How to Build an OpenStack Network using the Neutron CLI


Within this article we will provide the steps required to build a simple Neutron network. The network will consist of,

  • Provider network (NET_EXTERNAL)
  • Tenant network (NET_INTERNAL)
  • L3 Router (NEUTRON-ROUTER)
  • Floating IPs (

 Below is a diagram on how the topology looks,


Provider Network

First we create the provider network. This is a layer2 network that maps to a physical network, allowing us to use a physical device as the gateway. Below traffic is sent out tagged on VLAN100.
We then assign a subnet to the network. This contains the floating IPs as well as the default gateway.

neutron net-create --provider:physical_network=physnet1 \
                   --provider:network_type=vlan \
                   --provider:segmentation_id=100 \
                   --shared --router:external NET_EXTERNAL

neutron subnet-create NET_EXTERNAL \
--name SUBNET_EXTERNAL \ --enable_dhcp=False \ --allocation_pool start=,end= \ --gateway

Tenant Network

The tenant network is then created. We assign the DNS servers and IP pool (fixed IPs) that will be assigned to the instances by DHCP on creation.

neutron net-create NET_INTERNAL
neutron subnet-create NET_INTERNAL \
--name SUBNET_INTERNAL \ --dns-nameservers list=true

L3 Router

Finally we create the L3 router. We assign the gateway network (i.e provider) and then the tenant network.

neutron router-create NEUTRON-ROUTER
neutron router-gateway-set NEUTRON-ROUTER NET_EXTERNAL
neutron router-interface-add NEUTRON-ROUTER SUBNET_INTERNAL

Show Commands

Command Details
neutron net-list List networks
neutron net-show <network> Show network
neutron subnet-ist List subnets
neutron subnet-show <subnet> Show subnet
neutron floatingip-list List floating IPs
neutron floatingip-show <floating_ip> Show floating IP
neutron router-list List routers
neutron router-show <router> Show router


Installation Scripts -

Tags: OpenStack, Neutron

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001