Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 3. Common administrative networking tasks

OpenStack Networking (neutron) is the software-defined networking component of Red Hat OpenStack Platform. The virtual network infrastructure enables connectivity between instances and the physical external network.

This section contains information about common administration tasks, such as adding and removing subnets and routers to suit your Red Hat OpenStack Platform deployment.

3.1. Creating a network

Create a network so that your instances can communicate with each other and receive IP addresses using DHCP. You can also integrate a network with external networks in your Red Hat OpenStack Platform deployment, or elsewhere, such as the physical network. This integration allows your instances to communicate with outside systems. For more information, see Bridge the physical network.

When creating networks, it is important to know that networks can host multiple subnets. This is useful if you intend to host distinctly different systems in the same network, and prefer a measure of isolation between them. For example, you can designate that only webserver traffic is present on one subnet, while database traffic traverses another. Subnets are isolated from each other, and any instance that wants to communicate with another subnet must have their traffic directed by a router. Consider placing systems that require a high volume of traffic amongst themselves in the same subnet, so that they do not require routing, and can avoid the subsequent latency and load.

  1. In the dashboard, select Project > Network > Networks.

  2. Click +Create Network and specify the following values:

    FieldDescription

    Network Name

    Descriptive name, based on the role that the network will perform. If you are integrating the network with an external VLAN, consider appending the VLAN ID number to the name. For example, webservers_122, if you are hosting HTTP web servers in this subnet, and your VLAN tag is 122. Or you might use internal-only if you intend to keep the network traffic private, and not integrate the network with an external network.

    Admin State

    Controls whether the network is immediately available. Use this field to create the network in a Down state, where it is logically present but inactive. This is useful if you do not intend to enter the network into production immediately.

  3. Click the Next button, and specify the following values in the Subnet tab:

    FieldDescription

    Create Subnet

    Determines whether to create a subnet. For example, you might not want to create a subnet if you intend to keep this network as a placeholder without network connectivity.

    Subnet Name

    Enter a descriptive name for the subnet.

    Network Address

    Enter the address in CIDR format, which contains the IP address range and subnet mask in one value. To determine the address, calculate the number of bits masked in the subnet mask and append that value to the IP address range. For example, the subnet mask 255.255.255.0 has 24 masked bits. To use this mask with the IPv4 address range 192.168.122.0, specify the address 192.168.122.0/24.

    IP Version

    Specifies the internet protocol version, where valid types are IPv4 or IPv6. The IP address range in the Network Address field must match whichever version you select.

    Gateway IP

    IP address of the router interface for your default gateway. This address is the next hop for routing any traffic destined for an external location, and must be within the range that you specify in the Network Address field. For example, if your CIDR network address is 192.168.122.0/24, then your default gateway is likely to be 192.168.122.1.

    Disable Gateway

    Disables forwarding and isolates the subnet.

  4. Click Next to specify DHCP options:

    • Enable DHCP - Enables DHCP services for this subnet. You can use DHCP to automate the distribution of IP settings to your instances.

    • IPv6 Address - Configuration Modes. If you create an IPv6 network, you must specify how to allocate IPv6 addresses and additional information:

      • No Options Specified - Select this option if you want to set IP addresses manually, or if you use a non OpenStack-aware method for address allocation.
      • SLAAC (Stateless Address Autoconfiguration) - Instances generate IPv6 addresses based on Router Advertisement (RA) messages sent from the OpenStack Networking router. Use this configuration to create an OpenStack Networking subnet with ra_mode set to slaac and address_mode set to slaac.
      • DHCPv6 stateful - Instances receive IPv6 addresses as well as additional options (for example, DNS) from the OpenStack Networking DHCPv6 service. Use this configuration to create a subnet with ra_mode set to dhcpv6-stateful and address_mode set to dhcpv6-stateful.
      • DHCPv6 stateless - Instances generate IPv6 addresses based on Router Advertisement (RA) messages sent from the OpenStack Networking router. Additional options (for example, DNS) are allocated from the OpenStack Networking DHCPv6 service. Use this configuration to create a subnet with ra_mode set to dhcpv6-stateless and address_mode set to dhcpv6-stateless.
    • Allocation Pools - Range of IP addresses that you want DHCP to assign. For example, the value 192.168.22.100,192.168.22.100 considers all up addresses in that range as available for allocation.

    • DNS Name Servers - IP addresses of the DNS servers available on the network. DHCP distributes these addresses to the instances for name resolution.

