Red Hat SummitChapter 3. Managing floating IP addresses
In addition to having a private, fixed IP address, VM instances can have a public, or floating IP address to communicate with other networks. You can create and manage floating IPs with the Red Hat OpenStack Services on OpenShift (RHOSO) Networking service (neutron).
This section contains the following topics:
3.1. Assigning a specific floating IP
You can assign a specific floating IP address to a VM instance in a Red Hat OpenStack Services on OpenShift (RHOSO) environment.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclient
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Assign a floating IP address to an instance.
- Example
In this example, the floating IP
192.0.2.200is being assigned to theprod-serv1instance.$ openstack server add floating ip prod-serv1 192.0.2.200
Verification
Confirm that your floating IP is associated with your instance.
- Example
$ openstack server show prod-serv1- Sample output
+-----------------------------+------------------------------------------+ | Field | Value | +-----------------------------+------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2024-09-10T13:00:23.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | public=198.51.100.56,192.0.2.200 | | | | | config_drive | | | created | 2024-09-10T13:00:39Z | | flavor | review-ephemeral | | | (8130dd45-78f6-44dc-8173-4d6426b8e520) | | hostId | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 | | | 0ec6157eca4488c9 | | id | aef3ca09-887d-4d20-872d-1d1b49081958 | | image | rhel8 | | | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb) | | key_name | example-keypair | | name | prod-serv1 | | progress | 0 | | project_id | bd7a8c4a19424cf09a82627566b434fa | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2021-09-10T13:02:14Z | | user_id | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 | | | 45f76ffced91096196f646b5 | | volumes_attached | | +-----------------------------+------------------------------------------+
3.2. Creating floating IP pools
You can use floating IP addresses to direct ingress network traffic to your Red Hat OpenStack Services on OpenShift (RHOSO) instances. First, you must define a pool of routable external IP addresses, which you can then assign to instances dynamically. The RHOSO Networking service (neutron) routes all incoming traffic destined for that floating IP to the instance that you associate with the floating IP.
The Networking service allocates floating IP addresses to all projects (tenants) from the same IP ranges in CIDR format. As a result, all projects can consume floating IPs from every floating IP subnet. You can manage this behavior using quotas for specific projects. For example, you can set the default to 10 for ProjectA and ProjectB, while setting the quota for ProjectC to 0.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclient
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.When you create an external subnet, you can also define the floating IP allocation pool.
- Example
In this example, an external subnet,
public, is created with an allocation pool that starts with192.168.100.20, and ends with192.168.100.100. DHCP allocation is disabled becausepublichosts only floating IP addresses:$ openstack subnet create --no-dhcp \ --allocation-pool start=192.168.100.20,end=192.168.100.100 \ --gateway 192.168.100.1 --network 192.168.100.0/24 public
Next steps
Confirm that the pool is configured properly by assigning a random floating IP to an instance.
For more information, see Assigning a random floating IP.
3.3. Assigning a random floating IP
You can dynamically allocate floating IP addresses to VM instances in your Red Hat OpenStack Services on OpenShift (RHOSO) environment from a pool of external IP addresses.
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclientA pool of routable external IP addresses.
For more information, see Section 3.2, “Creating floating IP pools”.
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Randomly allocate a floating IP address from the pool.
- Example
In this example, a floating IP address is randomly allocated from a network named
public.$ openstack floating ip create public- Sample output
In the following example, the newly allocated floating IP is
192.0.2.200. You can now assign the floating IP to an instance.+---------------------+--------------------------------------------------+ | Field | Value | +---------------------+--------------------------------------------------+ | fixed_ip_address | None | | floating_ip_address | 192.0.2.200 | | floating_network_id | f0dcc603-f693-4258-a940-0a31fd4b80d9 | | id | 6352284c-c5df-4792-b168-e6f6348e2620 | | port_id | None | | router_id | None | | status | ACTIVE | +---------------------+--------------------------------------------------+
Enter the following command to locate your instance:
$ openstack server list- Sample output
+-------------+-------------+--------+-------------+-------+-------------+ | ID | Name | Status | Networks | Image | Flavor | +-------------+-------------+--------+-------------+-------+-------------+ | aef3ca09-88 | prod-serv1 | ACTIVE | public=198. | rhel9 | review- | | 7d-4d20-872 | | | 51.100.56 | | ephemeral | | d-1d1b49081 | | | | | | | 958 | | | | | | | | | | | | | +-------------+-------------+--------+-------------+-------+-------------+
Associate the instance name or ID with the floating IP.
- Example
$ openstack server add floating ip prod-serv1 192.0.2.200
Verification
Enter the following command to confirm that your floating IP is associated with your instance.
