Configuring External Connectivity in Unified - noironetworks/opflex-documentation GitHub Wiki

Adding an Openstack External Network

External networks are provided using L3Out. Before creating and external network an L3Out has to be pre-created in the ACI. The configuration requires the DN of the EPG for the specific L3Out in APIC. The DN can be obtained in two ways:

Procedure 1:

Go to the APIC and get the DN of the External Network using the API-Inspector:

OR

Procedure 2:

Use the aimctl manager command on the Openstack-Controller to get the DN as shown below:

aimctl manager external-network-find
+---------------+----------------+------------+
| tenant_name | l3out_name     | name         |
|-------------+----------------+--------------|
| common      | Datacenter-Out | DcExtPol     |
| common      | Management-Out | MgmtExtPol   |
| common      | default        | MgmtNeti     |
+-------------+----------------+--------------+
aimctl manager external-network-get common Datacenter-Out DcExtPol
+-------------------------+-------------------------------------------------+
|Property                 |Value                                            |
|-------------------------+-------------------------------------------------+
| tenant_name             | common                                          |
| l3out_name              | Datacenter-Out                                  |
| name                    | DcExtPol                                        |
| display_name            |                                                 |
| nat_epg_dn              |                                                 |
| provided_contract_names | []                                              |
| consumed_contract_names | []                                              |
| monitored               | True                                            |
| dn                      | uni/tn-common/out-Datacenter-Out/instP-DcExtPol |
+---------------------------------------------------------------------------+
Now the DN from above two examples can be used to create the external network.

Note down the DN obtained using one of the above procedures. It will be used in "neutron net-create" command. Create the external network:

For using NAT:

neutron net-create Datacenter-Out --router:external True --shared --apic:distinguished_names type=dict ExternalNetwork=uni/tn-common/out-Datacenter-Out/instP-DcExtPol

Now add Floating and SNAT subnets (These are only applicable if using NAT)

SNAT subnet:

neutron subnet-create Datacenter-Out 10.104.21.0/24 --name snat-subnet --disable-dhcp --gateway 10.104.21.1 --apic:snat_host_pool True

Floating IP subnet:

neutron subnet-create Datacenter-Out 10.104.22.0/24 --name float-subnet --disable-dhcp --gateway 10.104.22.1

If using no NAT:

neutron net-create Datacenter-Out --router:external True --shared --apic:distinguished_names type=dict ExternalNetwork=uni/tn-common/out-Datacenter-Out/instP-DcExtPol --apic:nat_type ""

For GBP external connectivity, first create the external segment using the SNAT subnet:

Example:

gbp external-segment-create Datacenter-Out --subnet-id

Now this segment can be used as usual to create the network service policy.

Example:

gbp nat-pool-create nat-pool-0 --ip-pool 10.104.31.0/24 --external-segment Datacenter-Out

gbp network-service-policy-create --network-service-params type=ip_pool,name=nat-pool-0,value=nat_pool net-svc-nat-0

⚠️ **GitHub.com Fallback** ⚠️