Learn how OpenStack manages various virtual network resources

1. Overview

Before you get started!

Welcome to OpenStack!

In this series of tutorials, we will walk you through all the necessary steps to install, configure and get started with OpenStack. Using just a single machine, you will learn how to use OpenStack for cloud infrastructure implementation purposes, from a single-node installation to large-scale clusters.

This tutorial is the eighth in the “Phase 1 - Learn OpenStack” series.

Explore other tutorials >

What is OpenStack?

OpenStack is a collection of open source projects designed to work together to form the basis of a cloud. OpenStack can be used for both private and public cloud implementation.

What is Sunbeam?

Sunbeam is an upstream project under the governance of the OpenInfra Foundation (OIF), which was created to lower the barrier to entry for OpenStack, simplify its adoption process, and set the foundation for an autonomous private cloud. Sunbeam uses cloud-native architecture and total bottom-up automation to make OpenStack more accessible to newcomers and to help users get to grips with the platform immediately.

What is MicroStack?

MicroStack (based on Sunbeam) is an OpenStack distribution designed for small-scale cloud environments. While it is available with full commercial support from Canonical, it can also be self-deployed with no friction, effectively eliminating the need for a paid consulting engagement. MicroStack currently includes core OpenStack services only, but is expected to evolve quickly to ensure full feature parity with Canonical’s Charmed OpenStack soon.

In this tutorial, you will learn how to:

  • Distinguish between the various network resources in OpenStack
  • Display network topology
  • Manage networks and subnets
  • Manage routers
  • Manage floating IPs
  • Manage security groups

You will only need:

One fresh physical or virtual machine with:


2. Credentials

Make sure you’re logged in as the myuser user we created in tutorial 6. Identities

To log in as the myuser user through the OpenStack client, open a new terminal window, execute the following command, and type mypassword when asked for the password:


$ source ~/Downloads/myproject-openrc.sh

To log in as the myuser user through the OpenStack dashboard, visit https://10.20.20.1 and use the following credentials:

  • Domain - Type mydomain

  • User Name - Type myuser

  • Password - Type mypassword


3. Display network topology

OpenStack Neutron service enables the management of various resource types. The following ones are usually required to be able to launch instances:

  • Networks are overlay networks created on top of the physical network based on the underlying SDN platform.

  • Subnets provide IP addressing services inside of virtual networks, including the gateway, static routes, DHCP and DNS.

  • Routers connect subnets, enabling inter-tenant communication and access to networks external to OpenStack, including Internet.

  • Floating IPs enable access to instances from networks external to OpenStack through the NAT mechanism.

  • Security Groups are an implementation of network access control lists (ACLs), which can be used to limit access from/to instances.

To display network topology, navigate to ProjectNetworkNetwork Topology:

1.8.1

At the moment, you are only be able to see the external-network network there, but you can review it again after completing all the steps in this tutorial.


4. Manage networks and subnets

In the following steps, we’ll create a new network called mynetwork and a new subnet in this network called mysubnet with the IP range of 192.168.0.0/24, DHCP pool of 192.168.0.101 - 192.168.0.200 and the DNS of 8.8.8.8.

Manage networks and subnets through the OpenStack client

To create a the network, execute the following command:


$ openstack network create mynetwork

To list all networks, execute the following command:


$ openstack network list

Sample output:


+--------------------------------------+------------------+--------------------------------------+
| ID                                   | Name             | Subnets                              |
+--------------------------------------+------------------+--------------------------------------+
| a78fd33a-d6cd-4362-9bfd-9a5b1c29b5c4 | mynetwork        |                                      |
| da8de4f1-2760-40ae-92f1-f483a18c67e8 | external-network | 6bfcf386-5d49-486e-b9e1-e8ddbb10f17f |
+--------------------------------------+------------------+--------------------------------------+

To create the subnet, execute the following command:


$ openstack subnet create --network mynetwork --subnet-range 192.168.0.0/24 --allocation-pool start=192.168.0.101,end=192.168.0.200 --dns-nameserver 8.8.8.8 mysubnet

To list all subnets, execute the following command:


$ openstack subnet list

Sample output:


+--------------------------------------+----------+--------------------------------------+----------------+
| ID                                   | Name     | Network                              | Subnet         |
+--------------------------------------+----------+--------------------------------------+----------------+
| 68fd7e4f-88d9-4793-a370-decc440f2fa4 | mysubnet | a78fd33a-d6cd-4362-9bfd-9a5b1c29b5c4 | 192.168.0.0/24 |
+--------------------------------------+----------+--------------------------------------+----------------+

Manage networks and subnets through the OpenStack dashboard

Navigate to ProjectNetworkNetworks and click the Create Network button on the right:

1.8.2

To create the network and the subnet, fill in the form as follows:

  • Network Name - Type mynetwork

Then choose Subnet from the menu on the top:

1.8.3

Fill in the form as follows:

  • Subnet Name - Type mysubnet

  • Network Address - Type 192.168.0.0/24

Then choose Subnet Details from the menu on the top:

1.8.4

Fill in the form as follows:

  • Allocation Pools - Type 192.168.0.101,192.168.0.200

  • DNS Name Servers - Type 8.8.8.8

Then click the Create button:

1.8.5

You are now able to see the new network and subnet in Neutron’s database:

1.8.6


5. Manage routers

In the following steps, we’ll create a new router called myrouter, attach it to the mysubnet subnet and set the external-network network as the gateway.

