Self-service network

Self-service network

If you chose networking option 2, you can also create a self-service (private) network that connects to the physical network infrastructure via NAT. This network includes a DHCP server that provides IP addresses to instances. An instance on this network can automatically access external networks such as the Internet. However, access to an instance on this network from external networks such as the Internet requires a floating IP address.

The demo or other unprivileged user can create this network because it provides connectivity to instances within the demo project only.


You must create the provider network before the self-service network.


Následující pokyny a schémata používají vzorové rozsahy IP adres. Musíte si je přizpůsobit tak, aby odpovídaly vašemu prostředí.

Networking Option 2: Self-service networks - Overview

Volba sítě 2: Samoobslužné sítě - přehled

Networking Option 2: Self-service networks - Connectivity

Volba sítě 2: Samoobslužné sítě - propojení

Create the self-service network

  1. V uzlu kontroléru použijte příkaz source pro přihlašovací údaje pro demo pro získání přístupu k příkazům příkazového řádku pro uživatele:

    $ . demo-openrc
  2. Vytvořte síť:

    $ openstack network create selfservice
    Created a new network:
    | Field                   | Value                                |
    | admin_state_up          | UP                                   |
    | availability_zone_hints |                                      |
    | availability_zones      |                                      |
    | created_at              | 2016-11-04T18:20:59Z                 |
    | description             |                                      |
    | headers                 |                                      |
    | id                      | 7c6f9b37-76b4-463e-98d8-27e5686ed083 |
    | ipv4_address_scope      | None                                 |
    | ipv6_address_scope      | None                                 |
    | mtu                     | 1450                                 |
    | name                    | selfservice                          |
    | port_security_enabled   | True                                 |
    | project_id              | 3828e7c22c5546e585f27b9eb5453788     |
    | project_id              | 3828e7c22c5546e585f27b9eb5453788     |
    | revision_number         | 3                                    |
    | router:external         | Internal                             |
    | shared                  | False                                |
    | status                  | ACTIVE                               |
    | subnets                 |                                      |
    | tags                    | []                                   |
    | updated_at              | 2016-11-04T18:20:59Z                 |

    Non-privileged users typically cannot supply additional parameters to this command. The service automatically chooses parameters using information from the following files:


    tenant_network_types = vxlan
    vni_ranges = 1:1000
  3. Vytvořte podsíť:

    $ openstack subnet create --network selfservice \
      --dns-nameserver DNS_RESOLVER --gateway SELFSERVICE_NETWORK_GATEWAY \
      --subnet-range SELFSERVICE_NETWORK_CIDR selfservice

    DNS_RESOLVER nahraďte IP adresou překladače DNS. Ve většině případů lze použít jednu ze souboru /etc/resolv.conf v hostiteli.

    Replace SELFSERVICE_NETWORK_GATEWAY with the gateway you want to use on the self-service network, typically the „.1“ IP address.

    Replace SELFSERVICE_NETWORK_CIDR with the subnet you want to use on the self-service network. You can use any arbitrary value, although we recommend a network from RFC 1918.


    The self-service network uses with a gateway on A DHCP server assigns each instance an IP address from to All instances use as a DNS resolver.

    $ openstack subnet create --network selfservice \
      --dns-nameserver --gateway \
      --subnet-range selfservice
    Created a new subnet:
    | Field             | Value                                |
    | allocation_pools  |              |
    | cidr              |                        |
    | created_at        | 2016-11-04T18:30:54Z                 |
    | description       |                                      |
    | dns_nameservers   |                              |
    | enable_dhcp       | True                                 |
    | gateway_ip        |                           |
    | headers           |                                      |
    | host_routes       |                                      |
    | id                | 5c37348e-e7da-439b-8c23-2af47d93aee5 |
    | ip_version        | 4                                    |
    | ipv6_address_mode | None                                 |
    | ipv6_ra_mode      | None                                 |
    | name              | selfservice                          |
    | network_id        | b9273876-5946-4f02-a4da-838224a144e7 |
    | project_id        | 3828e7c22c5546e585f27b9eb5453788     |
    | project_id        | 3828e7c22c5546e585f27b9eb5453788     |
    | revision_number   | 2                                    |
    | service_types     | []                                   |
    | subnetpool_id     | None                                 |
    | updated_at        | 2016-11-04T18:30:54Z                 |

Vytvoření směrovače

Self-service networks connect to provider networks using a virtual router that typically performs bidirectional NAT. Each router contains an interface on at least one self-service network and a gateway on a provider network.