- Example
$ openstack server show prod-serv1- Sample output
+-----------------------------+------------------------------------------+ | Field | Value | +-----------------------------+------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2024-09-10T13:16:43.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | public=198.51.100.56,192.0.2.200 | | | | | config_drive | | | created | 2024-09-10T13:17:22Z | | flavor | review-ephemeral | | | (8130dd45-78f6-44dc-8173-4d6426b8e520) | | hostId | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 | | | 0ec6157eca4488c9 | | id | aef3ca09-887d-4d20-872d-1d1b49081958 | | image | rhel8 | | | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb) | | key_name | example-keypair | | name | prod-serv1 | | progress | 0 | | project_id | bd7a8c4a19424cf09a82627566b434fa | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2024-09-10T13:19:06Z | | user_id | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 | | | 45f76ffced91096196f646b5 | | volumes_attached | | +-----------------------------+------------------------------------------+
3.4. Creating port forwarding for a floating IP
You can use the Red Hat OpenStack Services on OpenShift (RHOSO) Networking service (neutron) to set up port forwarding for a floating IP (FIP).
You cannot deploy FIP port fowarding and distributed FIP management on a router (ovn-router) if any network connected to the router uses VLAN or Flat tenant network types.
If you have one of those configurations, choose a workaround:
- Use Geneve or VXLAN network types instead of VLAN or Flat.
Disable distribute FIP management to use centralized FIP management:
enable_distributed_floating_ip = False
Prerequisites
-
The administrator has created a project for you and has provided you with a
clouds.yamlfile for you to access the cloud. The
python-openstackclientpackage resides on your workstation.$ dnf list installed python-openstackclientYour administrator has enabled the Networking service with the
port_forwardingservice plug-in.For information, see Configuring floating IP port forwarding in Configuring networking services.
Procedure
Confirm that the system
OS_CLOUDvariable is set for your cloud:$ echo $OS_CLOUD my_cloudReset the variable if necessary:
$ export OS_CLOUD=my_other_cloudAs an alternative, you can specify the cloud name by adding the
--os-cloud <cloud_name>option each time you run anopenstackcommand.Use the following command to create port forwarding for a floating IP:
$ openstack floating ip port forwarding create \ --internal-ip-address <internal-ip-address> \ --port <port> \ --internal-protocol-port <port-number> \ --external-protocol-port <port-number> \ --protocol <protocol> \ <floating-ip>Replace
<internal-ip-address>with the internal, destination IP address.This is the IP address that is associated with the instance on which the application is running.
-
Replace
<port>with the name or ID of the Networking service port to which the instance is attached. Replace
<port-number>in--internal-protocol-portwith the internal, destination port number.This is the port number that the application running in the instance uses.
Replace
<port-number>in--external-protocol-portwith the external, source port number.This is the port number that the application running outside of your RHOSP cloud uses.
-
Replace
<protocol>with the protocol, such as TCP or UDP, used by the application that receives the port-forwarded traffic. Replace
<floating-ip>with the floating IP whose specified port traffic you want to forward.- Example
This example creates port forwarding for an instance that is attached to the floating IP
198.51.100.47. The floating IP uses the Networking service port1adfdb09-e8c6-4708-b5aa-11f50fc22d62. When the Networking service detects incoming, external traffic addressed to198.51.100.47:80, it forwards the traffic to the internal IP address,203.0.113.107, on TCP port,8080:$ openstack floating ip port forwarding create \ --internal-ip-address 203.0.113.107 \ --port 1adfdb09-e8c6-4708-b5aa-11f50fc22d62 \ --internal-protocol-port 8080 \ --external-protocol-port 80 \ --protocol tcp \ 198.51.100.47
Verification
Confirm that the Networking service has established forwarding for the floating IP port.
- Example
The following example verifies successful port forwarding for the floating IP
198.51.100.47:$ openstack floating ip port forwarding list 198.51.100.47 \ -c "Internal Port ID" -c "Internal IP Address" -c "Internal Port" \ -c "External Port" --max-width 74- Sample output
The output shows that traffic sent to the floating IP
198.51.100.47on TCP port 80 is forwarded to port8080on the instance with the internal address203.0.113.107:+------------------+---------------------+---------------+---------------+ | Internal Port ID | Internal IP Address | Internal Port | External Port | +------------------+---------------------+---------------+---------------+ | 1adfdb09-e8c6-47 | 203.0.113.107 | 8080 | 80 | | 08-b5aa-11f50fc2 | | | | | 2d62 | | | | +------------------+---------------------+---------------+---------------+
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}