Check your primary interface on the server:
$ ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether f2:37:74:a4:77:ae brd ff:ff:ff:ff:ff:ff
inet 192.168.200.5/24 brd 192.168.200.255 scope global ens18
valid_lft forever preferred_lft forever
inet6 fe80::f037:74ff:fea4:77ae/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 26:65:55:60:5b:aa brd ff:ff:ff:ff:ff:ff
4: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 96:12:ae:de:e9:40 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9412:aeff:fede:e940/64 scope link
valid_lft forever preferred_lft forever
5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b2:bd:04:aa:2a:ae brd ff:ff:ff:ff:ff:ff
Migrate your primary interface network configurations to a bridge. These are the updated network configurations on my server.
$ sudo vi /etc/sysconfig/network-scripts/ifcfg-ens18
DEVICE=ens18
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
$ sudo vi /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
BOOTPROTO=none
ONBOOT=yes
TYPE=OVSBridge
DEVICETYPE=ovs
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
IPADDR=192.168.200.5
NETMASK=255.255.255.0
GATEWAY=192.168.200.1
DNS1=192.168.200.1
Once the configurations for the network are updated, create OVS bridge and add the interface.
sudo ovs-vsctl add-port br-ex ens18
Reboot after making the changes to confirm the settings are corrent:
sudo reboot
Since NetworkManager service was disabled it cannot be used to manage network configurations. To restart network service using network.service.
sudo systemctl restart network.service
Confirm IP address information.
$ ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master ovs-system state UP group default qlen 1000
link/ether f2:37:74:a4:77:ae brd ff:ff:ff:ff:ff:ff
inet6 fe80::f037:74ff:fea4:77ae/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 02:ab:a7:4f:0a:9d brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b2:bd:04:aa:2a:ae brd ff:ff:ff:ff:ff:ff
5: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 02:86:4d:4d:c0:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.5/24 brd 192.168.200.255 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::86:4dff:fe4d:c040/64 scope link
valid_lft forever preferred_lft forever
Create private network on OpenStack.
$ openstack network create private
+—————————+————————————–+
| Field | Value
+—————————+————————————–+
| admin_state_up | UP
| availability_zone_hints |
| availability_zones |
| created_at | 2022-09-06T12:03:11Z
| description |
| dns_domain | None
| id | 6b311b90-3ee3-4ad8-a746-853d3952fabe
| ipv4_address_scope | None
| ipv6_address_scope | None
| is_default | False
| is_vlan_transparent | None
| mtu | 1442
| name | private
| port_security_enabled | True
| project_id | 8b20c86cf35943af8a17cb1805ea52d1
| provider:network_type | geneve
| provider:physical_network | None
| provider:segmentation_id | 11
| qos_policy_id | None
| revision_number | 1
| router:external | Internal
| segments | None
| shared | False
| status | ACTIVE
| subnets |
| tags |
| updated_at | 2022-09-06T12:03:11Z
+—————————+————————————–+
Create a subnet for the private network:
$ openstack subnet create –network private –allocation-pool \
start=172.20.20.50,end=172.20.20.200 \
–dns-nameserver 8.8.8.8 –dns-nameserver 8.8.4.4 \
–subnet-range 172.20.20.0/24 private_subnet
+———————-+————————————–+
| Field | Value
+———————-+————————————–+
| allocation_pools | 172.20.20.50-172.20.20.200
| cidr | 172.20.20.0/24
| created_at | 2022-09-06T12:04:27Z
| description |
| dns_nameservers | 8.8.4.4, 8.8.8.8
| dns_publish_fixed_ip | None
| enable_dhcp | True
| gateway_ip | 172.20.20.1
| host_routes |
| id | b5983809-f905-4419-b995-91ec3e22b401
| ip_version | 4
| ipv6_address_mode | None
| ipv6_ra_mode | None
| name | private_subnet
| network_id | 6b311b90-3ee3-4ad8-a746-853d3952fabe
| project_id | 8b20c86cf35943af8a17cb1805ea52d1
| revision_number | 0
| segment_id | None
| service_types |
| subnetpool_id | None
| tags |
| updated_at | 2022-09-06T12:04:27Z
+———————-+————————————–+
Create public network:
$ openstack network create –provider-network-type flat \
–provider-physical-network extnet \
–external public
+—————————+————————————–+
| Field | Value
+—————————+————————————–+
| admin_state_up | UP
| availability_zone_hints |
| availability_zones |
| created_at | 2022-09-06T12:05:27Z
| description |
| dns_domain | None
| id | 81ef07c8-9925-46e4-a1b8-25d860ef32bc
| ipv4_address_scope | None
| ipv6_address_scope | None
| is_default | False
| is_vlan_transparent | None
| mtu | 1500
| name | public
| port_security_enabled | True
| project_id | 8b20c86cf35943af8a17cb1805ea52d1
| provider:network_type | flat
| provider:physical_network | extnet
| provider:segmentation_id | None
| qos_policy_id | None
| revision_number | 1
| router:external | External
| segments | None
| shared | False
| status | ACTIVE
| subnets |
| tags |
| updated_at | 2022-09-06T12:05:27Z
+—————————+————————————–+
Define subnet for the public network. It could be an actual public IP network.
