You can run these commands on the network node.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
Ensure that the following environment variables are set. Various clients use these to access the Identity Service. export OS_USERNAME=admin export OS_PASSWORD= |
Get the tenant ID (Used as $TENANT_ID later):
# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | 247e478c599f45b5bd297e8ddbbc9b6a | TenantA | True | | 2b4fec24e62e4ff28a8445ad83150f9d | TenantC | True | | 3719a4940bf24b5a8124b58c9b0a6ee6 | TenantB | True | | 5fcfbc3283a142a5bb6978b549a511ac | demo | True | | b7445f221cda4f4a8ac7db6b218b1339 | admin | True | +----------------------------------+---------+---------+
Get user information:
# keystone user-list +----------------------------------+-------+---------+-------------------+ | id | name | enabled | email | +----------------------------------+-------+---------+-------------------+ | 5a9149ed991744fa85f71e4aa92eb7ec | demo | True | | | 5b419c74980d46a1ab184e7571a8154e | admin | True | [email protected] | | 8e37cb8193cb4873a35802d257348431 | UserC | True | | | c11f6b09ed3c45c09c21cbbc23e93066 | UserB | True | | | ca567c4f6c0942bdac0e011e97bddbe3 | UserA | True | | +----------------------------------+-------+---------+-------------------+
Create the external network and its subnet by admin user:
# neutron net-create Ext-Net --provider:network_type local --router:external true Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 | | name | Ext-Net | | provider:network_type | local | | provider:physical_network | | | provider:segmentation_id | | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | b7445f221cda4f4a8ac7db6b218b1339 | +---------------------------+--------------------------------------+
# neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp Created a new subnet: +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} | | cidr | 30.0.0.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 30.0.0.1 | | host_routes | | | id | ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 | | ip_version | 4 | | name | | | network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 | | tenant_id | b7445f221cda4f4a8ac7db6b218b1339 | +------------------+--------------------------------------------+provider:network_type localmeans that Networking does not have to realize this network through provider network.router:external truemeans that an external network is created where you can create floating IP and router gateway port.Add an IP on external network to br-ex.
Because br-ex is the external network bridge, add an IP 30.0.0.100/24 to br-ex and ping the floating IP of the VM from our network node.
# ip addr add 30.0.0.100/24 dev br-ex # ip link set br-ex up
Serve TenantA.
For TenantA, create a private network, subnet, server, router, and floating IP.
Create a network for TenantA:
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 net-create TenantA-Net Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 | | name | TenantA-Net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a | +-----------------+--------------------------------------+
After that, you can use admin user to query the provider network information:
# neutron net-show TenantA-Net +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 | | name | TenantA-Net | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a | +---------------------------+--------------------------------------+
The network has GRE tunnel ID (for example, provider:segmentation_id) 1.
Create a subnet on the network TenantA-Net:
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24 Created a new subnet: +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} | | cidr | 10.0.0.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 51e2c223-0492-4385-b6e9-83d4e6d10657 | | ip_version | 4 | | name | | | network_id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 | | tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a | +------------------+--------------------------------------------+Create a server for TenantA:
$ nova --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \ --nic net-id=7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 TenantA_VM1
$ nova --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 list +--------------------------------------+-------------+--------+----------------------+ | ID | Name | Status | Networks | +--------------------------------------+-------------+--------+----------------------+ | 7c5e6499-7ef7-4e36-8216-62c2941d21ff | TenantA_VM1 | ACTIVE | TenantA-Net=10.0.0.3 | +--------------------------------------+-------------+--------+----------------------+
Note It is important to understand that you should not attach the instance to Ext-Net directly. Instead, you must use a floating IP to make it accessible from the external network.
Create and configure a router for TenantA:
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-create TenantA-R1 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 59cd02cb-6ee6-41e1-9165-d251214594fd | | name | TenantA-R1 | | status | ACTIVE | | tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a | +-----------------------+--------------------------------------+
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-interface-add \ TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657
Added interface to router TenantA-R1
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 \ router-gateway-set TenantA-R1 Ext-Net
Associate a floating IP for TenantA_VM1.
