{"id":36806,"date":"2025-01-24T09:01:53","date_gmt":"2025-01-24T08:01:53","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=36806"},"modified":"2025-01-24T09:01:53","modified_gmt":"2025-01-24T08:01:53","slug":"creating-your-private-cloud-using-openstack-6-the-networking-service","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/","title":{"rendered":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service"},"content":{"rendered":"\n<p>We&#8217;ve finished the last post with a working Compute (Nova) service on the controller and compute node. While only the compute(s) actually run compute resources, Nova is also running on the controller for the management tasks, while libvirt is only running on the compute node. Once more, <a href=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-1-introduction\/\" target=\"_blank\" rel=\"noreferrer noopener\">looking back at what we need at a minimum<\/a>, we&#8217;ve done most of it by now:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/docs.openstack.org\/keystone\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Keystone<\/a>: Identity service (done)<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.openstack.org\/glance\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Glance<\/a>: Image service (done)<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.openstack.org\/placement\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Placement<\/a>: Placement service (done)<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.openstack.org\/nova\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Nova<\/a>: Compute service (done)<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.openstack.org\/neutron\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Neutron<\/a>: Network service<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.openstack.org\/horizon\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Horizon<\/a>: The OpenStack dashboard<\/li>\n<\/ul>\n\n\n\n<p>The Network service (<a href=\"https:\/\/docs.openstack.org\/neutron\/latest\/\" target=\"_blank\" rel=\"noreferrer noopener\">Neutron<\/a>), at least for me, is the hardest part to get right because it requires most of the configuration. As a small refresher, this is the setup we have right now:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"408\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-1024x408.png\" alt=\"\" class=\"wp-image-36807\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-1024x408.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-300x120.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-768x306.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1.png 1362w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Today, we&#8217;re adding the next bit to this: The Network service. Neutron provides &#8220;network connectivity as a service\u201d between interfaces, and those are managed by other OpenStack services such as Nova (Compute). You have two choices for implementing this: <a href=\"https:\/\/docs.openstack.org\/neutron\/latest\/install\/controller-install-option1-obs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Provider Networks<\/a> and <a href=\"https:\/\/docs.openstack.org\/neutron\/latest\/install\/controller-install-option2-obs.html\" target=\"_blank\" rel=\"noreferrer noopener\">Self-service Networks<\/a>. To keep it as simple as possible for scope of this blog series, we&#8217;ll go for a Provider Network.<\/p>\n\n\n\n<p>As with most of the other services, Neutron needs a database:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,3,5]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ su - postgres -c &quot;psql -c \\&quot;create user neutron with login password &#039;admin&#039;\\&quot;&quot;\nCREATE ROLE\n&#x5B;root@controller ~]$ su - postgres -c &quot;psql -c &#039;create database neutron with owner=neutron&#039;&quot;\nCREATE DATABASE\n&#x5B;root@controller ~]$ su - postgres -c &quot;psql -l&quot;\n                                                        List of databases\n    Name    |   Owner   | Encoding | Locale Provider |   Collate   |    Ctype    | ICU Locale | ICU Rules |   Access privileges   \n------------+-----------+----------+-----------------+-------------+-------------+------------+-----------+-----------------------\n glance     | glance    | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n keystone   | keystone  | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n neutron    | neutron   | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n nova       | nova      | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n nova_api   | nova      | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n nova_cell0 | nova      | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n placement  | placement | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n postgres   | postgres  | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | \n template0  | postgres  | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | =c\/postgres          +\n            |           |          |                 |             |             |            |           | postgres=CTc\/postgres\n template1  | postgres  | UTF8     | libc            | en_US.UTF-8 | en_US.UTF-8 |            |           | =c\/postgres          +\n            |           |          |                 |             |             |            |           | postgres=CTc\/postgres\n(10 rows)\n\n<\/pre><\/div>\n\n\n<p>As with most of the other services, we need to install the packages, setup the service, create credentials and API endpoints. For the packages, this is what we need on the controller node:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ dnf install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y\n<\/pre><\/div>\n\n\n<p>For the service, credentials and API endpoints it is more or less the same as for the other services:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,18,19,30,44,59]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ openstack user create --domain default --password-prompt neutron\nUser Password:\nRepeat User Password:\nNo password was supplied, authentication will fail when a user does not have a password.