Creating and managing private networks with the OpenStack CLI


Private networking is a useful feature that you may wish to utilize for advanced cloud setups. For a description of private networking and how to have it enabled on your account, please review the article here:

Private network options

Once Support has confirmed that your account's network quota has been adjusted, private networks can be added. Please review the options below to determine settings for the private network.

Network block

There are various private network blocks that are available for use with private networks that are specified in CIDR format. Common examples of this are or, however there are other networks to choose from as well. In the example below, is used.


When a subnet is created, DHCP can be enabled or disabled (this can be changed later if desired). When DHCP is enabled, newly created instances run cloud-init at start and determine it isn't necessary to hard-code network settings into the operating system. If it is disabled, then these settings are hard-coded. Having DHCP enabled can help with creating snapshots and new instances from those snapshots, as the snapshots won't have hard-coded network configs in them.

Adding the private network

  1. Run the following command to create a private network. This command creates a new empty network named 'NETWORK' which can accept a subnet in the future.
    [user@localhost]$ openstack network create NETWORK
  2. Run the following command to create a new subnet on top of the network that was created above. Depending on decisions made about DHCP and the network block, a different --subnet-range and/or the --no-dhcp/--dhcp flag can be specified. In this example, the subnet is named 'SUBNET', Google's DNS servers have been specified, and DHCP is disabled.

    The back slash character at the end of each line continues the command on the next line. If you like, you can remove this character and put the entire command on a single line.

    [user@localhost]$ openstack subnet create SUBNET --subnet-range \
    --network NETWORK --dns-nameserver \
    --dns-nameserver --no-dhcp
  3. Run the following to create a new router named 'ROUTER' with a default configuration.
    [user@localhost]$ openstack router create ROUTER
  4. Run the following to create a router interface that associates the subnet you created with your router.
    [user@localhost]$ openstack router add subnet ROUTER SUBNET
  5. Finally, set the router gateway to the public network. This allows it to access the Internet.

    [user@localhost]$ openstack router set --external-gateway public ROUTER

At this point, a new private network has been added to your account.

Create an instance on your new private network

  1. Run the following series of commands to view the flavor, security group, image, keypair, and network ID for your project. Select the necessary options for creating the instance. Please note that for the network, the long ID is needed in place of the given name.
    [user@localhost]$ openstack flavor list
    [user@localhost]$ openstack security group list
    [user@localhost]$ openstack image list
    [user@localhost]$ openstack keypair list
    [user@localhost]$ openstack network list
  2. Finally, create an instance. This command creates a semisonic size instance, using the default security group and the Ubuntu 16.04 operating system image. The remaining values are unique to your project and need to be specified. The LONG-NETWORK-UUID-HERE is the ID given from openstack network list, the KEYNAME from openstack keypair list, and the instance name can be whatever you want.
    [user@localhost]$ openstack server create --flavor gp1.semisonic \
    --security-group default --image Ubuntu-16.04 \

At this point, a new instance has been created on your private network.

If you'd like to access this network publicly, you can add a floating IP address to it. For more information about managing floating IP addresses using the OpenStack CLI, see this article:

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?