Create initial networks

Create initial networks In these sections, replace SPECIAL_OPTIONS with any options specific to your OpenStack Networking plug-in choices. See here to check if your plug-in requires any special options. Create the ext-net external network. This network represents a slice of the outside world. VMs are not directly linked to this network; instead, they connect to internal networks. Outgoing traffic is routed by OpenStack Networking to the external network. Additionally, floating IP addresses from the subnet for ext-net might be assigned to VMs so that the external network can contact them. Neutron-based services route the traffic appropriately. # neutron net-create ext-net --router:external=True SPECIAL_OPTIONS Create the associated subnet with the same gateway and CIDR as EXTERNAL_INTERFACE. It does not have DHCP because it represents a slice of the external world: # neutron subnet-create ext-net \ --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END \ --gateway=EXTERNAL_INTERFACE_GATEWAY --enable_dhcp=False \ EXTERNAL_INTERFACE_CIDR Create one or more initial tenants, for example: # keystone tenant-create --name DEMO_TENANT See for further details. See for further details. Create the router attached to the external network. This router routes traffic to the internal subnets as appropriate. You can create it under a given tenant: Append --tenant-id option with a value of DEMO_TENANT_ID to the command. Use the following to quickly get the DEMO_TENANT tenant-id: # keystone tenant-list | grep DEMO_TENANT | awk '{print $2;}' Then create the router: # neutron router-create ext-to-int --tenant-id DEMO_TENANT_ID Connect the router to ext-net by setting the gateway for the router as ext-net: # neutron router-gateway-set EXT_TO_INT_ID EXT_NET_ID Create an internal network for DEMO_TENANT (and associated subnet over an arbitrary internal IP range, such as, 10.5.5.0/24), and connect it to the router by setting it as a port: # neutron net-create --tenant-id DEMO_TENANT_ID demo-net SPECIAL_OPTIONS # neutron subnet-create --tenant-id DEMO_TENANT_ID demo-net 10.5.5.0/24 --gateway 10.5.5.1 # neutron router-interface-add EXT_TO_INT_ID DEMO_NET_SUBNET_ID Check the special options page for your plug-in for remaining steps. Now, return to the general OVS instructions.

Plug-in-specific Neutron network options

Open vSwitch Network configuration options

GRE tunneling network options While this guide currently enables network namespaces by default, you can disable them if you have issues or your kernel does not support them. If you disabled namespaces, you must perform some additional configuration for the L3 agent. After you create all the networks, tell the L3 agent what the external network ID is, as well as the ID of the router associated with this machine (because you are not using namespaces, there can be only one router for each machine). To do this, edit the /etc/neutron/l3_agent.ini file: gateway_external_network_id = EXT_NET_ID router_id = EXT_TO_INT_ID Then, restart the L3 agent: # service neutron-l3-agent restart When creating networks, you should use the options: --provider:network_type gre --provider:segmentation_id SEG_ID SEG_ID should be 2 for the external network, and just any unique number inside the tunnel range specified before for any other network. These options are not needed beyond the first network, as OpenStack Networking services automatically increment the segmentation ID and copy the network type option for any additional networks. Now, return to the general OVS instructions.

VLAN network options Some NICs have Linux drivers that do not handle VLANs properly. See the ovs-vlan-bug-workaround and ovs-vlan-test man pages for more information. Additionally, you might try turning off rx-vlan-offload and tx-vlan-offload by using ethtool on the DATA_INTERFACE. Another potential caveat to VLAN functionality is that VLAN tags add an additional 4 bytes to the packet size. If your NICs cannot handle large packets, make sure to set the MTU to a value that is 4 bytes less than the normal value on the DATA_INTERFACE. If you run OpenStack inside a virtualized environment (for testing purposes), switching to the virtio NIC type (or a similar technology if you are not using KVM/QEMU to run your host VMs) might solve the issue. When creating networks, use these options: --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id SEG_ID SEG_ID should be 2 for the external network, and just any unique number inside the vlan range specified above for any other network. These options are not needed beyond the first network, as Neutron automatically increments the segmentation ID and copies the network type and physical network options for any additional networks. They are only needed if you wish to modify those values in any way.