Navigation and service

Network Setup

Create and manage networks

Create a network

  1. Go to the Project → Network → Networks tab and select Create network.
  2. Define a name for the network, Admin status and Create subnet should both be "enabled". Select Next.
  3. Define a Name for the subnet. You could have several subnets per network. If you only intend to use one, then the Subnet name may be the same as the Network name chosen on the previous tab. The same holds true for the first network you create.
  4. The network address should be a private network range, such as or This range is only available within your network and by the connected router (see next section). In the subnet details, it is important to set the following three DNS servers:


Create a router

A router is required to allow for virtual machines (VMs) on your internal network to reach the outside world or other networks within your project. You will also need a router to reach VMs from the outside, which is the case if you want to offer services on your VMs.

  1. Go to the Project → Network → Routers tab and select Create router
  2. Define a Name for the router, Admin status "enabled", and an External network, which for the HDF cloud will be "dmz-hdf-cloud".
  3. The router is already connected to the DMZ network automatically, but you still need to connect it to your internal networks. This is done at Project → Network → Router, select the router, then Interfaces, then Add interface. Add an interface in your internal network.

Generic OpenStack documentation

If you prefer the generic documentation that may be lacking important information regarding our local installation, please refer to the OpenStack documentation.

Security groups

Security groups are a means to control inbound and outbound network traffic for your VMs. This includes protection of network traffic even among your VMs. The default security group in every new project limits network traffic to the bare minimum that is required to run a VM. It does not even allow for incoming connections via SSH or ICMP traffic (ping). Therefore, you will want to add rules to the default security group or add additional groups containing such rules.
In order to be able to access a VM via SSH once you have started it, you will at least have to add a rule to allow for this.

  1. Go to the Project → Network → Security groups tab
  2. Select Create security group and create a group with a meaningful name, e.g. ssh_external
  3. Select Manage rules on the newly created security group
  4. From the number of predefined rules select SSH
  5. For the remote select CIDR, which, plainly put, is a way to express network ranges
  6. If you really want to allow SSH traffic from anywhere, then the default is the right choice. In order to limit traffic to sources within the Juelich campus, you would use

Keep in mind that the granularity of assigning rules to VMs is by security group only. Therefore, it is advisable to group rules that are commonly used together in security groups.
Again, should you prefer to use the generic documentation, please refer to the OpenStack Documentation. This may help you get a better understanding of the concept of security rules, but uses the command-line interface to set everything up.