openstack-manuals/doc/install-guide/section_neutron-provider-router-with-private_networks.xml
Diane Fleming 42b23e8c84 Edits to install guide
Closes-Bug: #1249082

Change-Id: I9f68073da5ca25867b2b8c099cce5df34f6a3eec
author: diane fleming
2013-11-10 06:43:51 +01:00

651 lines
37 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-provider-router_with-provate-networks">
<title>Provider router with private networks</title>
<para>This section describes how to install the OpenStack
Networking service and its components for a single router use
case: a provider router with private networks.</para>
<para>This figure shows the set up:</para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
contentwidth="6in"/>
</imageobject>
</mediaobject>
</informalfigure>
<note>
<para>Because you run the DHCP agent and L3 agent on one node,
you must set <literal>use_namespaces</literal> to
<literal>True</literal> (which is the default) in the
configuration files for both agents.</para>
</note>
<para>The configuration includes these nodes:</para>
<table rules="all">
<caption>Nodes for use case</caption>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><para>Controller</para></td>
<td><para>Runs the Networking service,
Identity Service, and all Compute
services that are required to deploy a
VM.</para>
<para>The service must have at least two network
interfaces. The first should be connected to
the Management Network to communicate with the
compute and network nodes. The second
interface should be connected to the
API/public network.</para></td>
</tr>
<tr>
<td><para>Compute</para></td>
<td><para>Runs Compute and the
Networking L2 agent.</para>
<para>This node does not have access the public
network.</para>
<para>The node must have a network interface that
communicates with the controller node through
the management network. The VM receives its IP
address from the DHCP agent on this
network.</para></td>
</tr>
<tr>
<td><para>Network</para></td>
<td><para>Runs Networking L2 agent, DHCP
agent, and L3 agent.</para>
<para>This node has access to the public network.
The DHCP agent allocates IP addresses to the
VMs on the network. The L3 agent performs NAT
and enables the VMs to access the public
network.</para>
<para>The node must have:<itemizedlist>
<listitem>
<para>A network interface that
communicates with the controller
node through the management
network</para>
</listitem>
<listitem>
<para>A network interface on the data
network that manages VM
traffic</para>
</listitem>
<listitem>
<para>A network interface that
connects to the external gateway on
the network</para>
</listitem>
</itemizedlist></para></td>
</tr>
</tbody>
</table>
<section xml:id="demo_installions">
<title>Install</title>
<section xml:id="controller-install-neutron-server">
<title>Controller</title>
<procedure>
<title>To install and configure the controller
node</title>
<step>
<para>Run this command:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install openstack-neutron</userinput></screen>
</step>
<step>
<para>Configure Networking services:</para>
<itemizedlist>
<listitem>
<para>Edit the
<filename>/etc/neutron/neutron.conf</filename>
file and add these lines:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy = keystone
fake_rabbit = False
rabbit_password = guest
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</listitem>
<listitem>
<para>Edit the <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:100:2999</programlisting>
</listitem>
<listitem>
<para>Edit the <filename>
/etc/neutron/api-paste.ini</filename>
file and add these lines:</para>
<programlisting language="ini">admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</listitem>
</itemizedlist>
</step>
<step>
<para>Start the services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
</step>
</procedure>
</section>
<section
xml:id="network-node-install-plugin-openvswitch-agent">
<title>Network node</title>
<procedure>
<title>To install and configure the network
node</title>
<step>
<para>Install the packages:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent \
neutron-dhcp-agent neutron-l3-agent</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch \
openstack-neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent \
openstack-neutron openstack-neutron-dhcp-agent openstack-neutron-l3-agent</userinput></screen>
</step>
<step>
<para>Start Open vSwitch<phrase
os="rhel;centos;fedora;opensuse;sles"> and
configure it to start when the system
boots</phrase>:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>Add the integration bridge to the Open
vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>Update the OpenStack Networking <filename>
/etc/neutron/neutron.conf</filename>
configuration file:</para>
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
rabbit_host = <replaceable>controller</replaceable>
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT qpid_hostname controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
</step>
<step>
<para>Update the plug-in <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
</filename> configuration file:</para>
<programlisting language="ini">[ovs]
tenant_network_type=vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step>
<para>Create the <literal>br-eth1</literal>
network bridge. All VM communication between
the nodes occurs through
<literal>br-eth1</literal>:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Create the external network bridge to the
Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth2</userinput></screen>
</step>
<step>
<para>Edit the <filename>
/etc/neutron/l3_agent.ini</filename> file
and add these lines:</para>
<programlisting language="ini">[DEFAULT]
auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable>
metadata_ip = <replaceable>controller</replaceable>
use_namespaces = True</programlisting>
</step>
<step>
<para>Edit the <filename>
/etc/neutron/api-paste.ini</filename> file
and add these lines:</para>
<programlisting language="ini">[DEFAULT]
auth_host = <replaceable>controller</replaceable>
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
<step>
<para>Edit the <filename>
/etc/neutron/dhcp_agent.ini</filename>
file and add this line:</para>
<programlisting language="ini">use_namespaces = True</programlisting>
</step>
<step os="debian;ubuntu">
<para>Restart networking services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Start and permanently enable networking
services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-dhcp-agent start</userinput>
<prompt>#</prompt> <userinput>service neutron-l3-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-dhcp-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-l3-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent start</userinput>
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-dhcp-agent on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-l3-agent on</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<!-- FIXME: Required on Debian/Ubuntu? -->
<para>Enable the <systemitem class="service"
>neutron-ovs-cleanup</systemitem> service.
