Installing and Configuring OpenStack in Oracle® Solaris 11.2

Exit Print View

Updated: April 2015

Configuring OpenStack With an External Network

You create an external network to enable private networks in the cloud to communicate with to the wider network. In a cloud, a tenant can have one or more private networks. When you create an external network for the cloud, you create a provider router that is shared by all the tenant networks. You, the administrator, create, own, and manage this router. The router is not visible in the network topology view of the tenant. Because there is only a single router, tenant networks cannot use overlapping IP addresses.

Creating an external network also involves configuring the Neutron L3 agent. The Neutron L3 agent automatically creates one-to-one NAT mappings between addresses assigned to Nova instances and the floating IP addresses. The L3 agent also enables communication between private networks. By default, routing between private networks that are part of the same tenant is disabled. To change this behavior, set allow_forwarding_between_networks to True in the /etc/neutron/l3_agent.ini configuration file and restart the neutron-l3-agent SMF service.

The router provides connectivity to the outside world for the tenant VM instances. The router performs bidirectional NAT on the interface that connects the router to the external network. Tenants create as many floating IPs (public IPs) as they need or as are allowed by the floating IP quota and then associate these floating IPs with the VM instances that require outside connectivity.

For an illustration of the relationship between internal networks and the external network in OpenStack, see Figure 3–3.