# Networking

# Physical Network

The Physical Network is made of a layer 2 network, spanning multiple data centers and separated by VLAN.

# Virtual Networks in Openstack

We have 4 type of networks (The colors match the diagram bellow):

shared with all projects

• PHOENIX-TECHNOLOGIES_PUBLIC - connects to the internet
  • IPs are public and can be reached from the Internet
  • Security groups must be used to limit ingress access. The default Security group blocks all ingress. Egress might also be limited to avoid data leakage.

• PHOENIX-TECHNOLOGIES_INTERNAL and PHOENIX-TECHNOLOGIES_SERVICES -internal network used to connect OpenStack projects when required
  • IP ranges:
  • PHOENIX-TECHNOLOGIES_SERVICES: 10.153.16.0/21
  • PHOENIX-TECHNOLOGIES_INTERNAL: 10.153.24.0/21

Security groups must be used to limit ingress access. The default Security group blocks all ingress. Egress might also be limited to for example only allow connecting to the services

Private to a project

• Internal (DMZs) - these are the most frequent as the recommendation is to keep traffic local to the project and attach all VMs to these.

  • IP Range - you can use any IPs so far you do not conflict with IPs used by other networks you want to connect to, mainly Internet and PHOENIX-TECHNOLOGIES_INTERNAL.

• External (infra and CoLocation) - these are special networks needed when accessing infrastructure elements within Phoeniqs. For example to access HW devices such as LPARs not managed by Openstack.