I want to configure routing and NAT via Neutron in OpenStack, How do I get started with it?
I have created a network with two internal networks (and instances on them as well). Now I want to know the commands for configuring routing protocols and NAT. I checked OpenStack documentation but could not find anything handy.
Can someone please help me or give me an idea on how to get started with it?
Well, this will a long answer to your question. For start, I assume you understand what is external / internal network with respect to Openstack Neutron and have a working setup ( having br-ex / external bridge as well )
So first part for SNATing
First thing for simplicity, follow these steps in admin tenant / admin user using Dashboard
1- Create one internal network
2- Create a router
3- Add a VM / instance to internal network
4- Add subnet gateway interface on router
5- Now as an Admin, create external network.
External network can be created by administrator only.
6- Now add this external network as the router gateway interface
So now you have one VM in an internal network. Subnet gateway interface on router and router gateway interface from external network
Thats it from openstack point of view
Here is he list of commands to do the same from CLI
$ source keystone_admin
Here keystone_admin is my RC file
Run the following commands to enable ping and ssh on VM as well from external network directly without keypair
$ nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
$ nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
$ neutron net-create external_network --shared --router:external=True
$ neutron subnet-create external_network --name external_subnet --allocation-pool start=192.168.122.2,end=192.168.122.20 --disable-dhcp --gateway 192.168.122.1 192.168.122.0/24
$ neutron net-create internal_network
$ neutron subnet-create internal_network --name internal_subnet --allocation-pool start=10.10.1.2,end=10.10.1.20 --disable-dhcp --gateway 10.10.1.1 10.10.1.0/24
$ neutron net-list
$ neutron subnet-list
$ neutron router-create router
$ neutron router-interface-add router internal_subnet
$ neutron router-list
$ neutron router-interface-add router internal_subnet
$ neutron router-gateway-set router external_network
Launch a VM from the Horizon ( its a long command from CLI )
Here I have assumed that the external network is 192.168.122.0/24 and internal network is 10.10.1.0/24
So now you have a ready setup from Openstack Point of view for SNAT. Now we need to add a physical interface (ethx) to the BR-EX to test it.
So all you need to do is add the physical interface on the bridge and modify the "ifcfg" files
The following are the steps for RHEL 6.5- ( For others you'll have to look up on the net- search for something like add a physical interface to an OVS Bridge in Ubuntu, etc.. )
$ cd /etc/sysconfig/network-scripts/
in this directory create these two file if not already present else modify the existing-
$ vi ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR= e.g. 192.168.122.153
NETMASK= e.g. 255.255.255.0 for our case- 192.168.122.0/24 for external network
GATEWAY= e.g. 192.168.122.1
ONBOOT=yes
$ vi ifcfg-ethx
DEVICE=ethx
TYPE=OVSPort
DEVICETYPE=ovs
ONBOOT=no
NM_CONTROLLED=yes
BOOTPROTO=static
OVS_BRIDGE=br-ex
now run
$ service network restart
Just to be sure that the setup is up and running
$ ifup br-ex
$ ifup eth2
Also on doing
$ ovs-ofctl show br-ex
it should display "ethx" in the output
So now you have a working SNAT setup. you can try the following in the VM / instance from the console in Dashboard-
$ ping 8.8.8.8
Now for DNAT-
run the following commands
$ neutron floatingip-create external_network
This creates a floating IP and displays the "id" ( floatingip_id )
$ neutron port-list
From this list, fetch the "id" of the VM ( port_id_of_instance )
$ neutron floatingip-associate
And BAM now you have DNAT ready.
To test the DNAT, try doing something like
$ ping
from the external network machine
I have tried to keep it direct but ofcourse this demands some sort of understanding of Openstack Neutron and Linux!! :p :)
You can refer to- https://openstack.redhat.com/Networking_in_too_much_detail
