openstack-manuals/doc/install-guide/section_neutron-provider-router-with-private_networks.xml
Gauvain Pocentek ef85738b8d Cleanup neutron provider router example
* Don't define keystone admin variables, they are not needed and would
  override the other variabels
* Define variables in 'adminrc' instead of 'novarc' (nova is not used in
  the section)
* Don't automate the sourcing of 'adminrc' in bashrc since the admin
  might not want to always be logged in the admin tenant
* Use the 'admin' tenant as provider tenant, since this is the one that
  was created earlier in the guide. Explain why this tenant is used.
* Try to respect conventions
* Improve commands used to create network objects:
  - set dns servers for tenant_A subnet
  - explicitly define the provider network configuration

Change-Id: Ice2db30360a3fbecd64237bc2a3c97a9d0e4b0d9
Closes-Bug: #1266643
2014-01-21 22:57:14 +01:00

667 lines
38 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-provider-router_with-private-networks">
<title>Provider router with private networks</title>
<para>This section describes how to install the OpenStack
Networking service and its components for a single router use
case: a provider router with private networks.</para>
<para>This figure shows the set up:</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
contentwidth="6in"/>
</imageobject>
</mediaobject>
</informalfigure>
<note>
<para>Because you run the DHCP agent and L3 agent on one node,
you must set <literal>use_namespaces</literal> to
<literal>True</literal> (which is the default) in the
configuration files for both agents.</para>
</note>
<para>The configuration includes these nodes:</para>
<table rules="all">
<caption>Nodes for use case</caption>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><para>Controller</para></td>
<td><para>Runs the Networking service, Identity
Service, and all Compute services that are
required to deploy a VM.</para>
<para>The service must have at least two network
interfaces. The first should be connected to
the Management Network to communicate with the
compute and network nodes. The second
interface should be connected to the
API/public network.</para></td>
</tr>
<tr>
<td><para>Compute</para></td>
<td><para>Runs Compute and the Networking L2
agent.</para>
<para>This node does not have access the public
network.</para>
<para>The node must have a network interface that
communicates with the controller node through
the management network. The VM receives its IP
address from the DHCP agent on this
network.</para></td>
</tr>
<tr>
<td><para>Network</para></td>
<td><para>Runs Networking L2 agent, DHCP agent, and L3
agent.</para>
<para>This node has access to the public network.
The DHCP agent allocates IP addresses to the
VMs on the network. The L3 agent performs NAT
and enables the VMs to access the public
network.</para>
<para>The node must have:<itemizedlist>
<listitem>
<para>A network interface that
communicates with the controller
node through the management
network</para>
</listitem>
<listitem>
<para>A network interface on the data
network that manages VM
traffic</para>
</listitem>
<listitem>
<para>A network interface that
connects to the external gateway on
the network</para>
</listitem>
</itemizedlist></para></td>
</tr>
</tbody>
</table>
<section xml:id="demo_installions">
<title>Install</title>
<section xml:id="controller-install-neutron-server">
<title>Controller</title>
<procedure>
<title>To install and configure the controller
node</title>
<step>
<para>Run this command:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-neutron</userinput></screen>
</step>
<step>
<para>Configure Networking services:</para>
<itemizedlist>
<listitem>
<para>Edit the
<filename>/etc/neutron/neutron.conf</filename>
file and add these lines:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy = keystone
fake_rabbit = False
rabbit_password = <replaceable>RABBIT_PASS</replaceable>
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</listitem>
<listitem>
<para>Edit the <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:100:2999</programlisting>
</listitem>
<listitem>
<para>Edit the <filename>
/etc/neutron/api-paste.ini</filename>
file and add these lines:</para>
<programlisting language="ini">admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</listitem>
</itemizedlist>
</step>
<step>
<para>Start the services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
</step>
</procedure>
</section>
<section
xml:id="network-node-install-plugin-openvswitch-agent">
<title>Network node</title>
<procedure>
<title>Install and configure the network node</title>
<step>
<para>Install the packages:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent \
neutron-dhcp-agent neutron-l3-agent</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch \
openstack-neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent \
openstack-neutron openstack-neutron-dhcp-agent openstack-neutron-l3-agent</userinput></screen>
</step>
<step>
<para>Start Open vSwitch<phrase
