Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 5. Managing floating IP addresses

In addition to a having a private, fixed IP address, VM instances can have a public, or floating IP address to communicate with other networks. The information in this section describes how to create and manage floating IPs with the Red Hat OpenStack Platform (RHOSP) Networking service (neutron).

5.1. Creating floating IP pools
Copiar enlace

You can use floating IP addresses to direct ingress network traffic to your OpenStack instances. First, you must define a pool of validly routable external IP addresses, which you can then assign to instances dynamically. OpenStack Networking routes all incoming traffic destined for that floating IP to the instance that you associate with the floating IP.

Note

OpenStack Networking allocates floating IP addresses to all projects (tenants) from the same IP ranges in CIDR format. As a result, all projects can consume floating IPs from every floating IP subnet. You can manage this behavior using quotas for specific projects. For example, you can set the default to 10 for ProjectA and ProjectB, while setting the quota for ProjectC to 0.

Procedure

  • When you create an external subnet, you can also define the floating IP allocation pool. 

    $ openstack subnet create --no-dhcp --allocation-pool start=IP_ADDRESS,end=IP_ADDRESS --gateway IP_ADDRESS --network SUBNET_RANGE NETWORK_NAME
    Copy to Clipboard Toggle word wrap

    If the subnet hosts only floating IP addresses, consider disabling DHCP allocation with the --no-dhcp option in the openstack subnet create command.

    Example 

    $ openstack subnet create --no-dhcp --allocation_pool start=192.168.100.20,end=192.168.100.100 --gateway 192.168.100.1 --network 192.168.100.0/24 public
    Copy to Clipboard Toggle word wrap

Verification

  • You can verify that the pool is configured properly by assigning a random floating IP to an instance. (See the later link that follows.)

5.2. Assigning a specific floating IP
Copiar enlace

You can assign a specific floating IP address to a VM instance.

Procedure

  • Allocate a floating IP address to an instance by using the openstack server add floating ip command.

    Example
    $ openstack server add floating ip prod-serv1 192.0.2.200
    Copy to Clipboard Toggle word wrap

Verification

  • Confirm that your floating IP is associated with your instance by using the openstack server show command.

    Example
    $ openstack server show prod-serv1
    Copy to Clipboard Toggle word wrap
    Sample output
    +-----------------------------+------------------------------------------+
| Field                       | Value                                    |
+-----------------------------+------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                   |
| OS-EXT-AZ:availability_zone | nova                                     |
| OS-EXT-STS:power_state      | Running                                  |
| OS-EXT-STS:task_state       | None                                     |
| OS-EXT-STS:vm_state         | active                                   |
| OS-SRV-USG:launched_at      | 2021-08-11T14:45:37.000000               |
| OS-SRV-USG:terminated_at    | None                                     |
| accessIPv4                  |                                          |
| accessIPv6                  |                                          |
| addresses                   | public=198.51.100.56,192.0.2.200         |
|                             |                                          |
| config_drive                |                                          |
| created                     | 2021-08-11T14:44:54Z                     |
| flavor                      | review-ephemeral                         |
|                             | (8130dd45-78f6-44dc-8173-4d6426b8e520)   |
| hostId                      | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 |
|                             | 0ec6157eca4488c9                         |
| id                          | aef3ca09-887d-4d20-872d-1d1b49081958     |
| image                       | rhel8                                    |
|                             | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb)   |
| key_name                    | example-keypair                          |
| name                        | prod-serv1                               |
| progress                    | 0                                        |
| project_id                  | bd7a8c4a19424cf09a82627566b434fa         |
| properties                  |                                          |
| security_groups             | name='default'                           |
| status                      | ACTIVE                                   |
| updated                     | 2021-08-11T14:45:37Z                     |
| user_id                     | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 |
|                             | 45f76ffced91096196f646b5                 |
| volumes_attached            |                                          |
+-----------------------------+------------------------------------------+
    Copy to Clipboard Toggle word wrap

5.3. Creating an advanced network
Copiar enlace

Advanced network options are available for administrators, when creating a network in the Dashboard from the Admin view. Use these options to specify projects and to define the network type that you want to use.

Procedure

  1. In the dashboard, select Admin > Networks > Create Network > Project.
  2. Select the project that you want to host the new network with the Project drop-down list.

