7.7. Create an External Network

OpenStack networking provides two mechanisms for connecting the Layer 3 (L3) agent to an external network. The first, attaching it to an external bridge (br-ex) directly, is only supported when the Open vSwitch plug-in is in use. The second method, which is supported by both the Open vSwitch plug-in and the Linux Bridge plug-in, is to use an external provider network.
To use an external provider network it is first necessary to create one. Follow the steps outlined in this procedure while logged in to a system with the OpenStack networking client - provided by the python-neutronclient package installed. You must also have access to a keystonerc_admin file containing the authentication details of the OpenStack administrative user.
Take note of the unique identifiers generated by the steps listed in this procedure. These identifiers will be required when configuring the L3 agent.

Procedure 7.15. Creating and configuring an external network

  1. Use the source command to load the credentials of the administrative user. 
    $ source ~/keystonerc_admin
  2. Use the net-create action of the neutron command line client to create a new provider network. 
    $ neutron net-create EXTERNAL_NAME \
   --router:external True \
   --provider:network_type TYPE \
   --provider:physical_network PHYSNET \
   --provider:segmentation_id VLAN_TAG
    Replace these strings with the appropriate values for your environment:
    • Replace EXTERNAL_NAME with a name for the new external network provider.
    • Replace PHYSNET with a name for the physical network. This is not applicable if you intend to use a local network type. PHYSNET must match one of the values defined under bridge_mappings in the /etc/neutron/plugin.ini file.
    • Replace TYPE with the type of provider network you wish to use. Supported values are flat (for flat networks), vlan (for VLAN networks), and local (for local networks).
    • Replace VLAN_TAG with the VLAN tag that will be used to identify network traffic. The VLAN tag specified must have been defined by the network administrator.
      If the network_type was set to a value other than vlan then this parameter is not required.
    Take note of the unique external network identifier returned, this will be required in subsequent steps.
  3. Use the subnet-create action of the command line client to create a new subnet for the new external provider network. 
    $ neutron subnet-create --gateway GATEWAY \
   --allocation-pool start=IP_RANGE_START,end=IP_RANGE_END \
   --disable-dhcp EXTERNAL_NAME EXTERNAL_CIDR
    Replace these strings with the appropriate values for your environment:
    • Replace GATEWAY with the IP address or hostname of the system that is to act as the gateway for the new subnet.
    • Replace IP_RANGE_START with the IP address that denotes the start of the range of IP addresses within the new subnet that floating IP addresses will be allocated from.
    • Replace IP_RANGE_END with the IP address that denotes the end of the range of IP addresses within the new subnet that floating IP addresses will be allocated from.
    • Replace EXTERNAL_NAME with the name of the external network the subnet is to be associated with. This must match the name that was provided to the net-create action in the previous step.
    • Replace EXTERNAL_CIDR with the Classless Inter-Domain Routing (CIDR) representation of the block of IP addresses the subnet represents. An example would be 192.168.100.0/24.
    Take note of the unique subnet identifier returned, this will be required in subsequent steps.

    Important

    The IP address used to replace the string GATEWAY must be within the block of IP addresses specified in place of the EXTERNAL_CIDR string but outside of the block of IP addresses specified by the range started by IP_RANGE_START and ended by IP_RANGE_END.
    The block of IP addresses specified by the range started by IP_RANGE_START and ended by IP_RANGE_END must also fall within the block of IP addresses specified by EXTERNAL_CIDR.
  4. Use the router-create action of the neutron command line client to create a new router. 
    $ neutron router-create NAME
    Replace NAME with the name to give the new router. Take note of the unique router identifier returned, this will be required in subsequent steps.
  5. Use the router-gateway-set action of the neutron command line client to link the newly created router to the external provider network. 
    $ neutron router-gateway-set ROUTER NETWORK
    Replace ROUTER with the unique identifier of the router, replace NETWORK with the unique identifier of the external provider network.
  6. Use the router-interface-add action of the neutron command line client to link the newly created router to each private network subnet. 
    $ neutron router-interface-add ROUTER SUBNET
    Replace ROUTER with the unique identifier of the router, replace SUBNET with the unique identifier of a private network subnet. Perform this step for each existing private network subnet to which you wish to link the router.
An external provider network has been created. Use the unique identifier of the router when configuring the L3 agent.