Neutron offers a number of commands that can be used to create and manage floating IPs. The primary commands associated with floating IPs include:
floatingip-associatefloatingip-createfloatingip-deletefloatingip-disassociatefloatingip-listfloatingip-show
If you recall from previous chapters, IP addresses are not assigned directly to instances. Instead, an IP address is associated with a Neutron port, and this port is logically mapped to an instance or other network resource.
When a floating IP is created, it must be associated with a Neutron port. To create a floating IP from within the CLI, use the following Neutron floatingip-create command:
usage: floatingip-create [--tenant-id TENANT_ID] [--port-id PORT_ID] [--fixed-ip-address FIXED_IP_ADDRESS] [--floating-ip-address FLOATING_IP_ADDRESS] FLOATING_NETWORK
Floating IP addresses can only be used within the tenant or project in which they were created. Using the --tenant-id option, an administrator is able to specify the tenant associated with the floating IP.
By specifying a port ID with the --port-id option, it is possible to immediately associate a floating IP with a Neutron port upon creation.
As a port can have multiple IP addresses associated with it, it may be necessary to define a specific fixed IP to associate the floating IP with. Use the --fixed-ip-address option to specify the fixed IP address that should be associated with the floating IP.
In previous releases of OpenStack, floating IPs were automatically assigned from the allocation pool of the external network. From Kilo onward, it is possible to create a floating IP using a specified address. Use the --floating-ip-address option to specify a particular address from the external network to be used as a floating IP.
Once a floating IP has been created, it is available for use to any user within the tenant or project that created it. To associate a floating IP with an instance, it is first necessary to determine the Neutron port that is associated with the fixed IP of the instance.
The port ID associated with the fixed IP address of an instance can be determined in a couple of different ways. For example, the port ID of a device whose IP address is 10.30.0.2 can be determined in the following way:
# neutron port-list --fixed-ips ip_address=10.30.0.3
Figure 7.2
Alternatively, if you know the ID of an instance, you can filter the output of neutron port-list to return the specific ports related to this instance.
For example, the ports of an instance whose ID is b00335cb-8c7e-4fc6-8115-a9d650801007 can be determined in the following way:
# neutron port-list --device_id=b00335cb-8c7e-4fc6-8115-a9d650801007
Figure 7.3
Once the port ID has been determined, use the following Neutron floatingip-associate command to associate the floating IP with the port:
usage: floatingip-associate [--fixed-ip-address FIXED_IP_ADDRESS] FLOATINGIP_ID PORT
Using the preceding port ID and a floating IP whose ID is da54d6a2-b8d4-4a08-91bf-c33fb2bb4ab5, the floatingip-associate command can be used to associate the floating IP with the port, as shown in the following figure:
Figure 7.4
Neutron uses the subnet ID of a specified port to determine the router in which to configure the floating IP address and respective NAT rules. The logic involved means that no more than one standalone router should be attached to a tenant network at any given time when floating IPs are used as unexpected results may occur otherwise.
To determine the association of floating IPs to Neutron ports and addresses, use the Neutron floatingip-list command, as shown here:
usage: floatingip-list
The output returned includes the ID, fixed IP address, floating IP address, and port ID associated with the floating IP.
To display the attributes of a floating IP in the CLI, use the Neutron floatingip-show command, as follows:
usage: floatingip-show FLOATINGIP
The output returned includes the floating IP address and associated external network, fixed IP address, port, tenant, and router IDs.
To disassociate a floating IP from a port, use the following Neutron floatingip-disassociate command:
usage: floatingip-disassociate FLOATINGIP_ID
Disassociating a floating IP from a port makes the floating IP available for use to other users within the tenant or project.