Types of Networks:
There are two types of networks in OpenStack, "Public" and "Private".
"Public" networks provide public (but possibly restricted) access from the internet but are not guaranteed to use the same IP addresses for instances that have been shelved and then unshelved.
"Private" networks provide public access from the internet but additionally maintain stable IP addresses for instances. You can also use a private network to prevent some or all of the instances on the private network from being directly accessible from the internet. In a way, they are just like your home network, they can get out to the internet but nothing can get in.
Each project initially has one default public network, and private networks must be created. A list of the current project's networks can be viewed in the OpenStack Web Interface on the "Networks" tab.
A public IP address is assigned to every instance that is started in Openstack. This IP address assigned to your instance stays with your instance forever or until the instance is deleted from the cloud.
None of these actions will release the IP address from the instance: soft/hard reboot, halt, shutdown, suspend, shelve, pause, lock/unlock. The only thing that will remove the IP address from the instance and from your project usage is if you delete the instance.
- A public IP address is assigned to every instance that is started in Openstack.
- This IP address assigned to your instance stays with your instance forever or until the instance is deleted from the cloud.
- soft/hard reboot, halt, shutdown, suspend, shelve, pause, lock/unlock will not will release the IP address from the instance
- You cannot assign a floating IP address to an instance that only has a public network.
- Please do not allocate floating IP addresses on a public network.
- It is a best practice to create any necessary private networks before creating the instances that will use them.
- While an instance that was initially attached to a public network can later be attached to a private network, this can lead to problems.
- If you would like to move an instance from a public to a private network, you should take a snapshot of it and create a new instance from the snapshot and attach the new instance to the private network when launching it.
- More documentation on private ("self service") networks: https://docs.openstack.org/newton/install-guide-debconf/launch-instance-networks-selfservice.html
- YouTube video on creating a private network: https://www.youtube.com/watch?v=cIdCjNSZNrg
Creating a Private Network:
- Go to the Networks tab from with the Horizon Dashboard.
- Click on "Create Network"
- Enter a Network Name (ex: Test-Network) click next.
- Give the Subnet a nname (ex: Test-Subnet)
- Assign a Network range (ex: 192.168.0.0/24) click next.
- Click Create.
Create a Router to connect the Public and Private networks:
- Click on the Routers tab from within the Horizon Dashboard.
- Click Create Router
- Give the Router a name (ex: Test-Router)
- Select the lakeeffect-199.109.195 Public network as External Network
- Click Create Router
Create an interface to connect the router to your private network:
- Click on the router you created in the previous step (Test Router)
- Click on the Interfaces tab
- Click Add Interface
- Select the Private network created in previous step as the Subnet.
- Click Submit.
Floating IP Addresses:
Each instance on a private network can be assigned a "floating" IP address (called an elastic IP address in AWS).
Having an assigned floating IP address makes it more convenient to access an instance and is highly recommended if you plan to have a registered domain name pointing to the instance.
The steps below can be used to create and assign a new floating IP address to an instance that is attached to a private network. As noted before, if you have an instance attached to a public network and want to assign an IP address to it, you will need to move the instance to a private network.
Steps for creating and assigning a floating (stable) IP address:
- See the prerequisite steps above for "Creating a private network"
- In Horizon, under the Networks tab, select "Floating IPs".
- Click "Allocate IP to Project"
- The only pool will be "lakeeffect-199.109.195 "; click "allocate".
- From the list of floating IPs, click "Associate"; make sure you pick a "port" that is an instance's interface on a previously created private network, NOT a public network.
- Once you no longer need the floating IP, release it back to the pool by selecting the "Release Floating IP" from the Actions dropdown menu.
- When changing the associated floating IPs of an instance, security groups may be dropped, so you will want to verify the security groups after.
Project (group) quotas: Each project is assigned a quota for managing storage and compute usage as well as IP addresses. At this time, each project is allocated with 10 IP addresses. If you require more than 10, consider using a self-service (private) network. If this does not work for your project please email ccr-help. Additional costs may be associated with IP allocations over 10.
REMEMBER: The IP address assigned from the public Lake Effect network (199.109.195.x) has access to the outside world. Which means the outside world has access to your instance. Make sure you secure your instances with security groups
Adding Additional Interfaces to an Instance
It is possible to allocate more than one IP address with an instance. Please see attaching additional network interfaces to instance for more details