The external network typically provides internet access for
your instances. By default, this network only allows internet
access from instances using
Network Address Translation (NAT). You can
enable internet access to individual instances
using a floating IP address and suitable
security group rules. The admin
tenant owns this network because it provides external network
access for multiple tenants. You must also enable sharing to allow
access by those tenants.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
Perform these commands on the controller node. |
To create the external network
Source the
admintenant credentials:$ source admin-openrc.sh
Create the network:
$ neutron net-create ext-net --shared --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 893aebb9-1c1e-48be-8908-6b947f3237b3 | | name | ext-net | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | True | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | 54cd044c64d5408b83f843d63624e0d8 | +---------------------------+--------------------------------------+
Like a physical network, a virtual network requires a subnet assigned to it. The external network shares the same subnet and gateway associated with the physical network connected to the external interface on the network node. You should specify an exclusive slice of this subnet for router and floating IP addresses to prevent interference with other devices on the external network.
Replace FLOATING_IP_START and
FLOATING_IP_END with the first and last
IP addresses of the range that you want to allocate for floating IP
addresses. Replace EXTERNAL_NETWORK_CIDR
with the subnet associated with the physical network. Replace
EXTERNAL_NETWORK_GATEWAY with the gateway
associated with the physical network, typically the ".1" IP address.
You should disable DHCP on this subnet because
instances do not connect directly to the external network and floating
IP addresses require manual assignment.
To create a subnet on the external network
Create the subnet:
$ neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=
FLOATING_IP_START,end=FLOATING_IP_END\ --disable-dhcp --gatewayEXTERNAL_NETWORK_GATEWAYEXTERNAL_NETWORK_CIDRFor example, using
203.0.113.0/24with floating IP address range203.0.113.101to203.0.113.200:$ neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=203.0.113.101,end=203.0.113.200 \ --disable-dhcp --gateway 203.0.113.1 203.0.113.0/24 Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.200"} | | cidr | 203.0.113.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 203.0.113.1 | | host_routes | | | id | 9159f0dc-2b63-41cf-bd7a-289309da1391 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | ext-subnet | | network_id | 893aebb9-1c1e-48be-8908-6b947f3237b3 | | tenant_id | 54cd044c64d5408b83f843d63624e0d8 | +-------------------+------------------------------------------------------+