\n+---------------------+----------------------------------+\n| Field               | Value                            |\n+---------------------+----------------------------------+\n| default_project_id  | None                             |\n| domain_id           | default                          |\n| email               | None                             |\n| enabled             | True                             |\n| id                  | 9c9c6e6b622a4e31a176636f4ac0d8d3 |\n| name                | neutron                          |\n| description         | None                             |\n| password_expires_at | None                             |\n+---------------------+----------------------------------+\n\n&#x5B;root@controller ~]$ openstack role add --project service --user neutron admin\n&#x5B;root@controller ~]$ openstack service create --name neutron --description &quot;OpenStack Networking&quot; network\n+-------------+----------------------------------+\n| Field       | Value                            |\n+-------------+----------------------------------+\n| id          | 870999a2fb914fe4b9fd8a24a330215f |\n| name        | neutron                          |\n| type        | network                          |\n| enabled     | True                             |\n| description | OpenStack Networking             |\n+-------------+----------------------------------+\n\n&#x5B;root@controller ~]$ openstack endpoint create --region RegionOne network public http:\/\/controller:9696\n+--------------+----------------------------------+\n| Field        | Value                            |\n+--------------+----------------------------------+\n| enabled      | True                             |\n| id           | fb73d8b1db254fea9e4e12f61f4316a3 |\n| interface    | public                           |\n| region       | RegionOne                        |\n| region_id    | RegionOne                        |\n| service_id   | 870999a2fb914fe4b9fd8a24a330215f |\n| service_name | neutron                          |\n| service_type | network                          |\n| url          | http:\/\/controller:9696           |\n\n&#x5B;root@controller ~]$ openstack endpoint create --region RegionOne network internal http:\/\/controller:9696\n+--------------+----------------------------------+\n| Field        | Value                            |\n+--------------+----------------------------------+\n| enabled      | True                             |\n| id           | c5a7982953e44ea0b612488bebbb88d8 |\n| interface    | internal                         |\n| region       | RegionOne                        |\n| region_id    | RegionOne                        |\n| service_id   | 870999a2fb914fe4b9fd8a24a330215f |\n| service_name | neutron                          |\n| service_type | network                          |\n| url          | http:\/\/controller:9696           |\n+--------------+----------------------------------+\n\n&#x5B;root@controller ~]$ openstack endpoint create --region RegionOne network admin http:\/\/controller:9696\n+--------------+----------------------------------+\n| Field        | Value                            |\n+--------------+----------------------------------+\n| enabled      | True                             |\n| id           | ed9b1e2ebf8b4c7daa9b944b710b8ade |\n| interface    | admin                            |\n| region       | RegionOne                        |\n| region_id    | RegionOne                        |\n| service_id   | 870999a2fb914fe4b9fd8a24a330215f |\n| service_name | neutron                          |\n| service_type | network                          |\n| url          | http:\/\/controller:9696           |\n+--------------+----------------------------------+\n<\/pre><\/div>\n\n\n<p>Neutron is one of the services which needs configuration on the controller and the compute nodes. For the controller, this is what we need (more on what that all means in a later post when we&#8217;ll go into the details):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/neutron.conf\n&#x5B;DEFAULT]\nauth_strategy = keystone\ncore_plugin = ml2\nservice_plugins =\nnotify_nova_on_port_status_changes = true\nnotify_nova_on_port_data_changes = true\ndhcp_agents_per_network = 2\ntransport_url = rabbit:\/\/openstack:admin@controller:5672\/\n&#x5B;agent]\nroot_helper = sudo neutron-rootwrap \/etc\/neutron\/rootwrap.conf\nuse_helper_for_ns_read = true\nroot_helper_daemon = sudo neutron-rootwrap-daemon \/etc\/neutron\/rootwrap.conf\n&#x5B;cache]\n&#x5B;cors]\n&#x5B;database]\nbackend = postgresql\nconnection=postgresql+psycopg2:\/\/neutron:admin@localhost\/neutron\n&#x5B;designate]\n&#x5B;experimental]\n&#x5B;healthcheck]\n&#x5B;ironic]\n&#x5B;keystone_authtoken]\nww_authenticate_uri = http:\/\/controller:5000\/\nauth_url = http:\/\/controller:5000\/\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = neutron\npassword = admin\n&#x5B;nova]\nwww_authenticate_uri = http:\/\/controller:5000\/\nauth_url = http:\/\/controller:5000\/\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nregion_name = RegionOne\nproject_name = service\nusername = nova\npassword = admin\n&#x5B;oslo_concurrency]\nlock_path = \/var\/lib\/neutron\/tmp\n&#x5B;oslo_messaging_amqp]\n&#x5B;oslo_messaging_kafka]\n&#x5B;oslo_messaging_notifications]\n&#x5B;oslo_messaging_rabbit]\n&#x5B;oslo_middleware]\n&#x5B;oslo_policy]\n&#x5B;oslo_reports]\n&#x5B;oslo_versionedobjects]\n&#x5B;placement]\n&#x5B;privsep]\n&#x5B;profiler]\n&#x5B;profiler_jaeger]\n&#x5B;profiler_otlp]\n&#x5B;quotas]\n<\/pre><\/div>\n\n\n<p>Configure the <a href=\"https:\/\/docs.openstack.org\/neutron\/pike\/admin\/config-ml2.html\" target=\"_blank\" rel=\"noreferrer noopener\">Modular Layer 2 (ML2)<\/a> plugin on the controller node:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini\n&#x5B;DEFAULT]\n&#x5B;ml2]\ntype_drivers = flat,vlan\ntenant_network_types = \nmechanism_drivers = openvswitch\nextension_drivers = port_security\n&#x5B;ml2_type_flat]\nflat_networks = provider\n&#x5B;ml2_type_geneve]\n&#x5B;ml2_type_gre]\n&#x5B;ml2_type_vlan]\nnetwork_vlan_ranges = provider\n&#x5B;ml2_type_vxlan]\n&#x5B;ovn]\n&#x5B;ovn_nb_global]\n&#x5B;ovs]\n&#x5B;ovs_driver]\n&#x5B;securitygroup]\n&#x5B;sriov_driver]\n\n<\/pre><\/div>\n\n\n<p>Populate the database (as we know this already from the previous services which need the database as a backend):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ \/bin\/sh -c &quot;neutron-db-manage --config-file \/etc\/neutron\/neutron.conf \\\n  --config-file \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini upgrade head&quot; neutron\nINFO  &#x5B;alembic.runtime.migration] Context impl PostgresqlImpl.\nINFO  &#x5B;alembic.runtime.migration] Will assume transactional DDL.\n  Running upgrade for neutron ...\nINFO  &#x5B;alembic.runtime.migration] Context impl PostgresqlImpl.\nINFO  &#x5B;alembic.runtime.migration] Will assume transactional DDL.\nINFO  &#x5B;alembic.runtime.migration] Running upgrade  -&gt; kilo\nINFO  &#x5B;alembic.runtime.migration] Running upgrade kilo -&gt; 354db87e3225\nINFO  &#x5B;alembic.runtime.migration] Running upgrade 354db87e3225 -&gt; 599c6a226151\n...\nINFO  &#x5B;alembic.runtime.migration] Running upgrade 97c25b0d2353 -&gt; 2e0d7a8a1586\nINFO  &#x5B;alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -&gt; 5c85685d616d\n  OK\n<\/pre><\/div>\n\n\n<p>Start the server on the controller node (notice the systemd output for the ovs-vswitchd service):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,3,17,18,19]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ systemctl enable neutron-server.service\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-server.service \u2192 \/usr\/lib\/systemd\/system\/neutron-server.service.\n&#x5B;root@controller ~]$ systemctl enable ovs-vswitchd.service\nThe unit files have no installation config (WantedBy=, RequiredBy=, Also=,\nAlias= settings in the &#x5B;Install] section, and DefaultInstance= for template\nunits). This means they are not meant to be enabled or disabled using systemctl.\n \nPossible reasons for having this kind of units are:\n\u2022 A unit may be statically enabled by being symlinked from another unit&#039;s\n  .wants\/ or .requires\/ directory.\n\u2022 A unit&#039;s purpose may be to act as a helper for some other unit which has\n  a requirement dependency on it.\n\u2022 A unit may be started when needed via activation (socket, path, timer,\n  D-Bus, udev, scripted systemctl call, ...).\n\u2022 In case of template units, the unit is meant to be enabled with some\n  instance name specified.\n&#x5B;root@controller ~]$ ln -s \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini \/etc\/neutron\/plugin.ini\n&#x5B;root@controller ~]$ systemctl start neutron-server.service\n&#x5B;root@controller ~]$ systemctl start ovs-vswitchd.service\n<\/pre><\/div>\n\n\n<p>You may already have noticed that <a href=\"https:\/\/www.openvswitch.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Open vSwitch<\/a> is somehow used here. Now is the time to configure this:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/plugins\/ml2\/openvswitch_agent.ini\n&#x5B;DEFAULT]\n&#x5B;agent]\n&#x5B;dhcp]\n&#x5B;metadata]\n&#x5B;network_log]\n&#x5B;ovs]\nbridge_mappings = provider:br-provider\novsdb_connection = tcp:127.0.0.1:6641\n&#x5B;securitygroup]\nenable_security_group = true\nfirewall_driver = openvswitch\n<\/pre><\/div>\n\n\n<p>Have a close look at the bridge_mappings parameter, because this defines the bridge we&#8217;re going to create right now, and this is where the second interface (enp7s0) on the nodes comes into the game:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ ovs-vsctl add-br br-provider\n&#x5B;root@controller ~]$ ovs-vsctl add-port br-provider enp7s0\n&#x5B;root@controller ~]$ ip a\n1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n    inet6 ::1\/128 scope host \n       valid_lft forever preferred_lft forever\n2: enp1s0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc fq_codel state UP group default qlen 1000\n    link\/ether 52:54:00:38:00:73 brd ff:ff:ff:ff:ff:ff\n    inet 192.168.122.90\/24 brd 192.168.122.255 scope global noprefixroute enp1s0\n       valid_lft forever preferred_lft forever\n    inet6 fe80::5054:ff:fe38:73\/64 scope link noprefixroute \n       valid_lft forever preferred_lft forever\n3: enp7s0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc fq_codel master ovs-system state UP group default qlen 1000\n    link\/ether 52:54:00:81:1d:26 brd ff:ff:ff:ff:ff:ff\n    inet6 fe80::9f14:4737:4cf7:d88f\/64 scope link noprefixroute \n       valid_lft forever preferred_lft forever\n4: ovs-system: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noop state DOWN group default qlen 1000\n    link\/ether aa:e4:50:d2:36:f9 brd ff:ff:ff:ff:ff:ff\n5: br-provider: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noop state DOWN group default qlen 1000\n    link\/ether fe:84:3e:98:e4:45 brd ff:ff:ff:ff:ff:ff\n<\/pre><\/div>\n\n\n<p>Set the controller and the manager for the &#8220;br-provider&#8221; bridge:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3,15]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ ovs-vsctl set-controller br-provider ptcp:6640\n&#x5B;root@controller ~]$ ovs-vsctl set-manager ptcp:6641\n&#x5B;root@controller ~]$ ovs-vsctl show \na60d818d-3738-4c8e-a9ce-40b84163b14e\n    Manager &quot;tcp:localhost:6641&quot;\n    Bridge br-provider\n        Controller &quot;ptcp:6640&quot;\n        Port enp7s0\n            Interface enp7s0\n        Port br-provider\n            Interface br-provider\n                type: internal\n    ovs_version: &quot;3.3.4-71.el9s&quot;\n<\/pre><\/div>\n\n\n<p>Because we want the compute nodes later on to get IP addresses by default, we need to configure the DHCP agent on the controller node:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/dhcp_agent.ini\n&#x5B;DEFAULT]\ninterface_driver = openvswitch\ndhcp_driver = neutron.agent.linux.dhcp.Dnsmasq\nenable_isolated_metadata = true\n&#x5B;agent]\n&#x5B;metadata_rate_limiting]\n&#x5B;ovs]\n<\/pre><\/div>\n\n\n<p>&#8230; and finally the <a href=\"https:\/\/docs.openstack.org\/nova\/2024.2\/admin\/metadata-service.html\" target=\"_blank\" rel=\"noreferrer noopener\">Metadata Agent<\/a> on the controller node:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/metadata_agent.ini\n&#x5B;DEFAULT]\nnova_metadata_host = controller\nmetadata_proxy_shared_secret = admin\n&#x5B;agent]\n&#x5B;cache]\n<\/pre><\/div>\n\n\n<p>Switching over to the compute node, we must configure Nova (Compute) to use the Networking Service (Neutron). Before we do this, install the required packages