Managing Networks

Creating a Private Network in the Control Panel

Follow these steps to create a private network in the Control panel:

  1. Go to the Network section in the project.
  2. Go to the Private networks tab and select the required pool from the list.
  3. Click Create network.
  4. Enter the network name in the new window. Enter subnet CIDR – the range of IP addresses available on this subnet. You can add multiple IP addresses by clicking Add subnet.
  5. Click Create.

There are no restrictions on the traffic volume inside the private network. This allows you to transfer any amount of data between your services without additional fees. The number of private networks in use is unlimited. The bandwidth is 1 Gbps.

*Please note that you can create a private network when creating a cloud server article.

Merging Servers into a Private Network in the Control Panel

All cloud servers can be merged into a private network.

Within One Project

Follow these steps to connect a cloud server to the desired private network in the Control panel:

  1. Go to the Servers section in the project.
  2. Open the server page.
  3. Go to the Ports tab.
  4. Click Add port and select the desired subnet.

Between Projects

The private network only works within the project and is not available for other projects in the user’s account or other accounts by default.

Follow these steps to make the private network of one project available to another project (cross-project network) in the Control panel:

  1. Click on the name of the current project to open a list of all projects.
  2. Copy the UUID of the target project.
  3. Go to the Network tab in the current project.
  4. Expand the card of the private network that you want to share on another project and go to the Projects tab.
  5. Click Add project.
  6. Enter the copied project UUID to add the required project.

Then you can connect cloud servers to a cross-project network.

Connecting a Private Network to the Router in the Control Panel

You can connect a private network to a virtual router to organize NAT-access to the Internet and assign external IP addresses to selected cloud servers.

Follow these steps to connect the private network to the router in the Control panel:

  1. Go to the Network section in the project.
  2. Go to the Routers tab and select the required pool from the list.
  3. Click Create router.
  4. Enter the name of the router in the new window.
  5. Click Create.
  6. Open the router card and go to the Ports tab.
  7. Click Add port and select the private subnet.

Please note that the created router can be connected to the external network gateway on the Attaching tab in the router’s card.

Connecting a Server to the Internet in the Control Panel

Internet access is provided via public subnets or a public IP address, which is a full external IP address and is available until it is deleted.

Bandwidth both over the Internet and locally is 1 Gbps.

Via Public Subnets

Follow these steps to connect the server to a public subnet in the Control panel:

  1. Go to the Network section in the project.
  2. Go to the Private networks tab and select the required pool from the list.
  3. Click Add subnet.
  4. Select the subnet size and review the cost of the service in the new window. Click Add subnet.
  5. To connect the cloud server to the Internet, open the server page and go to the Ports tab.
  6. Click Add port and select a public subnet.

Via Public IP

Follow these steps to start using a public IP in the Control panel:

  1. Go to the Network section in the project.
  2. Go to the Public IPs tab and select the required pool from the list.
  3. Click Add IP address.
  4. Specify the number of addresses and review the cost of the service in the new window. Click Add IP address.
  5. After payment, the router-nat router will appear on the Routers tab. The nat network will appear on the Private networks tab.
  6. To connect the cloud server with the public IP address to the Internet, open the server page and go to the Ports tab.
  7. Click Add port and select a private nat.
  8. Connect the public IP address to the port by clicking Associate.

VRRP Subnets

One VRRP subnet can connect 2 pools. There can be several VRRP subnets in one project if more than 2 pools are available in this project.

Follow these steps to start using a VRRP subnet in the Control panel:

  1. Go to the Quotas section in the project.
  2. Click Edit.
  3. Edit the quotas in the Crossregion resources field.
  4. Go to the Network section in the project.
  5. Go to the VRRP subnets tab.
  6. Click Create VRRP subnet.
  7. Choose pools to add a VRRP subnet and review the cost of the service. Click Add VRRP subnet.

In each pool, the first effective subnet address is used as a gateway. The second address is reserved for official needs. The remaining four addresses can be assigned to virtual machines. More information can be found in our blog in the articles Router Redundancy with VRRP and Guest Post: Our Experience with Selectel’s VRRP.

Managing Networks Through CLI

Learn more about getting started with the OpenStack CLI.

Creating Subnets

To create a new network, run:

openstack network create <network name>

The response will contain a table with information about the network:

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| admin_state_up | True                                 |
| id             | add73ca5-6120-43bd-bb56-d1d8d71d21ac |
| name           | localnet                             |
| shared         | False                                |
| status         | ACTIVE                               |
| subnets        |                                      |
| tenant_id      | d15391cc95474b1ab6bd81fb2a73bc5c     |
+----------------+--------------------------------------+

To create a subnet on this network, run:

openstack subnet create \
 --network <network name> \
 --subnet-range <subnet-range> \
 <subnet name>

Managing Ports

To view all server ports, run:

openstack port list --server <server>

To view all network ports, run:

openstack port list --network <network>

To create a port on the network, run:

openstack port create \
 --network <network name> \
 <port name>

To connect a port to a cloud server, run:

openstack server add port [-h] <server> <port name> 

To delete a port, run:

openstack port delete <port>

Assigning a Public IP Address

A public IP address is used to access the cloud server to the Internet.

To view a list of all allocated public IP, run the following:

openstack floating ip list

To allocate a public IP, run:

openstack floating ip create external-network

To assign a public IP to the server created earlier in the Control panel:

openstack server add floating ip <server> <IP address>

Both the server name and its ID can be used in the <server> parameter.

Port Forwarding

Port forwarding is used to redirect traffic from one port to another. For example, you can configure port forwarding on a public IP address to any port in a private subnet — in this case, access to the private port will be organized without ordering an additional IP.

Please note that the public IP should not be associated with any interface, load balancer, and so on before configuring port forwarding.

Please note that the feature is only available for OpenStack Train versions or greater.

To view the list of ports, run:

openstack port list

The response will display information about the ports:

+--------------------------------------+------+-------------------+------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                             | Status |
+--------------------------------------+------+-------------------+------------------------------------------------+--------+
| 1001b155-ec53-2121-ac40-d101b187a7f3 |      | fa:17:3e:d7:21:60 | ip_address='123.123.123.123', subnet_id='16ab21| N/A    |
|                                      |      |                   | be-e7fe-1ae1-a109-0426e4a6e0a7'                |        |
| 97e01013-3d77-41bc-b0d7-7b74daa7aa2a |      | fa:17:3e:d3:9e:c1 | ip_address='192.168.0.1', subnet_id='305ab695- | ACTIVE |
|                                      |      |                   | dafe-4a38-bc9d-acf0080f21cf'                   |        |
| ed010217-9f78-4002-8703-2112da3fef1f |      | fa:17:3e:08:21:7d | ip_address='192.168.0.2', subnet_id='305ab695- | ACTIVE |
|                                      |      |                   | dafe-4a38-bc9d-acf0080f21cf'                   |        |
+--------------------------------------+------+-------------------+------------------------------------------------+--------+

To configure port forwarding, run the following:

openstack floating ip port forwarding create
   / --internal-ip-address <internal ip address>
   / --port <port>
   / --internal-protocol-port <internal protocol>
   / --external-protocol-port <external protocol>
   / --protocol <protocol>
      <floating ip>

Where:

  • <internal ip address> is the IP address of the port in the private subnet to which the forwarding will be performed;
  • <port> is the port name or UUID;
  • <internal protocol> is the protocol port number in the private subnet;
  • <external protocol> is the protocol port number of the port forwarding’s public IP address;
  • <protocol> is the protocol used in port forwarding, for instance: TCP, UDP;
  • <floating ip> is the public IP address that the port forwarding belongs to.

Example:

openstack floating ip port forwarding create --internal-ip-address 192.168.0.2 --port ed010217-9f78-4002-8703-2112da3fef1f --internal-protocol-port 80 --external-protocol-port 80 --protocol tcp 123.123.123.123

To view the created port forwarding for the public IP address, run:

openstack floating ip port forwarding list <floating ip>

The response will look as follows:

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| description         | None                                 |
| external_port       | 80                                   |
| id                  | 1daa7717-1ce6-4573-95cb-ddb94a39b844 |
| internal_ip_address | 192.168.0.2                          |
| internal_port       | 80                                   |
| internal_port_id    | ed010217-9f78-4002-8703-2112da3fef1f |
| name                | None                                 |
| project_id          |                                      |
| protocol            | tcp                                  |
+---------------------+--------------------------------------+