OpenStack Add Floating IPs

To add a floating IP, allocate it from an external network and associate it with a running instance using the OpenStack CLI.

Prerequisites

• OpenStack 2024.2 Dalmatian with Neutron
• External network connected to an upstream router
• Neutron router with an external gateway set
• Running VM on a tenant network attached to the router

Step 1: Create the External Network

Create the external network and subnet as an admin user.

source openrc admin admin

openstack network create \
  --provider-network-type flat \
  --provider-physical-network physnet-ext \
  --external \
  --share \
  external-net

openstack subnet create \
  --network external-net \
  --subnet-range 203.0.113.0/24 \
  --allocation-pool start=203.0.113.100,end=203.0.113.200 \
  --gateway 203.0.113.1 \
  --no-dhcp \
  external-subnet

Step 2: Set the Router Gateway

Connect your tenant router to the external network.

openstack router set --external-gateway external-net my-router
openstack router show my-router -c external_gateway_info

Step 3: Allocate a Floating IP

Allocate a specific IP address from the external network pool.

openstack floating ip create --floating-ip-address 203.0.113.150 external-net

Step 4: Associate with an Instance

Associate the floating IP with a running instance.

openstack server add floating ip my-instance 203.0.113.105
openstack server show my-instance -c addresses

Step 5: Configure Security Groups

Allow inbound traffic for SSH, HTTP, and ICMP.

openstack security group rule create --protocol tcp --dst-port 22 default
openstack security group rule create --protocol tcp --dst-port 80 default
openstack security group rule create --protocol icmp default
ping 203.0.113.105
ssh ubuntu@203.0.113.105

Step 6: Disassociate and Release

Remove the floating IP from an instance and release it to the pool.

openstack server remove floating ip my-instance 203.0.113.105
openstack floating ip delete 203.0.113.105

Step 7: Move a Floating IP Between Instances

Move a floating IP instantly for failover or blue-green deployments.

openstack server remove floating ip old-instance 203.0.113.105
openstack server add floating ip new-instance 203.0.113.105

Managing Floating IP Quotas

Set quotas per project and view usage.

openstack quota set --floating-ips 10 my-project
openstack floating ip list --project my-project

Floating IPs with Port Forwarding

Forward a specific external port to an internal instance port.

openstack floating ip port forwarding create \
  --internal-ip-address 192.168.1.10 \
  --internal-protocol-port 80 \
  --external-protocol-port 8080 \
  --protocol tcp \
  <floating-ip-id>

Troubleshooting

• Cannot ping floating IP: Check security group rules allow ICMP.
• SSH timeout: Verify port 22 is open in security group.
• Floating IP not reachable: Ensure router has external gateway and is ACTIVE.
• No floating IPs available: Check allocation pool range and quotas.
• NAT not working: Verify L3 agent is running on the network node.

Floating IPs are public addresses you assign to private virtual machines so they can be reached from the internet. You create them from an external network pool, attach them to a specific server, and configure security rules to allow traffic. You can easily move these IPs between servers or delete them when they are no longer needed.