os="rhel;centos;fedora;opensuse;sles"> and
configure it to start when the system
boots</phrase>:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>Add the integration bridge to the Open
vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>Update the OpenStack Networking
<filename>/etc/neutron/neutron.conf</filename>
configuration file:</para>
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
rabbit_host = <replaceable>controller</replaceable>
rabbit_password = <replaceable>RABBIT_PASS</replaceable>
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT qpid_hostname controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
</step>
<step>
<para>Update the plug-in
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
configuration file:</para>
<programlisting language="ini">[ovs]
tenant_network_type=vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step>
<para>All VM communication between the nodes
occurs through the <literal>br-eth1</literal>
bridge.</para>
<para>Create the <literal>br-eth1</literal>
network bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Create the external network bridge to the
Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth2</userinput></screen>
</step>
<step>
<para>Edit the
<filename>/etc/neutron/l3_agent.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[DEFAULT]
auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable>
metadata_ip = <replaceable>controller</replaceable>
use_namespaces = True</programlisting>
</step>
<step>
<para>Edit the
<filename>/etc/neutron/api-paste.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[DEFAULT]
auth_host = <replaceable>controller</replaceable>
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
<step>
<para>Edit the
<filename>/etc/neutron/dhcp_agent.ini</filename>
file and add this line:</para>
<programlisting language="ini">use_namespaces = True</programlisting>
</step>
<step os="debian;ubuntu">
<para>Restart networking services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Start and permanently enable networking
services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-dhcp-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-l3-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-dhcp-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-l3-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent start</userinput>
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-dhcp-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-l3-agent on</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<!-- FIXME: Required on Debian/Ubuntu? -->
<para>Enable the <systemitem class="service"
>neutron-ovs-cleanup</systemitem> service.
This service starts on boot and ensures that
Networking has full control over the creation
and management of <literal>tap</literal>
devices.</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-ovs-cleanup on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-ovs-cleanup on</userinput></screen>
</step>
</procedure>
</section>
<section xml:id="compute-node-install-openvswitch">
<title>Compute Node</title>
<procedure>
<title>Install and configure the compute node</title>
<step>
<!-- FIXME Review Fedora instructions -->
<para>Install the packages:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install openvswitch-switch neutron-plugin-openvswitch-agent</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
</step>
<step>
<para>Start the OpenvSwitch service<phrase
os="rhel;centos;fedora;opensuse;sles"> and
configure it to start when the system
boots</phrase>:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>Create the integration bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>All VM communication between the nodes
occurs through the <literal>br-eth1</literal>
bridge.</para>
<para>Create the <literal>br-eth1</literal>
network bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Edit the OpenStack Networking
<filename>/etc/neutron/neutron.conf</filename>
configuration file and add this line:</para>
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
rabbit_host = <replaceable>controller</replaceable>
rabbit_password = <replaceable>RABBIT_PASS</replaceable>
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT qpid_hostname controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
</step>
<step>
<para>Edit the <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step os="debian;ubuntu">
<para>Restart the OpenvSwitch Neutron plug-in
agent:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Start and permanently enable networking
services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
</step>
</procedure>
</section>
</section>
<section xml:id="demo_logical_network_config">
<title>Logical network configuration</title>
<note>
<para>Run these commands on the network node.</para>
<para>Ensure that the following environment variables are
set. Various clients use these variables to access the
Identity Service.</para>
</note>
<itemizedlist>
<listitem>
<para>Create an <filename>adminrc</filename> file that
