OpenStack Tutorial: Networking with Neutron – Basic Concepts

This tutorial describes basic networking concepts for OpenStack Neutron. Please read the Tutorial on How to Configure OpenStack Neutron in Platform9 Managed OpenStack for Neutron setup details.

OpenStack Neutron Networking

Neutron is the key networking component of OpenStack. It is provided as a standalone OpenStack service, along with other core OpenStack services such as Nova, Glance, Keystone, Cinder etc.

Neutron is designed with a pluggable architecture, allowing for easy integration with third-party networking solutions via plugins.

In this post, we will cover basics of Neutron terminologies. This will serve as a building block for follow-up posts that dive into Neutron features.

Neutron Network Concepts

Neutron networks in OpenStack roughly fall into three distinct categories: external networks, provider networks and tenant networks.

Please refer to the Tutorial on How to Configure OpenStack Neutron in Platform9 Managed OpenStack for making Neutron aware of your data center’s physical network topology, as part of your Neutron setup process

Provider Networks

Provider networks are designed to map directly to existing networks in your data center. A good example of a provider network is an existing VLAN-based or physical (Flat) network within your data center that you’d like to incorporate into your OpenStack environment. For example, you may have designated VLAN 20 on a specific subnet for all database traffic, and you might want to deploy database servers in your OpenStack deployment that will explicitly connect to this network.

A provider network in Neutron can be either Flat, VLAN-based, GRE-based, or VXLAN-based. For this tutorial, we will focus primarily on Flat and VLAN-based provider networks.

To create a provider network in Platform9, browse to the ‘Network’ menu, then select ‘Create New Network’ and then select ‘Provider Network’ from the network type drop-down menu.

As part of creation of a provider network, you need to explicitly specify what ‘physical network config’ this provider network should utilize. This configuration is defined as part of Configuring Neutron in Platform9 Managed OpenStack. The physical network refers to the unique label associated with the provider network config, and the ‘segmentation ID’ refers to the VLAN ID corresponding to this physical network that you’d like to utilize for this provider network. This VLAN ID must fall in the range of VLAN IDs that you supplied as part of the physical network config.OpenStack Tutorial: Networking with Neutron - Basic Concepts

Tenant Networks

Neutron tenant networks are meant to be private to a given tenant, and are generally created by a user or a group of users within a tenant. Without a Neutron router, these networks are isolated from one another, so that the virtual machines created within these networks can not route traffic outside of the network.

To create a tenant network in Platform9, browse to the ‘Network’ menu, then select ‘Create New Network’ and then select ‘Tenant Network’ from the network type drop-down menu.

Note that unlike provider networks, tenant networks do not offer you the option of specifying what VLAN ID this network should utilize. This is because tenant networks are meant to be consumed primarily by self-service users for use cases such as deploying a private network for your multi-VM Heat application stack, etc. When you deploy a tenant network, a VLAN ID will be automatically selected for it from the pool of VLAN IDs the underlying physical network config is configured with.

OpenStack Tutorial: Networking with Neutron - Basic Concepts

Network Interfaces and Ports

Each Neutron network will typically have one or more {Network Interface, Port} Tuples associated with it. An interface and a port on a network uniquely maps it to a device in the OpenStack environment. The device can be:

  • a virtual machine instance,
  • a router,
  • or a DHCP server.

External Networks

External networks generally correspond to the physical networks in your data center that are publicly routable/enabled with access to Internet. As an administrator, you would want to supply one or more external networks to Neutron so that:

  • Your virtual machines can route packets from the internal network to the internet
  • You can assign floating IPs to your virtual machine and have them publicly addressable from the internet

To configure external networks in Platform9 Managed OpenStack, you follow a similar process to creation of provider/tenant networks. Just browse to ‘Network’ menu in Platform9, then select ‘Create New Network’ and then select ‘External Network’ from the network type dropdown menu.

External Network -neutron - OpenStack Tutorial: Networking with Neutron - Basic Concepts

Note that external networks in OpenStack are shared by default, and this property can not be edited. This mean external networks are visible to all tenants. Self-service users from within tenants can create routers that can connect an internal network to an external network.

Router/Gateway

Neutron routers enable routing of traffic between two or more Neutron networks. A router is capable of routing traffic between Neutron networks of any type – external, provider and tenant. When a router maps an internal network to an external network, it is sometimes referred to as a gateway.

Private/Shared Networks and Multi-Tenancy

You might have noticed that each network in Neutron is created in the context of some tenant who will then be the default owner of that network. A network can be explicitly marked as ‘shared’ which will make it accessible to all tenants in OpenStack. Note that external networks are shared by default – which means all tenants have access to them.

The browser you are using is outdated. For the best experience please download or update your browser to one of the following: