Add an OpenStack External Network

This chapter contains the following sections:

Adding an OpenStack External Network

This section describes how to add an OpenStack External Network.


Note

A preexistng L3Out and corresponding endpoint group (EPG) is required for external connectivity.

There is a change in the command for configuring external-network (new extensions have been added) in the OpenStack to correspond to the above pre-existing L3Out and its EPG. The configuration requires the DN of the EPG for the specific the L3Out in APIC. It can be done in two ways:

Procedure

Step 1

Go to the APIC and get the DN of the external network using the API-Inspector:

Step 2

Use the aimctl manager command on the Openstack-Controller to get the dn as shown below:

Note 

See the example for L3Out: Datacenter-Out.

Example:

aimctl manager external-network-find
+---------------+----------------+------------+
| tenant_name   | l3out_name     | name       |
|---------------+----------------+------------|
| common        | Datacenter-Out | DcExtPol   |
| common        | Management-Out | MgmtExtPol |
| common        | default        | MgmtNet    |
+---------------+----------------+------------+

 aimctl manager external-network-get common Datacenter-Out DcExtPol
+-------------------------+-------------------------------------------------+
|Property                 |Value                                            |
|-------------------------+--------------------------------------------------
| tenant_name             | common                                          |
| l3out_name              | Datacenter-Out                                  |
| name                    | DcExtPol                                        |
| display_name            |                                                 |
| nat_epg_dn              |                                                 |
| provided_contract_names | []                                              |
| consumed_contract_names | []                                              |
| monitored               | True                                            |
| dn                      | uni/tn-common/out-Datacenter-Out/instP-DcExtPol | 
+---------------------------------------------------------------------------+

Now the dn from above can be used to create the external network.

For Distributed NAT:

Example:

neutron net-create Datacenter-Out --router:external True --shared --apic:distinguished_names \
type=dict ExternalNetwork=uni/tn-common/out-Datacenter-Out/instP-DcExtPol

For No NAT:

Example:

neutron net-create Datacenter-Out --router:external True --shared --apic:distinguished_names \
type=dict ExternalNetwork=uni/tn-common/out-Datacenter-Out/instP-DcExtPol --apic:nat_type ""

For Floating IPs, add a subnet to external network with the desired floating IP pool cidr.

For SNAT, add a subnet to the external network as below:

Example:

neutron subnet-create Datacenter-Out 10.104.21.0/24 --name ext-subnet --disable-dhcp --gateway \
10.104.21.1 --apic:snat_host_pool True

For GBP external connectivity, first create the external segment using the SNAT subnet:

Example:

gbp external-segment-create Datacenter-Out --subnet-id <SNAT Subnet>

Now this segment can be used as usual to create the network service policy.

Example:

gbp nat-pool-create nat-pool-0 --ip-pool 10.104.31.0/24 --external-segment Datacenter-Out 
gbp network-service-policy-create --network-service-params type=ip_pool,name=nat-pool-0,value=nat_pool \
net-svc-nat-0