External/Floating outgoing/incoming network
I have used following steps to test this.
- Create tenant network, tenant subnet
- Create shared router
- For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
- Add tenant network interface to router and set gateway of router to external network.
- Create VM instance into tenant network.
- Create and assign floating IP to VM
- Add security rule for PING and SSH testing.
- For external/outgoing access ping to 8.8.8.8 (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Source the admin credentials ### | |
source ~/keystonerc_admin | |
#Variables definition. These variables are required for all the neutron operation. ####### | |
network_name=demo-net | |
subnet_name=demo-subnet | |
subnet_address=10.0.0.0/24 | |
router_name=demo-router | |
external_network_name=ext-net | |
external_subnet_name=ext-subnet | |
external_subnet_address=192.168.122.0/24 | |
logfile=./`hostname`.neutron_external_nw_validation.log | |
line1="—————————————————————————————————————————–" | |
line2="#############################################################################################################################" | |
#create internal network with subnet ### | |
echo $line1|tee -a $logfile;echo -e " Creating internal network $network_name and subnet $subnet_name\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile | |
neutron net-create $network_name 2>&1 |tee -a $logfile | |
neutron subnet-create –name $subnet_name $network_name $subnet_address 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile | |
#create internal network with subnet ### | |
echo $line1|tee -a $logfile;echo -e " Creating internal network $network_name and subnet $subnet_name\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile | |
neutron net-create $network_name 2>&1 |tee -a $logfile | |
neutron subnet-create –name $subnet_name $network_name $subnet_address 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile | |
# Create one VM instance into $network_name network. Change the flavor according to your requirement. ## | |
echo $line1|tee -a $logfile;echo -e " Creating one VM instance in $network_name network..\n" |tee -a $logfile; echo $line1 2>&1 |tee -a $logfile | |
nova keypair-add –pub-key ~/.ssh/id_rsa.pub tenant-key 2>&1 |tee -a $logfile | |
network_id=`neutron net-list|awk '/'$network_name'/ {print $2}'` | |
nova boot –flavor custom.flavor –image cirros –nic net-id=$network_id –security-group default –key-name tenant-key $network_name-vm 2>&1 |tee -a $logfile | |
echo $line1|tee -a $logfile;echo -e "\n Waiting for 60 seconds to start SSH Daemon after the VM start….." 2>&1 |tee -a $logfile | |
sleep 60 | |
echo -e "\n To access external network from $network_name-vm we need one router with external network…" 2>&1 |tee -a $logfile;echo $line1|tee -a $logfile | |
#Create router and add internal network interface and set gateway to external network ### | |
echo $line1|tee -a $logfile;echo -e " Creating router $router_name and adding internal interface from $subnet_name and setting $external_network_name network gateway for external access..\n" |tee -a $logfile ;echo $line1 2>&1 |tee -a $logfile | |
neutron router-create $router_name 2>&1 |tee -a $logfile | |
neutron router-interface-add $router_name $subnet_name 2>&1 |tee -a $logfile | |
neutron router-gateway-set $router_name $external_network_name 2>&1 |tee -a $logfile | |
echo -e "\n Router with added interface details" 2>&1 |tee -a $logfile | |
neutron router-port-list $router_name 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile | |
echo $line1|tee -a $logfile;echo -e "Adding security rule for SSH and PING test..\n" |tee -a $logfile;echo $line1 2>&1 |tee -a $logfile | |
# Add security group rule for ping and SSH test ### 2>&1 |tee -a $logfile | |
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 2>&1 |tee -a $logfile | |
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 2>&1 |tee -a $logfile | |
echo $line1|tee -a $logfile;echo -e "Testing PING from $network_name-vm to external network like 8.8.8.8 (google DNS)..\n"|tee -a $logfile; echo $line1 2>&1 |tee -a $logfile | |
internal_ip=`nova list|awk '/'$network_name'/ {print $12}'|cut -d= -f2` | |
echo -e "\n ip netns exec qdhcp-$network_id ssh -n -oStrictHostKeyChecking=no cirros@$internal_ip ping -c3 8.8.8.8 \n" 2>&1 |tee -a $logfile | |
ip netns exec qdhcp-$network_id ssh -n -oStrictHostKeyChecking=no cirros@$internal_ip ping -c3 8.8.8.8 2>&1 |tee -a $logfile;echo $line2 |tee -a $logfile |