how networking works in openstack?

asked 2014-12-09

splucena gravatar image

updated 2014-12-09

Host OS: ubuntu-desktop 14.04

VirtualBox Version: 4.3.10_ubuntu

Guest OS: ubuntu-server 14.04

OpenStack Architecture: 3 Node Architecture

OpenStack Release: Juno

Install Guide:

I have successfully installed openstack packages and services, I am able to create an instance - attach volume - instances can ping and ssh each other through qrouter on the network node. But I'm having a tough time understanding how I can get instances connect to the internet and I'm not able to ping them as well from host or from my 3 nodes (controller, network, compute, block). I have a basic knowledge on networking.

List of instances

image description

What I have done: Permitted ICMP: nova secgroup-add-rule default icmp -1 -1 Permitted SSH: nova secgroup-add-rule default tcp 22 22


  • Is br-ex (external network) really needed for me to be able to ping/ssh instances

  • Do I really need to assign a floating IP for me to be able to ping/ssh my instances

  • I really don't understand how I can get my instances connect to the internet, how my host, 3 nodes connect to demo-router (router that connects my instances) or vice-versa

image description

  • I'm stuck on this for a while now could someone please help me understand.
2 answers

answered 2014-12-09

SGPJ gravatar image

You can refer to below posts for better understanding:

Diving into OpenStack Network Architecture articles helped me gain a better understanding on how network works in openstack.

splucena ( 2014-12-11 )

answered 2014-12-09

dbaxps gravatar image

updated 2014-12-09

Please, view

In particular page 18 for simple explanation how br-int && br-ex work on Network Node. How OVS
bridge br-ex via OVS port eth3 forwards packets outside.

There is also a nice blog
addressing some of your questions in much more details then first link. It doesn't matter that it was written in 2013 for Quantum&&Grizzly. One of posts ( regarding metadata access) I reproduced on Juno&&CentOS 7: just to verify every step. It was my concern. This procedure is as hard to understand as neutron routing from qdhcp-namespace to qrouter-namespace and outbound.

Asked: 2014-12-09

Seen: 367 times

Last updated: Dec 09 '14