How to create and manage private networks with Nova and Neutron

Private networking is a useful feature that customers may wish to utilize for advanced cloud setups. For a description of private networking and how to enable it, please review the What is private networking article. In this article, the decisions needed for adding a private network, and how to add the private network while using the DreamCompute dashboard are covered.

Private network options

Once Support has confirmed the network quota has been adjusted, the private network can be added. Please review the below options to determine settings for the private network.

Network block

There are various private network blocks that are available for use with private networks, and are specified in CIDR format. Common examples of this are or, however there are other networks to choose from as well. In the example below, we use


When a subnet is defined, DHCP can be set enabled or disabled, and can be changed later if desired. When DHCP is enabled, newly created instances run cloud-init at start and detect it, and therefore determine it isn’t necessary to hard-code network settings into the operating system. If it is disabled, then these settings are hard-coded. Having DHCP enabled can help with creating snapshots and new instances from those snapshots, as the snapshots won’t have hard-coded network configs in them. However, older versions of cloud-init fail to boot entirely when DHCP is enabled.

As of October 2016, only Centos 6, and all Ubuntu versions have a version of cloud-init that supports DHCP. If you plan to use a different operating system, please consider disabling DHCP.

Adding the private network

  1. Create a network:

    [user@localhost]$ neutron net-create private-network

This command creates a new empty network which can accept a subnet later. In this example the name “private-network” is given.

  1. Create a subnet:

    [user@localhost]$ neutron subnet-create private-network \
                      --name private-network --dns-nameserver \
                      --dns-nameserver --disable-dhcp

This command creates a new subnet on top of the network created above. Depending on decisions made about DHCP and the network block, a different CIDR and/or the flag –enable-dhcp can be specified. In this example the subnet is named “private-network” the same as the network, and google DNS servers specified.

  1. Create a router:

    [user@localhost]$ neutron router-create private-router

This command creates a new router with a default configuration. In this example the name “private-router” is given.

  1. Create a router interface:

    [user@localhost]$ neutron router-interface-add private-router private-network

This command adds an interface to the router to the private network.

  1. Set the router gateway:

    [user@localhost]$ neutron router-gateway-set private-router public

This command sets the router gateway to the public network, to allow it access to the internet.

This completes the process of adding a private network to the account. The example commands below show how to select the private network and add a floating IP address.

  1. Determine flavor, security group, image, keypair, and network ID:

    [user@localhost]$ nova flavor-list
    [user@localhost]$ nova secgroup-list
    [user@localhost]$ nova image-list
    [user@localhost]$ nova keypair-list
    [user@localhost]$ neutron net-list

The above commands output the available flavors, security groups, images, keypairs, and the networks available. Select the necessary options for creating the instance. For the network, the long ID is needed in place of the given name.

  1. Create an instance:

    [user@localhost]$ nova boot --flavor gp1.semisonic --security-group default \
                      --image Ubuntu-16.04 --nic net-id=LONG-NETWORK-UUID-HERE \
                      --key-name KEYNAME INSTANCENAME

The above command creates a semisonic size instance, using the default security group and the Ubuntu 16.04 operating system image. The remaining values vary per tenant, and need to be specified instead. The LONG-NETWORK-UUID-HERE is the ID given from “neutron net-list”, the KEYNAME from “nova keypair-list” and the instance name any name desired for the instance.

Did this article answer your questions?

Article last updated .