      Important

      For strategic services such as DNS, it is a best practice not to host them on your cloud. For example, if your cloud hosts DNS and your cloud becomes inoperable, DNS is unavailable and the cloud components cannot do lookups on each other.

    • Host Routes - Static host routes. First, specify the destination network in CIDR format, followed by the next hop that you want to use for routing (for example, 192.168.23.0/24, 10.1.31.1). Provide this value if you need to distribute static routes to instances.

  5. Click Create.

    You can view the complete network in the Networks tab. You can also click Edit to change any options as needed. When you create instances, you can configure them now to use its subnet, and they receive any specified DHCP options.

3.2. Adding network routing

To allow traffic to be routed to and from your new network, you must add its subnet as an interface to an existing virtual router:

  1. In the dashboard, select Project > Network > Routers.

  2. Select your virtual router name in the Routers list, and click Add Interface.

    In the Subnet list, select the name of your new subnet. You can optionally specify an IP address for the interface in this field.

  3. Click Add Interface.

    Instances on your network can now communicate with systems outside the subnet.

3.3. Deleting a network

There are occasions where it becomes necessary to delete a network that was previously created, perhaps as housekeeping or as part of a decommissioning process. You must first remove or detach any interfaces where the network is still in use, before you can successfully delete a network.

To delete a network in your project, together with any dependent interfaces, complete the following steps:

  1. In the dashboard, select Project > Network > Networks.

    Remove all router interfaces associated with the target network subnets.

    To remove an interface, find the ID number of the network that you want to delete by clicking on your target network in the Networks list, and looking at the ID field. All the subnets associated with the network share this value in the Network ID field.

  2. Navigate to Project > Network > Routers, click the name of your virtual router in the Routers list, and locate the interface attached to the subnet that you want to delete.

    You can distinguish this subnet from the other subnets by the IP address that served as the gateway IP. You can further validate the distinction by ensuring that the network ID of the interface matches the ID that you noted in the previous step.

  3. Click the Delete Interface button for the interface that you want to delete.
  4. Select Project > Network > Networks, and click the name of your network.

  5. Click the Delete Subnet button for the subnet that you want to delete.

    Note

    If you are still unable to remove the subnet at this point, ensure it is not already being used by any instances.

  6. Select Project > Network > Networks, and select the network you would like to delete.
  7. Click Delete Networks.

3.4. Purging all resources and deleting a project

Use the openstack project purge command to delete all resources that belong to a particular project as well as deleting the project, too.

For example, to purge the resources of the test-project project, and then delete the project, run the following commands:

Copy to Clipboard Toggle word wrap 
# openstack project list
+----------------------------------+--------------+
| ID                               | Name         |
+----------------------------------+--------------+
| 02e501908c5b438dbc73536c10c9aac0 | test-project |
| 519e6344f82e4c079c8e2eabb690023b | services     |
| 80bf5732752a41128e612fe615c886c6 | demo         |
| 98a2f53c20ce4d50a40dac4a38016c69 | admin        |
+----------------------------------+--------------+

# openstack project purge --project 02e501908c5b438dbc73536c10c9aac0

3.5. Working with subnets

Use subnets to grant network connectivity to instances. Each instance is assigned to a subnet as part of the instance creation process, therefore it’s important to consider proper placement of instances to best accommodate their connectivity requirements.

You can create subnets only in pre-existing networks. Remember that project networks in OpenStack Networking can host multiple subnets. This is useful if you intend to host distinctly different systems in the same network, and prefer a measure of isolation between them.

For example, you can designate that only webserver traffic is present on one subnet, while database traffic traverse another.

Subnets are isolated from each other, and any instance that wants to communicate with another subnet must have their traffic directed by a router. Therefore, you can lessen network latency and load by grouping systems in the same subnet that require a high volume of traffic between each other.

3.5.1. Creating a subnet

To create a subnet, follow these steps:

  1. In the dashboard, select Project > Network > Networks, and click the name of your network in the Networks view.

  2. Click Create Subnet, and specify the following values:

    FieldDescription

    Subnet Name

    Descriptive subnet name.

    Network Address

    Address in CIDR format, which contains the IP address range and subnet mask in one value. To determine the CIDR address, calculate the number of bits masked in the subnet mask and append that value to the IP address range. For example, the subnet mask 255.255.255.0 has 24 masked bits. To use this mask with the IPv4 address range 192.168.122.0, specify the address 192.168.122.0/24.

