Available scenarios
Infomaniak provides you multiple ways to setup your cloud network stack. You'll find here some scenarios allowing you to use Openstack networking. Please keep in mind that it's not an exhaustive list and that you can mix all options for your specific needs. And although it's flexible, some cases could be limited so don't hesitate to contact us if you feel stuck with your setup !
Available scenarios
Following scenarios will be detailed in this section:
- direct-attach to a public IP on a shared network: if you just quickly need a single VM reachable from anywhere, this is for you.
options: dual-stack IPv4+IPv6 or IPv6-only addresses. - reserve a public subnet for your instances: use that one if you need a contiguous IP range for few (or many) instances.
options: IPv4 and IPv6 subnet pools available. - create private networks, and use FIP (floating IPs) as you need: common option for cloud setup, your instance can communicate on a private network and you can reach the one you need through public NAT on your private router.
options: public SNAT available on private routers. - use LBaaS (Octavia): we propose LB service, to enjoy public high-availability load-balancing in front of your (generaly) private network.
options: healthchecks, scalability, ... - BYOIP - bring your own IP range inside our cloud: it's possible to use your own public ip addresses inside our infrastructure, please contact us for that setup !
First overview
When you firstly connect to your project, you'll see "default" networks already available for you :
$ openstack network list --long -c Name -c Status -c State -c Shared -c Subnets -c 'Router Type' --sort-column Shared
+---------------+--------+-------+--------+----------------------------------------------------------------------------+-------------+
| Name | Status | State | Shared | Subnets | Router Type |
+---------------+--------+-------+--------+----------------------------------------------------------------------------+-------------+
| ext-floating1 | ACTIVE | UP | False | b724c3e2-3f08-4d09-ba65-7c41bf0f7872 | External |
| ext-v6only1 | ACTIVE | UP | True | 7b73fba4-bf83-4fcf-90ef-26343c7c0195 | Internal |
| ext-net1 | ACTIVE | UP | True | 386b1011-ad05-47d1-9a4c-4f11a954015d, c8df3b20-91f9-4745-91bc-851030aca420 | Internal |
+---------------+--------+-------+--------+----------------------------------------------------------------------------+-------------+
As you can see there is already some populated networks when you connect to your project. Those are set to be used with different scenarios we propose. You can notice also existing address scopes, subnet pools and subnets associated to these networks. You cannot break this defaut configuration so we won't explain how it was created but only how to use it for your different projects.
Scenario 1: direct-attach to a public IP on a shared network
This scenario is the easier way to begin with your cloud project. If you followed the "Quick Guide" you already used it.
We created on our Public Cloud 2 specific networks that you can use safely without any knowlege or configuration. These networks are displayed in all projects, as ext-net1 and ext-v6only1.
To use them you just need to create a VM using it, like:
$ openstack server create --image debian-10.8-openstack-amd64.raw --flavor cpu2-ram6-disk20 --key-name mykeypair --network ext-net1 --use-config-drive infomaniak-vm-1
$ openstack server create --image debian-10.8-openstack-amd64.raw --flavor cpu2-ram6-disk20 --key-name mykeypair --network ext-v6only1 --use-config-drive infomaniak-vm-1
The ext-net1 network is dual-stack, meaning that your VM will get an IPv4 and an IPv6 ip address. Those adresses are provided to the VM with DHCP protocol, so please ensure that your OS image support it. If not, you can maybe use config drive option or add specific user-data for cloud-init.
The ext-v6only1 just provide a single IPv6 to your VM, always by DHCP. This network has the adventage to be free of charge. As IPv4 protocol is old, limited, and nowadays expensive, we need to charge it to you. But not IPv6 which is the replacement for IPv4.
Warning
When booting an image on an IPv6-only network, cloud-init tool will fail trying to reach IPv4 metadata service. Metadata service is not available on IPv6 networks, but most images support instead Config Drive option so you can enable it when starting your instance (--use-config-drive
).
Scenario 2: reserve a public subnet for your instances
Info
Subnet pool feature is available upon request. Simply contact our support to get access to subnet pools.
In this scenario, you will reserve a public subnet provided by Infomaniak. The advantage of reserving a subnet is the ability to get a contiguous IP range for your instances, to facilitate your firewall configuration for example and remote rules.
To see available subnets, just look at subnet pools:
$ openstack subnet pool list
+--------------------------------------+---------------------+-------------------+
| ID | Name | Prefixes |
+--------------------------------------+---------------------+-------------------+
| a7c19bf9-37a9-4355-b47d-e5d9f24c3d1b | poolv6-selfservice1 | 2001:1600:11::/48 |
| ef6303c9-8614-4f3e-9c8a-346900b6c85b | poolv4-selfservice1 | 195.15.248.0/22 |
+--------------------------------------+---------------------+-------------------+
You can reserve either IPv4 and IPv6 subnets.
