This blog covers a hands-on session demonstrating Openstack networking capabilities. This is a followup to my previous blog where I covered the Openstack Icehouse installation and basic usage. I have covered the following in the video.
- Connectivity between VMs in a single subnet.
- Connectivity between VMs across different subnets by having a router between the 2 subnets.
- Connectivity between VMs across 2 different hosts and establish connectivity between the VMs using GRE tunnel between the 2 hosts.
- Using Access security control policies to control access to VM.
VMs used are same as previous blog:
Controller localrc can be found here. Compute localrc can be found here. I had some issues getting connectivity across hosts working with network type vlan and vxlan. I am not clear if the issues are with the ovs switch version that I have or with the localrc configuration. Open vswitch version I am using is 1.4.6.
Single host networking demo:
Multiple host networking demo:
Sreenivas Makam's Blog 
Hello Sreenivas,
Your instructions are very clear! The videos have helped whole devstack experience for beginners seem really simple. You mention there are issues with VXLAN and VLAN type of network. Were you able to get a headway there?
Your advice is much appreciated!
Thanks,
mrhegde
hi mrhedge
Thanks for the positive feedback. I have recently been trying with Openstack Juno and I am able to get GRE and VXLAN tunnels working across hosts. Basic vlan does not seem to work though that must be simplest one:)
Will write about my Juno experiences soon…
Regards
Sreenivas
Thank you. When you mention Openstack Juno, I hope it is Devstack yet. The reason I ask is I found issues getting basic single node devstack with Juno up and running. I look forward to your post!
hi mrhegde
Recently, I have posted Openstack Juno install in Devstack, let me know if that instructions helps you.
Regards
Sreenivas
Hi Srini,
Hope you doing good. Thanks for sharing your experience in openstack.
I have configured openstack in baremetal as well VM. I have launched VM too in openstack. everything is good. Now i trying to ssh the openstack VM from my laptop.
Still am not clear in the Networking Part.
My laptop ip address is 192.xx.xx.xxx
So public network range in openstack needs to be same range or we can give any.
Can we use Flat or we need to go with GRE only?
Hi
By default, VMs get address in 10.0.0.x network. Check routing table in your local host to make sure that you have route to “10.0.0.x” network. As part of stacking this gets established. You need to then enable security group to allow ssh access to VM. Find the ip address of VM from horizon and you should be able to ssh. You can also login to VM using VNC interface from Openstack horizon.
Hope this helps.
Sreenivas
Sir, your tutorials are very helpful to me. I am doing a project on implementing a private cloud. I have installed openstack on one system and now I want to access Instances created in that system through another system which are connected using lan cable. Could you please help me?
The first step is for the instances to access outside world. I typically do this in my host node where devstack is run from:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
neutron subnet-update –dns-nameservers list=true
To access instances from host node, devstack updates the route table of host node. Its something like this:
10.0.0.0 172.24.4.2 255.255.255.0 UG 0 0 0 br-ex
we dont need to do anything special to access the node.
If you want to reach from some other host, you need to update the routing table of that host appropriately.
Sreenivas
Hi Sreenivas, I am following your instructions on to deploy a IaaS solution . Almost successful just stuck in , here i can not ping my Instances from outside host from the host everuthying is perfect. But instances can ping outside the host . I have allowed all the possible security groups and routing table is also good . Could you please give a quick feedback please .
Regards,
Hillol
Please check routing table in the host machine. Assuming your host has 10.0.0.x address, following entry needs to be in route table for allowing hosts to access instance:
10.0.0.0 172.24.4.2 255.255.255.0 UG 0 0 0 br-ex
If not present, you can either manually update. Use appropriate addresses based on ur setup.
Sreenivas
Dear Sreenivas , Thanks for the suggestion but it was not successful . Here is the situation. I am using hyper-v to host the VM. In this VM host I have installed ubuntu . using only one NIC to connect the VM and this is eth0 having IP of 192.168.95.x . Br-ex IP is 172.24.4.2 and Virbr0 is 192.168.122.1. Openstack horizon is running successfully. I can ping all the instances from Host VM and also can ping from instances to internet and outside networ ( other machines in 192.168.95.x network). My private subnet is 10.0.0.0 and the floating IP should be from 172.24.4.x network. Hence the problem is I can only ping the br-ex or instances of private subnet from host VM only which IP in eth0 but not from any other machine on the same 192.168.95.0 network. I need to do this in order to access each instaces through ssh client like putty from outside the host VM.
I have tried to add this to host VM as per your suugestion route add -net 192.168.95.0 netmask 255.255.255.0 gw 172.24.4.2 but this is not working rather this is blocking the host VM to ping from outside host.
Your quick feedback will be really appriciated.