    IP Version

    Internet protocol version, where valid types are IPv4 or IPv6. The IP address range in the Network Address field must match whichever protocol version you select.

    Gateway IP

    IP address of the router interface for your default gateway. This address is the next hop for routing any traffic destined for an external location, and must be within the range that you specify in the Network Address field. For example, if your CIDR network address is 192.168.122.0/24, then your default gateway is likely to be 192.168.122.1.

    Disable Gateway

    Disables forwarding and isolates the subnet.

  3. Click Next to specify DHCP options:

    • Enable DHCP - Enables DHCP services for this subnet. You can use DHCP to automate the distribution of IP settings to your instances.

    • IPv6 Address - Configuration Modes. If you create an IPv6 network, you must specify how to allocate IPv6 addresses and additional information:

      • No Options Specified - Select this option if you want to set IP addresses manually, or if you use a non OpenStack-aware method for address allocation.
      • SLAAC (Stateless Address Autoconfiguration) - Instances generate IPv6 addresses based on Router Advertisement (RA) messages sent from the OpenStack Networking router. Use this configuration to create an OpenStack Networking subnet with ra_mode set to slaac and address_mode set to slaac.
      • DHCPv6 stateful - Instances receive IPv6 addresses as well as additional options (for example, DNS) from the OpenStack Networking DHCPv6 service. Use this configuration to create a subnet with ra_mode set to dhcpv6-stateful and address_mode set to dhcpv6-stateful.
      • DHCPv6 stateless - Instances generate IPv6 addresses based on Router Advertisement (RA) messages sent from the OpenStack Networking router. Additional options (for example, DNS) are allocated from the OpenStack Networking DHCPv6 service. Use this configuration to create a subnet with ra_mode set to dhcpv6-stateless and address_mode set to dhcpv6-stateless.
    • Allocation Pools - Range of IP addresses that you want DHCP to assign. For example, the value 192.168.22.100,192.168.22.100 considers all up addresses in that range as available for allocation.
    • DNS Name Servers - IP addresses of the DNS servers available on the network. DHCP distributes these addresses to the instances for name resolution.
    • Host Routes - Static host routes. First, specify the destination network in CIDR format, followed by the next hop that you want to use for routing (for example, 192.168.23.0/24, 10.1.31.1). Provide this value if you need to distribute static routes to instances.

  4. Click Create.

    You can view the subnet in the Subnets list. You can also click Edit to change any options as needed. When you create instances, you can configure them now to use its subnet, and they receive any specified DHCP options.

3.6. Deleting a subnet

You can delete a subnet if it is no longer in use. However, if any instances are still configured to use the subnet, the deletion attempt fails and the dashboard displays an error message.

Complete the following steps to delete a specific subnet in a network:

  1. In the dashboard, select Project > Network > Networks.
  2. Click the name of your network.
  3. Select the target subnet, and click Delete Subnets.

3.7. Adding a router

OpenStack Networking provides routing services using an SDN-based virtual router. Routers are a requirement for your instances to communicate with external subnets, including those in the physical network. Routers and subnets connect using interfaces, with each subnet requiring its own interface to the router.

The default gateway of a router defines the next hop for any traffic received by the router. Its network is typically configured to route traffic to the external physical network using a virtual bridge.

To create a router, complete the following steps:

  1. In the dashboard, select Project > Network > Routers, and click Create Router.
  2. Enter a descriptive name for the new router, and click Create router.
  3. Click Set Gateway next to the entry for the new router in the Routers list.
  4. In the External Network list, specify the network that you want to receive traffic destined for an external location.

  5. Click Set Gateway.

    After you add a router, you must configure any subnets you have created to send traffic using this router. You do this by creating interfaces between the subnet and the router.

Important

The default routes for subnets must not be overwritten. When the default route for a subnet is removed, the L3 agent automatically removes the corresponding route in the router namespace too, and network traffic cannot flow to and from the associated subnet. If the existing router namespace route has been removed, to fix this problem, perform these steps:

  1. Disassociate all floating IPs on the subnet.
  2. Detach the router from the subnet.
  3. Re-attach the router to the subnet.
  4. Re-attach all floating IPs.

3.8. Deleting a router

You can delete a router if it has no connected interfaces.

To remove its interfaces and delete a router, complete the following steps:

  1. In the dashboard, select Project > Network > Routers, and click the name of the router that you want to delete.
  2. Select the interfaces of type Internal Interface, and click Delete Interfaces.
  3. From the Routers list, select the target router and click Delete Routers.