Reserve and use an IPv4 subnet
For IPv4 subnets, you'll be able to reserve an IP range, with subnet mask between /28 (14 IPs) and /29 (6 IPs). Please note that you'll need to associate one IP to your virtual router (gateway) and one for DHCP (recommanded) so it will let you 12 or 4 assignable IPs for your instances. If you need larger IP ranges, please contact our support.
To reserve a subnet, you need to create a subnet with the special option --subnet-pool
. That mean you need also to create a network. Let's do this together:
# Create network "mynetwork"
$ openstack network create mynetwork
# Create subnet "mysubnet" inside network "mynetwork"
$ openstack subnet create mysubnet --network mynetwork --subnet-pool poolv4-selfservice1 --prefix-length 28 --dns-nameserver 83.166.143.51 --dns-nameserver 83.166.143.52 --dhcp
You can now see your network and your reserved subnet:
$ openstack subnet show mysubnet -c Name -c cidr -c allocation_pools -c gateway_ip -c enable_dhcp -c dns_nameservers
+------------------+----------------------------+
| Field | Value |
+------------------+----------------------------+
| allocation_pools | 195.15.248.2-195.15.248.14 |
| cidr | 195.15.248.0/28 |
| dns_nameservers | 83.166.143.51 83.166.143.52|
| enable_dhcp | True |
| gateway_ip | 195.15.248.1 |
+------------------+----------------------------+
Warning
Your new network is not routed by Openstack till you don't configure a virtual router. If you just create a VM now with your public subnet, you won't be able to reach it from outside. You must first create a virtual router in Openstack, like this:
# Create a router "myrouter"
$ openstack router create myrouter
# Link your router to you subnet
$ openstack router add subnet myrouter mysubnet
# Add the external gateway
$ openstack router set --external-gateway ext-provider1 myrouter
The --external-gateway
is corresponding to a specific network tagged as "external". These networks are defined by Infomaniak and used for the external routing. It's also called in Openstack "provider" networks. To see these external networks, you can do:
taylor@laptop (pub1|taylor):~$ openstack network list --external
+--------------------------------------+---------------+----------------------------------------------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------------+----------------------------------------------------------------------------+
| 0f9c3806-bd21-490f-918d-4a6d1c648489 | ext-floating1 | 209ce11b-68c0-465a-9938-1aba36b785fc, b724c3e2-3f08-4d09-ba65-7c41bf0f7872 |
| d4c06bf9-7cad-4a64-9a57-7882a3a3843d | ext-provider1 | 1ea84a3a-2989-4413-9517-b30570e657da, a9a293dc-95f2-4d48-b2e0-b2d298f86bdf |
+--------------------------------------+---------------+----------------------------------------------------------------------------+
You can now create a VM with your new public subnet, like this:
$ openstack server create --key-name mykeypair --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --network mynetwork myinstance-1
And your VM will be reachable through a public IP inside your own IP range:
$ openstack server show myinstance-1 -c name -c addresses -c image -c id -c status
+-----------+---------------------------------------+
| Field | Value |
+-----------+---------------------------------------+
| addresses | mynetwork=195.15.248.6 |
| id | 8038dce0-bb19-4e03-9fe1-ad20c260c4aa |
| image | Debian 11 bullseye |
| name | myinstance-1 |
| status | ACTIVE |
+-----------+---------------------------------------+
$ ping 195.15.248.6
PING 195.15.248.6 (195.15.248.6) 56(84) bytes of data.
