Chapter 5. Managing floating IP addresses
In addition to a having a private, fixed IP address, VM instances can have a public, or floating IP address to communicate with other networks. The information in this section describes how to create and manage floating IPs with the Red Hat OpenStack Platform (RHOSP) Networking service (neutron).
5.1. Creating floating IP pools
You can use floating IP addresses to direct ingress network traffic to your OpenStack instances. First, you must define a pool of validly routable external IP addresses, which you can then assign to instances dynamically. OpenStack Networking routes all incoming traffic destined for that floating IP to the instance that you associate with the floating IP.
OpenStack Networking allocates floating IP addresses to all projects (tenants) from the same IP ranges in CIDR format. As a result, all projects can consume floating IPs from every floating IP subnet. You can manage this behavior using quotas for specific projects. For example, you can set the default to 10 for ProjectA and ProjectB, while setting the quota for ProjectC to 0.
Procedure
When you create an external subnet, you can also define the floating IP allocation pool.
$ openstack subnet create --no-dhcp --allocation-pool start=IP_ADDRESS,end=IP_ADDRESS --gateway IP_ADDRESS --network SUBNET_RANGE NETWORK_NAME
If the subnet hosts only floating IP addresses, consider disabling DHCP allocation with the
--no-dhcpoption in theopenstack subnet createcommand.Example
$ openstack subnet create --no-dhcp --allocation_pool start=192.168.100.20,end=192.168.100.100 --gateway 192.168.100.1 --network 192.168.100.0/24 public
Verification
- You can verify that the pool is configured properly by assigning a random floating IP to an instance. (See the later link that follows.)
Additional resources
- subnet create in the Command Line Interface Reference
- Assigning a random floating IP
5.2. Assigning a specific floating IP
You can assign a specific floating IP address to a VM instance.
Procedure
Allocate a floating IP address to an instance by using the
openstack server add floating ipcommand.Example
$ openstack server add floating ip prod-serv1 192.0.2.200
Validation steps
Confirm that your floating IP is associated with your instance by using the
openstack server showcommand.Example
$ openstack server show prod-serv1
Sample output
+-----------------------------+------------------------------------------+ | Field | Value | +-----------------------------+------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2021-08-11T14:45:37.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | public=198.51.100.56,192.0.2.200 | | | | | config_drive | | | created | 2021-08-11T14:44:54Z | | flavor | review-ephemeral | | | (8130dd45-78f6-44dc-8173-4d6426b8e520) | | hostId | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 | | | 0ec6157eca4488c9 | | id | aef3ca09-887d-4d20-872d-1d1b49081958 | | image | rhel8 | | | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb) | | key_name | example-keypair | | name | prod-serv1 | | progress | 0 | | project_id | bd7a8c4a19424cf09a82627566b434fa | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2021-08-11T14:45:37Z | | user_id | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 | | | 45f76ffced91096196f646b5 | | volumes_attached | | +-----------------------------+------------------------------------------+
Additional resources
- server add floating ip in the Command Line Interface Reference
- server show in the Command Line Interface Reference
- Assigning a random floating IP
5.3. Creating an advanced network
Advanced network options are available for administrators, when creating a network in the Dashboard from the Admin view. Use these options to specify projects and to define the network type that you want to use.
Procedure
- In the dashboard, select Admin > Networks > Create Network > Project.
- Select the project that you want to host the new network with the Project drop-down list.
Review the options in Provider Network Type:
- Local - Traffic remains on the local Compute host and is effectively isolated from any external networks.
- Flat - Traffic remains on a single network and can also be shared with the host. No VLAN tagging or other network segregation takes place.
- VLAN - Create a network using a VLAN ID that corresponds to a VLAN present in the physical network. This option allows instances to communicate with systems on the same layer 2 VLAN.
- GRE - Use a network overlay that spans multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.
- VXLAN - Similar to GRE, and uses a network overlay to span multiple nodes for private communication between instances. Traffic egressing the overlay must be routed.
Click Create Network.
Review the Project Network Topology to validate that the network has been successfully created.
Additional resources
5.4. Assigning a random floating IP
You can dynamically allocate floating IP addresses to VM instances from a pool of external IP addresses.
Prerequisites
A pool of routable external IP addresses.
For more information, see Section 5.1, “Creating floating IP pools”.
