You can manage OpenStack Networking services by using the service command. For example:
# service neutron-server stop # service neutron-server status # service neutron-server start # service neutron-server restart
Log files are in the
Configuration files are in the
Administrators and projects can use OpenStack Networking to build rich network topologies. Administrators can create network connectivity on behalf of projects.
After installing and configuring Networking (neutron), projects and administrators can perform create-read-update-delete (CRUD) API networking operations. This is performed using the Networking API directly with either the neutron command-line interface (CLI) or the openstack CLI. The neutron CLI is a wrapper around the Networking API. Every Networking API call has a corresponding neutron command.
The openstack CLI is a common interface for all OpenStack projects, however, not every API operation has been implemented. For the list of available commands, see Command List.
The neutron CLI includes a number of options. For details, see Create and manage networks.
To learn about advanced capabilities available through the neutron command-line interface (CLI), read the networking section Create and manage networks in the OpenStack End User Guide.
This table shows example openstack commands that enable you to complete basic network operations:
|Creates a network.||
|Creates a subnet that is associated with net1.||
|Lists ports for a specified project.||
|Lists ports for a
and displays the
|Shows information for a specified port.||
Basic Networking operations
device_owner field describes who owns the port. A port whose
device_owner begins with:
networkis created by Networking.
computeis created by Compute.
The administrator can run any openstack command on behalf of
projects by specifying an Identity
project in the command, as
$ openstack network create --project PROJECT_ID NETWORK_NAME
$ openstack network create --project 5e4bbe24b67a4410bc4d9fae29ec394e net1
To view all project IDs in Identity, run the following command as an Identity service admin user:
$ openstack project list
This table shows example CLI commands that enable you to complete advanced network operations:
|Creates a network that all projects can use.||
|Creates a subnet with a specified gateway IP address.||
|Creates a subnet that has no gateway IP address.||
|Creates a subnet with DHCP disabled.||
|Specifies a set of host routes||
|Creates a subnet with a specified set of dns name servers.||
|Displays all ports and IPs allocated on a network.||
Advanced Networking operations
During port creation and update, specific extra-dhcp-options can be left blank.
classless-static-route. This causes dnsmasq
to have an empty option in the
opts file related to the network.
This table shows example openstack commands that enable you to complete basic VM networking operations:
|Checks available networks.||
|Boots a VM with a single NIC on a selected Networking network.||
|Searches for ports with a
|Searches for ports, but shows
|Temporarily disables a port from sending traffic.||
Basic Compute and Networking operations
device_id can also be a logical router ID.
This table shows example openstack commands that enable you to complete advanced VM creation operations:
|Boots a VM with multiple NICs.||
|Boots a VM with a specific IP
address. Note that you cannot
|Boots a VM that connects to all
networks that are accessible to the
project who submits the request
Advanced VM creation operations
Cloud images that distribution vendors offer usually have only one active NIC configured. When you boot with multiple NICs, you must configure additional interfaces on the image or the NICs are not reachable.
The following Debian/Ubuntu-based example shows how to set up the
interfaces within the instance in the
file. You must apply this configuration to the image.
# The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet dhcp
You must configure security group rules depending on the type of plug-in you are using. If you are using a plug-in that:
Implements Networking security groups, you can configure security
group rules directly by using the openstack security group rule create
command. This example enables
ssh access to your VMs.
$ openstack security group rule create --protocol icmp \ --ingress SECURITY_GROUP
$ openstack security group rule create --protocol tcp \ --egress --description "Sample Security Group" SECURITY_GROUP
Does not implement Networking security groups, you can configure
security group rules by using the openstack security group rule
create or euca-authorize command. These openstack
ssh access to your VMs.
$ openstack security group rule create --protocol icmp default $ openstack security group rule create --protocol tcp --dst-port 22:22 default
If your plug-in implements Networking security groups, you can also
leverage Compute security groups by setting
security_group_api = neutron in the
nova.conf file. After
you set this option, all Compute security group commands are proxied