64 bytes from 195.15.248.6: icmp_seq=1 ttl=58 time=37.2 ms
64 bytes from 195.15.248.6: icmp_seq=2 ttl=58 time=31.9 ms
64 bytes from 195.15.248.6: icmp_seq=3 ttl=58 time=32.3 ms
As said in the beginning, an IP from your range will be used as gateway, and another one for the DHCP agent. You can see usage of your IP range like this:
$ openstack port list --network mynetwork --long -c ID -c 'Fixed IP Addresses' -c Status -c 'Device Owner'
+--------------------------------------+-----------------------------------------------------------------------------+--------+--------------------------+
| ID | Fixed IP Addresses | Status | Device Owner |
+--------------------------------------+-----------------------------------------------------------------------------+--------+--------------------------+
| 2044bdd8-60f2-4338-bb9f-af9de4d57421 | ip_address='195.15.248.1', subnet_id='8ad80ee2-5e7e-4b97-a8ff-db11ffd4c4fe' | ACTIVE | network:router_interface |
| 42a10611-e668-44c6-a8a2-af06a6a87e60 | ip_address='195.15.248.2', subnet_id='8ad80ee2-5e7e-4b97-a8ff-db11ffd4c4fe' | ACTIVE | network:dhcp |
| 564b3ac0-fea2-457b-964c-db815274f4dc | ip_address='195.15.248.6', subnet_id='8ad80ee2-5e7e-4b97-a8ff-db11ffd4c4fe' | ACTIVE | compute:nova |
+--------------------------------------+-----------------------------------------------------------------------------+--------+--------------------------+
IPv4 subnet will be charged upon reservation basis. That means that even if you don't use your IPs, they are reserved for you and you will be charged for it. Router and DHCP IPs are also counted. If you reserve for example a /28 IP range, we will charge you 14 IPs as long as the IP range is assigned to your project. You can release at each time a subnet pool just with deleting the associated subnet:
$ openstack subnet delete mysubnet
Info
Subnet "mysubnet" needs to be free, you'll need to delete all associated ports, VM and routers before deleting the subnet.
Reserve and use an IPv6 subnet
Reserving an IPv6 subnet is quite similar to an IPv4 network. Main differences are:
- IPv6 subnet pools are free of charge
- IPv6 subnet pool size is much higher than IPv4 subnet pools. We allow (only) /64 IPv6 subnets so you'll get almost unlimited addresses (18,446,744,073,709,551,616).
Warning
Like for IPv4 subnet pools, you will have to create a virtual router, otherwise your IPv6 subnet will not be routed on Openstack backbone.
# Create a network "mynetwork-6"
$ openstack network create mynetwork-6
# Create a subnet "mysubnet-6" inside network "mynetwork-6"
$ openstack subnet create mysubnet-6 --ip-version 6 --network mynetwork-6 --use-default-subnet-pool --dns-nameserver 2001:1600:0:aaaa::53:5 --dns-nameserver 2001:1600:0:aaaa::53:6 --ipv6-ra-mode dhcpv6-stateful --ipv6-address-mode dhcpv6-stateful
+----------------------+------------------------------------------------------+
| allocation_pools | 2001:1600:11:7::2-2001:1600:11:7:ffff:ffff:ffff:ffff |
| cidr | 2001:1600:11:7::/64 |
| created_at | 2023-05-01T14:25:41Z |
| description | |
| dns_nameservers | 2001:1600:0:aaaa::53:5, 2001:1600:0:aaaa::53:6 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 2001:1600:11:7::1 |
| host_routes | |
| id | 5e9c7130-750d-4efb-b6c7-827dcaa1904b |
| ip_version | 6 |
| ipv6_address_mode | dhcpv6-stateful |
| ipv6_ra_mode | dhcpv6-stateful |
| name | mysubnet-6 |
| network_id | d04327b2-ee06-4db1-acaf-1b1f1db4fb14 |
| project_id | d1440aa24a65411fb9bac2b842c8defa |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | a7c19bf9-37a9-4355-b47d-e5d9f24c3d1b |
| tags | |
| updated_at | 2023-05-01T14:25:41Z |
+----------------------+------------------------------------------------------+
# Create a virtual router
$ openstack router create myrouter-6
# Add your subnet to your router
$ openstack router add subnet myrouter-6 mysubnet-6
Now it's good for subnet configuration. You can then start a VM on this IPv6-only network:
# Create a VM with IPv6-only
$ openstack server create --key-name mykeypair --flavor a1-ram2-disk20-perf1 --image "Debian 11 bullseye" --network mynetwork-6 myinstance-2
$ openstack server show myinstance-2 -c name -c addresses -c image -c id -c status
+-----------+---------------------------------------+
| Field | Value |
+-----------+---------------------------------------+
| addresses | mynetwork-v6=2001:abc:abcd:cafe::1ed |
| id | 503737e8-cea4-4dbd-ace7-a080e57d825f |
| image | Debian 11 bullseye |
| name | myinstance-2 |
| status | ACTIVE |
+-----------+---------------------------------------+
Info
Your OS image may not support IPv6, or DHCPv6. You can then try to use a config-drive, or a user-data script or IPv6 SLAAC mode to add IPv6 address to your instance at boot.
For example, CirrOS OS image used here doesn't support IPv6.
