Neutron constructs the virtual network using elements that are familiar to most system and network administrators, including networks, subnets, ports, routers, load balancers, and more.

Using version 2.0 of the core Neutron API, users can build a network foundation composed of the following entities:

• Network: A network is an isolated Layer 2 broadcast domain. Typically, networks are reserved for the projects that created them, but they can be shared among projects if configured accordingly. The network is the core entity of the Neutron API. Subnets and ports must always be associated with a network.
• Subnet: A subnet is an IPv4 or IPv6 address block from which IP addresses can be assigned to virtual machine instances. Each subnet must have a CIDR and must be associated with a network. Multiple subnets can be associated with a single network and can be non-contiguous. A DHCP allocation range can be set for a subnet that limits the addresses provided to instances.
• Port: A port in Neutron is a logical representation of a virtual switch port. Virtual machine interfaces are mapped to Neutron ports, and these ports define both the MAC address and the IP address that is to be assigned to the interfaces plugged into them. Neutron port definitions are stored in the Neutron database, which is then used by the respective plugin agent to build and connect the virtual switching infrastructure.

Cloud operators and users alike can configure network topologies by creating and configuring networks and subnets, and then instruct services like Nova to attach virtual devices to ports on these networks. Users can create multiple networks, subnets, and ports, but are limited to thresholds defined by per-project quotas set by the cloud administrator.