  3. Review the options in Provider Network Type:

    • Local - Traffic remains on the local Compute host and is effectively isolated from any external networks.
    • Flat - Traffic remains on a single network and can also be shared with the host. No VLAN tagging or other network segregation takes place.
    • VLAN - Create a network using a VLAN ID that corresponds to a VLAN present in the physical network. This option allows instances to communicate with systems on the same layer 2 VLAN.
    • GRE - Use a network overlay that spans multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.
    • VXLAN - Similar to GRE, and uses a network overlay to span multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.

  4. Click Create Network.

    Review the Project Network Topology to validate that the network has been successfully created.

5.4. Assigning a random floating IP
Copiar enlace

You can dynamically allocate floating IP addresses to VM instances from a pool of external IP addresses.

Prerequisites

Procedure

  1. Enter the following command to allocate a floating IP address from the pool. In this example, the network is named public.

    Example
    $ openstack floating ip create public
    Copy to Clipboard Toggle word wrap
    Sample output

    In the following example, the newly allocated floating IP is 192.0.2.200. You can assign it to an instance. 

    +---------------------+--------------------------------------------------+
| Field               | Value                                            |
+---------------------+--------------------------------------------------+
| fixed_ip_address    | None                                             |
| floating_ip_address | 192.0.2.200                                      |
| floating_network_id | f0dcc603-f693-4258-a940-0a31fd4b80d9             |
| id                  | 6352284c-c5df-4792-b168-e6f6348e2620             |
| port_id             | None                                             |
| router_id           | None                                             |
| status              | ACTIVE                                           |
+---------------------+--------------------------------------------------+
    Copy to Clipboard Toggle word wrap

  2. Enter the following command to locate your instance: 

    $ openstack server list
    Copy to Clipboard Toggle word wrap
    Sample output
    +-------------+-------------+--------+-------------+-------+-------------+
| ID          | Name        | Status | Networks    | Image | Flavor      |
+-------------+-------------+--------+-------------+-------+-------------+
| aef3ca09-88 | prod-serv1  | ACTIVE | public=198. | rhel8 | review-     |
| 7d-4d20-872 |             |        | 51.100.56   |       | ephemeral   |
| d-1d1b49081 |             |        |             |       |             |
| 958         |             |        |             |       |             |
|             |             |        |             |       |             |
+-------------+-------------+--------+-------------+-------+-------------+
    Copy to Clipboard Toggle word wrap

  3. Associate the instance name or ID with the floating IP.

    Example
    $ openstack server add floating ip prod-serv1 192.0.2.200
    Copy to Clipboard Toggle word wrap

Verification

  • Enter the following command to confirm that your floating IP is associated with your instance.

    Example
    $ openstack server show prod-serv1
    Copy to Clipboard Toggle word wrap
    Sample output
    +-----------------------------+------------------------------------------+
| Field                       | Value                                    |
+-----------------------------+------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                   |
| OS-EXT-AZ:availability_zone | nova                                     |
| OS-EXT-STS:power_state      | Running                                  |
| OS-EXT-STS:task_state       | None                                     |
| OS-EXT-STS:vm_state         | active                                   |
| OS-SRV-USG:launched_at      | 2021-08-11T14:45:37.000000               |
| OS-SRV-USG:terminated_at    | None                                     |
| accessIPv4                  |                                          |
| accessIPv6                  |                                          |
| addresses                   | public=198.51.100.56,192.0.2.200         |
|                             |                                          |
| config_drive                |                                          |
| created                     | 2021-08-11T14:44:54Z                     |
| flavor                      | review-ephemeral                         |
|                             | (8130dd45-78f6-44dc-8173-4d6426b8e520)   |
| hostId                      | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 |
|                             | 0ec6157eca4488c9                         |
| id                          | aef3ca09-887d-4d20-872d-1d1b49081958     |
| image                       | rhel8                                    |
|                             | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb)   |
| key_name                    | example-keypair                          |
| name                        | prod-serv1                               |
| progress                    | 0                                        |
| project_id                  | bd7a8c4a19424cf09a82627566b434fa         |
| properties                  |                                          |
| security_groups             | name='default'                           |
| status                      | ACTIVE                                   |
| updated                     | 2021-08-11T14:45:37Z                     |
| user_id                     | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 |
|                             | 45f76ffced91096196f646b5                 |
| volumes_attached            |                                          |
+-----------------------------+------------------------------------------+
    Copy to Clipboard Toggle word wrap

5.5. Creating multiple floating IP pools
Copiar enlace

OpenStack Networking supports one floating IP pool for each L3 agent. Therefore, you must scale your L3 agents to create additional floating IP pools.

