Term | Description |
---|---|
An Networking L2 network (identified by a UUID and optional name) whose ports can be attached as vNICs to Compute instances and to various Networking agents. The Open vSwitch and Linux Bridge plug-ins each support several different mechanisms to realize virtual networks. | |
A network connecting virtualization hosts (such as, Compute nodes) with each other and with other network resources. Each physical network might support multiple virtual networks. The provider extension and the plug-in configurations identify physical networks using simple string names. | |
A virtual network that a tenant or an administrator creates. The physical details of the network are not exposed to the tenant. | |
A virtual network administratively created to map to a specific network in the data center, typically to enable direct access to non-OpenStack resources on that network. Tenants can be given access to provider networks. | |
A virtual network implemented as packets on a specific physical network containing IEEE 802.1Q headers with a specific VID field value. VLAN networks sharing the same physical network are isolated from each other at L2, and can even have overlapping IP address spaces. Each distinct physical network supporting VLAN networks is treated as a separate VLAN trunk, with a distinct space of VID values. Valid VID values are 1 through 4094. | |
A virtual network implemented as packets on a specific physical network containing no IEEE 802.1Q header. Each physical network can realize at most one flat network. | |
A virtual network that allows communication within each host, but not across a network. Local networks are intended mainly for single-node test scenarios, but can have other uses. | |
A virtual network
implemented as network packets encapsulated
using GRE. GRE networks are also referred to
as |
|
VXLAN is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. |
Attribute name | Type | Default Value | Description |
---|---|---|---|
provider:network_type | String | N/A | The physical mechanism by which the
virtual network is implemented. Possible
values are |
provider:physical_network | String | If a physical network named "default" has
been configured, and if
provider:network_type is
|
The name of the physical network over
which the virtual network is implemented
for flat and VLAN networks. Not applicable
to the |
provider:segmentation_id | Integer | N/A | For VLAN networks, the VLAN VID on the
physical network that realizes the virtual
network. Valid VLAN VIDs are 1 through
4094. For GRE networks, the tunnel ID.
Valid tunnel IDs are any 32 bit unsigned
integer. Not applicable to the
|
extension:provider_network:view
and
extension:provider_network:set
actions in the Networking policy configuration. The
default Networking configuration authorizes both
actions for users with the admin role. An authorized
client or an administrative user can view and set the
provider extended attributes through Networking API
calls. See Operation | Command |
---|---|
|
|
|
|
|
|
|
|
|
|
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the router. |
name | String | None | Human-readable name for the router. Might not be unique. |
admin_state_up | Bool | True | The administrative state of router. If false (down), the router does not forward packets. |
status | String | N/A | |
tenant_id | uuid-str | N/A | Owner of the router. Only admin users can specify a tenant_id other than its own. |
external_gateway_info | dict contain 'network_id' key-value pair | Null | External network that this router connects to for gateway services (for example, NAT) |
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the floating IP. |
floating_ip_address | string (IP address) | allocated by Networking | The external network IP address available to be mapped to an internal IP address. |
floating_network_id | uuid-str | N/A | |
router_id | uuid-str | N/A | Read-only value indicating the router that connects the external network to the associated internal port, if a port is associated. |
port_id | uuid-str | Null | Indicates the internal Networking port associated with the external floating IP. |
fixed_ip_address | string (IP address) | Null | Indicates the IP address on the internal port that is mapped to by the floating IP (since an Networking port might have more than one IP address). |
tenant_id | uuid-str | N/A | Owner of the Floating IP. Only admin users can specify a tenant_id other than its own. |
Operation | Command |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
security_group_api=neutron
option on
every node that runs Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the security group. |
name | String | None | Human-readable name for the security group. Might not be unique. Cannot be named default as that is automatically created for a tenant. |
description | String | None | Human-readable description of a security group. |
tenant_id | uuid-str | N/A | Owner of the security group. Only admin users can specify a tenant_id other than their own. |
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the security group rule. |
security_group_id | uuid-str or Integer | allocated by Networking | The security group to associate rule with. |
direction | String | N/A | The direction the traffic is allow (ingress/egress) from a VM. |
protocol | String | None | IP Protocol (icmp, tcp, udp, and so on). |
port_range_min | Integer | None | Port at start of range |
port_range_max | Integer | None | Port at end of range |
ethertype | String | None | ethertype in L2 packet (IPv4, IPv6, and so on) |
remote_ip_prefix | string (IP cidr) | None | CIDR for address range |
remote_group_id | uuid-str or Integer | allocated by Networking or Compute | Source security group to apply to rule. |
