Chapter 12. Cloud Networks

Red Hat CloudForms enables configuration and administration for the software-defined networking component of Red Hat OpenStack Platform. The virtual network infrastructure enables connectivity between instances and the physical external network.

This section describes common cloud network administration tasks, such as adding and removing subnets and routers to suit your Red Hat OpenStack Platform providers.

12.1. Creating and Administering Cloud Networks

Create a network to provide instances a place to communicate internally and receive IP addresses using Dynamic Host Configuration Protocol (DHCP). A network can also be integrated with external networks in your Red Hat OpenStack Platform deployment or elsewhere, such as the physical network.

Note
  • Keystone API v3 is required to create cloud tenants on Red Hat OpenStack Platform cloud providers. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.
  • For further details on cloud network objects and administration, see the Networking Guide in the Red Hat OpenStack Platform documentation..

12.1.1. Adding a Cloud Network

Add a new cloud network following the steps in this procedure:

  1. Navigate to NetworksNetworks.
  2. Click Configuration (Configuration) and click Add a new Cloud Network.
  3. In the Network Providers area, select a Network Manager from the drop-down menu.
  4. Under Placement, select a Cloud Tenant.
  5. In the Network Provider Information section, choose a Provider Network Type.

    • If Local is selected, provide a Physical Network name.
    • If GRE is selected, provide a Physical Network name and Segmentation ID.
  6. In the Network Information area:

    1. Provide a descriptive Network Name based on the role the network will perform.
    2. Enable an External Router
    3. Set the Administrative State to control whether the network is immediately available.
    4. Establish Shared status of the network.
  7. Click Add.

12.1.2. Editing Cloud Network Details

To edit network information details of a cloud network:

  1. Navigate to NetworksNetworks.
  2. Select a network from the list view.
  3. Click Configuration (Configuration), then Edit selected Cloud Network (Edit selected Cloud Network).
  4. Edit Network Information fields.
  5. Click Save.

12.1.3. Deleting a Cloud Network

To delete a cloud network:

  1. Navigate to NetworksNetworks.
  2. Select a cloud network from the list view.
  3. Click Configuration (Configuration), then click Delete selected Cloud Networks.

12.2. Creating and Administering Subnets

Red Hat CloudForms enables creation and administration of subnets for your cloud networks. Create subnets in pre-existing networks as means to grant network connectivity to instances. Subnets are the means by which instances are granted network connectivity. Each instance is assigned to a subnet as part of the instance creation process.

Consider proper placement of instances to best accommodate their connectivity requirements:

  • Tenant networks in OpenStack Networking can host multiple subnets.
  • Subnets are isolated from one another.
  • Host distinctly different systems on different subnets within the same network.
  • Instances on one subnet that wish to communicate with another subnet must have traffic directed by a router.
  • Place systems requiring a high volume of traffic amongst themselves in the same subnet, avoiding routing and subsequent latency and load issues.

12.2.1. Adding a Subnet

Add a subnet to an existing cloud network following the procedure below.

  1. Navigate to NetworksSubnets.
  2. Click Configuration (Configuration), then click Add a new Cloud Subnet.
  3. Select a Network Manager.
  4. Under Placement, select a Cloud Tenant.
  5. Provide the following Cloud Subnet details:

    1. A descriptive Subnet Name.
    2. The Gateway IP address of the router interface for the default gateway.
    3. Enable DHCP services for the subnet. DHCP allows automated distribution of IP settings to instances.
    4. Select the IP Version. The IP address range in the Network Address field must match whichever version you select.
    5. Input the Subnet CIDR address in CIDR format, which contains the IP address range and subnet mask in one value.

      Note

      Determine the address by calculating the number of bits masked in the subnet mask and append that value to the IP address range. For example, the subnet mask 255.255.255.0 has 24 masked bits. To use this mask with the IPv4 address range 192.168.122.0, specify the address 192.168.122.0/24.

12.2.2. Editing a Cloud Subnet

To edit the details of a cloud subnet:

  1. Navigate to NetworksSubnets.
  2. Click on a subnet from the list view.
  3. Click Configuration (Configuration), then Edit this Cloud Subnet (Edit this Cloud Subnet).
  4. Edit Cloud Subnet details fields.
  5. Click Save.

12.3. Configuring Network Routers

Red Hat CloudForms enables configuration for Red Hat OpenStack Platform provider cloud network routing services using an SDN-based virtual router.

  • Routers are a requirement for your instances to communicate with external subnets, including those out in the physical network.
  • Routers and subnets connect using interfaces, with each subnet requiring its own interface to the router.
  • A router’s default gateway defines the next hop for any traffic received by the router.
  • A router’s network is typically configured to route traffic to the external physical network using a virtual bridge.

12.3.1. Adding a Network Router

Add a network router to an existing cloud network by following the procedure below.

  1. Navigate to NetworksNetwork Routers.
  2. Click Configuration (Configuration) and click Add a new Router.
  3. In the Network Provider area, select a Network Manager.
  4. Provide a Router Name.
  5. Under External Gateway:

    1. If Yes is selected, provide the following:

      1. Choose to Enable Source NAT. In Source Network Address Translation (SNAT), he NAT router modifies the IP address of the sender in IP packets. SNAT is commonly used to enable hosts with private addresses to communicate with servers on the public Internet.
      2. Select a Network.
      3. Select a Subnet.
  6. Select a Cloud Tenant.
  7. Click Add.

