To initiate connections to instances behind Neutron routers from outside networks, you must configure a floating IP address and associate it with the instance. In OpenStack, a floating IP is associated with a Neutron port that corresponds to an interface of the instance accepting connections.

Using the openstack port list command, determine the port ID of each instance recently booted. The command allows results to be filtered by device or instance ID, as shown in the following screenshot:

Using the openstack floating ip create command, create a single floating IP address and associate it with the port of the instance known as MyInstance1:

From within the guest OS, verify that the instance can still communicate with outside resources:

Performing a packet capture on the eth2.30 interface on the controller01 node, we can observe ICMP traffic from the instance through the router having a source IP that corresponds to the floating IP address 10.30.0.101:

Within the router namespace, the floating IP has been configured as a secondary address on the qg interface:

When the floating IP is configured as a secondary network address on the qg interface, the router is able to respond to ARP requests to the floating IP from the upstream gateway device and other Neutron routers or devices in the same external network. This allows inbound connectivity to the instance via the floating IP.

A look at the iptables chains within the router namespace show rules have been added to perform the 1:1 NAT translation from the floating IP to the fixed IP of MyInstance1, and vice versa:

Provided our client workstation can route to the external provider network, traffic can be initiated directly to the instance via the floating IP: