OpenStack: Creating a GRE Network

From DocWiki

Jump to: navigation, search

This page describes how to create a tenant (or Generic Routing Encapsulation--GRE) router using Neutron via the CLI. Note: You can accomplish the same task using the OpenStack dashboard. Only the CLI procedure is described here.

Figure 1 and Figure 2 show examples of tenant networks installed on an All-in-One server without and with an additional compute node, respectively.



Before creating the per-tenant router and private networks, you must:

  • Install a controller node on which to install the router, for example the Cisco OpenStack All-in-One scenario as described in All-in-One Model 1.
  • Source the installed openrc file located in the /root/ directory:
    source openrc
    to set several OpenStack environment variables.


Create the Networks

  1. Create a public network to be used for instances (also called tenants, virtual machines, or VMs) to gain external (public) connectivity:
    neutron net-create Public_Network --router:external=True
  2. Create a subnet that is associated with the previously created public network. Note: The range of IP addresses in your subnet must not conflict with other network nodes on the subnet. For example, if you have a gateway upstream using addresses in the public subnet ranges (,, and so on) then your allocation range must start in a non-overlapping range.
    neutron subnet-create --name Public_Subnet --allocation-pool start=,end= Public_Network

    Note: The allocation pool command-line argument must not contain any spaces.
  3. Create a private network and subnet to attach instances to. For example:
    neutron net-create Private_Net10 && neutron subnet-create --name Private_Net10_Subnet Private_Net10 --dns_nameservers nameserver1 nameserver2

Create the Neutron Router

  1. Create a Neutron router:
    neutron router-create os-router-1
  2. Associate the Neutron router interface with the previously created private subnet:
    neutron router-interface-add os-router-1 Private_Net10_Subnet
  3. Set the default gateway (previously created public network) for the Neutron router:
    neutron router-gateway-set os-router-1 Public_Network
  4. Modify the default Neutron security group to allow for ICMP and SSH (for access to the instances):
    neutron security-group-rule-create --protocol icmp --direction ingress default && neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress default

Rating: 4.0/5 (4 votes cast)

Personal tools