$ openstack subnet create –network public –allocation-pool \
start=192.168.200.10,end=192.168.200.200 –no-dhcp \
–subnet-range 192.168.200.0/24 public_subnet
+———————-+————————————–+
| Field | Value
+———————-+————————————–+
| allocation_pools | 192.168.200.10-192.168.200.200
| cidr | 192.168.200.0/24
| created_at | 2022-09-06T12:07:51Z
| description |
| dns_nameservers |
| dns_publish_fixed_ip | None
| enable_dhcp | False
| gateway_ip | 192.168.200.1
| host_routes |
| id | 7ee4595b-50cf-4074-9fa8-339376c4a71a
| ip_version | 4
| ipv6_address_mode | None
| ipv6_ra_mode | None
| name | public_subnet
| network_id | 81ef07c8-9925-46e4-a1b8-25d860ef32bc
| project_id | 8b20c86cf35943af8a17cb1805ea52d1
| revision_number | 0
| segment_id | None
| service_types |
| subnetpool_id | None
| tags |
| updated_at | 2022-09-06T12:07:51Z
+———————-+————————————–+
Create a router that will connect public and private subnets.
$ openstack router create private_router
+————————-+————————————–+
| Field | Value
+————————-+————————————–+
| admin_state_up | UP
| availability_zone_hints |
| availability_zones |
| created_at | 2022-09-06T12:08:21Z
| description |
| external_gateway_info | null
| flavor_id | None
| id | dfc365da-ab4e-484a-91bb-c2727627d448
| name | private_router
| project_id | 8b20c86cf35943af8a17cb1805ea52d1
| revision_number | 0
| routes |
| status | ACTIVE
| tags |
| updated_at | 2022-09-06T12:08:21Z
+————————-+————————————–+
Set external gateway as public network on the router.
openstack router set –external-gateway public private_router
Link private network to the router.
openstack router add subnet private_router private_subnet
Check to ensure network connectivity is working.
$ openstack router list
+————————————–+—————-+——–+——-+———————————-+
| ID | Name | Status | State
+————————————–+—————-+——–+——-+———————————-+
|dfc365da-ab4e-484a-91bb-c2727627d448 | private_router | ACTIVE | UP | 8b20c86cf35943af8a17cb1805ea52d1
+————————————–+—————-+——–+——-+———————————-+
$ openstack router show private_router | grep external_gateway_info
| external_gateway_info | {“network_id”: “81ef07c8-9925-46e4-a1b8-25d860ef32bc”, “external_fixed_ips”: [{“subnet_id”: “7ee4595b-50cf-4074-9fa8-339376c4a71a”, “ip_address”: “192.168.200.169”}], “enable_snat”: true} |
$ ping -c 2 192.168.200.169
PING 192.168.200.169 (192.168.200.169) 56(84) bytes of data.
64 bytes from 192.168.200.169: icmp_seq=1 ttl=254 time=0.260 ms
64 bytes from 192.168.200.169: icmp_seq=2 ttl=254 time=0.302 ms
— 192.168.200.169 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 0.260/0.281/0.302/0.021 ms
