DevStack Networking¶
An important part of the DevStack experience is networking that works by default for created guests. This might not be optimal for your particular testing environment, so this document tries its best to explain what’s going on.
Defaults¶
If you don’t specify any configuration you will get the following:
- neutron (including l3 with openvswitch)
- private project networks for each openstack project
- a floating ip range of 172.24.4.0/24 with the gateway of 172.24.4.1
- the demo project configured with fixed ips on a subnet allocated from the 10.0.0.0/22 range
- a
br-ex
interface controlled by neutron for all its networking (this is not connected to any physical interfaces). - DNS resolution for guests based on the resolv.conf for your host
- an ip masq rule that allows created guests to route out
This creates an environment which is isolated to the single host. Guests can get to the external network for package updates. Tempest tests will work in this environment.
Note
By default all OpenStack environments have security group rules which block all inbound packets to guests. If you want to be able to ssh / ping your created guests you should run the following.
openstack security group rule create --proto icmp --dst-port 0 default
openstack security group rule create --proto tcp --dst-port 22 default
Locally Accessible Guests¶
If you want to make you guests accessible from other machines on your
network, we have to connect br-ex
to a physical interface.
Dedicated Guest Interface¶
If you have 2 or more interfaces on your devstack server, you can allocate an interface to neutron to fully manage. This should not be the same interface you use to ssh into the devstack server itself.
This is done by setting with the PUBLIC_INTERFACE
attribute.
[[local|localrc]]
PUBLIC_INTERFACE=eth1
That will put all layer 2 traffic from your guests onto the main network. When running in this mode the ip masq rule is not added in your devstack, you are responsible for making routing work on your local network.
Private Network Addressing¶
The private networks addresses are controlled by the IPV4_ADDRS_SAFE_TO_USE
and the IPV6_ADDRS_SAFE_TO_USE
variables. This allows users to specify one
single variable of safe internal IPs to use that will be referenced whether or
not subnetpools are in use.
For IPv4, FIXED_RANGE
and SUBNETPOOL_PREFIX_V4
will just default to
the value of IPV4_ADDRS_SAFE_TO_USE
directly.
For IPv6, FIXED_RANGE_V6
will default to the first /64 of the value of
IPV6_ADDRS_SAFE_TO_USE
. If IPV6_ADDRS_SAFE_TO_USE
is /64 or smaller,
FIXED_RANGE_V6
will just use the value of that directly.
SUBNETPOOL_PREFIX_V6
will just default to the value of
IPV6_ADDRS_SAFE_TO_USE
directly.