Posted in network, Openstack, Security

Neutron Validation Testing Part 3

External/Floating outgoing/incoming network

I have used following steps to test this.

  • Create tenant network, tenant subnet
  • Create shared router
  • For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
  • Add tenant network interface to router and set gateway of router to external network.
  • Create VM instance into tenant network.
  • Create and assign floating IP to VM
  • Add security rule for PING and SSH testing.
  • For external/outgoing access ping to (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.


Continue reading “Neutron Validation Testing Part 3”

Posted in Cloud, network, Openstack

Neutron Validation Testing Part 2

Tenant to tenant networking with different subnet

For tenant to tenant networking I used following steps.

  • Create first tenant, tenant network, tenant subnet
  • Create second tenant, tenant network, tenant subnet
  • Create router in admin tenant and add both tenant interface to it.
  • Create 2 VMs instance into two different tenant network.
  • Add security rule for PING and SSH testing.
  • Ping to each other using network namespace.


Continue reading “Neutron Validation Testing Part 2”

Posted in Cloud, network, Openstack

Neutron Validation Testing Part 1

All test are performed from standalone VM outside of the OpenStack cloud. First, establish passwordless SSH authentication between Standalone VM and OpenStack controller. Use following method to invoke the script from standalone VM which will run o on controller VM and get the details.

ssh –T <controller hostname/ip>  <

Here –T Disable pseudo-tty allocation from VM

External and Internal API networking.

  • To access external API and internal API network I used curl utility to make API calls.
  •  Using curl generate a new token first by providing tenant name, username, password and controller IP. We can be used admin auth_token as well but that token will fetch details related to admin tenant only. Here we can generate a token for any tenant.n1
  • This generates endpoint list with a token in the bottom.n2
  • Continue reading “Neutron Validation Testing Part 1”