The previous post introduced Neutron networking concepts; this post will continue by introducing some Neutron terminology.
Contents
Neutron Concepts (Terminology)
Subnets
Subnets are a set of IP addresses and their associated configuration states, providing IPAM (IP Address Management) for provider/project networks. Subnets are used to assign IP addresses when creating ports on a network.
Subnet Pools
Users can generally create subnets using any valid IP address without restrictions. However, in some cases, administrators or projects may want to predefine an IP address pool to automatically allocate a range of addresses when creating a subnet. In situations where administrators want to avoid IP address duplication, subnet pools can be used to prevent address overlaps between two subnets from the same pool.
Ports
A port is a connection point that attaches a single device (such as a virtual server's NIC) to a virtual network. The port also describes associated network settings, such as the MAC and IP addresses to be used on that port.
Routers
Routers provide virtual L3 functionality, such as routing and NAT between self-service and provider networks, or between different self-service networks within a project. Neutron manages routers in different namespaces using L3 agents.
Security Groups
Security groups are essentially virtual firewalls used to control ingress (inbound) and egress (outbound) traffic for ports. By default, security groups only allow outbound traffic; to connect to an instance via SSH or other methods, you must allow inbound traffic for the corresponding port. Each port can reference one or more security groups. Neutron's firewall driver converts the rules in security groups into configurations for underlying packet filtering technologies (such as iptables).