Create a dual-stack network with subnet pools
You can of course combine IPv4 and IPv6 subnet pools to create a dual-stack network, with reserved IP ranges. Please note that IPv4 is still charged in this mode (and IPv6 free).
To do that, you'll need to create on network as previously but you'll assign 2 subnets to it.
# Create a network "mynetwork-2"
$ openstack network create mynetwork-2
# Create a "mysubnet-4" IPv4 subnet inside network "mynetwork-2"
$ openstack subnet create mysubnet-4 --ip-version 4 --network mynetwork-2 --use-default-subnet-pool --prefix-length 28 --dns-nameserver 83.166.143.51 --dns-nameserver 83.166.143.52 --dhcp
# Create a "mysubnet-6" IPv6 subnet inside network "mynetwork-2"
$ openstack subnet create mysubnet-6 --ip-version 6 --network mynetwork-2 --use-default-subnet-pool --dns-nameserver 2001:1600:0:aaaa::53:5 --dns-nameserver 2001:1600:0:aaaa::53:6 --ipv6-ra-mode dhcpv6-stateful --ipv6-address-mode dhcpv6-stateful
As you can see, your network has now 2 subnets:
$ openstack network show mynetwork-2 -c name -c subnets -c status
+---------+----------------------------------------------------------------------------+
| Field | Value |
+---------+----------------------------------------------------------------------------+
| name | mynetwork-2 |
| status | ACTIVE |
| subnets | 7018547e-9ab5-406f-8309-d123df768e0a, 7ddb5e56-5ce2-4bf3-bfaa-fc07bc11f529 |
+---------+----------------------------------------------------------------------------+
$ openstack subnet list --network mynetwork-2
+--------------------------------------+------------+--------------------------------------+---------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+------------+--------------------------------------+---------------------+
| 7018547e-9ab5-406f-8309-d123df768e0a | mysubnet-4 | 13c895bd-fdd3-4cd1-836c-9ff2c2b71bde | 195.15.248.16/28 |
| 7ddb5e56-5ce2-4bf3-bfaa-fc07bc11f529 | mysubnet-6 | 13c895bd-fdd3-4cd1-836c-9ff2c2b71bde | 2001:1600:11:2::/64 |
+--------------------------------------+------------+--------------------------------------+---------------------+
As previously, we need to create a virtual router to expose your subnets. External (provider) network ext-provider1
is dual-stack, to handle dual-stack networks setup.
# Create a virtual route
$ openstack router create myrouter-2
# Add both subnets to your router
$ openstack router add subnet myrouter-2 mysubnet-4
$ openstack router add subnet myrouter-2 mysubnet-6
# Add the external network (provider network)
$ openstack router set --external-gateway ext-provider1 myrouter-2
We'll now create a VM to verify our setup:
# Create a VM with dual-stack network (IPv4 + IPv6)
$ openstack server create --key-name mykeypair --flavor a1-ram2-disk20-perf1 --image "CirrOS 5.2" --network mynetwork-2 myinstance-3
$ openstack server show myinstance-3 -c name -c addresses -c image -c id -c status
+-----------+---------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------+
| addresses | mynetwork-2=195.15.248.25, 2001:1600:11:2::134 |
| id | a23a9aca-b6bf-40d4-984d-600b85b6cab0 |
| image | CirrOS 5.2 (541b79f2-20da-4ed0-a0c3-5cdace31cf29) |
| name | myinstance-3 |
| status | ACTIVE |
+-----------+---------------------------------------------------+
Note that you can also reserve into your dual-stack network a single IPv4 or IPv6 and assign it to a VM. Having dual-stack IPs is not mandatory. Quick example to do that:
# Create a single network port inside "mynetwork-2" network
# You can specify only --fixed-ip subnet=mysubnet-6 here if you don't want to choose an IP
$ openstack port create --network mynetwork-2 --fixed-ip subnet=mysubnet-6,ip-address=2001:1600:11:2::beef v6-port1
# Create a VM using that network port
$ openstack server create --key-name mykeypair --flavor a1-ram2-disk20-perf1 --image "CirrOS 5.2" --port v6-port1 myinstance-4
This instance will have a single IP address:
$ openstack server show myinstance-4 -c name -c addresses -c image -c id -c status
+-----------+---------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------+
| addresses | mynetwork-2=2001:1600:11:2::beef |
| id | 1f8f5022-e47d-4f53-8673-7ef6af0aad84 |
| image | CirrOS 5.2 (541b79f2-20da-4ed0-a0c3-5cdace31cf29) |
| name | myinstance-4 |
| status | ACTIVE |
+-----------+---------------------------------------------------+