Skip to main content
IMHCloud Logo
Back to glossary

Neutron

Neutron is the OpenStack networking service that provides network connectivity for instances by managing networks, subnets, routers, floating IPs, security groups, and load balancers through a flexible plugin architecture.

Networking

What is Neutron in cloud hosting?

Neutron is the networking component of OpenStack that provides network connectivity as a service for instances (virtual machines). It manages all networking resources in an OpenStack cloud, including virtual networks, subnets, routers, floating IPs, security groups, and load balancers.

Neutron uses a plugin architecture that allows cloud providers to integrate different networking technologies and hardware. This design separates the networking logic from the underlying infrastructure, enabling operators to choose networking backends that match their requirements without changing how users interact with the service.

Related Terms

  • Instance: A virtual machine running in your cloud environment, such as a web server or database server that connects to networks managed by Neutron.
  • Router: A virtual networking device that connects different networks together, such as linking a private network to the public internet through Neutron.
  • Subnet: A range of IP addresses within a network, such as 192.168.1.0/24, that Neutron assigns to instances when they connect to a network.
  • Security Group: A set of firewall rules that control traffic to instances, such as allowing SSH on port 22 or HTTP on port 80.
  • Floating IP: A public IP address that can be associated with an instance to make it reachable from the internet, such as 203.0.113.50.
  • Load Balancer: A service that distributes incoming traffic across multiple instances, such as spreading web requests across three application servers.

Why Neutron Exists

Before Neutron, OpenStack used a simpler networking model called nova-network that was tightly coupled to the compute service. This approach limited flexibility and made it difficult to implement advanced networking features like multiple isolated networks per project, software-defined networking, or integration with physical network equipment.

Neutron exists to solve these limitations by providing:

  • Multi-tenancy: Each project can create its own isolated networks without interference from other projects.
  • Extensibility: Operators can add new networking capabilities through plugins without modifying Neutron core code.
  • Advanced features: Support for load balancing, VPN, firewall rules, and quality of service that nova-network could not provide.
  • Hardware integration: Ability to work with physical switches, routers, and network appliances from different vendors.

Without Neutron, cloud environments would be limited to basic flat networking where all instances share the same network segment, creating security risks and management challenges.

What Does Neutron Actually Do?

  • Creates and manages virtual networks that instances can attach to.
  • Assigns IP addresses to instances from configured subnets.
  • Provides routing between different networks through virtual routers.
  • Associates floating IPs with instances to enable external access.
  • Applies security group rules to control inbound and outbound traffic.
  • Distributes traffic across multiple instances using load balancers.
  • Manages DHCP services that automatically configure instance networking.
  • Handles metadata services that provide configuration data to instances.
  • Integrates with external networks to connect instances to the internet or corporate infrastructure.
  • Stores network state in a database and synchronizes it with networking agents running on compute nodes.

When Would I Use Neutron?

Neutron is the default networking service in OpenStack, so you use it whenever you create or manage network resources. Specific situations include:

  • Launching instances: Neutron automatically assigns IP addresses and applies security rules when you start a new instance.
  • Creating isolated environments: You create separate networks for development, staging, and production workloads.
  • Exposing services: You associate floating IPs with instances that need to be accessible from the internet.
  • Connecting networks: You create routers to allow instances on different networks to communicate.
  • Securing traffic: You define security group rules to permit only necessary network connections.
  • Scaling applications: You configure load balancers to distribute traffic across multiple instances.

When Would I NOT Use Neutron?

  • Simple single-network deployments: If all instances need basic connectivity on one flat network, Neutron adds complexity that may not be necessary. Some small deployments still use the legacy nova-network for simplicity.
  • External networking requirements: If your organization requires specific networking features not supported by available Neutron plugins, you may need custom solutions or different cloud platforms.
  • Extremely high packet rates: Some advanced use cases like telecommunications or high-frequency trading may require specialized networking that bypasses software-defined networking layers.
  • Non-OpenStack environments: Neutron is specific to OpenStack. Other cloud platforms like AWS, Azure, or GCP have their own networking services.

Real-World Example

Company A runs an e-commerce platform on OpenStack. They use Neutron to create three separate networks:

  1. A frontend network where web servers receive customer requests through floating IPs and a load balancer.
  2. An application network where application servers process orders. These servers have no direct internet access.
  3. A database network where MySQL servers store customer and order data. Security groups allow connections only from the application network.

Neutron routes traffic between these networks while keeping them isolated. The web servers can reach the application servers, and the application servers can reach the database servers. However, the database servers cannot be reached directly from the internet.

When traffic spikes during a sale, Company A adds more web servers. Neutron automatically assigns them IP addresses from the frontend subnet and connects them to the load balancer. Security group rules apply instantly, ensuring new servers have the same access controls as existing ones.

Frequently Asked Questions

What is the difference between Neutron and nova-network? Nova-network was the original OpenStack networking service built into the compute component. Neutron is a separate project that provides more features, better isolation, and plugin support. Nova-network is deprecated, and Neutron is the standard for all modern OpenStack deployments.

Can I use Neutron without understanding all its features? Yes. For basic deployments, you only need to understand networks, subnets, and security groups. The Horizon Dashboard provides a graphical interface for common tasks. Advanced features like load balancers and VPNs are optional.

What happens if Neutron services stop running? Existing network connections continue working because the networking configuration is applied to the underlying infrastructure. However, you cannot create new networks, launch instances, or modify networking until Neutron services recover. Running Neutron in high availability mode prevents single points of failure.

How do Neutron plugins work? Neutron plugins translate API requests into actions on the underlying network infrastructure. The ML2 (Modular Layer 2) plugin is the most common and supports multiple mechanism drivers like Open vSwitch, Linux Bridge, or vendor-specific drivers. You can use different drivers for different network types in the same deployment.

Can instances on different networks communicate? By default, networks are isolated. To enable communication between networks, you create a Neutron router and connect both networks to it. The router handles traffic forwarding between the networks. You can also use security groups to control which traffic the router permits.

Summary

  • Neutron is the OpenStack networking service that provides network connectivity for instances.
  • It manages networks, subnets, routers, floating IPs, security groups, and load balancers.
  • A plugin architecture allows integration with different networking technologies and hardware vendors.
  • Neutron enables multi-tenant network isolation where each project can create independent networks.
  • It replaced the older nova-network service to provide advanced networking features and better extensibility.