Command-line
Once correctly authenticated to the OpenStack DMZ VPN - we can begin creating a segregated private Neutron network.
Create initial network
To begin - create a Neutron network:
[wflintstone@login1(demo) ~]$ neutron net-create bedrock-net
Created a new network:
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | True |
| id | e90b09bb-2d90-43d7-95f3-9f301d87a47a |
| mtu | 0 |
| name | bedrock-net |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 06c2c75c14514ca0880e987398ec4a76 |
+-----------------+--------------------------------------+
Save the network unique ID as a variable for later use:
$ BEDROCKNET="e90b09bb-2d90-43d7-95f3-9f301d87a47a"
Create and attach subnet
We will now create a subnet for the network, with the network address range 10.75.0.0/16
. There is no limitation on network address ranges, several users can create a network with the 10.75.0.0/16
range, no clashes etc. will occur.
[wflintstone@login1(demo) ~]$ neutron subnet-create --name bedrock-subnet $BEDROCKNET 10.75.0.0/16
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "10.75.0.2", "end": "10.75.255.254"} |
| cidr | 10.75.0.0/16 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.75.0.1 |
| host_routes | |
| id | cbdc2308-c80a-4e33-bbec-79f015e8a80a |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | bedrock-subnet |
| network_id | e90b09bb-2d90-43d7-95f3-9f301d87a47a |
| subnetpool_id | |
| tenant_id | 06c2c75c14514ca0880e987398ec4a76 |
+-------------------+------------------------------------------------+
Save the subnet unique ID as a variable for later use:
$ BEDROCKSUBNET="cbdc2308-c80a-4e33-bbec-79f015e8a80a"
Create a Neutron router
OpenStack users and projects can have many networks - routers are used to provide access between Neutron Networks. By default, floating IPs are allocated to the primary
project on the public
network - a system administrator can allocate floating IPs to additional projects and networks upon request.
To create a Neutron router and attach it to both the public
network subnet and bedrock
(replace with your network ID/name) network subnet:
[wflintstone@login1(demo) ~]$ neutron router-create bedrock-router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | ac24fdb4-1b03-4008-bb62-95391e0f9b7c |
| name | bedrock-router |
| routes | |
| status | ACTIVE |
| tenant_id | 06c2c75c14514ca0880e987398ec4a76 |
+-----------------------+--------------------------------------+
Save the router unique ID as a variable for later use:
$ BEDROCKROUTER="ac24fdb4-1b03-4008-bb62-95391e0f9b7c"
Set gateway on the router
Add both the public
network and user networks to the router:
[wflintstone@login1(demo) ~]$ neutron router-gateway-set $BEDROCKROUTER public
Set gateway for router ac24fdb4-1b03-4008-bb62-95391e0f9b7c
Add the router interface to the user network:
[wflintstone@login1(demo) ~]$ neutron router-interface-add $BEDROCKROUTER $BEDROCKSUBNET
Added interface 0b5cb687-ecd5-49e2-a2ec-0d10d8f0a0bb to router ac24fdb4-1b03-4008-bb62-95391e0f9b7c.