Installing and Configuring OpenStack in Oracle® Solaris 11.2

Exit Print View

Updated: April 2015
 
 

How to Configure the External Network in OpenStack

This procedure shows how to create a virtual network that represents an external network. On this virtual network, DHCP is not used. Instead, floating IP addresses are created. These floating IP addresses are assigned to a particular tenant and can be assigned to Nova VM instances for their use by users under that tenant.

Because the controller contains the Neutron service in the sample multi-node architecture in this chapter, you perform the following steps on the controller node.

Before You Begin

To perform this procedure, internal networks must already be existing for the tenant. For procedures to create a private network, see How to Create an Internal Network.

Additionally, you must have completed the configuration of the elastic virtual switch, such as its l2-type and vlan-range properties have been configured. The following example shows how to display these property settings when you configured them in Step 9:

controller# evsadm show-controlprop -p l2-type -p vlan-range
PROPERTY   PERM  VALUE      DEFAULT  HOST
l2-type    rw    vlan       vlan     --
vlan-range rw    1,200-300  --       --

You must also have the information about the tenant whose private networks you are connecting to the external network. You can display tenant information any time by using the following command:

keystone tenant-list

  1. Enable Solaris IP filter.
    controller# svcadm enable ipfilter
  2. Enable IP forwarding on the entire host.
    controller# ipadm set-prop -p forwarding=on ipv4
  3. Set the necessary environment variables.
    controller# export OS_USERNAME=neutron
    controller# export OS_PASSWORD=service-password
    controller# export OS_TENANT_NAME=service-name
    controller# export OS_AUTH_URL=http://controller-name:5000/v2.0
  4. Create the provider router.
    controller# neutron router-create router-name

    The command displays the router name with a corresponding ID. Use this ID to update the configuration file in the next step.

  5. Update the L3 agent configuration file.

    In the /etc/neutron/l3_agent.ini file, set the value of the router_id parameter to the router UUID in the previous step.

    router_id = router-ID
  6. Enable the neutron-l3-agent SMF service.
    controller# svcadm enable neutron-l3-agent
  7. Create an external network.
    controller# neutron net-create --provider:network_type=vlan \
    --provider:segmentation_id=VLAN-nbr \
    --router:external=true network-name

    where the value for segmentation_id is the first number of the VLAN range.

  8. Create a subnet and associate it to the external network.

    For this document's sample configuration, DHCP is disabled. The allocation pool consists of a range of floating IP addresses that is assigned to the subnet.

    controller# neutron subnet-create --enable-dhcp=false --name subnet-name \
    --allocation-pool start=start-IP, end=end-IP network-name subnet-IP
    
  9. Add the external network to the router.
    controller# neutron router-gateway-set router-ID network-ID \
    

    Note -  You can obtain router-ID from the /etc/neutron/l3_agent.ini file. If necessary, you can use the neutron net-list command to obtain network-ID.
  10. Add the private network of the tenant to the router.

    For this step, you need the router ID and the tenant's subnet ID. You can obtain the information as follows:

    1. To obtain the tenant's subnet ID, display the tenants and their IDs first, then display the subnets of the specific tenant ID.
      # keystone tenant-list
      # neutron net-list --tenant-id tenant-ID
    2. Add the private network to the router.

      You repeat this step depending on how many of the tenant's private networks you want to add to the external network.

      controller# neutron router-interface-add router-ID subnet-ID
Example 4-2  Creating the External Network for the service Tenant

The following example uses part of Figure 3–3 as reference. In the figure, Tenant A has two VM instances, each belonging to a private network. The two private networks are HR and ENG. These two subnets will be added to the external network to enable the two VM instances to communicate to the wider network. The example assumes that default user name and password for the Neutron service is used.

controller# svcadm enable ipfilter
controller# ipadm set-prop -p forwarding=on ipv4

controller# export OS_USERNAME=neutron
controller# export OS_PASSWORD=neutron
controller# export OS_TENANT_NAME=TenantA
controller# export OS_AUTH_URL=http://controller-name:5000/v2.0
controller# neutron router-create ext-router
Created a new router:
+-----------------------+-----------------+
| Field                 | Value           |
+-----------------------+-----------------+
| admin_state_up        | True            |
| external_gateway_info |                 |
| id                    | 97ro5-ut3er     |
| name                  | ext-router      |
| status                | ACTIVE          |
| tenant_id             | abcde12345      |
+-----------------------+-----------------+

At this point, you update the /etc/neutron/l3_agent.ini file by setting the router_ID parameter to 97ro5-ut3er.

After you have updated the file, you proceed with the remaining steps.

controller# svcadm enable neutron-l3-agent

controller# neutron net-create --provider:network_type=vlan \
--provider:segmentation_id=1 --router:external=true ext_network
Created a new network:
+--------------------------+-------------------+
| Field                    | Value             |
+--------------------------+-------------------+
| admin_state_up           | True              |
| id                       | 555ext-net555     |
| name                     | ext_network       |
| provider:network_type    | vlan              |
| provider:segmentation_id | 1                 |
| router:external          | True              |
| shared                   | False             |
| status                   | ACTIVE            |
| subnets                  |                   |
| tenant_id                | abcde12345        |
+--------------------------+-------------------+

controller# neutron subnet-create  --enable-dhcp=False \
--name ext_subnet --allocation-pool start=10.134.13.8,end=10.134.13.254 \
ext_network 10.134.13.0/24
Created a new subnet:

+------------------+--------------------------------------------------+
| Field            | Value                                            |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "10.134.13.8", "end": "10.134.13.254"} |
| cidr             | 10.134.13.0/24                                   |
| dns_nameservers  |                                                  |
| enable_dhcp      | False                                            |
| gateway_ip       | 10.134.13.1                                      |
| host_routes      |                                                  |
| id               | 444sub-net444                                    |
| ip_version       | 4                                                |
| name             | ext_subnet                                       |
| network_id       | 555ext-net555                                    |
| tenant_id        | abcde12345                                       |
+------------------+--------------------------------------------------+

controller# neutron router-gateway-set 97ro5-ut3er 555ext-net555
Set gateway for router 97ro5-ut3er

controller# keystone tenant-list
+------------+---------+---------+
|     id     |   name  | enabled |
+------------+---------+---------+
| 12345abcde | TenantA |  True   |
| 67890fghij | TenantB |  True   |
+------------+---------+---------+

controller# neutron net-list --tenant-id 12345abcde
+------------+------+-------------+
|     id     | name |   subnets   |
+------------+------+-------------+
| 1a3b5c7d9e | HR   | xyz-123-uvw |
| 2f4g6h8i0j | ENG  | 098-r2d2-56 |
+------------+------+-------------+

controller# neutron router-interface-add 97ro5-ut3er xyz-123-uvwHR added to the router.
Added interface xyz-123-uvw to router 97ro5-ut3er.

controller# neutron router-interface-add 97ro5-ut3er 098-r2d2-56ENG added to the router.
Added interface 098-r2d2-56 to router 97ro5-ut3er.

See also