3.9. Tuning keepalived to avoid VRRP packet loss

If the number of highly available (HA) routers on a single host is high, when an HA router fail over occurs, the Virtual Router Redundancy Protocol (VRRP) messages might overflow the IRQ queues. This overflow stops Open vSwitch (OVS) from responding and forwarding those VRRP messages.

To avoid VRRP packet overload, you must increase the VRRP advertisement interval using the ha_vrrp_advert_int option in Networking service (neutron) agent configuration file, l3_agent.conf.

Procedure

  1. Log in as the stack user on the overcloud Networking controller host and open l3_agent.conf in a text editor.

    Example

    Copy to Clipboard Toggle word wrap 
    vi /var/lib/config-data/neutron/etc/neutron/l3_agent.conf

  2. Locate the ha_vrrp_advert_int option, and increase the VRRP advert interval. (The default is 2 seconds.)

    Example

    Copy to Clipboard Toggle word wrap 
    [DEFAULT]
ha_vrrp_advert_int = 7
ha_vrrp_garp_master_repeat = 5
ha_vrrp_garp_master_delay = 5

    There are also options for gratuitous ARP messages that you can set:

    ha_vrrp_garp_master_repeat
    The number of gratuitous ARP messages to send at one time after the transition to the master state. (The default is 5 messages.)
    ha_vrrp_garp_master_delay
    The delay for second set of gratuitous ARP messages after the lower priority advert is received in the master state. (The default is 5 seconds.)
    Tip

    The next time that the openstack overcloud deploy command is run, any manual changes like this one to l3_agent.conf are overwritten. You can write a post-deployment script that re-applies your changes after future overcloud updates. If you incorporate the puppet hieradata role name described in the following document in your script, the script will run only on the overcloud node roles that must have your l3_agent.conf changes re-applied. For more information, see Post-Configuration: Customizing All Overcloud Roles in the Advanced Overcloud Customization guide.

Additional resources

3.10. Adding an interface

You can use interfaces to interconnect routers with subnets so that routers can direct any traffic that instances send to destinations outside of their intermediate subnet.

To add a router interface and connect the new interface to a subnet, complete these steps:

Note

This procedure uses the Network Topology feature. Using this feature, you can see a graphical representation of all your virtual routers and networks while you to perform network management tasks.

  1. In the dashboard, select Project > Network > Network Topology.
  2. Locate the router that you want to manage, hover your mouse over it, and click Add Interface.

  3. Specify the Subnet that you want to connect to the router.

    You can also specify an IP address. The address is useful for testing and troubleshooting purposes, since a successful ping to this interface indicates that the traffic is routing as expected.

  4. Click Add interface.

    The Network Topology diagram automatically updates to reflect the new interface connection between the router and subnet.

3.11. Deleting an interface

You can remove an interface to a subnet if you no longer require the router to direct traffic for the subnet.

To delete an interface, complete the following steps:

  1. In the dashboard, select Project > Network > Routers.
  2. Click the name of the router that hosts the interface that you want to delete.
  3. Select the interface type (Internal Interface), and click Delete Interfaces.

3.12. Creating floating IP pools

You can use floating IP addresses to direct ingress network traffic to your OpenStack instances. First, you must define a pool of validly routable external IP addresses, which you can then assign to instances dynamically. OpenStack Networking routes all incoming traffic destined for that floating IP to the instance that you associate with the floating IP.

Note

OpenStack Networking allocates floating IP addresses to all projects (tenants) from the same IP ranges in CIDR format. As a result, all projects can consume floating IPs from every floating IP subnet. You can manage this behavior using quotas for specific projects. For example, you can set the default to 10 for ProjectA and ProjectB, while setting the quota for ProjectC to 0.

Procedure

  • When you create an external subnet, you can also define the floating IP allocation pool.

    Copy to Clipboard Toggle word wrap 
    $ openstack subnet create --no-dhcp --allocation-pool start=IP_ADDRESS,end=IP_ADDRESS --gateway IP_ADDRESS --network SUBNET_RANGE NETWORK_NAME

    If the subnet hosts only floating IP addresses, consider disabling DHCP allocation with the --no-dhcp option in the openstack subnet create command.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack subnet create --no-dhcp --allocation_pool start=192.168.100.20,end=192.168.100.100 --gateway 192.168.100.1 --network 192.168.100.0/24 public

Verification steps

  • You can verify that the pool is configured properly by assigning a random floating IP to an instance. (See the later link that follows.)