on the compute node and configure Open vSwitch in the same way as previously:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,3,4,5,6,7]; title: ; notranslate\" title=\"\">\n&#x5B;root@compute ~]$ dnf install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch python3-psycopg2 -y\n\n&#x5B;root@compute ~]$ systemctl start ovs-vswitchd.service\n&#x5B;root@compute ~]$ ovs-vsctl add-br br-provider\n&#x5B;root@compute ~]$ ovs-vsctl add-port br-provider enp7s0\n&#x5B;root@compute ~]$ ovs-vsctl set-manager ptcp:6641\n&#x5B;root@compute ~]$ ovs-vsctl set-controller br-provider ptcp:6640\n<\/pre><\/div>\n\n\n<p>To configure Nova to use the Neutron, add the &#8220;[neutron]&#8221; section to &#8220;\/etc\/nova\/nova.conf&#8221;:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\n&#x5B;neutron]\nauth_url = http:\/\/controller:5000\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = admin\nservice_metadata_proxy = true\nmetadata_proxy_shared_secret = admin\n<\/pre><\/div>\n\n\n<p>Configure Neutron:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@compute ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/neutron.conf\n&#x5B;DEFAULT]\ncore_plugin = ml2\nauth_strategy = keystone\ntransport_url = rabbit:\/\/openstack:admin@controller\n&#x5B;agent]\nroot_helper = sudo neutron-rootwrap \/etc\/neutron\/rootwrap.conf\nuse_helper_for_ns_read = true\nroot_helper_daemon = sudo neutron-rootwrap-daemon \/etc\/neutron\/rootwrap.conf\n&#x5B;cache]\n&#x5B;cors]\n&#x5B;database]\nbackend = postgresql\nconnection=postgresql+psycopg2:\/\/neutron:admin@controller\/neutron\n&#x5B;designate]\n&#x5B;experimental]\n&#x5B;healthcheck]\n&#x5B;ironic]\n&#x5B;keystone_authtoken]\nwww_authenticate_uri = http:\/\/controller:5000\/\nauth_url = http:\/\/controller:5000\/\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = neutron\npassword = admin\n&#x5B;nova]\nwww_authenticate_uri = http:\/\/controller:5000\/\nauth_url = http:\/\/controller:5000\/\nmemcached_servers = controller:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nregion_name = RegionOne\nproject_name = service\nusername = nova\npassword = admin\n&#x5B;oslo_concurrency]\n&#x5B;oslo_messaging_amqp]\n&#x5B;oslo_messaging_kafka]\n&#x5B;oslo_messaging_notifications]\n&#x5B;oslo_messaging_rabbit]\n&#x5B;oslo_middleware]\n&#x5B;oslo_policy]\n&#x5B;oslo_reports]\n&#x5B;oslo_versionedobjects]\n&#x5B;placement]\n&#x5B;privsep]\n&#x5B;profiler]\n&#x5B;profiler_jaeger]\n&#x5B;profiler_otlp]\n&#x5B;quotas]\n&#x5B;ssl]\n<\/pre><\/div>\n\n\n<p>&#8230; and the Open vSwitch agent:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1]; title: ; notranslate\" title=\"\">\n&#x5B;root@compute ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/plugins\/ml2\/openvswitch_agent.ini\n&#x5B;DEFAULT]\n&#x5B;agent]\n&#x5B;dhcp]\n&#x5B;metadata]\n&#x5B;network_log]\n&#x5B;ovs]\nbridge_mappings = provider:br-provider\novsdb_connection = tcp:127.0.0.1:6641\n&#x5B;securitygroup]\nfirewall_driver = \n<\/pre><\/div>\n\n\n<p>&#8230; and the Metadata Agent:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,8]; title: ; notranslate\" title=\"\">\n&#x5B;root@compute ~]$ egrep -v &quot;^#|^$&quot; \/etc\/neutron\/metadata_agent.ini\n&#x5B;DEFAULT]\nnova_metadata_host = controller\nmetadata_proxy_shared_secret = admin\n&#x5B;agent]\n&#x5B;cache]\n\n&#x5B;root@compute ~]$ ln -s \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini \/etc\/neutron\/plugin.in\n<\/pre><\/div>\n\n\n<p>Start the services on the controller and the compute nodes:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [2,3,4,10,11,12,18,19,20,23,24,25]; title: ; notranslate\" title=\"\">\n# controller\n&#x5B;root@controller ~]$ systemctl enable neutron-server.service \\\n  neutron-openvswitch-agent.service neutron-dhcp-agent.service \\\n  neutron-metadata-agent.service\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-openvswitch-agent.service \u2192 \/usr\/lib\/systemd\/system\/neutron-openvswitch-agent.service.\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-dhcp-agent.service \u2192 \/usr\/lib\/systemd\/system\/neutron-dhcp-agent.service.\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-metadata-agent.service \u2192 \/usr\/lib\/systemd\/system\/neutron-metadata-agent.service.\n\n# compute\n&#x5B;root@compute ~]$ systemctl enable neutron-server.service \\\n  neutron-openvswitch-agent.service \\\n  neutron-metadata-agent.service\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-server.service \u2192 \/usr\/lib\/systemd\/system\/neutron-server.service.\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-openvswitch-agent.service \u2192 \/usr\/lib\/systemd\/system\/neutron-openvswitch-agent.service.\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/neutron-metadata-agent.service \u2192 \/usr\/lib\/systemd\/system\/neutron-metadata-agent.service.\n\n# controller\n&#x5B;root@controller ~]$ systemctl start neutron-server.service \\\n  neutron-openvswitch-agent.service neutron-dhcp-agent.service \\\n  neutron-metadata-agent.service\n\n# compute\n&#x5B;root@compute ~]$ systemctl start neutron-server.service \\\n  neutron-openvswitch-agent.service \\\n  neutron-metadata-agent.service\n\n<\/pre><\/div>\n\n\n<p>Done with that we need to create the network we want to use on the controller node (adapt the network to your own setup):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,2,3,36,37,38,39]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ openstack network create  --share --external \\\n  --provider-physical-network provider \\\n  --provider-network-type flat provider\n+---------------------------+--------------------------------------+\n| Field                     | Value                                |\n+---------------------------+--------------------------------------+\n| admin_state_up            | UP                                   |\n| availability_zone_hints   |                                      |\n| availability_zones        |                                      |\n| created_at                | 2025-01-22T13:25:21Z                 |\n| description               |                                      |\n| dns_domain                | None                                 |\n| id                        | aa8bd4f9-4d89-4c7f-803c-c56aaf8f8f57 |\n| ipv4_address_scope        | None                                 |\n| ipv6_address_scope        | None                                 |\n| is_default                | None                                 |\n| is_vlan_transparent       | None                                 |\n| mtu                       | 1500                                 |\n| name                      | provider                             |\n| port_security_enabled     | True                                 |\n| project_id                | 920bf34a6c88454f90d405124ca1076d     |\n| provider:network_type     | flat                                 |\n| provider:physical_network | provider                             |\n| provider:segmentation_id  | None                                 |\n| qos_policy_id             | None                                 |\n| revision_number           | 1                                    |\n| router:external           | External                             |\n| segments                  | None                                 |\n| shared                    | True                                 |\n| status                    | ACTIVE                               |\n| subnets                   |                                      |\n| tags                      |                                      |\n| updated_at                | 2025-01-22T13:25:21Z                 |\n+---------------------------+--------------------------------------+\n\n&#x5B;root@controller ~]$  openstack subnet create --network provider \\\n  --allocation-pool start=10.0.0.101,end=10.0.0.250 \\\n  --dns-nameserver 8.8.4.4 --gateway 10.0.0.1 \\\n  --subnet-range 10.0.0.0\/24 provider\n+----------------------+--------------------------------------+\n| Field                | Value                                |\n+----------------------+--------------------------------------+\n| allocation_pools     | 10.0.0.101-10.0.0.250                |\n| cidr                 | 10.0.0.0\/24                          |\n| created_at           | 2025-01-22T13:25:54Z                 |\n| description          |                                      |\n| dns_nameservers      | 8.8.4.4                              |\n| dns_publish_fixed_ip | None                                 |\n| enable_dhcp          | True                                 |\n| gateway_ip           | 10.0.0.1                             |\n| host_routes          |                                      |\n| id                   | 77ba8f00-edeb-4555-8c2a-be48b24f0320 |\n| ip_version           | 4                                    |\n| ipv6_address_mode    | None                                 |\n| ipv6_ra_mode         | None                                 |\n| name                 | provider                             |\n| network_id           | aa8bd4f9-4d89-4c7f-803c-c56aaf8f8f57 |\n| project_id           | 920bf34a6c88454f90d405124ca1076d     |\n| revision_number      | 0                                    |\n| router:external      | True                                 |\n| segment_id           | None                                 |\n| service_types        |                                      |\n| subnetpool_id        | None                                 |\n| tags                 |                                      |\n| updated_at           | 2025-01-22T13:25:54Z                 |\n+----------------------+--------------------------------------+\n<\/pre><\/div>\n\n\n<p>Finally, verify that everything is working as expected:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [1,90]; title: ; notranslate\" title=\"\">\n&#x5B;root@controller ~]$ openstack extension list --network\n+-----------------------------------------------------------+---------------------------------------------+-----------------------------------------------------------+\n| Name                                                      | Alias                                       | Description                                               |\n+-----------------------------------------------------------+---------------------------------------------+-----------------------------------------------------------+\n| Address group                                             | address-group                               | Support address group                                     |\n| Address scope                                             | address-scope                               | Address scopes extension.                                 |\n| agent                                                     | agent                                       | The agent management extension.                           |\n| Agent&#039;s Resource View Synced to Placement                 | agent-resources-synced                      | Stores success\/failure of last sync to Placement          |\n| Allowed Address Pairs                                     | allowed-address-pairs                       | Provides allowed address pairs                            |\n| Availability Zone                                         | availability_zone                           | The availability zone extension.                          |\n| Availability Zone Filter Extension                        | availability_zone_filter                    | Add filter parameters to AvailabilityZone resource        |\n| Default Subnetpools                                       | default-subnetpools                         | Provides ability to mark and use a subnetpool as the      |\n|                                                           |                                             | default.                                                  |\n| DHCP Agent Scheduler                                      | dhcp_agent_scheduler                        | Schedule networks among dhcp agents                       |\n| Empty String Filtering Extension                          | empty-string-filtering                      | Allow filtering by attributes with empty string value     |\n| Neutron external network                                  | external-net                                | Adds external network attribute to network resource.      |\n| Neutron Extra DHCP options                                | extra_dhcp_opt                              | Extra options configuration for DHCP. For example PXE     |\n|                                                           |                                             | boot options to DHCP clients can be specified (e.g. tftp- |\n|                                                           |                                             | server, server-ip-address, bootfile-name)                 |\n| Filter parameters validation                              | filter-validation                           | Provides validation on filter parameters.                 |\n| Neutron Service Flavors                                   | flavors                                     | Flavor specification for Neutron advanced services.       |\n| IP address substring filtering                            | ip-substring-filtering                      | Provides IP address substring filtering when listing      |\n|                                                           |                                             | ports                                                     |\n| Multi Provider Network                                    | multi-provider                              | Expose mapping of virtual networks to multiple physical   |\n|                                                           |                                             | networks                                                  |\n| Network MTU                                               | net-mtu                                     | Provides MTU attribute for a network resource.            |\n| Network MTU (writable)                                    | net-mtu-writable                            | Provides a writable MTU attribute for a network resource. |\n| Network Availability Zone                                 | network_availability_zone                   | Availability zone support for network.                    |\n| Network IP Availability                                   | network-ip-availability                     | Provides IP availability data for each network and        |\n|                                                           |                                             | subnet.                                                   |\n| Pagination support                                        | pagination                                  | Extension that indicates that pagination is enabled.      |\n| Port device profile                                       | port-device-profile                         | Expose the port device profile (Cyborg)                   |\n| Neutron Port MAC address override                         | port-mac-override                           | Allow overriding the MAC address of a direct-physical     |\n|                                                           |                                             | Port via the active binding profile                       |\n| Neutron Port MAC address regenerate                       | port-mac-address-regenerate                 | Network port MAC address regenerate                       |\n| Port NUMA affinity policy                                 | port-numa-affinity-policy                   | Expose the port NUMA affinity policy                      |\n| Port NUMA affinity policy &quot;socket&quot;                        | port-numa-affinity-policy-socket            | Adds &quot;socket&quot; to the supported port NUMA affinity         |\n|                                                           |                                             | policies                                                  |\n| Port Binding                                              | binding                                     | Expose port bindings of a virtual port to external        |\n|                                                           |                                             | application                                               |\n| Port Bindings Extended                                    | binding-extended                            | Expose port bindings of a virtual port to external        |\n|                                                           |                                             | application                                               |\n| Port Security                                             | port-security                               | Provides port security                                    |\n| project_id field enabled                                  | project-id                                  | Extension that indicates that project_id field is         |\n|                                                           |                                             | enabled.                                                  |\n| Provider Network                                          | provider                                    | Expose mapping of virtual networks to physical networks   |\n| Quota engine limit check                                  | quota-check-limit                           | Support for checking the resource usage before applying a |\n|                                                           |                                             | new quota limit                                           |\n| Quota management support                                  | quotas                                      | Expose functions for quotas management per project        |\n| Quota details management support                          | quota_details                               | Expose functions for quotas usage statistics per project  |\n| RBAC Policies                                             | rbac-policies                               | Allows creation and modification of policies that control |\n|                                                           |                                             | tenant access to resources.                               |\n| Add address_group type to RBAC                            | rbac-address-group                          | Add address_group type to network RBAC                    |\n| Add address_scope type to RBAC                            | rbac-address-scope                          | Add address_scope type to RBAC                            |\n| Add security_group type to network RBAC                   | rbac-security-groups                        | Add security_group type to network RBAC                   |\n| Add subnetpool type to RBAC                               | rbac-subnetpool                             | Add subnetpool type to RBAC                               |\n| If-Match constraints based on revision_number             | revision-if-match                           | Extension indicating that If-Match based on               |\n|                                                           |                                             | revision_number is supported.                             |\n| Resource revision numbers                                 | standard-attr-revisions                     | This extension will display the revision number of        |\n|                                                           |                                             | neutron resources.                                        |\n| Default rules for security groups                         | security-groups-default-rules               | Configure set of security group rules used as default     |\n|                                                           |                                             | rules for every new security group                        |\n| Normalized CIDR field for security group rules            | security-groups-normalized-cidr             | Add new field with normalized remote_ip_prefix cidr in SG |\n|                                                           |                                             | rule                                                      |\n| Port filtering on security groups                         | port-security-groups-filtering              | Provides security groups filtering when listing ports     |\n| Remote address group id field for security group rules    | security-groups-remote-address-group        | Add new field of remote address group id in SG rules      |\n| Security group rule belongs to the project&#039;s default      | security-groups-rules-belongs-to-default-sg | Flag to determine if the security group rule belongs to   |\n| security group                                            |                                             | the project&#039;s default security group                      |\n| Security group filtering on the shared field              | security-groups-shared-filtering            | Support filtering security groups on the shared field     |\n| security-group                                            | security-group                              | The security groups extension.                            |\n| Neutron Service Type Management                           | service-type                                | API for retrieving service providers for Neutron advanced |\n|                                                           |                                             | services                                                  |\n| Sorting support                                           | sorting                                     | Extension that indicates that sorting is enabled.         |\n| standard-attr-description                                 | standard-attr-description                   | Extension to add descriptions to standard attributes      |\n| Stateful security group                                   | stateful-security-group                     | Indicates if the security group is stateful or not        |\n| Subnet belongs to an external network                     | subnet-external-network                     | Informs if the subnet belongs to an external network      |\n| Subnet Onboard                                            | subnet_onboard                              | Provides support for onboarding subnets into subnet pools |\n| Subnet service types                                      | subnet-service-types                        | Provides ability to set the subnet service_types field    |\n| Subnet Allocation                                         | subnet_allocation                           | Enables allocation of subnets from a subnet pool          |\n| Subnet Pool Prefix Operations                             | subnetpool-prefix-ops                       | Provides support for adjusting the prefix list of subnet  |\n|                                                           |                                             | pools                                                     |\n| Tag creation extension                                    | tag-creation                                | Allow to create multiple tags for a resource              |\n| Tag support for resources with standard attribute: port,  | standard-attr-tag                           | Enables to set tag on resources with standard attribute.  |\n| subnet, subnetpool, network, security_group, router,      |                                             |                                                           |\n| floatingip, policy, trunk, network_segment_range          |                                             |                                                           |\n| Resource timestamps                                       | standard-attr-timestamp                     | Adds created_at and updated_at fields to all Neutron      |\n|                                                           |                                             | resources that have Neutron standard attributes.          |\n+-----------------------------------------------------------+---------------------------------------------+-----------------------------------------------------------+\n\n&#x5B;root@controller ~]$ openstack network agent list\n+--------------------------------------+--------------------+--------------------------------+-------------------+-------+-------+---------------------------+\n| ID                                   | Agent Type         | Host                           | Availability Zone | Alive | State | Binary                    |\n+--------------------------------------+--------------------+--------------------------------+-------------------+-------+-------+---------------------------+\n| 0fff6416-31eb-4fbd-b8a6-dfd8f52acb6d | DHCP agent         | controller.it.dbi-services.com | nova              | :-)   | UP    | neutron-dhcp-agent        |\n| 2fd7ed1b-d53a-47a5-ad60-9ff95bda4f51 | Metadata agent     | controller.it.dbi-services.com | None              | :-)   | UP    | neutron-metadata-agent    |\n| 7b1b2385-612e-47e8-8f31-dfb78afa0b0b | Metadata agent     | compute.it.dbi-services.com    | None              | :-)   | UP    | neutron-metadata-agent    |\n| 7855461f-a5c0-4b90-b52c-d9695b92107d | Open vSwitch agent | controller.it.dbi-services.com | None              | :-)   | UP    | neutron-openvswitch-agent |\n| dac53d0d-e24c-4e98-938a-7f480b457486 | Open vSwitch agent | compute.it.dbi-services.com    | None              | :-)   | UP    | neutron-openvswitch-agent |\n+--------------------------------------+--------------------+--------------------------------+-------------------+-------+-------+---------------------------+\n<\/pre><\/div>\n\n\n<p>Done. This leaves us with the following components for today:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"448\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack12-1024x448.png\" alt=\"\" class=\"wp-image-36833\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack12-1024x448.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack12-300x131.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack12-768x336.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack12.png 1358w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In the next post, we&#8217;ll setup the final service for our playground, Horizon (The OpenStack dashboard).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;ve finished the last post with a working Compute (Nova) service on the controller and compute node. While only the compute(s) actually run compute resources, Nova is also running on the controller for the management tasks, while libvirt is only running on the compute node. Once more, looking back at what we need at a [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[955,1320,83],"tags":[135,73,957,2602],"type_dbi":[],"class_list":["post-36806","post","type-post","status-publish","format-standard","hentry","category-cloud","category-devops","category-postgresql","tag-cloud","tag-linux","tag-openstack","tag-postgresql-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service\" \/>\n<meta property=\"og:description\" content=\"We&#8217;ve finished the last post with a working Compute (Nova) service on the controller and compute node. While only the compute(s) actually run compute resources, Nova is also running on the controller for the management tasks, while libvirt is only running on the compute node. Once more, looking back at what we need at a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-24T08:01:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1362\" \/>\n\t<meta property=\"og:image:height\" content=\"543\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service\",\"datePublished\":\"2025-01-24T08:01:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/\"},\"wordCount\":580,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack11-1-1024x408.png\",\"keywords\":[\"Cloud\",\"Linux\",\"openstack\",\"postgresql\"],\"articleSection\":[\"Cloud\",\"DevOps\",\"PostgreSQL\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/\",\"name\":\"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack11-1-1024x408.png\",\"datePublished\":\"2025-01-24T08:01:53+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack11-1.png\",\"contentUrl\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/01\\\/ostack11-1.png\",\"width\":1362,\"height\":543},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/creating-your-private-cloud-using-openstack-6-the-networking-service\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\\\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/westermanndanie\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/daniel-westermann\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/","og_locale":"en_US","og_type":"article","og_title":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service","og_description":"We&#8217;ve finished the last post with a working Compute (Nova) service on the controller and compute node. While only the compute(s) actually run compute resources, Nova is also running on the controller for the management tasks, while libvirt is only running on the compute node. Once more, looking back at what we need at a [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/","og_site_name":"dbi Blog","article_published_time":"2025-01-24T08:01:53+00:00","og_image":[{"width":1362,"height":543,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1.png","type":"image\/png"}],"author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service","datePublished":"2025-01-24T08:01:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/"},"wordCount":580,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-1024x408.png","keywords":["Cloud","Linux","openstack","postgresql"],"articleSection":["Cloud","DevOps","PostgreSQL"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/","url":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/","name":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1-1024x408.png","datePublished":"2025-01-24T08:01:53+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2025\/01\/ostack11-1.png","width":1362,"height":543},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/creating-your-private-cloud-using-openstack-6-the-networking-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Creating your private cloud using OpenStack \u2013 (6) \u2013 The Networking service"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &amp;\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=36806"}],"version-history":[{"count":27,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36806\/revisions"}],"predecessor-version":[{"id":36836,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36806\/revisions\/36836"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=36806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=36806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=36806"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=36806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}