Hello Matt, first of all in the file : plugins/ml2/openvswitch_agent.ini
you need to have bridge mappings, in my case for example: bridge_mappings = physnet1:br-eth3,physnet2:br-eth4 this will define what physnet1 means in the openstack context. To create the external network I do: openstack network create --no-share --project uuid --provider-physical-network physnet2 --provider-network-type flat --external NETWORKNAME Of course the --no-share is useless because being the network external it will be shared by default. Saverio 2016-10-03 6:15 GMT+02:00 Matt Kassawara <mkassaw...@gmail.com>: > How are you creating the provider (external) network? > > On Thu, Sep 29, 2016 at 6:01 AM, Saverio Proto <ziopr...@gmail.com> wrote: >> >> Hello, >> >> Context: >> - openstack liberty >> - ubuntu trusty >> - neutron networking with vxlan tunnels >> >> we have been running Openstack with a single external network so far. >> >> Now we have a specific VLAN in our datacenter with some hardware boxes >> that need a connection to a specific tenant network. >> >> To make this possible I changed the configuration of the network node >> to support multiple external networks. I am able to create a router >> and set as external network the new physnet where the boxes are. >> >> Everything looks nice except that all the projects can benefit from >> this new external network. In any tenant I can create a router, and >> set the external network and connect to the boxes. I cannot restrict >> it to a specific tenant. >> >> I found this piece of documentation: >> >> >> https://wiki.openstack.org/wiki/Neutron/sharing-model-for-external-networks >> >> So it looks like it is impossible to have a flat external network >> reserved for 1 specific tenant. >> >> I also tried to follow this documentation: >> >> http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html >> >> But it does not specify if it is possible to specify a policy for an >> external network to limit the sharing. >> >> It did not work for me so I guess this does not work when the secret >> network I want to create is external. >> >> There is an action --action access_as_external that is not clear to me. >> >> Also look like this feature is evolving in Newton: >> http://docs.openstack.org/draft/networking-guide/config-rbac.html >> >> Anyone has tried similar setups ? What is the minimum openstack >> version to get this done ? >> >> thank you >> >> Saverio >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators