Layer 3 (L3) capabilities in OpenStack
Once L2 connectivity is established, the virtual machines within one network can send or receive traffic between themselves. However, two virtual machines belonging to two different networks will not be able to communicate with each other automatically. This is done to provide privacy and isolation for tenant networks. In order to allow traffic from one Network to reach another network, OpenStack Networking supports an entity called a router.
The default implementation of OpenStack uses namespaces to support L3 routing capabilities. Namespaces are networking constructs in Linux that allow you to create a copy of the TCP/IP network stack all the way from the Ethernet interfaces (L2), routing tables, and so on, such that each instance is isolated from the other. In a cloud environment (especially for multi-tenancy), it is possible that users use the same IP addresses for their virtual machine instances. In order to allow overlapping IP addresses to co-exist within the same infrastructure, Neutron uses network namespaces to provide the isolation between overlapping IP addresses.
Creating a router using OpenStack CLI
Operators can create routers using OpenStack CLI or web interface. They can then add more than one subnet as an interface to the router. This allows the networks associated with the router to exchange traffic with one another.
The command to create a router is as follows:
This command creates a router with the specified name.
Associating a subnetwork to a Router
Once a router is created, the next step is to associate one or more subnetworks to the router. The command to accomplish this is as follows:
The subnet represented by subnet1 is now associated to the router router1. Using the OpenStack dashboard, you can view the association between a router and a subnet. Navigate to Project | Networks | Network Topology. This should display the router, router1, connected to the network, network1, to which the subnet belongs, as shown in the following screenshot:
You can hover the mouse over the router router1 to see that the subnet is indeed added as an interface and is assigned an IP address.