tenant_id | uuid-str | N/A | Owner of the security group rule. Only admin users can specify a tenant_id other than its own. |
Operation | Command |
---|---|
|
|
|
|
|
|
|
|
|
Operation | Command |
---|---|
|
|
|
|
|
|
|
|
PENDING_CREATE
state until a router is
created and the first interface is added to the router. At
that point the firewall policy is immediately applied to
the router and the firewall changes to ACTIVE
state.Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the firewall rule. |
tenant_id | uuid-str | N/A | Owner of the firewall rule. Only admin users can specify a tenant_id other than its own. |
name | String | None | Human readable name for the firewall rule (255 characters limit). |
description | String | None | Human readable description for the firewall rule (1024 characters limit). |
firewall_policy_id | uuid-str or None | allocated by Networking | This is a read-only attribute that gets populated with the uuid of the firewall policy when this firewall rule is associated with a firewall policy. A firewall rule can be associated with only one firewall policy at a time. However, the association can be changed to a different firewall policy. |
shared | Boolean | False | When set to True makes this firewall rule visible to tenants other than its owner, and it can be used in firewall policies not owned by its tenant. |
protocol | String | None | IP Protocol (icmp, tcp, udp, None). |
ip_version | Integer or String | 4 | IP Version (4, 6). |
source_ip_address | String (IP address or CIDR) | None | Source IP address or CIDR. |
destination_ip_address | String (IP address or CIDR) | None | Destination IP address or CIDR. |
source_port | Integer or String (either as a single port number or in the format of a ':' separated range) | None | Source port number or a range. |
destination_port | Integer or String (either as a single port number or in the format of a ':' separated range) | None | Destination port number or a range. |
position | Integer | None | This is a read-only attribute that gets assigned to this rule when the rule is associated with a firewall policy. It indicates the position of this rule in that firewall policy. |
action | String | deny | Action to be performed on the traffic matching the rule (allow, deny). |
enabled | Boolean | True | When set to False, disables this rule in the firewall policy. Facilitates selectively turning off rules without having to disassociate the rule from the firewall policy. |
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the firewall policy. |
tenant_id | uuid-str | N/A | Owner of the firewall policy. Only admin users can specify a tenant_id other their own. |
name | String | None | Human readable name for the firewall policy (255 characters limit). |
description | String | None | Human readable description for the firewall policy (1024 characters limit). |
shared | Boolean | False | When set to True makes this firewall policy visible to tenants other than its owner, and can be used to associate with firewalls not owned by its tenant. |
firewall_rules | List of uuid-str or None | None | This is an ordered list of firewall rule uuids. The firewall applies the rules in the order in which they appear in this list. |
audited | Boolean | False | When set to True by the policy owner indicates that the firewall policy has been audited. This attribute is meant to aid in the firewall policy audit workflows. Each time the firewall policy or the associated firewall rules are changed, this attribute is set to False and must be explicitly set to True through an update operation. |
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the firewall. |
tenant_id | uuid-str | N/A | Owner of the firewall. Only admin users can specify a tenant_id other than its own. |
name | String | None | Human readable name for the firewall (255 characters limit). |
description | String | None | Human readable description for the firewall (1024 characters limit). |
admin_state_up | Boolean | True | The administrative state of the firewall. If False (down), the firewall does not forward any packets. |
status | String | N/A | |
firewall_policy_id | uuid-str or None | None | The firewall policy uuid that this firewall is associated with. This firewall implements the rules contained in the firewall policy represented by this uuid. |
Attribute name | Type | Default Value | Description |
---|---|---|---|
id | uuid-str | generated | UUID for the QoS queue. |
default | Boolean | False by default | If True, ports are created with this queue size unless the network port is created or associated with a queue at port creation time. |
name | String | None | Name for QoS queue. |
min | Integer | 0 | Minimum Bandwidth Rate (kbps). |
max | Integer | N/A | Maximum Bandwidth Rate (kbps). |
qos_marking | String | untrusted by default | Whether QoS marking should be trusted or untrusted. |
dscp | Integer | 0 | DSCP Marking value. |
tenant_id | uuid-str | N/A | The owner of the QoS queue. |
Operation | Command |
---|---|
|
|
|
|
|
|
|
|
NVP version | Recommended Value |
2.x | 64 |
3.0.x | 5,000 |
3.1.x | 5,000 |
3.2.x | 10,000 |
Attribute name | Required | Input Type | Description |
---|---|---|---|
source | Yes | A valid CIDR or one of the keywords 'any' or 'external' | The network that a packet's source IP must match for the rule to be applied |
destination | Yes | A valid CIDR or one of the keywords 'any' or 'external' | The network that a packet's destination IP must match for the rule to be applied |
action | Yes | 'permit' or 'deny' | Determines whether or not the matched packets will allowed to cross the router |
nexthop | No | A plus-separated (+) list of next-hop IP addresses (e.g. '1.1.1.1+1.1.1.2') | Overrides the default virtual router used to handle traffic for packets that match the rule |