Additional resources

3.13. Assigning a specific floating IP

You can assign a specific floating IP address to a VM instance.

Procedure

  • Allocate a floating IP address to an instance by using the openstack server add floating ip command.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack server add floating ip prod-serv1 192.0.2.200

Validation steps

  • Confirm that your floating IP is associated with your instance by using the openstack server show command.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack server show prod-serv1

    Sample output

    Copy to Clipboard Toggle word wrap 
    +-----------------------------+------------------------------------------+
| Field                       | Value                                    |
+-----------------------------+------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                   |
| OS-EXT-AZ:availability_zone | nova                                     |
| OS-EXT-STS:power_state      | Running                                  |
| OS-EXT-STS:task_state       | None                                     |
| OS-EXT-STS:vm_state         | active                                   |
| OS-SRV-USG:launched_at      | 2021-08-11T14:45:37.000000               |
| OS-SRV-USG:terminated_at    | None                                     |
| accessIPv4                  |                                          |
| accessIPv6                  |                                          |
| addresses                   | public=198.51.100.56,192.0.2.200         |
|                             |                                          |
| config_drive                |                                          |
| created                     | 2021-08-11T14:44:54Z                     |
| flavor                      | review-ephemeral                         |
|                             | (8130dd45-78f6-44dc-8173-4d6426b8e520)   |
| hostId                      | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 |
|                             | 0ec6157eca4488c9                         |
| id                          | aef3ca09-887d-4d20-872d-1d1b49081958     |
| image                       | rhel8                                    |
|                             | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb)   |
| key_name                    | example-keypair                          |
| name                        | prod-serv1                               |
| progress                    | 0                                        |
| project_id                  | bd7a8c4a19424cf09a82627566b434fa         |
| properties                  |                                          |
| security_groups             | name='default'                           |
| status                      | ACTIVE                                   |
| updated                     | 2021-08-11T14:45:37Z                     |
| user_id                     | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 |
|                             | 45f76ffced91096196f646b5                 |
| volumes_attached            |                                          |
+-----------------------------+------------------------------------------+

Additional resources

3.14. Creating an advanced network

Advanced network options are available for administrators, when creating a network from the Admin view. Use these options to specify projects and to define the network type that you want to use.

Procedure

  1. In the dashboard, select Admin > Networks > Create Network > Project.
  2. Select the project that you want to host the new network with the Project drop-down list.

  3. Review the options in Provider Network Type:

    • Local - Traffic remains on the local Compute host and is effectively isolated from any external networks.
    • Flat - Traffic remains on a single network and can also be shared with the host. No VLAN tagging or other network segregation takes place.
    • VLAN - Create a network using a VLAN ID that corresponds to a VLAN present in the physical network. This option allows instances to communicate with systems on the same layer 2 VLAN.
    • GRE - Use a network overlay that spans multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.
    • VXLAN - Similar to GRE, and uses a network overlay to span multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.

  4. Click Create Network.

    Review the Project Network Topology to validate that the network has been successfully created.

Additional resources

3.15. Assigning a random floating IP

You can dynamically allocate floating IP addresses to VM instances from a pool of external IP addresses.

Prerequisites

Procedure

  1. Enter the following command to allocate a floating IP address from the pool. In this example, the network is named public.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack floating ip create public

    Sample output

    In the following example, the newly allocated floating IP is 192.0.2.200. You can assign it to an instance.

    Copy to Clipboard Toggle word wrap 
    +---------------------+--------------------------------------------------+
| Field               | Value                                            |
+---------------------+--------------------------------------------------+
| fixed_ip_address    | None                                             |
| floating_ip_address | 192.0.2.200                                      |
| floating_network_id | f0dcc603-f693-4258-a940-0a31fd4b80d9             |
| id                  | 6352284c-c5df-4792-b168-e6f6348e2620             |
| port_id             | None                                             |
| router_id           | None                                             |
| status              | ACTIVE                                           |
+---------------------+--------------------------------------------------+

  2. Enter the following command to locate your instance:

    Copy to Clipboard Toggle word wrap 
    $ openstack server list

    Sample output

    Copy to Clipboard Toggle word wrap 
    +-------------+-------------+--------+-------------+-------+-------------+
| ID          | Name        | Status | Networks    | Image | Flavor      |
+-------------+-------------+--------+-------------+-------+-------------+
| aef3ca09-88 | prod-serv1  | ACTIVE | public=198. | rhel8 | review-     |
| 7d-4d20-872 |             |        | 51.100.56   |       | ephemeral   |
| d-1d1b49081 |             |        |             |       |             |
| 958         |             |        |             |       |             |
|             |             |        |             |       |             |
+-------------+-------------+--------+-------------+-------+-------------+

