7.4. Create an External Network
OpenStack Networking provides two mechanisms for connecting the Layer 3 (L3) agent to an external network. The first, attaching it to an external bridge (
br-ex
) directly, is only supported when the Open vSwitch plug-in (or its functionality, implemented through ML2) is in use. The second method, which is supported by the ML2 plug-in, the Open vSwitch plug-in, and the Linux Bridge plug-in, is to use an external provider network.
All steps in this procedure must be performed on a server with the OpenStack Networking command-line interface (provided by the python-neutronclient package) installed. You must also have access to a
keystonerc_admin
file containing the authentication details of the Identity service administrative user.
Take note of the unique identifiers generated by the steps listed in this procedure. These identifiers will be required when configuring the L3 agent.
Procedure 7.13. Creating and Configuring an External Network
- Set up the shell to access Keystone as the administrative user:
#
source ~/keystonerc_admin
- Create a new provider network:
[(keystone_admin)]#
neutron net-create EXTERNAL_NAME \
--router:external \
--provider:network_type TYPE \
--provider:physical_network PHYSNET \
--provider:segmentation_id VLAN_TAG
Replace the following values:- Replace EXTERNAL_NAME with a name for the new external network provider.
- Replace TYPE with the type of provider network to use. Supported values are
flat
(for flat networks),vlan
(for VLAN networks), andlocal
(for local networks). - Replace PHYSNET with a name for the physical network. This is not applicable if you intend to use a local network type. PHYSNET must match one of the values defined under
bridge_mappings
in the/etc/neutron/plugin.ini
file. - Replace VLAN_TAG with the VLAN tag that will be used to identify network traffic. The VLAN tag specified must have been defined by the network administrator. If the
network_type
was set to a value other thanvlan
, this parameter is not required.
Take note of the unique external network identifier returned; this is required in subsequent steps. - Create a new subnet for the external provider network:
[(keystone_admin)]#
neutron subnet-create --gateway GATEWAY \
--allocation-pool start=IP_RANGE_START,end=IP_RANGE_END \
--disable-dhcp EXTERNAL_NAME EXTERNAL_CIDR
Replace the following values:- Replace GATEWAY with the IP address or hostname of the system that will act as the gateway for the new subnet. This address must be within the block of IP addresses specified by EXTERNAL_CIDR, but outside of the block of IP addresses specified by the range started by IP_RANGE_START and ended by IP_RANGE_END.
- Replace IP_RANGE_START with the IP address that denotes the start of the range of IP addresses within the new subnet from which floating IP addresses will be allocated.
- Replace IP_RANGE_END with the IP address that denotes the end of the range of IP addresses within the new subnet from which floating IP addresses will be allocated.
- Replace EXTERNAL_NAME with the name of the external network the subnet is to be associated with. This must match the name that was provided to the
net-create
action in the previous step. - Replace EXTERNAL_CIDR with the Classless Inter-Domain Routing (CIDR) representation of the block of IP addresses the subnet represents. An example is
192.168.100.0/24
. The block of IP addresses specified by the range started by IP_RANGE_START and ended by IP_RANGE_END must fall within the block of IP addresses specified by EXTERNAL_CIDR.
Take note of the unique subnet identifier returned; this is required in subsequent steps. - Create a new router:
[(keystone_admin)]#
neutron router-create NAME
Replace NAME with a name for the new router. Take note of the unique router identifier returned; this is required in subsequent steps, and when configuring the L3 agent. - Link the router to the external provider network:
[(keystone_admin)]#
neutron router-gateway-set ROUTER NETWORK
Replace ROUTER with the unique identifier of the router, and replace NETWORK with the unique identifier of the external provider network. - Link the router to each private network subnet:
[(keystone_admin)]#
neutron router-interface-add ROUTER SUBNET
Replace ROUTER with the unique identifier of the router, and replace SUBNET with the unique identifier of a private network subnet. Perform this step for each existing private network subnet to which to link the router.