Procedure

  • Make sure that in /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf the property handle_internal_only_routers is set to True for only one L3 agent in your environment. This option configures the L3 agent to manage only non-external routers.

5.6. Configuring floating IP port forwarding
Copiar enlace

To enable users to set up port forwarding for floating IPs, you must enable the Red Hat OpenStack Platform (RHOSP) Networking service (neutron) port_forwarding` service plug-in.

Prerequisites

  • You must have RHOSP administrator privileges.
  • The port_forwarding service plug-in requires that you also set the router service plug-in.

Procedure

  1. Log in to the undercloud host as the stack user.

  2. Source the stackrc undercloud credentials file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. In a custom environment YAML file, set the port_forwarding service plug-in: 

    parameter_defaults:
  NeutronPluginExtensions: "router,port_forwarding"
    Copy to Clipboard Toggle word wrap
    Note

    The port_forwarding service plug-in requires that you also set the router service plug-in.

  4. If you use the ML2/OVS mechanism driver with the Networking service, you must also set the port_forwarding extension for the OVS L3 agent: 

    parameter_defaults:
  NeutronPluginExtensions: "router,port_forwarding"
  NeutronL3AgentExtensions: "port_forwarding"
    Copy to Clipboard Toggle word wrap

  5. Deploy your overcloud and include the core heat templates, environment files, and this new custom environment file.

    Important

    The order of the environment files is important because the parameters and resources defined in subsequent environment files take precedence. 

    $ openstack overcloud deploy --templates \
 -e <your_environment_files> \
 -e /home/stack/templates/my-environment.yaml
    Copy to Clipboard Toggle word wrap

    RHOSP users can now set up port forwarding for floating IPs. For more information, see Section 5.7, “Creating port forwarding for a floating IP”.

Verification

  1. Source the overcloud credentials file.

    Example 

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Ensure that the Networking service has successfully loaded the port_forwarding and router service plug-ins: 

    $ openstack extension list --network -c Name -c Alias --max-width 74 | \
grep -i -e 'Neutron L3 Router' -i -e floating-ip-port-forwarding
    Copy to Clipboard Toggle word wrap
    Sample output

    A successful verification produces output similar to the following: 

    | Floating IP Port Forwarding       | floating-ip-port-forwarding        |
| Neutron L3 Router                 | router                             |
    Copy to Clipboard Toggle word wrap

5.7. Creating port forwarding for a floating IP
Copiar enlace

You can use Red Hat OpenStack Platform Networking service (neutron) to set up port forwarding for a floating IP.

Prerequisites

Procedure

  1. Source your credentials file.

    Example 

    $ source ~/overcloudrc
    Copy to Clipboard Toggle word wrap

  2. Use the following command to create port forwarding for a floating IP: 

    $ openstack floating ip port forwarding create \
--internal-ip-address <internal-ip-address> \
--port <port> \
--internal-protocol-port <port-number> \
--external-protocol-port <port-number> \
--protocol <protocol> \
<floating-ip>
    Copy to Clipboard Toggle word wrap

    • Replace <internal-ip-address> with the internal, destination IP address.

      This is the IP address that is associated with the instance on which the application is running.

    • Replace <port> with the name or ID of the Networking service port to which the instance is attached.

    • Replace <port-number> in --internal-protocol-port with the internal, destination port number.

      This is the port number that the application running in the instance uses.

    • Replace <port-number> in --external-protocol-port with the external, source port number.

      This is the port number that the application running outside of your RHOSP cloud uses.

    • Replace <protocol> with the protocol, such as TCP or UDP, used by the application that receives the port-forwarded traffic.

    • Replace <floating-ip> with the floating IP whose specified port traffic you want to forward.