Procedure
Enter the following command to allocate a floating IP address from the pool. In this example, the network is named
public.Example
$ openstack floating ip create public
Sample output
In the following example, the newly allocated floating IP is
192.0.2.200. You can assign it to an instance.+---------------------+--------------------------------------------------+ | Field | Value | +---------------------+--------------------------------------------------+ | fixed_ip_address | None | | floating_ip_address | 192.0.2.200 | | floating_network_id | f0dcc603-f693-4258-a940-0a31fd4b80d9 | | id | 6352284c-c5df-4792-b168-e6f6348e2620 | | port_id | None | | router_id | None | | status | ACTIVE | +---------------------+--------------------------------------------------+
Enter the following command to locate your instance:
$ openstack server list
Sample output
+-------------+-------------+--------+-------------+-------+-------------+ | ID | Name | Status | Networks | Image | Flavor | +-------------+-------------+--------+-------------+-------+-------------+ | aef3ca09-88 | prod-serv1 | ACTIVE | public=198. | rhel8 | review- | | 7d-4d20-872 | | | 51.100.56 | | ephemeral | | d-1d1b49081 | | | | | | | 958 | | | | | | | | | | | | | +-------------+-------------+--------+-------------+-------+-------------+
Associate the instance name or ID with the floating IP.
Example
$ openstack server add floating ip prod-serv1 192.0.2.200
Validation steps
Enter the following command to confirm that your floating IP is associated with your instance.
Example
$ openstack server show prod-serv1
Sample output
+-----------------------------+------------------------------------------+ | Field | Value | +-----------------------------+------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2021-08-11T14:45:37.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | public=198.51.100.56,192.0.2.200 | | | | | config_drive | | | created | 2021-08-11T14:44:54Z | | flavor | review-ephemeral | | | (8130dd45-78f6-44dc-8173-4d6426b8e520) | | hostId | 2308c8d8f60ed5394b1525122fb5bf8ea55c78b8 | | | 0ec6157eca4488c9 | | id | aef3ca09-887d-4d20-872d-1d1b49081958 | | image | rhel8 | | | (20724bfe-93a9-4341-a5a3-78b37b3a5dfb) | | key_name | example-keypair | | name | prod-serv1 | | progress | 0 | | project_id | bd7a8c4a19424cf09a82627566b434fa | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2021-08-11T14:45:37Z | | user_id | 4b7e19a0d723310fd92911eb2fe59743a3a5cd32 | | | 45f76ffced91096196f646b5 | | volumes_attached | | +-----------------------------+------------------------------------------+
Additional resources
- floating ip create in the Command Line Interface Reference
- server add floating ip in the Command Line Interface Reference
- server show in the Command Line Interface Reference
- Creating floating IP pools
5.5. Creating multiple floating IP pools
OpenStack Networking supports one floating IP pool for each L3 agent. Therefore, you must scale your L3 agents to create additional floating IP pools.
Procedure
-
Make sure that in
/var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.confthe propertyhandle_internal_only_routersis set toTruefor only one L3 agent in your environment. This option configures the L3 agent to manage only non-external routers.
Additional resources
5.6. Bridging the physical network
Bridge your virtual network to the physical network to enable connectivity to and from virtual instances.
In this procedure, the example physical interface, eth0, is mapped to the bridge, br-ex; the virtual bridge acts as the intermediary between the physical network and any virtual networks.
As a result, all traffic traversing eth0 uses the configured Open vSwitch to reach instances.
To map a physical NIC to the virtual Open vSwitch bridge, complete the following steps:
Procedure
Open
/etc/sysconfig/network-scripts/ifcfg-eth0in a text editor, and update the following parameters with values appropriate for the network at your site:- IPADDR
- NETMASK GATEWAY
DNS1 (name server)
Here is an example:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=OVSPort DEVICETYPE=ovs OVS_BRIDGE=br-ex ONBOOT=yes
Open
/etc/sysconfig/network-scripts/ifcfg-br-exin a text editor and update the virtual bridge parameters with the IP address values that were previously allocated to eth0:# vi /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex DEVICETYPE=ovs TYPE=OVSBridge BOOTPROTO=static IPADDR=192.168.120.10 NETMASK=255.255.255.0 GATEWAY=192.168.120.1 DNS1=192.168.120.1 ONBOOT=yes
You can now assign floating IP addresses to instances and make them available to the physical network.
Additional resources
5.7. Adding an interface
You can use interfaces to interconnect routers with subnets so that routers can direct any traffic that instances send to destinations outside of their intermediate subnet.
To add a router interface and connect the new interface to a subnet, complete these steps:
This procedure uses the Network Topology feature. Using this feature, you can see a graphical representation of all your virtual routers and networks while you to perform network management tasks.
- In the dashboard, select Project > Network > Network Topology.
- Locate the router that you want to manage, hover your mouse over it, and click Add Interface.
Specify the Subnet that you want to connect to the router.
You can also specify an IP address. The address is useful for testing and troubleshooting purposes, since a successful ping to this interface indicates that the traffic is routing as expected.
Click Add interface.
The Network Topology diagram automatically updates to reflect the new interface connection between the router and subnet.
5.8. Deleting an interface
You can remove an interface to a subnet if you no longer require the router to direct traffic for the subnet.
To delete an interface, complete the following steps:
- In the dashboard, select Project > Network > Routers.
- Click the name of the router that hosts the interface that you want to delete.
- Select the interface type (Internal Interface), and click Delete Interfaces.
