Use Networking¶
You can manage OpenStack Networking services by using the service command. For example:
# service neutron-server stop
# service neutron-server status
# service neutron-server start
# service neutron-server restart
Log files are in the /var/log/neutron directory.
Configuration files are in the /etc/neutron directory.
Administrators and projects can use OpenStack Networking to build rich network topologies. Administrators can create network connectivity on behalf of projects.
Core Networking API features¶
After you install and configure Networking, projects and administrators can perform create-read-update-delete (CRUD) API networking operations by using the Networking API directly or neutron command-line interface (CLI). The neutron CLI is a wrapper around the Networking API. Every Networking API call has a corresponding neutron command.
The CLI includes a number of options. For details, see the Create and manage networks.
Basic Networking operations¶
To learn about advanced capabilities available through the neutron command-line interface (CLI), read the networking section Create and manage networks in the OpenStack End User Guide.
This table shows example openstack commands that enable you to complete basic network operations:
| Operation | Command |
|---|---|
| Creates a network. | $ openstack network create net1 |
| Creates a subnet that is associated with net1. | $ openstack subnet create
net1 10.0.0.0/24 |
| Lists ports for a specified project. | $ openstack port list |
Lists ports for a
specified project
and displays the ID,
Fixed IP Addresses |
$ openstack port list -c ID
-c "Fixed IP Addresses |
| Shows information for a specified port. | $ neutron port-show PORT_ID |
Basic Networking operations
Note
The device_owner field describes who owns the port. A port whose
device_owner begins with:
networkis created by Networking.computeis created by Compute.
Administrative operations¶
The administrator can run any openstack command on behalf of
projects by specifying an Identity project in the command, as
follows:
$ openstack network create --project PROJECT_ID NETWORK_NAME
For example:
$ openstack network create --project 5e4bbe24b67a4410bc4d9fae29ec394e net1
Note
To view all project IDs in Identity, run the following command as an Identity service admin user:
$ openstack project list
Advanced Networking operations¶
This table shows example Networking commands that enable you to complete advanced network operations:
| Operation | Command |
|---|---|
| Creates a network that all projects can use. | $ openstack network create
--share public-net |
| Creates a subnet with a specified gateway IP address. | $ openstack subnet create subnet1
--gateway 10.0.0.254 --network net1 |
| Creates a subnet that has no gateway IP address. | $ openstack subnet create subnet1
--no-gateway --network net1 |
| Creates a subnet with DHCP disabled. | $ openstack subnet create subnet1
--network net1 --no-dhcp |
| Specifies a set of host routes | $ openstack subnet create subnet1
--network net1 --host-route
destination=40.0.1.0/24,
gateway=40.0.0.2 |
| Creates a subnet with a specified set of dns name servers. | $ openstack subnet create subnet1
--network net1 --dns-nameserver
8.8.4.4 |
| Displays all ports and IPs allocated on a network. | $ openstack port list --network NET_ID |
Advanced Networking operations
Use Compute with Networking¶
Basic Compute and Networking operations¶
This table shows example neutron and nova commands that enable you to complete basic VM networking operations:
| Action | Command |
|---|---|
| Checks available networks. | $ openstack network list |
| Boots a VM with a single NIC on a selected Networking network. | $ nova boot --image IMAGE --flavor
FLAVOR --nic net-id=NET_ID VM_NAME |
Searches for ports with a
device_id that matches the
Compute instance UUID. See :ref:
Create and delete VMs |
$ openstack port list --server VM_ID |
Searches for ports, but shows
only the mac_address of
the port. |
$ openstack port list -c
"MAC Address" --server VM_ID |
| Temporarily disables a port from sending traffic. | $ openstack port set PORT_ID
--disable |
Basic Compute and Networking operations
Note
The device_id can also be a logical router ID.
Note
- When you boot a Compute VM, a port on the network that corresponds to the VM NIC is automatically created and associated with the default security group. You can configure security group rules to enable users to access the VM.
Advanced VM creation operations¶
This table shows example nova and neutron commands that enable you to complete advanced VM creation operations:
| Operation | Command |
|---|---|
| Boots a VM with multiple NICs. | $ nova boot --image IMAGE --flavor
FLAVOR --nic net-id=NET1-ID --nic
net-id=NET2-ID VM_NAME |
Boots a VM with a specific IP
address. Note that you cannot
use the --num-instances
parameter in this case. |
$ nova boot --image IMAGE --flavor
FLAVOR --nic net-id=NET-ID,
v4-fixed-ip=IP-ADDR VM_NAME |
Boots a VM that connects to all
networks that are accessible to the
project who submits the request
(without the --nic option). |
$ nova boot --image IMAGE --flavor
FLAVOR VM_NAME |
Advanced VM creation operations
Note
Cloud images that distribution vendors offer usually have only one active NIC configured. When you boot with multiple NICs, you must configure additional interfaces on the image or the NICs are not reachable.
The following Debian/Ubuntu-based example shows how to set up the
interfaces within the instance in the /etc/network/interfaces
file. You must apply this configuration to the image.
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
Enable ping and SSH on VMs (security groups)¶
You must configure security group rules depending on the type of plug-in you are using. If you are using a plug-in that:
Implements Networking security groups, you can configure security group rules directly by using the openstack security group rule create command. This example enables
pingandsshaccess to your VMs.$ openstack security group rule create --protocol icmp \ --ingress
$ openstack security group rule create --protocol tcp \ --egress --description "Sample Security Group"
Does not implement Networking security groups, you can configure security group rules by using the nova secgroup-add-rule or euca-authorize command. These nova commands enable
pingandsshaccess to your VMs.$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 $ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
Note
If your plug-in implements Networking security groups, you can also
leverage Compute security groups by setting
security_group_api = neutron in the nova.conf file. After
you set this option, all Compute security group commands are proxied
to Networking.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.