Manage routers through the OpenStack client

To create the router, execute the following command:


$ openstack router create myrouter

To list all routers, execute the following command:


$ openstack router list

Sample output:


+--------------------------------------+----------+--------+-------+----------------------------------+
| ID                                   | Name     | Status | State | Project                          |
+--------------------------------------+----------+--------+-------+----------------------------------+
| 26fba280-6e9b-4729-9f97-eca0a2d4f87f | myrouter | ACTIVE | UP    | 364813a371c84cb8baa7556e280e2ea7 |
+--------------------------------------+----------+--------+-------+----------------------------------+

To set the external-network network as a gateway for the router, execute the following command:


$ openstack router set --external-gateway external-network myrouter

To attach the router to the mysubnet subnet, execute the following command:


$ openstack router add subnet myrouter mysubnet

Manage routers through the OpenStack dashboard

Navigate to ProjectNetworkRouters and click the Create Router button on the right:

1.8.7

To create the router, fill in the form as follows:

  • Router Name - Type myrouter

  • External Network - Select external-network

Then click the Create Router button:

1.8.8

You are now able to see the new router in Neutron’s database:

1.8.9

Click on its name, navigate to the Interfaces tab and click the Add Interface button on the right:

1.8.10

To attach the router to the mysubnet subnet, fill in the form as follows:

  • Subnet - Select mynetwork: 192.168.0.0/24 (mysubnet)

Then press the Submit button:

1.8.11

You are now able to see the new interface in Neutron’s database:

1.8.12

Please note that the interface name may be different in your environment.


6. Manage floating IPs

In the following steps, we’ll allocate floating IP from the external-network network.

Manage floating IPs through the OpenStack client

To allocate floating IP, execute the following command:


$ openstack floating ip create external-network

To list all floating IPs, execute the following command:


$ openstack floating ip list

Sample output:


+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 873d1414-3633-46b9-b1a8-3b67cd79e963 | 10.20.20.19         | None             | None | da8de4f1-2760-40ae-92f1-f483a18c67e8 | 364813a371c84cb8baa7556e280e2ea7 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

Manage floating IPs through the OpenStack dashboard

Navigate to ProjectNetworkFloating IPs and click the Allocate IP to Project button on the right:

1.8.13

To allocate floating IP, click the Allocate IP button:

1.8.14

You are now able to see the floating IP in Neutron’s database:

1.8.15

Note that the IP address may be different in your environment.


7. Manage security groups

In the following steps, we’ll create a new security group called mysecuritygroup, enabling ingress SSH connections.

Manage security groups through the OpenStack client

To create the security group, execute the following command:


$ openstack security group create mysecuritygroup

To list all security groups, execute the following command:


$ openstack security group list

Sample output:


+--------------------------------------+-----------------+------------------------+----------------------------------+------+
| ID                                   | Name            | Description            | Project                          | Tags |
+--------------------------------------+-----------------+------------------------+----------------------------------+------+
| 10b16d8e-e803-406e-8e9b-c80f5af4572e | default         | Default security group | 364813a371c84cb8baa7556e280e2ea7 | []   |
| b3fe35ec-85e2-4dc5-a029-2cc88620428d | mysecuritygroup | mysecuritygroup        | 364813a371c84cb8baa7556e280e2ea7 | []   |
+--------------------------------------+-----------------+------------------------+----------------------------------+------+

To add the rule to the security group, execute the following command:


$ openstack security group rule create --remote-ip 0.0.0.0/0 --dst-port 22:22 --protocol tcp --ingress mysecuritygroup

To list all rules in the security group, execute the following command:


$ openstack security group rule list mysecuritygroup

Sample output:


+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+
| ID                                   | IP Protocol | Ethertype | IP Range  | Port Range | Direction | Remote Security Group | Remote Address Group |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+
| b4fa20d2-1975-418f-8146-a7e9f1864c5e | None        | IPv6      | ::/0      |            | egress    | None                  | None                 |
| b77b70bc-2626-441f-bbc1-07e2a9c91e9d | tcp         | IPv4      | 0.0.0.0/0 | 22:22      | ingress   | None                  | None                 |
| fe944e4f-6526-4d46-8476-b62394e9765a | None        | IPv4      | 0.0.0.0/0 |            | egress    | None                  | None                 |
+--------------------------------------+-------------+-----------+-----------+------------+-----------+-----------------------+----------------------+

Manage security groups through the OpenStack dashboard

Navigate to ProjectNetworkSecurity Groups and click the Create Security Group button on the right:

1.8.16

To create the security group, fill in the form as follows:

  • Name - Type mysecuritygroup

Then click the Create Security Group button:

1.8.17

You are now able to see some default rules created within the new security group. Click the Add Rule button on the right:

1.8.18

To add the rule to the security group, fill in the form as follows:

  • Rule - Select SSH

Then click the Add button:

1.8.19

You are now able to see the new rule in Neutron’s database:

1.8.20

Note that the security group ID may be different in your environment.


8. Next steps