Create external network, and its associated subnet:
# Source the admin tenant credentials
$ . keystonerc_admin
$ keystone tenant-list | grep services | awk '{print $2;}'
3e112abc4c4b4214b8efbd627a32f75e
$ neutron net-create --tenant-id 3e112abc4c4b4214b8efbd627a32f75e \
ext --router:external=True
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 |
| name | ext |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 3e112abc4c4b4214b8efbd627a32f75e |
+---------------------------+--------------------------------------+
$ neutron subnet-create --tenant-id 3e112abc4c4b4214b8efbd627a32f75e \
ext 192.169.142.0/24 --enable_dhcp=False --allocation-pool \
start=192.169.142.10,end=192.169.142.200 --gateway-ip \
192.169.142.1
Created a new subnet:
+------------------+-------------------------------------------------------+
| Field | Value |
+------------------+-------------------------------------------------------+
| allocation_pools | {"start": "192.169.142.10", "end": "192.169.142.200"} |
| cidr | 192.169.142.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 192.169.142.1 |
| host_routes | |
| id | 49b174e5-fce2-490d-ac75-3c75a7b13e24 |
| ip_version | 4 |
| name | |
| network_id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 |
| tenant_id | 3e112abc4c4b4214b8efbd627a32f75e |
+------------------+-------------------------------------------------------+
List the external network and its subnet:
$ neutron net-list
+--------------------------------------+------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+-------------------------------------------------------+
| 976a9bb7-f01a-4ccc-8eba-0329212fc868 | ext | 49b174e5-fce2-490d-ac75-3c75a7b13e24 192.169.142.0/24 |
+--------------------------------------+------+-------------------------------------------------------+
$ neutron subnet-list
+--------------------------------------+------+------------------+-------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+------+------------------+-------------------------------------------------------+
| 49b174e5-fce2-490d-ac75-3c75a7b13e24 | | 192.169.142.0/24 | {"start": "192.169.142.10", "end": "192.169.142.200"} |
+--------------------------------------+------+------------------+-------------------------------------------------------+
$ neutron net-show ext
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 |
| name | ext |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | 49b174e5-fce2-490d-ac75-3c75a7b13e24 |
| tenant_id | 3e112abc4c4b4214b8efbd627a32f75e |
+---------------------------+--------------------------------------+
Next, let's create an internal network under a tenant network (ostenant). Source the keystone user's credentials:
# Source Kashyap's tenant
$ . keystonerc_kashyap
$ neutron net-create int
Created a new network:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| admin_state_up | True |
| id | f5af9fff-5d8a-420e-8a88-b3aae38ab5a4 |
| name | int |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 0a6eb2259ca142e7a80541db10835e71 |
+----------------+--------------------------------------+
$ neutron subnet-create int 30.0.0.0/24 \
--dns_nameservers list=true 192.169.142.1 \
--name intsubnet1
Created a new subnet:
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} |
| cidr | 30.0.0.0/24 |
| dns_nameservers | 192.169.142.1 |
| enable_dhcp | True |
| gateway_ip | 30.0.0.1 |
| host_routes | |
| id | 4ba033fa-19d3-429d-8c52-51f6f7147fd0 |
| ip_version | 4 |
| name | intsubnet1 |
| network_id | f5af9fff-5d8a-420e-8a88-b3aae38ab5a4 |
| tenant_id | 0a6eb2259ca142e7a80541db10835e71 |
+------------------+--------------------------------------------+
Create a router:
$ neutron router-create router1 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 2c7ba7dc-0101-417a-b76d-1cae17ae654e | | name | router1 | | status | ACTIVE | | tenant_id | 0a6eb2259ca142e7a80541db10835e71 | +-----------------------+--------------------------------------+
Get the external network ID, internal network ID, and router ID:
$ neutron net-list | grep ext | awk '{print $2;}'
976a9bb7-f01a-4ccc-8eba-0329212fc868
$ neutron subnet-list | grep intsubnet1 | awk '{print $2;}'
4ba033fa-19d3-429d-8c52-51f6f7147fd0
$ neutron router-list | grep router1 | awk '{print $2;}'
2c7ba7dc-0101-417a-b76d-1cae17ae654e
Associate the router to the external network by setting its gateway:
$ neutron router-gateway-set 2c7ba7dc-0101-417a-b76d-1cae17ae654e \ 976a9bb7-f01a-4ccc-8eba-0329212fc868 Set gateway for router 2c7ba7dc-0101-417a-b76d-1cae17ae654e $ neutron router-interface-add 2c7ba7dc-0101-417a-b76d-1cae17ae654e \ 4ba033fa-19d3-429d-8c52-51f6f7147fd0 Added interface f0ea1594-3fda-4420-8a3c-011be8441bda to router 2c7ba7dc-0101-417a-b76d-1cae17ae654e.
Add Neutron security groups for this test tenant:
$ neutron security-group-rule-create \
--protocol icmp \
--direction ingress \
--remote-ip-prefix 0.0.0.0/0 \
default
$ neutron security-group-rule-create \
--protocol tcp \
--port-range-min 22 \
--port-range-max 22 \
--direction ingress \
--remote-ip-prefix 0.0.0.0/0 \
default
# Keysone info $ cat keystonerc_admin export OS_USERNAME=admin export OS_TENANT_NAME=admin export OS_PASSWORD=fedora export OS_AUTH_URL=http://192.169.142.97:35357/v2.0/ export PS1='[u@h W(keystone_admin)]$ '
$ cat keystonerc_kashyap export OS_USERNAME=kashyap export OS_TENANT_NAME=ostenant export OS_PASSWORD=fedora export OS_AUTH_URL=http://192.169.142.97:35357/v2.0/ export PS1='[u@h W(keystone_kashyap)]$ '
$ keystone tenant-list +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | 94befff9ca894575b7865cd28952d8b5 | admin | True | | c1fbc17d05114fafb568e9b7cb4abe4f | demoten2 | True | | 0a6eb2259ca142e7a80541db10835e71 | ostenant | True | | 3e112abc4c4b4214b8efbd627a32f75e | services | True | +----------------------------------+----------+---------+