What is the "external", interface in the network node?

asked 2014-05-02 06:04:54 -0600

selte gravatar image

Hey there!

I am setting up an Openstack test environment, with a three-node architecture as described in http://docs.openstack.org/trunk/install-guide/install/apt/content/basics-networking-neutron.html (this guide). I am installing the nodes (compute, control and networking) on three virtual machines, using KVM as the hypervisor. The network setup is similar to the guide:

Management: Instance Tunnels:

Management network has a gateway at, through which it can access to the internet.

The guide also states that the network interfaces for the nodes should be configured as follows:

Controller-node eth0, gateway

Compute-node eth0, gateway eth1

Network-node eth0, gateway eth1 eth2 external, no ip <-- I do not understand this one.

So my question is, what does "external" network mean in this context? What is the purpose of the eth2 interface in the network-node? The node is already connected to the "external" network, as I see it, through eth0, via the gateway at

So bottom line, what is the purpose of the eth2 interface, and where should it be connected?

Thanks in advance!

edit retag flag offensive close merge delete


You may take a look at this slides RDO Hangout: Multinode OpenStack with Packstack .
I don't pretend to answer your question. But here are also Controller+Neutron Server+2xCompute Nodes and very good explanation.
Another 100% reproducable in Lab HowTo , providing answer to your question.

dbaxps gravatar imagedbaxps ( 2014-05-02 06:22:05 -0600 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2014-05-02 07:52:44 -0600

capsali gravatar image

The external network fromthe network node is used to connect instances to the outside world. It has no ip because it uses a special configuration to run in promiscuous mode. Basicaly, what it means, is that that network adapter will accept any kind of package. In normal mode, if a package is received and is not meant for that network interface(has a different mac etc), the package is dropped. In promiscuous mode all packages are received. Because all instances will use that network adapter to connect to the internet, that ethernet has to accept multiple and different packages. The management network is used for all communications between nodes, data, services etc. This network should be connected to the internet but only for outgoing connection. You should close all incoming ports for safety reasons. The instance tunnel is used for communication between instances and network node. Hope this helps!

edit flag offensive delete link more


im trying to setup up a 3 node openstack cloud as in the document of ubuntu 14.04 LTS. im using a vmware workstation 9, with windows 8 as the host os. i have setup everything n its pinging fine(all the node ping each other and windows pings the managment node too). my question is i dont know how to

warlord gravatar imagewarlord ( 2015-02-28 03:17:44 -0600 )edit

answered 2014-05-02 06:19:40 -0600

lokesh gravatar image

updated 2014-05-22 00:24:19 -0600

External node signifies a slice of outside network.

Internal Network: Which is preferrably used for vm creation. So for each account/tenant in Openstack you'll have at least one private vlan. External Network: The network from which you want to access instances created inside private vlan.

The way it works is : 1. Your vms are created on internal network with ips from private vlan. 2. You have to create an external network specifically and have to create a router with interface to your private vlan. 3. Your router will also have one ip (port) from your external network as an interface.

So whenever you'll assign a floating ip from external network to a vm provisioned with Internal network you would be able to access vms from outside.

To be aware of the fact that floating ips are routing your traffic via Software defined networking and it's neutron who does the routing for you. Your vm would still have the same private ip configured inside.

PS :I can give you a pictorial Network topology of my setup but unless I have 10 points I cannot do that.

image description

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-05-02 06:04:54 -0600

Seen: 3,604 times

Last updated: May 22 '14