      Example

      This example creates port fowarding for an instance that is attached to the floating IP 198.51.100.47. The floating IP uses the Networking service port 1adfdb09-e8c6-4708-b5aa-11f50fc22d62. When the Networking service detects incoming, external traffic addressed to 198.51.100.47:80, it forwards the traffic to the internal IP address, 203.0.113.107, on TCP port, 8080: 

      $ openstack floating ip port forwarding create \
--internal-ip-address 203.0.113.107 \
--port 1adfdb09-e8c6-4708-b5aa-11f50fc22d62 \
--internal-protocol-port 8080 \
--external-protocol-port 80 \
--protocol tcp \
198.51.100.47
      Copy to Clipboard Toggle word wrap

Verification

  • Confirm that the Networking service has established forwarding for the floating IP port.

    Example

    The following example verifies successful port forwarding for the floating IP 198.51.100.47: 

    $ openstack floating ip port forwarding list 198.51.100.47 --max-width 74
    Copy to Clipboard Toggle word wrap
    Sample output

    The output shows that traffic sent to the floating IP 198.51.100.47 on TCP port 80 is forwarded to port 8080 on the instance with the internal address 203.0.113.107: 

    +----------+------------------+---------------------+---------------+---------------+----------+-------------+
| ID       | Internal Port ID | Internal IP Address | Internal Port | External Port | Protocol | Description |
+----------+------------------+---------------------+---------------+---------------+----------+-------------+
| 5cf204c7 | 1adfdb09-e8c6-47 | 203.0.113.107       |          8080 |            80 | tcp      |             |
| -6825-45 | 08-b5aa-11f50fc2 |                     |               |               |          |             |
| de-84ec- | 2d62             |                     |               |               |          |             |
| 2eb507be |                  |                     |               |               |          |             |
| 543e     |                  |                     |               |               |          |             |
+----------+------------------+---------------------+---------------+---------------+----------+-------------+
    Copy to Clipboard Toggle word wrap

5.8. Bridging the physical network
Copiar enlace

Bridge your virtual network to the physical network to enable connectivity to and from virtual instances.

In this procedure, the example physical interface, eth0, is mapped to the bridge, br-ex; the virtual bridge acts as the intermediary between the physical network and any virtual networks.

As a result, all traffic traversing eth0 uses the configured Open vSwitch to reach instances.

To map a physical NIC to the virtual Open vSwitch bridge, complete the following steps:

Procedure

  1. Open /etc/sysconfig/network-scripts/ifcfg-eth0 in a text editor, and update the following parameters with values appropriate for the network at your site:

    • IPADDR
    • NETMASK GATEWAY

    • DNS1 (name server)

      Here is an example: 

      $ vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
      Copy to Clipboard Toggle word wrap

  2. Open /etc/sysconfig/network-scripts/ifcfg-br-ex in a text editor and update the virtual bridge parameters with the IP address values that were previously allocated to eth0: 

    $ vi /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.120.10
NETMASK=255.255.255.0
GATEWAY=192.168.120.1
DNS1=192.168.120.1
ONBOOT=yes
    Copy to Clipboard Toggle word wrap

    You can now assign floating IP addresses to instances and make them available to the physical network.

5.9. Adding an interface
Copiar enlace

You can use interfaces to interconnect routers with subnets so that routers can direct any traffic that instances send to destinations outside of their intermediate subnet.

To add a router interface and connect the new interface to a subnet, complete these steps:

Note

This procedure uses the Network Topology feature. Using this feature, you can see a graphical representation of all your virtual routers and networks while you to perform network management tasks.

  1. In the dashboard, select Project > Network > Network Topology.
  2. Locate the router that you want to manage, hover your mouse over it, and click Add Interface.

  3. Specify the Subnet that you want to connect to the router.

    You can also specify an IP address. The address is useful for testing and troubleshooting purposes, since a successful ping to this interface indicates that the traffic is routing as expected.

  4. Click Add interface.

    The Network Topology diagram automatically updates to reflect the new interface connection between the router and subnet.

5.10. Deleting an interface
Copiar enlace

You can remove an interface to a subnet if you no longer require the router to direct traffic for the subnet.

To delete an interface, complete the following steps:

  1. In the dashboard, select Project > Network > Routers.
  2. Click the name of the router that hosts the interface that you want to delete.
  3. Select the interface type (Internal Interface), and click Delete Interfaces.
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat