Neutron Networking Basics

This tutorial describes basic networking concepts for OpenStack Neutron. Please read the Tutorial on How to Configure OpenStack Neutron in Platform9 Managed OpenStack for Neutron setup details.

Neutron is the key networking component of OpenStack. It is provided as a standalone OpenStack service, along with other core OpenStack services such as Nova, Glance, Keystone, Cinder etc. Neutron is designed with a pluggable architecture, allowing for easy integration with third-party networking solutions via plugins. In this article, we will cover basics of Neutron terminologies. This will serve as a building block for follow-up posts that dive into Neutron features.

Neutron Network Types

Neutron networks in OpenStack roughly fall into three distinct categories:

  • Provider networks
  • Tenant networks
  • External networks

Please refer to the Tutorial on How to Configure OpenStack Neutron in Platform9 Managed OpenStack for making Neutron aware of your data center’s physical network topology, as part of your Neutron setup process

Provider Networks

Provider networks are designed to map directly to existing networks in your data center. A good example of a provider network is an existing VLAN-based or physical (flat) network within your data center that you would like to incorporate into your OpenStack environment. For example, you may have designated VLAN 20 on a specific subnet for all database traffic, and you might want to deploy database servers in your OpenStack deployment that will explicitly connect to this network.

A provider network in Neutron can be either flat, VLAN-based, GRE-based, or VXLAN-based. Here, we will focus primarily on flat and VLAN-based provider networks. To create a provider network in Platform9, browse to the ‘Network’ menu, then select ‘Create New Network’ and then select ‘Provider Network’ from the network type drop-down menu. As part of creation of a provider network, you need to explicitly specify what ‘physical network config’ this provider network should utilize.

This configuration is defined as part of the How to Configure OpenStack Neutron in Platform9 Managed OpenStack. The physical network refers to the unique label associated with the provider network config, and the ‘segmentation ID’ refers to the VLAN ID corresponding to this physical network that you’d like to utilize for this provider network. This VLAN ID must fall in the range of VLAN IDs that you supplied as part of the physical network config.

New Neutron Network

Tenant Networks

Neutron tenant networks are meant to be private to a given tenant, and are generally created by a user or a group of users within a tenant. Without a Neutron router, these networks are isolated from one another, so that the virtual machines created within these networks can not route traffic outside of the network.

To create a tenant network in Platform9, browse to the ‘Network’ menu, then select ‘Create New Network’ and then select ‘Tenant Network’ from the network type drop-down menu.

New Neutron Network

Network Interfaces and Ports

Each Neutron network will typically have one or more {Network Interface, Port} Tuples associated with it. An interface and a port on a network uniquely maps it to a device in the OpenStack environment. The device can be one of the following:

  • A virtual machine instance
  • A router
  • A DHCP server

External Networks

External networks generally correspond to the physical networks in your data center that are publicly routable/enabled with access to Internet. As an administrator, you would want to supply one or more external networks to Neutron so that:

  • Your virtual machines can route packets from the internal network to the Internet
  • You can assign floating IPs to your virtual machine and have them publicly addressable from the Internet

To configure an external network in Platform9 Managed OpenStack, you follow a process similar to creation of a provider network or a tenant network. Just browse to ‘Network’ menu in Platform9, then select ‘Create New Network’ and then select ‘External Network’ from the network type dropdown menu.

New Network step 1

Neutron Router/Gateway

Neutron routers enable routing of traffic between two or more Neutron networks. A router is capable of routing traffic between Neutron networks of any type - external, provider and tenant. When a router maps an internal network to an external network, it is sometimes referred to as a gateway.

Private/Shared Networks and Multi-Tenancy

You might have noticed that each network in Neutron is created in the context of some tenant who will be the default owner of that network. A network can be explicitly marked as ‘shared’, which will make it accessible to all tenants in OpenStack.