This service starts on boot and ensures that
Networking has full control over the creation
and management of <literal>tap</literal>
devices.</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-ovs-cleanup on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-ovs-cleanup on</userinput></screen>
</step>
</procedure>
</section>
<section xml:id="compute-node-install-openvswitch">
<title>Compute Node</title>
<procedure>
<title>To install and configure the compute
node</title>
<step>
<!-- FIXME Review Fedora instructions -->
<para>Install the packages:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>apt-get install openvswitch-switch neutron-plugin-openvswitch-agent</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
</step>
<step>
<para>Start the OpenvSwitch service<phrase
os="rhel;centos;fedora;opensuse;sles"> and
configure it to start when the system
boots</phrase>:</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles;ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>Create the integration bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>Create the <literal>br-eth1</literal>
network bridge. All VM communication between
the nodes occurs through
<literal>br-eth1</literal>:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Edit the OpenStack Networking <filename>
/etc/neutron/neutron.conf</filename>
configuration file and add this line:</para>
<programlisting language="ini" os="debian;ubuntu">rabbit_password = guest
rabbit_host = <replaceable>controller</replaceable>
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT qpid_hostname controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
DEFAULT rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf \
database connection mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</userinput></screen>
</step>
<step>
<para>Edit the <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and add these lines:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step os="debian;ubuntu">
<para>Restart the OpenvSwitch Neutron plug-in
agent:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Start and permanently enable networking
services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
</step>
</procedure>
</section>
</section>
<section xml:id="demo_logical_network_config">
<title>Logical network configuration</title>
<note>
<para>Run these commands on the network node.</para>
<para>Ensure that the following environment variables are
set. Various clients use these variables to access the
Identity Service.</para>
</note>
<itemizedlist>
<listitem>
<para>Create a <filename>novarc</filename>
file:</para>
<programlisting language="bash">export OS_TENANT_NAME=provider_tenant
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL="http://<replaceable>controller</replaceable>:5000/v2.0/"
export SERVICE_ENDPOINT="http://<replaceable>controller</replaceable>:35357/v2.0"
export SERVICE_TOKEN=password</programlisting>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>Export the variables:</para>
<screen><prompt>#</prompt> <userinput>source novarc echo "source novarc">>.bashrc</userinput></screen>
</listitem>
</itemizedlist>
<para>The admin user creates a network and subnet on behalf of
tenant_A. A tenant_A user can also complete these
steps.</para>
<procedure>
<title>To configure internal networking</title>
<step>
<para>Get the tenant ID (Used as $TENANT_ID
later).</para>
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput>
<computeroutput>+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| 48fb81ab2f6b409bafac8961a594980f | provider_tenant | True |
| cbb574ac1e654a0a992bfc0554237abf | service | True |
| e371436fe2854ed89cca6c33ae7a83cd | invisible_to_admin | True |
| e40fa60181524f9f9ee7aa1038748f08 | tenant_A | True |
+----------------------------------+--------------------+---------+</computeroutput></screen>
</step>
<step>
<para>Create an internal network named <emphasis
role="bold">net1</emphasis> for tenant_A
($TENANT_ID will be
e40fa60181524f9f9ee7aa1038748f08):</para>
<screen><prompt>#</prompt> <userinput>neutron net-create --tenant-id $TENANT_ID net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| name | net1 |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1024 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create a subnet on the network <emphasis
role="bold">net1</emphasis> (ID field below is
used as $SUBNET_ID later):</para>
<screen><prompt>#</prompt> <userinput>neutron subnet-create --tenant-id $TENANT_ID net1 10.5.5.0/24</userinput>
<computeroutput>+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.5.5.2", "end": "10.5.5.254"} |
| cidr | 10.5.5.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.5.5.1 |
| host_routes | |
| id | c395cb5d-ba03-41ee-8a12-7e792d51a167 |
| ip_version | 4 |
| name | |
| network_id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+------------------+--------------------------------------------+</computeroutput></screen>
</step>
</procedure>
<para>A user with the admin role must complete these steps. In
this procedure, the user is admin from
provider_tenant.</para>
<procedure>
<title>To configure the router and external
networking</title>
<step>
<para>Create a <emphasis role="bold"
>router1</emphasis> route. The ID is used as
$ROUTER_ID later:</para>
<screen><prompt>#</prompt> <userinput>neutron router-create router1</userinput>
<computeroutput>+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| name | router1 |
| status | ACTIVE |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+-----------------------+--------------------------------------+</computeroutput></screen>
<note>
<para>The <parameter>--tenant-id</parameter>
parameter is not specified, so this router is
assigned to the provider_tenant tenant.</para>
</note>
</step>
<step>
<para>Add an interface to the
<literal>router1</literal> router and attach
