Skip to content

Sharing network between two projects

This procedure will show you how to connect two projects on internal network.

It allows use to synchronise production and preproduction environment on several projects for example.


Have 2 or more projects.

On our first project

[~] > openstack project list -c ID -f value

Firstly, we need to create our network that will be shared

openstack network create <SHARED_NETWORK_NAME>

Then, to simplifying our network division, we are going to create two subnets.

One for instances on our project, one shared with another project.

openstack subnet create --subnet-range <SHARED_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<SHARED_NETWORK_DHCP_START>,end=<SHARED_NETWORK_DHCP_END> <SHARED_SUBNET_NAME>
openstack subnet create --subnet-range <LOCAL_NETWORK_RANGE> --gateway none --network <SHARED_NETWORK_NAME> --allocation-pool start=<LOCAL_NETWORK_DHCP_START>,end=<LOCAL_NETWORK_DHCP_END> <LOCAL_SUBNET_NAME>

We share this network (And associated subnets) with the second project :

NETWORK_ID=$(openstack network list --name <SHARED_NETWORK_NAME> -c ID -f value)
openstack network rbac create --target-project <TARGET_PROJECT_ID> --action access_as_shared --type network ${NETWORK_ID}

Finally, just create a port on the local subnet and instance associated with :

openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<LOCAL_SUBNET_NAME> <LOCAL_PORT_NAME>
openstack server create --flavor a1-ram2-disk20-perf1 --image 'Debian 11.5 bullseye' --port <LOCAL_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>

On our second (Or more) project

[~] > openstack project list -c ID -f value

As network is already shared with rbac policy, we can create port on that network :

openstack port create --network <SHARED_NETWORK_NAME> --fixed-ip subnet=<SHARED_SUBNET_NAME> <SHARED_PORT_NAME>
Then create the instance attached to the port created above :
openstack server create --flavor a1-ram2-disk20-perf1 --image 'Debian 11.5 bullseye' --network <PUBLIC_NETWORK_NAME> --port <SHARED_PORT_NAME> --security-group default --key-name <KEY_NAME> <INSTANCE_NAME>
We also connect our instance on external network to simplify access through Internet

As you can see both instances are connected through their local ip.

root@public_instance:~# ping -c1
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.292 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms

This is a basic example of what rbac allows us, to adapt to your needs.