The provider network must include the router:external option to enable self-service routers to use it for connectivity to external networks such as the Internet. The admin or other privileged user must include this option during network creation or add it later. In this case, the router:external option was set by using the --external parameter when creating the provider network.

  1. V uzlu kontroléru použijte příkaz source pro přihlašovací údaje pro admin pro získání přístupu k příkazům příkazového řádku pro správce:

    $ . admin-openrc
  2. Použijte příkaz source pro přihlašovací údaje pro demo pro získání přístupu k příkazům příkazového řádku pro uživatele:

    $ . demo-openrc
  3. Vytvořte směrovač:

    $ openstack router create router
    Created a new router:
    | Field                   | Value                                |
    | admin_state_up          | UP                                   |
    | availability_zone_hints |                                      |
    | availability_zones      |                                      |
    | created_at              | 2016-11-04T18:32:56Z                 |
    | description             |                                      |
    | external_gateway_info   | null                                 |
    | flavor_id               | None                                 |
    | headers                 |                                      |
    | id                      | 67324374-396a-4db6-9443-c70be167a42b |
    | name                    | router                               |
    | project_id              | 3828e7c22c5546e585f27b9eb5453788     |
    | project_id              | 3828e7c22c5546e585f27b9eb5453788     |
    | revision_number         | 2                                    |
    | routes                  |                                      |
    | status                  | ACTIVE                               |
    | updated_at              | 2016-11-04T18:32:56Z                 |
  4. Add the self-service network subnet as an interface on the router:

    $ neutron router-interface-add router selfservice
    Added interface bff6605d-824c-41f9-b744-21d128fc86e1 to router router.
  5. Set a gateway on the provider network on the router:

    $ neutron router-gateway-set router provider
    Set gateway for router router

Ověření funkčnosti

We recommend that you verify operation and fix any issues before proceeding. The following steps use the IP address ranges from the network and subnet creation examples.

  1. V uzlu kontroléru použijte příkaz source pro přihlašovací údaje pro admin pro získání přístupu k příkazům příkazového řádku pro správce:

    $ . admin-openrc
  2. Vypište jmenné prostory sítě. Měli by se Vám zobrazit jeden prostor qrouter a dva qdhcp.

    $ ip netns
  3. List ports on the router to determine the gateway IP address on the provider network:

    $ neutron router-port-list router
    | id                                   | name | mac_address       | fixed_ips                                |
    | bff6605d-824c-41f9-b744-21d128fc86e1 |      | fa:16:3e:2f:34:9b | {"subnet_id":                            |
    |                                      |      |                   | "3482f524-8bff-4871-80d4-5774c2730728",  |
    |                                      |      |                   | "ip_address": ""}              |
    | d6fe98db-ae01-42b0-a860-37b1661f5950 |      | fa:16:3e:e8:c1:41 | {"subnet_id":                            |
    |                                      |      |                   | "5cc70da8-4ee7-4565-be53-b9c011fca011",  |
    |                                      |      |                   | "ip_address": ""}           |
  4. Ping this IP address from the controller node or any host on the physical provider network:

    $ ping -c 4
    PING ( 56(84) bytes of data.
    64 bytes from icmp_req=1 ttl=64 time=0.619 ms
    64 bytes from icmp_req=2 ttl=64 time=0.189 ms
    64 bytes from icmp_req=3 ttl=64 time=0.165 ms
    64 bytes from icmp_req=4 ttl=64 time=0.216 ms
    --- ping statistics ---
    rtt min/avg/max/mdev = 0.165/0.297/0.619/0.187 ms

Vraťte se na Spuštění instance - Vytváření virtuálních sítí.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.