Creating an external floating IP Neutron network_OpenStack Cloud Computing Cookbook（Third Edition）-QQ阅读男生玄幻网

书名：OpenStack Cloud Computing Cookbook（Third Edition）
作者名：Kevin Jackson Cody Bunch Egle Sigler
本章字数：1107字
更新时间：2025-03-01 04:14:04

Creating an external floating IP Neutron network

In Neutron, it is easy to create many private networks that allow communication between your instances. To allow access from your client to these, though, we must create a router on the provider network (an external network) that is routed into our OpenStack environment. This provider network allows us to allocate floating addresses to our instances.

Getting ready

Ensure that you have a suitable client available for using Neutron. If you are using the accompanying Vagrant environment, you can use the controller node. This has the python-neutronclient package installed that provides the neutron command-line client.

If you created this node with Vagrant, you can execute the following command:

vagrant ssh controller

Ensure you have the following credentials set (adjust the path to your certificates and key file to match your environment if not using the Vagrant environment):

export OS_TENANT_NAME=cookbook
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=https://192.168.100.200:5000/v2.0/
export OS_NO_CACHE=1
export OS_KEY=/vagrant/cakey.pem
export OS_CACERT=/vagrant/ca.pem

How to do it...

To create an external router on our Neutron network for a particular tenant, we need to have tenant admin privileges. We will first create a public network in our admin tenant and then attach this to a tenant's router that requires external access to our instances. This will be achieved by assigning of a floating IP to the instance.

Once our environment has been set correctly with admin privileges, follow these steps:

We first need to get the service tenant ID that we can reference when creating the public shared network. To do so, issue the following command:
```
ADMIN_TENANT_ID=$(keystone tenant-list \
 | awk '/\ service\ / {print $2}')
```
Tip

The use of the service tenant is not a strict requirement. We are referring to a tenant outside all our private tenants that is under the control of our admin user only.
We can now create a new public network, which we will call floatingNet, to provide our external routing capability. To do this, we issue the following commands:
```
neutron net-create \
 --tenant-id ${ADMIN_TENANT_ID} \
 --router:external=True \
 floatingNet
```
We then create our external/floating range on this network. In this example, this external subnet is 192.168.100.0/24. To do this, we specify a n address range that we will manually assign to instances as floating address, ensuring that the allocation pool (the list of allowed IPs) does not conflict with any IPs used currently in our physical environment:
```
neutron subnet-create \
 --tenant-id ${ADMIN_TENANT_ID} \
 --name floatingSubnet \
 --allocation-pool \
 start=192.168.100.10,end=192.168.100.20 \
 --enable_dhcp=False \
 floatingNet \
 192.168.100.0/24
```
We now need to set a gateway on our Cookbook router (described in step 4 of the Creating a tenant Neutron network recipe) to this floating network using the following commands:
```
neutron router-gateway-set \
 cookbook_router_1 \
 floatingNet
```
With the networking elements complete, we can now utilize this floating network. To do so, we assign a floating IP to our running instance, so first we need to see what IP has been assigned to our instance on the cookbook_network_1 network by issuing a nova list command:
```
nova list
```
You will get the following output:
We also gather some information about the routers and Neutron network ports used in our environment. To collect information about our cookbook_router_1 network, issue the following command:
```
neutron router-show cookbook_router_1
```
You will get the following output. The information we need is the router ID and the Network ID:
To assign a floating IP to the instance attached to this port, we issue the following command that first creates a new floating IP available for our use from the floatingNet network:
```
neutron floatingip-create \
 --tenant-id ${ADMIN_TENANT_ID} \
 floatingNet
```
You will get the following output:
We assign this floating IP to the port that our instance is attached to. This information can be found by interrogating the list of ports in use on the router:
```
neutron port-list \
 --router_id=e63fe19d-7628-4180-994d-72035f770d77
```
You will get the following output and the information you need matches the IP address listed in the nova list command. In this case, we need the port ID matching the IP address 10.200.0.2, as this is assigned to our instance:
In the preceding output, the instance with the IP address 10.200.0.2 is attached to port ID 3e5a298b-5ca8-4484-b473-fa71410fd31c. When we created the floating IP, this had an ID of 48e2ca77-af4d-44b3-8c10-b6574d94d6ce. We associate this floating IP ID with the instance port ID to assign the floating IP to the instance using the following commands:
```
neutron floatingip-associate \
 48e2ca77-af4d-44b3-8c10-b6574d94d6ce \
 3e5a298b-5ca8-4484-b473-fa71410fd31c
```
You will get the message Associated floating IP 48e2ca77-af4d-44b3-8c10-b6574d94d6ce when successful.

Tip

You can view a list of available floating IP addresses and IDs with the neutron floatingip-list command.
We are now able to access our instance using the assigned Floating IP address of 192.168.100.11, which had limited access from our network node:

How it works...

We have created a network that allows us to assign floating addresses to our instances. This subnet is routable from the rest of the network outside OpenStack, or a public address space directly on the Internet. To do this, we first create a network in an admin tenant that can have a gateway set by using the --router:external=True flag to our neutron net-create command:

neutron net-create \
 --tenant-id ADMIN_TENANT_ID \
 --router:external=True \
 NAME_OF_EXTERNAL_NETWORK

As we will be configuring addresses manually to allow us to assign floating IP addresses to instances, we specify a subnet where we define the range of IP addresses but disable DHCP:

neutron subnet-create \
 --tenant-id ADMIN_TENANT_ID \
 --name NAME_OF_SUBNET \
 --allocation-pool start=IP_RANGE_START,end=IP_RANGE_END \
 --enable_dhcp=False \
 EXTERNAL_NETWORK_NAME \
 SUBNET_CIDR

We assign a router gateway to the network by issuing the following command on an existing router on our network. This router then provides the appropriate NAT when we assign this to an instance on the private network connected to that router:

neutron router-gateway-set \
 ROUTER_NAME \
 EXTERNAL_NETWORK_NAME

Once configured, we can now allocate a floating IP address from this new range to our running instance. To do this, we run the following command:

nova list

Get the IP address of our running instance using the following command:

neutron router-show ROUTER_NAME

To get the ports in use on our router, use the following command:

neutron port-list \
 --router_id=ROUTER_ID

To create a floating IP for our use from our external network, use the following command (note the tenant ID doesn't have to be the admin tenant as used in the example):

neutron floatingip-create \
 --tenant-id=TENANT_ID \
 EXTERNAL_NETWORK_NAME

To associate the Floating IP to the instance, we use the port ID associated with the instance (as shown in the port listing on our router):

neutron floatingip-associate \
 FLOATING_IP_ID \
 VM_PORT_ON_ROUTER

At this point, we can access this instance from our physical network on this floating IP address.