  3. Associate the instance name or ID with the floating IP.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack server add floating ip prod-serv1 192.0.2.200

Validation steps

  • Enter the following command to confirm that your floating IP is associated with your instance.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack server show prod-serv1

    Sample output

    Copy to Clipboard Toggle word wrap 
    +-----------------------------+------------------------------------------+
| Field                       | Value                                    |
+-----------------------------+------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                   |
| OS-EXT-AZ:availability_zone | nova                                     |
| OS-EXT-STS:power_state      | Running                                  |
| OS-EXT-STS:task_state       | None                                     |
| OS-EXT-STS:vm_state         | active                                   |
| OS-SRV-USG:launched_at      | 2021-08-11T14:45:37.000000               |
| OS-SRV-USG:terminated_at    | None                                     |
| accessIPv4                  |                                          |
| accessIPv6                  |                                          |
| addresses                   | public=198.51.100.56,192.0.2.200         |
|                             |                                          |
| config_drive                |                                          |
| created                     | 2021-08-11T14:44:54Z                     |
| flavor                      | review-ephemeral                         |
|                             | (8130dd45-78f6-44dc-8173-4d6426b8e520)   |
| hostId                      | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 |
|                             | 0ec6157eca4488c9                         |
| id                          | aef3ca09-887d-4d20-872d-1d1b49081958     |
| image                       | rhel8                                    |
|                             | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb)   |
| key_name                    | example-keypair                          |
| name                        | prod-serv1                               |
| progress                    | 0                                        |
| project_id                  | bd7a8c4a19424cf09a82627566b434fa         |
| properties                  |                                          |
| security_groups             | name='default'                           |
| status                      | ACTIVE                                   |
| updated                     | 2021-08-11T14:45:37Z                     |
| user_id                     | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 |
|                             | 45f76ffced91096196f646b5                 |
| volumes_attached            |                                          |
+-----------------------------+------------------------------------------+

Additional resources

3.16. Creating multiple floating IP pools

OpenStack Networking supports one floating IP pool for each L3 agent. Therefore, you must scale your L3 agents to create additional floating IP pools.

Procedure

  • Make sure that in /var/lib/config-data/neutron/etc/neutron/neutron.conf the property handle_internal_only_routers is set to True for only one L3 agent in your environment. This option configures the L3 agent to manage only non-external routers.

Additional resources

3.17. Bridging the physical network

Bridge your virtual network to the physical network to enable connectivity to and from virtual instances.

In this procedure, the example physical interface, eth0, is mapped to the bridge, br-ex; the virtual bridge acts as the intermediary between the physical network and any virtual networks.

As a result, all traffic traversing eth0 uses the configured Open vSwitch to reach instances.

To map a physical NIC to the virtual Open vSwitch bridge, complete the following steps:

Procedure

  1. Open /etc/sysconfig/network-scripts/ifcfg-eth0 in a text editor, and update the following parameters with values appropriate for the network at your site:

    • IPADDR
    • NETMASK GATEWAY

    • DNS1 (name server)

      Here is an example:

      Copy to Clipboard Toggle word wrap 
      # vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes

  2. Open /etc/sysconfig/network-scripts/ifcfg-br-ex in a text editor and update the virtual bridge parameters with the IP address values that were previously allocated to eth0:

    Copy to Clipboard Toggle word wrap 
    # vi /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.120.10
NETMASK=255.255.255.0
GATEWAY=192.168.120.1
DNS1=192.168.120.1
ONBOOT=yes

    You can now assign floating IP addresses to instances and make them available to the physical network.

Additional resources

3.18. Specifying the name that DNS assigns to ports

You can specify the name assigned to ports by the internal DNS when you enable the Red Hat OpenStack Platform (RHOSP) Networking service (neutron) dns_domain for ports extension (dns_domain_ports).

You enable the dns_domain for ports extension by declaring the RHOSP Orchestration (heat) NeutronPluginExtensions parameter in a YAML-formatted environment file. Using a corresponding parameter, NeutronDnsDomain, you specify your domain name, which overrides the default value, openstacklocal. After redeploying your overcloud, you can use the OpenStack Client port commands, port set or port create, with --dns-name to assign a port name.