Create a floating IP:
# neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 30.0.0.2 | | floating_network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 | | id | 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | | port_id | | | router_id | | | tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a | +---------------------+--------------------------------------+
Get the port ID of the VM with ID 7c5e6499-7ef7-4e36-8216-62c2941d21ff:
$ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 port-list -- \ --device_id 7c5e6499-7ef7-4e36-8216-62c2941d21ff +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+Associate the floating IP with the VM port:
$ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 floatingip-associate \ 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 6071d430-c66e-4125-b972-9a937c427520 Associated floatingip 5a1f90ed-aa3c-4df3-82cb-116556e96bf1
$ neutron floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | 10.0.0.3 | 30.0.0.2 | 6071d430-c66e-4125-b972-9a937c427520 | +--------------------------------------+------------------+---------------------+--------------------------------------+
Ping the public network from the server of TenantA.
In my environment, 192.168.1.0/24 is my public network connected with my physical router, which also connects to the external network 30.0.0.0/24. With the floating IP and virtual router, you can ping the public network within the server of tenant A:
$ ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=1.74 ms 64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=1.50 ms 64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=1.23 ms ^C --- 192.168.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
Ping floating IP of the TenantA's server:
$ ping 30.0.0.2 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms 64 bytes from 30.0.0.2: icmp_req=2 ttl=63 time=0.898 ms 64 bytes from 30.0.0.2: icmp_req=3 ttl=63 time=0.940 ms ^C --- 30.0.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
Create other servers for TenantA.
You can create more servers for TenantA and add floating IPs for them.
Serve TenantC.
For TenantC, you create two private networks with subnet 10.0.0.0/24 and subnet 10.0.1.0/24, some servers, one router to connect to these two subnets and some floating IPs.
Create networks and subnets for TenantC:
# neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net1 # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net1 \ 10.0.0.0/24 --name TenantC-Subnet1 # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net2 # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net2 \ 10.0.1.0/24 --name TenantC-Subnet2After that you can use admin user to query the network's provider network information:
# neutron net-show TenantC-Net1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 91309738-c317-40a3-81bb-bed7a3917a85 | | name | TenantC-Net1 | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 2 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | cf03fd1e-164b-4527-bc87-2b2631634b83 | | tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d | +---------------------------+--------------------------------------+
# neutron net-show TenantC-Net2 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 5b373ad2-7866-44f4-8087-f87148abd623 | | name | TenantC-Net2 | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 3 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | 38f0b2f0-9f98-4bf6-9520-f4abede03300 | | tenant_id | 2b4fec24e62e4ff28a8445ad83150f9d | +---------------------------+--------------------------------------+
You can see GRE tunnel IDs (such as, provider:segmentation_id) 2 and 3. And also note the network IDs and subnet IDs because you use them to create VMs and router.
Create a server TenantC-VM1 for TenantC on TenantC-Net1.
# nova --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \ --nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1
Create a server TenantC-VM3 for TenantC on TenantC-Net2.
# nova --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \ --nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3
List servers of TenantC.
# nova --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 list +--------------------------------------+-------------+--------+-----------------------+ | ID | Name | Status | Networks | +--------------------------------------+-------------+--------+-----------------------+ | b739fa09-902f-4b37-bcb4-06e8a2506823 | TenantC_VM1 | ACTIVE | TenantC-Net1=10.0.0.3 | | 17e255b2-b14f-48b3-ab32-5df36566d2e8 | TenantC_VM3 | ACTIVE | TenantC-Net2=10.0.1.3 | +--------------------------------------+-------------+--------+-----------------------+
Note the server IDs because you use them later.
Make sure servers get their IPs.
You can use VNC to log on the VMs to check if they get IPs. If not, you must make sure that the Networking components are running correctly and the GRE tunnels work.
Create and configure a router for TenantC:
# neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-create TenantC-R1
# neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-interface-add \ TenantC-R1 cf03fd1e-164b-4527-bc87-2b2631634b83 # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-interface-add \ TenantC-R1 38f0b2f0-9f98-4bf6-9520-f4abede03300
# neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 \ router-gateway-set TenantC-R1 Ext-Net
Checkpoint: ping from within TenantC's servers.
Because a router connects to two subnets, the VMs on these subnets can ping each other. And because the gateway for the router is set, TenantC's servers can ping external network IPs, such as 192.168.1.1, 30.0.0.1, and so on.
Associate floating IPs for TenantC's servers.
Because a router connects to two subnets, the VMs on these subnets can ping each other. And because the gateway interface for the router is set, TenantC's servers can ping external network IPs, such as 192.168.1.1, 30.0.0.1, and so on.
Associate floating IPs for TenantC's servers.
You can use similar commands to the ones used in the section for TenantA.