contains these lines:</para>
<programlisting language="bash">export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=<replaceable>ADMIN_PASS</replaceable>
export OS_AUTH_URL="http://<replaceable>controller</replaceable>:5000/v2.0/"</programlisting>
</listitem>
<listitem>
<para>Export the environment variables in the
<filename>adminrc</filename> file:</para>
<screen><prompt>#</prompt> <userinput>source adminrc</userinput></screen>
</listitem>
</itemizedlist>
<para>The <literal>admin</literal> tenant can define resources
that other tenants can use but cannot modify. These
resources are a provider network and its associated
router.</para>
<para>The <literal>admin</literal> user creates a network and
subnet on behalf of <literal>tenant_A</literal>.</para>
<para>A <literal>tenant_A</literal> user can also complete
these steps.</para>
<procedure>
<title>Configure internal networking</title>
<step>
<para>Get the <literal>tenant_A</literal> tenant
ID:</para>
<screen><prompt>#</prompt> <userinput>TENANT_ID=$(keystone tenant-list | awk '/ tenant_A / { print $2 }')</userinput></screen>
</step>
<step>
<para>Create the <literal>net1</literal> internal
network for the <literal>tenant_A</literal>
tenant:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create --tenant-id $TENANT_ID net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| name | net1 |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1024 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create a subnet on the <literal>net1</literal>
network and store its ID in a variable:</para>
<screen><prompt>#</prompt> <userinput>neutron subnet-create --tenant-id $TENANT_ID net1 10.5.5.0/24 \
--dns_nameservers list=true 8.8.8.7 8.8.8.8</userinput>
<computeroutput>+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.5.5.2", "end": "10.5.5.254"} |
| cidr | 10.5.5.0/24 |
| dns_nameservers | 8.8.8.7 |
| | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 10.5.5.1 |
| host_routes | |
| id | c395cb5d-ba03-41ee-8a12-7e792d51a167 |
| ip_version | 4 |
| name | |
| network_id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+------------------+--------------------------------------------+</computeroutput>
<prompt>#</prompt> <userinput>SUBNET_ID=<replaceable>c395cb5d-ba03-41ee-8a12-7e792d51a167</replaceable></userinput></screen>
<note>
<para>The <literal>id</literal> value will be
different on your system.</para>
</note>
</step>
</procedure>
<para>A user with the <literal>admin</literal> role in the
<literal>admin</literal> tenant must complete these
steps.</para>
<procedure>
<title>Configure the router and external
networking</title>
<step>
<para>Create a <literal>router1</literal> router and
store its ID in the <literal>ROUTER_ID</literal>
variable:</para>
<screen><prompt>#</prompt> <userinput>neutron router-create router1</userinput>
<computeroutput>+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| name | router1 |
| status | ACTIVE |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+-----------------------+--------------------------------------+</computeroutput>
<prompt>#</prompt> <userinput>ROUTER_ID=<replaceable>685f64e7-a020-4fdf-a8ad-e41194ae124b</replaceable></userinput></screen>
<note>
<para>The <literal>id</literal> value will be
different on your system.</para>
</note>
<note>
<para>The <parameter>--tenant-id</parameter>
parameter is not specified, so this router is
assigned to the <literal>admin</literal>
tenant.</para>
</note>
</step>
<step>
<para>Add an interface to the
<literal>router1</literal> router and attach
it to the subnet from
<literal>net1</literal>:</para>
<screen><prompt>#</prompt> <userinput>neutron router-interface-add $ROUTER_ID $SUBNET_ID</userinput>
<computeroutput>Added interface to router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
<note>
<para>You can repeat this step to add interfaces
for networks that belong to other
tenants.</para>
</note>
</step>
<step>
<para>Create the <literal>ext_net</literal> external
network and store its ID in a the
<literal>EXTERNAL_NETWORK_ID</literal>
variable:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create ext_net \
--router:external=True --provider:network_type=vlan \
--provider:physical_network=physnet1 --provider:segmentation_id=1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| name | ext_net |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+---------------------------+--------------------------------------+</computeroutput>
<prompt>#</prompt> <userinput>EXTERNAL_NETWORK_ID=<replaceable>8858732b-0400-41f6-8e5c-25590e67ffeb</replaceable></userinput></screen>
</step>
<step>
<para>Create the subnet for floating IPs.</para>
<note>
<para>The DHCP service is disabled for this
subnet.</para>
</note>
<screen><prompt>#</prompt> <userinput>neutron subnet-create ext_net \
--allocation-pool start=7.7.7.130,end=7.7.7.150 \
--gateway 7.7.7.1 7.7.7.0/24 --disable-dhcp</userinput>
<computeroutput>+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "7.7.7.130", "end": "7.7.7.150"} |