Also, when the dns_domain for ports extension is enabled, the Compute service automatically populates the dns_name attribute with the hostname attribute of the instance during the boot of VM instances. At the end of the boot process, dnsmasq recognizes the allocated ports by their instance hostname.

Procedure

  1. Log in to the undercloud as the stack user, and source the stackrc file to enable the director command line tools.

    Example

    Copy to Clipboard Toggle word wrap 
    $ source ~/stackrc

  2. Create a custom YAML environment file (my-neutron-environment.yaml).

    Note

    Values inside parentheses are sample values that are used in the example commands in this procedure. Substitute these sample values with ones that are appropriate for your site.

    Example

    Copy to Clipboard Toggle word wrap 
    $ vi /home/stack/templates/my-neutron-environment.yaml

    Tip

    The undercloud includes a set of Orchestration service templates that form the plan for your overcloud creation. You can customize aspects of the overcloud with environment files, which are YAML-formatted files that override parameters and resources in the core Orchestration service template collection. You can include as many environment files as necessary.

  3. In the environment file, add a parameter_defaults section. Under this section, add the dns_domain for ports extension, dns_domain_ports.

    Example

    Copy to Clipboard Toggle word wrap 
    parameter_defaults:
  NeutronPluginExtensions: "qos,port_security,dns_domain_ports"

    Note

    If you set dns_domain_ports, ensure that the deployment does not also use dns_domain, the DNS Integration extension. These extensions are incompatible, and both extensions cannot be defined simultaneously.

  4. Also in the parameter_defaults section, add your domain name (example.com) using the NeutronDnsDomain parameter.

    Example

    Copy to Clipboard Toggle word wrap 
    parameter_defaults:
    NeutronPluginExtensions: "qos,port_security,dns_domain_ports"
    NeutronDnsDomain: "example.com"

  5. Run the openstack overcloud deploy command and include the core Orchestration templates, environment files, and this new environment file.

    Important

    The order of the environment files is important because the parameters and resources defined in subsequent environment files take precedence.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack overcloud deploy --templates \
-e [your-environment-files] \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/my-neutron-environment.yaml

Verification steps

  1. Log in to the overcloud, and create a new port (new_port) on a network (public). Assign a DNS name (my_port) to the port.

    Example

    Copy to Clipboard Toggle word wrap 
    $ source ~/overcloudrc
$ openstack port create --network public --dns-name my_port new_port

  2. Display the details for your port (new_port).

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack port show -c dns_assignment -c dns_domain -c dns_name -c name new_port

    Output

    Copy to Clipboard Toggle word wrap 
    +-------------------------+----------------------------------------------+
| Field                   | Value                                        |
+-------------------------+----------------------------------------------+
| dns_assignment          | fqdn='my_port.example.com',                  |
|                         | hostname='my_port',                          |
|                         | ip_address='10.65.176.113'                   |
| dns_domain              | example.com                                  |
| dns_name                | my_port                                      |
| name                    | new_port                                     |
+-------------------------+----------------------------------------------+

    Under dns_assignment, the fully qualified domain name (fqdn) value for the port contains a concatenation of the DNS name (my_port) and the domain name (example.com) that you set earlier with NeutronDnsDomain.

  3. Create a new VM instance (my_vm) using the port (new_port) that you just created.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack server create --image rhel --flavor m1.small --port new_port my_vm

  4. Display the details for your port (new_port).

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack port show -c dns_assignment -c dns_domain -c dns_name -c name new_port

    Output

    Copy to Clipboard Toggle word wrap 
    +-------------------------+----------------------------------------------+
| Field                   | Value                                        |
+-------------------------+----------------------------------------------+
| dns_assignment          | fqdn='my_vm.example.com',                    |
|                         | hostname='my_vm',                            |
|                         | ip_address='10.65.176.113'                   |
| dns_domain              | example.com                                  |
| dns_name                | my_vm                                        |
| name                    | new_port                                     |
+-------------------------+----------------------------------------------+

    Note that the Compute service changes the dns_name attribute from its original value (my_port) to the name of the instance with which the port is associated (my_vm).

Additional resources

3.19. Assigning DHCP attributes to ports

You can use Red Hat Openstack Plaform (RHOSP) Networking service (neutron) extensions to add networking functions. You can use the extra DHCP option extension (extra_dhcp_opt) to configure ports of DHCP clients with DHCP attributes. For example, you can add a PXE boot option such as tftp-server, server-ip-address, or bootfile-name to a DHCP client port.

