Contents
Use Networking¶
You can manage OpenStack Networking services by using the service command. For example:
# service neutron-server stop
# service neutron-server status
# service neutron-server start
# service neutron-server restart
Log files are in the /var/log/neutron directory.
Configuration files are in the /etc/neutron directory.
Cloud administrators and tenants can use OpenStack Networking to build rich network topologies. Cloud administrators can create network connectivity on behalf of tenants.
Core Networking API features¶
After you install and configure Networking, tenants and administrators can perform create-read-update-delete (CRUD) API networking operations by using the Networking API directly or neutron command-line interface (CLI). The neutron CLI is a wrapper around the Networking API. Every Networking API call has a corresponding neutron command.
The CLI includes a number of options. For details, see the OpenStack End User Guide.
Basic Networking operations¶
To learn about advanced capabilities available through the neutron command-line interface (CLI), read the networking section in the OpenStack End User Guide.
This table shows example neutron commands that enable you to complete basic network operations:
| Operation | Command |
|---|---|
| Creates a network. | $ neutron net-create net1 |
| Creates a subnet that is associated with net1. | $ neutron subnet-create net1 10.0.0.0/24 |
| Lists ports for a specified tenant. | $ neutron port-list |
| Lists ports for a specified tenant and displays the id, fixed_ips, and device_owner columns. | $ neutron port-list -c id -c fixed_ips -c device_owner |
| Shows information for a specified port. | $ neutron port-show PORT_ID |
Basic Networking operations
Note
The device_owner field describes who owns the port. A port whose device_owner begins with:
- network is created by Networking.
- compute is created by Compute.
Administrative operations¶
The cloud administrator can run any neutron command on behalf of tenants by specifying an Identity tenant_id in the command, as follows:
$ neutron net-create --tenant-id TENANT_ID NETWORK_NAME
For example:
$ neutron net-create --tenant-id 5e4bbe24b67a4410bc4d9fae29ec394e net1
Note
To view all tenant IDs in Identity, run the following command as an Identity service admin user:
$ keystone tenant-list
Advanced Networking operations¶
This table shows example Networking commands that enable you to complete advanced network operations:
| Operation | Command |
|---|---|
| Creates a network that all tenants can use. | $ neutron net-create --shared public-net |
| Creates a subnet with a specified gateway IP address. | $ neutron subnet-create --gateway 10.0.0.254 net1 10.0.0.0/24 |
| Creates a subnet that has no gateway IP address. | $ neutron subnet-create --no-gateway net1 10.0.0.0/24 |
| Creates a subnet with DHCP disabled. | $ neutron subnet-create net1 10.0.0.0/24 --enable-dhcp False |
| Specified set of host routes. | $ neutron subnet-create test-net1 40.0.0.0/24 --host-routes type=dict list=true destination=40.0.1.0/24, nexthop=40.0.0.2 |
| Creates a subnet with a specified set of dns name servers. | $ neutron subnet-create test-net1 40.0.0.0/24 --dns-nameservers list=true 8.8.4.4 8.8.8.8 |
| Displays all ports and IPs allocated on a network. | $ neutron port-list --network_id NET_ID |
Advanced Networking operations
Use Compute with Networking¶
Basic Compute and Networking operations¶
This table shows example neutron and nova commands that enable you to complete basic VM networking operations:
| Action | Command |
|---|---|
| Checks available networks. | $ neutron net-list |
| Boots a VM with a single NIC on a selected Networking network. | $ nova boot --image IMAGE --flavor FLAVOR --nic net-id=NET_ID VM_NAME |
| Searches for ports with a device_id that matches the Compute instance UUID. See :ref: Create and delete VMs | $ neutron port-list --device_id VM_ID |
| Searches for ports, but shows onlythe mac_address of the port. | $ neutron port-list --field mac_address --device_id VM_ID |
| Temporarily disables a port from sending traffic. | $ neutron port-update PORT_ID --admin_state_up False |
Basic Compute and Networking operations
Note
The device_id can also be a logical router ID.
Note
- When you boot a Compute VM, a port on the network that corresponds to the VM NIC is automatically created and associated with the default security group. You can configure security group rules to enable users to access the VM.
Advanced VM creation operations¶
This table shows example nova and neutron commands that enable you to complete advanced VM creation operations:
| Operation | Command |
|---|---|
| Boots a VM with multiple NICs. | $ nova boot --image IMAGE --flavor FLAVOR --nic net-id=NET1-ID --nic net-id=NET2-ID VM_NAME |
| Boots a VM with a specific IP address. Note that you cannot use the --num-instances parameter in this case. |
|
| Boots a VM that connects to all networks that are accessible to the tenant who submits the request (without the --nic option). | $ nova boot --image IMAGE --flavor FLAVOR VM_NAME |
Advanced VM creation operations
Note
Cloud images that distribution vendors offer usually have only one active NIC configured. When you boot with multiple NICs, you must configure additional interfaces on the image or the NICS are not reachable.
The following Debian/Ubuntu-based example shows how to set up the interfaces within the instance in the /etc/network/interfaces file. You must apply this configuration to the image.
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
Enable ping and SSH on VMs (security groups)¶
You must configure security group rules depending on the type of plug-in you are using. If you are using a plug-in that:
Implements Networking security groups, you can configure security group rules directly by using the neutron security-group-rule-create command. This example enables ping and ssh access to your VMs.
$ neutron security-group-rule-create --protocol icmp \ --direction ingress default$ neutron security-group-rule-create --protocol tcp --port-range-min 22 \ --port-range-max 22 --direction ingress defaultDoes not implement Networking security groups, you can configure security group rules by using the nova secgroup-add-rule or euca-authorize command. These nova commands enable ping and ssh access to your VMs.
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
Note
If your plug-in implements Networking security groups, you can also leverage Compute security groups by setting security_group_api = neutron in the nova.conf file. After you set this option, all Compute security group commands are proxied to Networking.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/legalcode.