it to the subnet from
<literal>net1</literal>:</para>
<screen><prompt>#</prompt> <userinput>neutron router-interface-add $ROUTER_ID $SUBNET_ID</userinput>
<computeroutput>Added interface to router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
<note>
<para>You can repeat this step to add more
interfaces for other networks that belong to
other tenants.</para>
</note>
</step>
<step>
<para>Create the <literal>ext_net</literal> external
network:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create ext_net --router:external=True</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| name | ext_net |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+---------------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create the subnet for floating IPs.</para>
<note>
<para>The DHCP service is disabled for this
subnet.</para>
</note>
<screen><prompt>#</prompt> <userinput>neutron subnet-create ext_net \
--allocation-pool start=7.7.7.130,end=7.7.7.150 \
--gateway 7.7.7.1 7.7.7.0/24 --disable-dhcp</userinput>
<computeroutput>+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "7.7.7.130", "end": "7.7.7.150"} |
| cidr | 7.7.7.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 7.7.7.1 |
| host_routes | |
| id | aef60b55-cbff-405d-a81d-406283ac6cff |
| ip_version | 4 |
| name | |
| network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+------------------+--------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Set the gateway for the router to the external
network:</para>
<screen><prompt>#</prompt> <userinput>neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID</userinput>
<computeroutput>Set gateway for router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
</step>
</procedure>
<para>A user from tenant_A completes these steps, so the
credentials in the environment variables are different
than those in the previous procedure.</para>
<procedure>
<title>To allocate floating IP addresses</title>
<step>
<para>You can associate a floating IP address with a
VM after it starts. Find the ID of the port
($PORT_ID) that was allocated for the VM, as
follows:</para>
<screen><prompt>#</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+--------+--------+---------------+
| ID | Name | Status | Networks |
+--------------------------------------+--------+--------+---------------+
| 1cdc671d-a296-4476-9a75-f9ca1d92fd26 | testvm | ACTIVE | net1=10.5.5.3 |
+--------------------------------------+--------+--------+---------------+
</computeroutput>
<userinput>neutron port-list -- --device_id 1cdc671d-a296-4476-9a75-f9ca1d92fd26</userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 9aa47099-b87b-488c-8c1d-32f993626a30 | | fa:16:3e:b4:d6:6c | {"subnet_id": "c395cb5d-ba03-41ee-8a12-7e792d51a167", "ip_address": "10.5.5.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Allocate a floating IP (Used as
$FLOATING_ID):</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-create ext_net</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | |
| router_id | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Associate the floating IP with the port for the
VM:</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-associate $FLOATING_ID $PORT_ID</userinput>
<computeroutput>Associated floatingip 40952c83-2541-4d0c-b58e-812c835079a5</computeroutput></screen>
</step>
<step>
<para>Show the floating IP:</para>
<screen><prompt>#</prompt> <userinput>neutron floatingip-show $FLOATING_ID</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | 10.5.5.3 |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | 9aa47099-b87b-488c-8c1d-32f993626a30 |
| router_id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Test the floating IP:</para>
<screen><prompt>#</prompt> <userinput>ping 7.7.7.131</userinput>
<computeroutput>PING 7.7.7.131 (7.7.7.131) 56(84) bytes of data.
64 bytes from 7.7.7.131: icmp_req=2 ttl=64 time=0.152 ms
64 bytes from 7.7.7.131: icmp_req=3 ttl=64 time=0.049 ms
</computeroutput></screen>
</step>
</procedure>
</section>
<section xml:id="section_use-cases-single-router">
<title>Use case: provider router with private networks</title>
<para>This use case provides each tenant with one or more
private networks that connect to the outside world through
an OpenStack Networking router. When each tenant gets
exactly one network, this architecture maps to the same
logical topology as the VlanManager in Compute
(although of course, Networking does not require
VLANs). Using the Networking API, the tenant can
only see a network for each private network assigned to
that tenant. The router object in the API is created and
owned by the cloud administrator.</para>
<para>This model supports assigning public addresses to VMs by
using <firstterm>floating IPs</firstterm>; the router maps
public addresses from the external network to fixed IPs on
private networks. Hosts without floating IPs can still
create outbound connections to the external network
because the provider router performs SNAT to the router's
external IP. The IP address of the physical router is used
as the <literal>gateway_ip</literal> of the external
network subnet, so the provider has a default router for
Internet traffic.</para>
<para>The router provides L3 connectivity among private
networks. Tenants can reach instances for other tenants
unless you use additional filtering, such as, security
groups). With a single router, tenant networks cannot use
overlapping IPs. To resolve this issue, the administrator
can create private networks on behalf of the
tenants.</para>
<para>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata scale="55"
fileref="../common/figures/UseCase-SingleRouter.png"
/>
</imageobject>
</mediaobject>
</informalfigure>
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1DKxeZZXml_fNZHRoGPKkC7sGdkPJZCtWytYZqHIp_ZE/edit --></para>
</section>
</section>