP | f96f3e26d98e4455ade809116da49689 |

+--------------------------------------+----------+--------+-------+----------------------------------+

To set the external network as a gateway for the router, execute the following command:


$ openstack --insecure router set --external-gateway external myrouter

To attach the router to the mysubnet subnet, execute the following command:


$ openstack --insecure router add subnet myrouter mysubnet

Manage routers through the OpenStack dashboard

Navigate to Project -> Network -> Routers and click the Create Router button on the right:

1.8.7

To create the router, fill in the form as follows:

  • Router Name - Type myrouter

  • External Network - Select external

Then click the Create Router button:

1.8.8

You are now able to see the new router in Neutron’s database:

1.8.9

Click on its name, navigate to the Interfaces tab and click the Add Interface button on the right:

1.8.10

To attach the router to the mysubnet subnet, fill in the form as follows:

  • Subnet - Select mynetwork: 192.168.0.0/24 (mysubnet)

Then press the Submit button:

1.8.11

You are now able to see the new interface in Neutron’s database:

1.8.12

Please note that the interface name (here (56f98573-e6d3)) may be different in your environment.

6. Manage floating IPs

In the following steps, we’ll allocate floating IP from the external network.

Manage floating IPs through the OpenStack client

To allocate floating IP, execute the following command:


$ openstack --insecure floating ip create external

To list all floating IPs, execute the following command:


$ openstack --insecure floating ip list

Sample output:


+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

| 3a29ad49-101b-46fe-af87-5037cdce876a | 10.20.20.70 | None | None | 305e4536-42bf-4eb5-962c-d32e6b5b0b0f | f96f3e26d98e4455ade809116da49689 |

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

Manage floating IPs through the OpenStack dashboard

Navigate to Project -> Network -> Floating IPs and click the Allocate IP to Project button on the right:

1.8.13

To allocate floating IP, click the Allocate IP button:

1.8.14

You are now able to see the floating IP in Neutron’s database:

1.8.15

Note that the IP (here 10.20.20.78) may be different in your environment.

7. Manage security groups

In the following steps, we’ll create a new security group called mysecuritygroup, enabling ingress SSH connections.

Manage security groups through the OpenStack client

To create the security group, execute the following command:


$ openstack --insecure security group create mysecuritygroup

To list all security groups, execute the following command:


$ openstack --insecure security group list

Sample output:


+--------------------------------------+-----------------+------------------------+----------------------------------+------+

| ID | Name | Description | Project | Tags |

+--------------------------------------+-----------------+------------------------+----------------------------------+------+

| 07a9a332-5868-4af7-a4e4-0a924ef03729 | default | Default security group | f96f3e26d98e4455ade809116da49689 | [] |

| f481aa07-d034-42ec-844a-16bca3f24fa7 | mysecuritygroup | mysecuritygroup | f96f3e26d98e4455ade809116da49689 | [] |

+--------------------------------------+-----------------+------------------------+----------------------------------+------+

To add the rule to the security group, execute the following command:


$ openstack --insecure security group rule create --remote-ip 0.0.0.0/0 --dst-port 22:22 --protocol tcp --ingress mysecuritygroup

To list all rules in the security group, execute the following command:


$ openstack --insecure security group rule list mysecuritygroup

Sample output:


+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+

| ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group |

+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+

| 22083674-91eb-4a46-ac54-fe1db0ab053c | None | IPv4 | 0.0.0.0/0 | | egress | None | None |

| 67507f0d-3c13-4fa7-b63f-5e379100a5d3 | None | IPv6 | ::/0 | | egress | None | None |

| b28bb91d-959b-4c8a-9b21-22cd64dd440c | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None |

+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+

Manage security groups through the OpenStack dashboard

Navigate to Project -> Network -> Security Groups and click the Create Security Group button on the right:

1.8.16

To create the security group, fill in the form as follows:

  • Name - Type mysecuritygroup

Then click the Create Security Group button:

1.8.17

You are now able to see some default rules created within the new security group. Click the Add Rule button on the right:

1.8.18

To add the rule to the security group, fill in the form as follows:

  • Rule - Select SSH

Then click the Add button:

1.8.19

You are now able to see the new rule in Neutron’s database:

1.8.20

Note that the security group ID (here cd81f55b-9b77-4ad3-94f7-6d1dbc78b392) may be different in your environment.

8. Next steps

Congratulations! You have reached the end of this tutorial.

You can now move to the next tutorial - “9. Instances” - or explore other tutorials.

Take a survey!

Your feedback is very important for us and the entire OpenStack community. We want to understand how you use MicroStack and your pain points. Your feedback helps guide future MicroStack development.

Please fill in a short 5-question anonymous survey.

In this tutorial, you have learnt how to:

  • Distinguish between the various network resources in OpenStack

  • Display network topology

  • Manage networks and subnets

  • Manage routers

  • Manage floating IPs

  • Manage security groups

Where to go from here?

© 2023 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.