Ports in OpenStack Neutron
OpenStack supports rich abstractions to handle virtual networking needs in a cloud. As a user the most visible entities are the Network, Subnets, Routers, Firewall etc. But if we consider ingress and egress points for data traffic, the most critical entity is the Port. OpenStack Neutron Ports are usually created automatically as part of other user operations. However the CLI allows users to create Ports independently as well.
Why are Ports important?
Ports in OpenStack networking are realized using interfaces (mostly virtual) on the underlying hypervisor. IP addresses used for virtual machines, routers etc are actually stored with the Port entities. Given that Ports represent entry and exit points for data traffic and also the associated configurations such as interface and IP address, they play an important role in OpenStack networking.
Types of Ports in OpenStack
We will use the following virtual network topology to understand the different types of ports created in OpenStack.
In the above picture, we have two Tenant Networks with each network having one virtual machine and a DHCP server. The two Networks are connected to each other using a Tenant Router. In addition, we will use an External Network and set it as the gateway on the Tenant Router so that virtual machines have Internet access. The corresponding OpenStack Network Topology looks like this:
To view the port types in your OpenStack setup, pay attention to the ‘device_owner’ attribute of the port as shown the CLI output here.
Let us now see the different types of ports associated with this topology.
compute:nova
‘compute:nova’ indicates that the port is associated with a virtual machine. These ports are usually auto-created as part of the instance creation (via Nova). The ‘compute’ part indicates that the port is created on compute nodes.
network:dhcp
’network:dhcp’ indicates that the port is associated with a DHCP server. The word ’network’ imples that this port is created on the Network node. The DHCP port is created when the first virtual machine instance is started on the corresponding network.
network:router_interface
The ’network:router_interface’ represents the ‘gateway’ IP interface for a tenant network and its VMs. This interface is associated to an OpenStack router (namespace). Ports of this type are created when a user does a ‘Add Interface’ operation on a Router. You will see two such ’network:router_interface’ ports - one for each Network in our example. Once again, this port type is also seen on the Network Node.
network:router_gateway
For a Router, the External Network represents the ‘gateway’ to the outside world (Internet). So a special port of type ’network:router_gateway’ is created for this. This port is created with a user does ‘Set Gateway’ operation on a Router and resides on the Network node.