How to create new private subnet in openstack neutron ?

In the previous article, I have shown the installation of allinone openstack setup using packstack. In this article, I am going to create new private subnet and launching new instance using the newly created private subnet, and verifying the connectivity between the instances using old private subnet and new private subnet.

Step 1 : Creating new private network with name private1.

[root@opens1 ~(keystone_admin)]# neutron net-create private1
Created a new network:
+—————————+————————————–+
| Field                     | Value                                |
+—————————+————————————–+
| admin_state_up            | True                                 |
| id                        | 18a2e61c-f7ca-4701-b408-f9f5e03f0def |
| name                      | private1                             |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 10                                   |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 41f0f6e665dc4e059288283b3b7595cc     |
+—————————+————————————–+

Step 2 : Creating subnet for the private1 network.

[root@opens1 ~(keystone_admin)]# neutron subnet-create private1 20.0.0.0/24 –name private1

[root@opens1 ~(keystone_admin)]# neutron net-show private1
+—————————+————————————–+
| Field                     | Value                                |
+—————————+————————————–+
| admin_state_up            | True                                 |
| id                        | 18a2e61c-f7ca-4701-b408-f9f5e03f0def |
| name                      | private1                             |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 10                                   |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | f242b4bd-0f7b-4bd1-a110-138ab78fedc5 |
| tenant_id                 | 41f0f6e665dc4e059288283b3b7595cc     |
+—————————+————————————–+

Step 3 : Added the same router as the default gateway for this private network as well.

[root@opens1 ~(keystone_admin)]# neutron router-interface-add router1 private1
Added interface 9d10485b-c6d8-4f0e-90a2-336a244ca12a to router router1.

Step 4 : Checked the status of all subnets.

[root@opens1 ~(keystone_admin)]# neutron subnet-list
+————————————–+—————+——————+——————————————————–+
| id                                   | name          | cidr             | allocation_pools                                       |
+————————————–+—————+——————+——————————————————–+
| fd6bd388-0f30-48a8-b2b6-78a1faf71df5 | public_subnet | 192.168.100.0/24 | {“start”: “192.168.100.210”, “end”: “192.168.100.220”} |
| 7bdbaf8a-98dd-4c9e-bd28-a94b812e1240 | private       | 10.0.0.0/24      | {“start”: “10.0.0.2”, “end”: “10.0.0.254”}             |
| f242b4bd-0f7b-4bd1-a110-138ab78fedc5 | private1      | 20.0.0.0/24      | {“start”: “20.0.0.2”, “end”: “20.0.0.254”}             |
+————————————–+—————+——————+——————————————————–+

Step 5 : Checking the router namespace for the new qr-<> device which  appears corresponding to newly created subnet.

[root@opens1 ~(keystone_admin)]# ip netns exec  qrouter-a1de2f04-5bbc-45da-a48a-f51204df62e5 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: qg-b137e98c-38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:fe:da:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.210/24 brd 192.168.100.255 scope global qg-b137e98c-38
valid_lft forever preferred_lft forever
inet 192.168.100.211/32 brd 192.168.100.211 scope global qg-b137e98c-38
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fefe:daa0/64 scope link
valid_lft forever preferred_lft forever
15: qr-079322e0-ff: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:b3:72:54 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-079322e0-ff
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feb3:7254/64 scope link
valid_lft forever preferred_lft forever
34: qr-9d10485b-c6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:56:07:7a brd ff:ff:ff:ff:ff:ff
inet 20.0.0.1/24 brd 20.0.0.255 scope global qr-9d10485b-c6
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe56:77a/64 scope link
valid_lft forever preferred_lft forever

Step 6 : Spawned the new instance using private1. We can see two instances in below output, one with old private network and second with new private network.

[root@opens1 ~(keystone_admin)]# nova floating-ip-list
+—————–+————————————–+———-+——————+
| Ip              | Server Id                            | Fixed Ip | Pool             |
+—————–+————————————–+———-+——————+
| 192.168.100.213 | 7964b485-51f1-4145-8200-4d15205d7616 | 20.0.0.2 | external_network |
| 192.168.100.211 | 0e5b9008-c76c-4152-9f49-e757fc5b402d | 10.0.0.3 | external_network |
+—————–+————————————–+———-+——————+

Step 7 : We can see the floating ip’s of both instances are assigned on a single interface in qrouter namespace.

[root@opens1 ~(keystone_admin)]# ip netns exec  qrouter-a1de2f04-5bbc-45da-a48a-f51204df62e5 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: qg-b137e98c-38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:fe:da:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.210/24 brd 192.168.100.255 scope global qg-b137e98c-38
valid_lft forever preferred_lft forever
inet 192.168.100.211/32 brd 192.168.100.211 scope global qg-b137e98c-38
valid_lft forever preferred_lft forever
inet 192.168.100.213/32 brd 192.168.100.213 scope global qg-b137e98c-38
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fefe:daa0/64 scope link
valid_lft forever preferred_lft forever
15: qr-079322e0-ff: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:b3:72:54 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-079322e0-ff
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feb3:7254/64 scope link
valid_lft forever preferred_lft forever
34: qr-9d10485b-c6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:56:07:7a brd ff:ff:ff:ff:ff:ff
inet 20.0.0.1/24 brd 20.0.0.255 scope global qr-9d10485b-c6
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe56:77a/64 scope link
valid_lft forever preferred_lft forever

Step 8 : Logging into test1 instance and checking the IP address configuration. I am able to ping the the private1 network IP assigned to second instance i.e test2.

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast qlen 1000
link/ether fa:16:3e:09:c9:9f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0
inet6 fe80::f816:3eff:fe09:c99f/64 scope link
valid_lft forever preferred_lft forever

ping # ping 20.0.0.2
PING 20.0.0.2 (20.0.0.2): 56 data bytes
64 bytes from 20.0.0.2: seq=0 ttl=63 time=24.387 ms
64 bytes from 20.0.0.2: seq=1 ttl=63 time=1.515 ms
64 bytes from 20.0.0.2: seq=2 ttl=63 time=0.941 ms
^C
— 20.0.0.2 ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.941/8.947/24.387 ms

# traceroute 20.0.0.2
traceroute to 20.0.0.2 (20.0.0.2), 30 hops max, 46 byte packets
1  host-10-0-0-1.openstacklocal (10.0.0.1)  1.423 ms  0.750 ms  0.887 ms
2  20.0.0.2 (20.0.0.2)  2.718 ms  1.086 ms  0.706 ms

In this case both private networks were connected to same router hence we were able to reach them. But in typical cloud environment, to provide the isolation between tenants, private ip’s are connected to separate routers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s