Posted in network, Openstack, Security

Neutron Validation Testing Part 3

Posted on by Vishwanath Mule

External/Floating outgoing/incoming network

I have used following steps to test this.

  • Create tenant network, tenant subnet
  • Create shared router
  • For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
  • Add tenant network interface to router and set gateway of router to external network.
  • Create VM instance into tenant network.
  • Create and assign floating IP to VM
  • Add security rule for PING and SSH testing.
  • For external/outgoing access ping to 8.8.8.8 (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.

n5

https://github.com/vishmule/OpenStack-Neutron-Validation-Scripts/blob/master/External_Network_Test.sh


#!/bin/bash
#Source the admin credentials ###
source ~/keystonerc_admin
#Variables definition. These variables are required for all the neutron operation. #######
network_name=demo-net
subnet_name=demo-subnet
subnet_address=10.0.0.0/24
router_name=demo-router
external_network_name=ext-net
external_subnet_name=ext-subnet
external_subnet_address=192.168.122.0/24
logfile=./`hostname`.neutron_external_nw_validation.log
line1="—————————————————————————————————————————–"
line2="#############################################################################################################################"
#create internal network with subnet ###
echo $line1|tee -a $logfile;echo -e " Creating internal network $network_name and subnet $subnet_name\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile
neutron net-create $network_name 2>&1 |tee -a $logfile
neutron subnet-create –name $subnet_name $network_name $subnet_address 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile
#create internal network with subnet ###
echo $line1|tee -a $logfile;echo -e " Creating internal network $network_name and subnet $subnet_name\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile
neutron net-create $network_name 2>&1 |tee -a $logfile
neutron subnet-create –name $subnet_name $network_name $subnet_address 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile
# Create one VM instance into $network_name network. Change the flavor according to your requirement. ##
echo $line1|tee -a $logfile;echo -e " Creating one VM instance in $network_name network..\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile
nova keypair-add –pub-key ~/.ssh/id_rsa.pub tenant-key 2>&1 |tee -a $logfile
network_id=`neutron net-list|awk '/'$network_name'/ {print $2}'`
nova boot –flavor custom.flavor –image cirros –nic net-id=$network_id –security-group default –key-name tenant-key $network_name-vm 2>&1 |tee -a $logfile
echo $line1|tee -a $logfile;echo -e "\n Waiting for 60 seconds to start SSH Daemon after the VM start….." 2>&1 |tee -a $logfile
sleep 60
echo -e "\n To access external network from $network_name-vm we need one router with external network…" 2>&1 |tee -a $logfile;echo $line1|tee -a $logfile
#Create router and add internal network interface and set gateway to external network ###
echo $line1|tee -a $logfile;echo -e " Creating router $router_name and adding internal interface from $subnet_name and setting $external_network_name network gateway for external access..\n" |tee -a $logfile ;echo $line1 2>&1 |tee -a $logfile
neutron router-create $router_name 2>&1 |tee -a $logfile
neutron router-interface-add $router_name $subnet_name 2>&1 |tee -a $logfile
neutron router-gateway-set $router_name $external_network_name 2>&1 |tee -a $logfile
echo -e "\n Router with added interface details" 2>&1 |tee -a $logfile
neutron router-port-list $router_name 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile
echo $line1|tee -a $logfile;echo -e "Adding security rule for SSH and PING test..\n" |tee -a $logfile;echo $line1 2>&1 |tee -a $logfile
# Add security group rule for ping and SSH test ### 2>&1 |tee -a $logfile
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 2>&1 |tee -a $logfile
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 2>&1 |tee -a $logfile
echo $line1|tee -a $logfile;echo -e "Testing PING from $network_name-vm to external network like 8.8.8.8 (google DNS)..\n"|tee -a $logfile; echo $line1 2>&1 |tee -a $logfile
internal_ip=`nova list|awk '/'$network_name'/ {print $12}'|cut -d= -f2`
echo -e "\n ip netns exec qdhcp-$network_id ssh -n -oStrictHostKeyChecking=no cirros@$internal_ip ping -c3 8.8.8.8 \n" 2>&1 |tee -a $logfile
ip netns exec qdhcp-$network_id ssh -n -oStrictHostKeyChecking=no cirros@$internal_ip ping -c3 8.8.8.8 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile

view raw

External_Network_Test.sh

hosted with ❤ by GitHub

Author:

I have created this blog to share my learning from IT world. Hope you find it useful in your day to day work. Feel free to send me your feedback about my blog.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.