12.3.2. Editing Network Router Details

To edit the details of a network router:

  1. Navigate to NetworksNetwork Routers.
  2. Select a network router from the list view.
  3. Click Configuration (Configuration), then Edit selected Router (Edit selected Router).
  4. Edit required fields.
  5. Click Save.

12.3.3. Adding an Interface to a Network Router

Interfaces allow you to interconnect routers with subnets. As a result, the router can direct any traffic that instances send to destinations outside of their intermediate subnet.

To add an interface to a network router:

  1. Navigate to NetworksNetwork Routers.
  2. Select a network router from the list view.
  3. Click Configuration (Configuration), then Add Interface to this Router (Add Interface to this Router).
  4. Select a Subnet from the list.
  5. Click Add.

12.3.4. Removing a Network Router Interface

You can remove an interface to a subnet if you no longer require the router to direct its traffic.

To remove an interface:

  1. Navigate to NetworksNetwork Routers.
  2. Select a network router in the list view.
  3. Click Configuration (Configuration), then Remove Interface from this Router (Remove Interface from this Router).
  4. Confirm your choice.

12.3.5. Deleting a Network Router

To delete a network router:

  1. Navigate to NetworksNetwork Routers.
  2. Select a network router from the list view.
  3. Click Configuration (Configuration), then click Delete selected Routers.

12.4. Creating Floating IPs

Floating IP addresses allow you to direct ingress network traffic to your cloud network instances. Define a pool of validly routable external IP addresses, which can then be dynamically assigned to an instance. All incoming traffic destined for that floating IP is routed to the instance to which it has been assigned.

Note

Red Hat OpenStack Networking allocates floating IP addresses to all projects (tenants) from the same IP ranges/CIDRs. As a result, every subnet of floating IPs is consumable by any and all projects. Manage this behavior using quotas for specific projects.

12.4.1. Adding Floating IPs.

Floating IP addresses allow you to direct ingress network traffic to your instances.

Add floating IP addresses to an existing cloud network by following the procedure below.

  1. Navigate to NetworksFloating IPs.
  2. Click COnfiguration (Configuration) and click Add a new Floating IP.
  3. Select a Network Manager.
  4. Choose an External Network
  5. Under Association Information provide the following:

    1. (Optional) An Associated Port for the floating IP.
    2. (Optional) The Floating IP Address.
  6. Select a Cloud Tenant.
  7. Click Add.

12.4.2. Managing Port Association of a Floating IP

To manage the port associations of a floating IP:

  1. Navigate to NetworksFloating IPs.
  2. Click on a floating IP from the list view.
  3. Click Configuration (Configuration), then Manage the port association of this Floating IP (Manage the port association of this Floating IP).
  4. To associate a port, add a new Port id
  5. To disassociate a port, delete the Port id field information.
  6. Click Save.

12.4.3. Deleting a Floating IP

To delete a floating IP

  1. Navigate to NetworksFloating IPs.
  2. SClick on a floating IP from the list view to view its summary page.
  3. Click Configuration (Configuration), then click Delete this Floating IP.

12.5. Security Groups

You can group instances using security groups to restrict port or IP address accessibility. Security groups can be created and assigned to instances using Red Hat CloudForms instance provisioning.

Cloud providers that currently support this function include: Amazon EC2, OpenStack, and Red Hat Enterprise Virtualization.

12.5.1. Editing Security Group Details

Editing security group information allows users to make changes to existing security group details and firewall rules, in additional to adding new firewall rules.

To edit details of a security group:

  1. Navigate to NetworksSecurity Groups.
  2. Click on a security group to view the summary page.
  3. Click Configuration (Configuration), then Edit this Security Group (Edit this Security Group).
  4. Under Security Group Information, edit the Security Group Name and the Security Group Description.
  5. Edit existing Firewall Rules or add new firewall rules by clicking Add a Firewall Rule.
  6. Click Save.

12.5.2. Viewing Security Groups

This procedure describes how to view security groups.

  1. Navigate to NetworksSecurity Groups.
  2. Click the desired security groups for viewing the details.

    • In Properties, you can view the basic information of the security group.
    • In Relationships, you can view the cloud provider and the instances associated with the security group.
    • In Firewall Rules, you can view a list of ports and IP ranges that are accessible.

      Note

      This box is not available if you have not set any rules for your security group.

12.5.3. Tagging Security Groups

Apply tags to security groups to categorize them.

  1. Navigate to NetworksSecurity Groups.
  2. Select the security group to tag.
  3. Click 1941 (Policy), and then 1851 (Edit Tags).
  4. Select a customer tag to assign from the dropdown menu.
  5. Select a value to assign.
  6. Click Save.

12.5.4. Deleting a Security Group

To delete a security group:

  1. Navigate to NetworksSecurity Groups.
  2. Click on a security group in the list view to view its summary page.
  3. Click on Configuration (Configuration), then click Delete this Security Group.