The previous article introduced the concept of Neutron's network. This article will continue to explain some of Neutron's terminology.
Table of Contents
Neutron Concepts (Terminology)
Subnets (Subnetwork)
Subnets are a set of IP addresses and their associated configuration settings, providing IPAM (IP address management) functionality for provider/project networks. Subnets are used to assign IP addresses when creating network connections.
Subnet Pools
Users can typically create subnets using any valid IP address, with no other restrictions. However, in some cases, administrators or projects may wish to predefine an IP address pool to automatically assign an address block when creating subnets. In certain scenarios, administrators may want to prevent IP address conflicts between two subnets from the same pool, which can be achieved using subnet pools.
Ports (Network Connection)
A port connects a virtual device (such as a NIC on a virtual machine) to a network interface on the virtual network. A port also defines related network settings, such as the MAC and IP address used on that port.
Routers
Routers provide Layer 3 (L3) functionality for virtual networks, such as routing between self-service and provider networks or between different self-service networks within a project. Neutron uses L3 agents to manage routers across different namespaces.
Security Groups
Security groups are essentially virtual firewalls used to control incoming (ingress) and outgoing (egress) traffic flow. By default, security groups only allow outgoing traffic. To access an instance via SSH or other methods, you need to explicitly allow incoming traffic on the corresponding port. Each port can reference one or more security groups. The Neutron firewall driver translates security group rules into underlying firewall configurations (such as iptables).