Neutron cannot allocate ip on external network

Hi, I have a setup with 3 machines: 1 controller (nova controller, and neutron controller), and 2 compute nodes. They are at version Liberty. I can create VM, and they can ping each others on their private network (VXLAN). My problem is that VM I create do not have access to the outside.

I know I have to create a public network, and a router to link networks. And then set the gateway of the router. What I guess the problem is, is that I cannot allocate an ip on the physical network my machines are connected to, because of security policy.

Is it mandatory for the router to allocate an ip on the external network? Should I map the OpenStack external network to the physical network? Is it possible for my VM to get access to the outside using another way?