Network Scenarios

Private Networks

If a lessee wishes to use a private network, they can run the following commands:

openstack network create <network name>
openstack subnet create --subnet-range <subnet range> --allocation-pool start=<allocation start>,end=<allocation end> --network <network name> <subnet name>

The created network will automatically have an assigned VLAN. This network can then be attached to a node as follows:

openstack esi node network attach --network <network name> <node>

Note that a node must be active in order for this network configuration to be reflected upon the switch. OpenStack provisioning tools will often do this for you, but if you wish to use your own provisioning tools then run the following:

openstack baremetal node manage <node>
openstack baremetal node adopt <node>

In order for the lessee to access a node on a private network, they can use of the following options:

  • Contact the ESI administrator to connect the VLAN to an accessible node or VM outside of ESI

  • Use a trunk port whose native network is a VLAN that the lessee can already access - usually a public or external network - and which has a tagged network corresponding to the private network. That can be configured as follows:

    openstack esi trunk create --native-network <accessible network> <trunk name>
openstack esi trunk add network --tagged-networks <private network> <trunk name>
openstack esi node network attach --trunk <trunk name> <node>

  • Use a floating IP on an external network as described below

Private DNS

If you require a private DNS server for your private network, you can configure one on a node in your private network. Once that’s done, configure your private subnet:

openstack subnet set --dns-nameserver <dns server ip> <private subnet>

External Networks

An external network must be configured by an ESI administrator as described here. Once that’s done, a lessee can provision a node upon their private network and then gain external network access using one of these methods.

Routers

An OpenStack router allows you to give nodes on your private subnet external network access.

openstack router create external-router
openstack router set --external-gateway <external network> external-router
openstack router add subnet external-router <private subnet>

Floating IPs

The use of floating IPs requires the following:

  • The private network’s VLAN must be configured as a tagged network on the switch port for each controller.

  • An OpenStack router must be configured as described above.

Once these requirements are in place, you can create a floating IP and associate it with a provisioned node’s Neutron port (which can be found by running openstack esi node network list):

openstack floating ip create <external network>
openstack floating ip set --port <port> <external floating ip>

If your private network has an alternative mechanism for assigning IPs, you can still assign an external floating IP by manually creating a Neutron port:

openstack floating ip create external
openstack port create --network <private network> \
                      --fixed-ip subnet=<private subnet>,ip-address=<private ip address> \
                      <port name>
openstack floating ip set --port <port name> <allocated external floating IP>

Direct Connection

If you do not need access to a private network, you can simply attach the external network to the node:

openstack esi node network detach --port <port> <node>
openstack esi node network attach --network <external name> <node>

Direct Connection - Trunk Port

If you need access to multiple networks through a single NIC, you can use a trunk port:

openstack esi trunk create --native-network <private network> <trunk name>
openstack esi trunk add network --tagged-networks <external network> <trunk name>
openstack esi node network attach --trunk <trunk name> <node>

Access the node through the private network or a serial console, and create a new network interface configuration for the external network.