| cidr | 7.7.7.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 7.7.7.1 |
| host_routes | |
| id | aef60b55-cbff-405d-a81d-406283ac6cff |
| ip_version | 4 |
| name | |
| network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+------------------+--------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Set the gateway for the router to the external
network:</para>
<screen><prompt>#</prompt> <userinput>neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID</userinput>
<computeroutput>Set gateway for router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
</step>
</procedure>
<para>A user from <literal>tenant_A</literal> completes these
steps, so the credentials in the environment variables are
different than those in the previous procedure.</para>
<procedure>
<title>Allocate floating IP addresses</title>
<step>
<para>You can associate a floating IP address with a
VM after it starts. Store the port ID that was
allocated for the VM in the
<literal>PORT_ID</literal> variable:</para>
<screen><prompt>#</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+--------+--------+---------------+
| ID | Name | Status | Networks |
+--------------------------------------+--------+--------+---------------+
| 1cdc671d-a296-4476-9a75-f9ca1d92fd26 | testvm | ACTIVE | net1=10.5.5.3 |
+--------------------------------------+--------+--------+---------------+</computeroutput>
<prompt>#</prompt> <userinput>neutron port-list -- --device_id <replaceable>1cdc671d-a296-4476-9a75-f9ca1d92fd26</replaceable></userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 9aa47099-b87b-488c-8c1d-32f993626a30 | | fa:16:3e:b4:d6:6c | {"subnet_id": "c395cb5d-ba03-41ee-8a12-7e792d51a167", "ip_address": "10.5.5.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput>
<prompt>#</prompt> <userinput>PORT_ID=<replaceable>9aa47099-b87b-488c-8c1d-32f993626a30</replaceable></userinput></screen>
</step>
<step>
<para>Allocate a floating IP and store its ID in the
<literal>FLOATING_ID</literal>
variable:</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-create ext_net</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | |
| router_id | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput>
<prompt>#</prompt> <userinput>FLOATING_ID=<replaceable>7.7.7.131</replaceable></userinput></screen>
</step>
<step>
<para>Associate the floating IP with the port for the
VM:</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-associate $FLOATING_ID $PORT_ID</userinput>
<computeroutput>Associated floatingip 40952c83-2541-4d0c-b58e-812c835079a5</computeroutput></screen>
</step>
<step>
<para>Show the floating IP:</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-show $FLOATING_ID</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | 10.5.5.3 |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | 9aa47099-b87b-488c-8c1d-32f993626a30 |
| router_id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Test the floating IP:</para>
<screen><prompt>#</prompt> <userinput>ping 7.7.7.131</userinput>
<computeroutput>PING 7.7.7.131 (7.7.7.131) 56(84) bytes of data.
64 bytes from 7.7.7.131: icmp_req=2 ttl=64 time=0.152 ms
64 bytes from 7.7.7.131: icmp_req=3 ttl=64 time=0.049 ms</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="section_use-cases-single-router">
<title>Use case: provider router with private networks</title>
<para>This use case provides each tenant with one or more
private networks that connect to the outside world through
an OpenStack Networking router. When each tenant gets
exactly one network, this architecture maps to the same
logical topology as the VlanManager in Compute (although
of course, Networking does not require VLANs). Using the
Networking API, the tenant can only see a network for each
private network assigned to that tenant. The router object
in the API is created and owned by the cloud
administrator.</para>
<para>This model supports assigning public addresses to VMs by
using <firstterm baseform="floating IP">floating
IPs</firstterm>; the router maps public addresses from
the external network to fixed IPs on private networks.
Hosts without floating IPs can still create outbound
connections to the external network because the provider
router performs SNAT to the router's external IP. The IP
address of the physical router is used as the
<literal>gateway_ip</literal> of the external network
subnet, so the provider has a default router for Internet
traffic.</para>
<para>The router provides L3 connectivity among private
networks. Tenants can reach instances for other tenants
unless you use additional filtering, such as, security
groups). With a single router, tenant networks cannot use
overlapping IPs. To resolve this issue, the administrator
can create private networks on behalf of the
tenants.</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata scale="55"
fileref="../common/figures/UseCase-SingleRouter.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1DKxeZZXml_fNZHRoGPKkC7sGdkPJZCtWytYZqHIp_ZE/edit -->
</section>
</section>