The value of the extra_dhcp_opt attribute is an array of DHCP option objects, where each object contains an opt_name and an opt_value. IPv4 is the default version, but you can change this to IPv6 by including a third option, ip-version=6.

When a VM instance starts, the RHOSP Networking service supplies port information to the instance using DHCP protocol. If you add DHCP information to a port already connected to a running instance, the instance only uses the new DHCP port information when the instance is restarted.

Some of the more common DHCP port attributes are: bootfile-name, dns-server, domain-name, mtu, server-ip-address, and tftp-server. For the complete set of acceptable values for opt_name, refer to the DHCP specification.

Prerequisites

  • You must have RHOSP administrator privileges.

Procedure

  1. Log in to the undercloud host as the stack user.

  2. Source the undercloud credentials file:

    Copy to Clipboard Toggle word wrap 
    $ source ~/stackrc

  3. Create a custom YAML environment file.

    Example

    Copy to Clipboard Toggle word wrap 
    $ vi /home/stack/templates/my-octavia-environment.yaml

  4. Your environment file must contain the keywords parameter_defaults. Under these keywords, add the extra DHCP option extension, extra_dhcp_opt.

    Example

    Copy to Clipboard Toggle word wrap 
    parameter_defaults:
  NeutronPluginExtensions: "qos,port_security,extra_dhcp_opt"

  5. Run the deployment command and include the core heat templates, environment files, and this new custom environment file.

    Copy to Clipboard Toggle word wrap 
    The order of the environment files is important because the parameters and resources defined in subsequent environment files take precedence.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack overcloud deploy --templates \
-e <your_environment_files> \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/octavia.yaml \
-e /home/stack/templates/my-octavia-environment.yaml

Verification

  1. Source your credentials file.

    Example

    Copy to Clipboard Toggle word wrap 
    $ source ~/overcloudrc

  2. Create a new port (new_port) on a network (public). Assign a valid attribute from the DHCP specification to the new port.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack port create --extra-dhcp-option name=domain-name,value=test.domain --extra-dhcp-option name=ntp-server,value=192.0.2.123 --network public new_port

  3. Display the details for your port (new_port).

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack port show new_port -c extra_dhcp_opts

    Sample output

    Copy to Clipboard Toggle word wrap 
    +-----------------+--------------------------------------------------------------------+
| Field           | Value                                                              |
+-----------------+--------------------------------------------------------------------+
| extra_dhcp_opts | ip_version='4', opt_name='domain-name', opt_value='test.domain'    |
|                 | ip_version='4', opt_name='ntp-server', opt_value='192.0.2.123'     |
+-----------------+--------------------------------------------------------------------+

Additional resources

3.20. Loading kernel modules

Some features in Red Hat OpenStack Platform (RHOSP) require certain kernel modules to be loaded. For example, the OVS firewall driver requires you to load the nf_conntrack_proto_gre kernel module to support GRE tunneling between two VM instances.

By using a special Orchestration service (heat) parameter, ExtraKernelModules, you can ensure that heat stores configuration information about the required kernel modules needed for features like GRE tunneling. Later, during normal module management, these required kernel modules are loaded.

Procedure

  1. On the undercloud host, logged in as the stack user, create a custom YAML environment file.

    Example

    Copy to Clipboard Toggle word wrap 
    $ vi /home/stack/templates/my-modules-environment.yaml

    Tip

    Heat uses a set of plans called templates to install and configure your environment. You can customize aspects of the overcloud with a custom environment file, which is a special type of template that provides customization for your heat templates.

  2. In the YAML environment file under parameter_defaults, set ExtraKernelModules to the name of the module that you want to load.

    Example

    Copy to Clipboard Toggle word wrap 
    ComputeParameters:
  ExtraKernelModules:
    nf_conntrack_proto_gre: {}
ControllerParameters:
  ExtraKernelModules:
    nf_conntrack_proto_gre: {}

  3. Run the openstack overcloud deploy command and include the core heat templates, environment files, and this new custom environment file.

    Important

    The order of the environment files is important as the parameters and resources defined in subsequent environment files take precedence.

    Example

    Copy to Clipboard Toggle word wrap 
    $ openstack overcloud deploy --templates \
-e [your-environment-files] \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/my-modules-environment.yaml

Verification steps

  • If heat has properly loaded the module, you should see output when you run the lsmod command on the Compute node:

    Example

    Copy to Clipboard Toggle word wrap 
    sudo lsmod | grep nf_conntrack_proto_gre

Additional resources

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.