Skip to main content
IMHCloud Logo
Back to support home

Creating and Managing Routers in OpenStack Horizon

Routers in OpenStack provide Layer 3 connectivity between different networks, allowing traffic to flow between private subnets and external networks. They act as gateways that enable communication between isolated network segments and provide access to the internet or other external networks. This guide walks you through creating and managing routers in OpenStack Horizon and includes CLI equivalents for automation.

Creating a Router in Horizon

To create a new virtual router in your OpenStack project:

  1. Log in to the OpenStack Horizon dashboard
  2. Navigate to Project > Network > Routers
  3. Click the Create Router button in the upper right
  4. In the Create Router dialog, provide the following information:
  • Router Name: Enter a descriptive name for your router
  • Admin State: Leave enabled (checked) to activate the router immediately
  • External Network: Optionally select an external network to set as the gateway during creation
  • Availability Zone Hints: Select specific availability zones if required for your deployment
  1. Click Create Router to provision the new router

The router will appear in the routers list with a status of ACTIVE once creation is complete. At this point, the router exists but has no connections to any networks until you configure interfaces or gateways.

Setting an External Gateway

An external gateway connects your router to a public or external network, allowing resources on your private networks to reach the internet or other external destinations through network address translation (NAT).

To set an external gateway on an existing router:

  1. Navigate to Project > Network > Routers
  2. Click on your router name to open the router details page
  3. Select the Overview tab if not already selected
  4. In the External Gateway section, click Set Gateway
  5. In the Set Gateway dialog:
  • External Network: Select the external network from the dropdown (typically named "public" or "external")
  • Enable SNAT: Leave checked to enable Source Network Address Translation, allowing private instances to access external networks
  1. Click Set Gateway to apply the configuration

The router now has a gateway interface connected to the external network with an assigned external IP address. This IP address will be used for outbound NAT traffic from your private networks.

You can modify or clear the gateway at any time by clicking Clear Gateway and setting a new one if needed.

Adding Interfaces to Connect Private Subnets

Router interfaces connect your private subnets to the router, enabling routing between networks and access to the external gateway. Each interface represents a connection to a specific subnet.

To add an interface to your router:

  1. Navigate to Project > Network > Routers
  2. Click on your router name to view details
  3. Select the Interfaces tab
  4. Click the Add Interface button
  5. In the Add Interface dialog:
  • Subnet: Select the private subnet you want to connect from the dropdown
  • IP Address: Optionally specify a fixed IP address for the router interface, or leave blank to automatically assign the first available IP from the subnet range
  1. Click Submit to create the interface

The interface will appear in the interfaces list showing the subnet name, IP address, and status. The router now acts as the default gateway for instances on this subnet, typically using the first IP address in the subnet range (e.g., 192.168.1.1 for a 192.168.1.0/24 subnet).

Multiple interfaces can be added to connect different private subnets to the same router, enabling routing between them.

Viewing Router Details and Interfaces

The router details page provides comprehensive information about your router configuration:

  1. Navigate to Project > Network > Routers
  2. Click on your router name to open the details page

The Overview tab displays:

  • Router name and ID
  • Admin State (UP or DOWN)
  • Status (ACTIVE, DOWN, ERROR)
  • External gateway information including the external network name and IP address
  • Availability zones

The Interfaces tab shows:

  • All connected interfaces
  • Subnet names and network information
  • IP addresses assigned to each interface
  • Interface types (internal or gateway)
  • Status for each interface

The Static Routes tab displays any configured static routes for custom routing behavior.

Connecting Multiple Private Networks

A single router can connect multiple private networks, enabling communication between them while sharing a single external gateway. This is useful for creating segmented network architectures where different application tiers need to communicate.

To connect multiple private networks:

  1. Create your private networks and subnets first (Project > Network > Networks)
  2. Create a single router following the steps in the "Creating a Router" section
  3. Set an external gateway if needed
  4. Add an interface for each private subnet you want to connect:
  • Navigate to the Interfaces tab
  • Click Add Interface and select the first subnet
  • Repeat for each additional subnet

Instances on any connected subnet can now communicate with instances on other connected subnets through the router. The router handles inter-subnet routing automatically based on the connected interface IP addresses.

For example, if you have:

  • Web subnet (10.0.1.0/24) with router interface at 10.0.1.1
  • Application subnet (10.0.2.0/24) with router interface at 10.0.2.1
  • Database subnet (10.0.3.0/24) with router interface at 10.0.3.1

Instances in the web subnet can reach instances in the application and database subnets through the router, assuming security groups allow the traffic.

Configuring Static Routes

Static routes allow you to customize routing behavior for specific destination networks, directing traffic to specific next-hop IP addresses instead of using default routing behavior.

To add a static route:

  1. Navigate to Project > Network > Routers
  2. Click on your router name
  3. Select the Static Routes tab
  4. Click the Add Static Route button
  5. In the Add Static Route dialog:
  • Destination CIDR: Enter the destination network in CIDR notation (e.g., 172.16.0.0/24)
  • Next Hop: Enter the IP address of the next-hop router or gateway
  1. Click Submit to add the route

Static routes are useful when you need to:

  • Route traffic to specific networks through different gateways
  • Connect to networks not directly attached to the router
  • Implement custom routing policies
  • Integrate with external routing infrastructure

To remove a static route, click the Delete Static Route action button next to the route you want to remove.

Removing Interfaces and Deleting Routers

Before deleting a router, you must first remove all interfaces except the external gateway.

To remove an interface:

  1. Navigate to Project > Network > Routers
  2. Click on your router name
  3. Select the Interfaces tab
  4. For the interface you want to remove, click the Delete Interface button in the Actions column
  5. Confirm the deletion in the dialog

Note that removing an interface will disconnect the subnet from the router, and instances on that subnet will lose connectivity to other networks and the external gateway.

To delete a router completely:

  1. Remove all internal interfaces from the Interfaces tab
  2. Clear the external gateway from the Overview tab
  3. Return to Project > Network > Routers
  4. Select the checkbox next to the router you want to delete
  5. Click the Delete Routers button
  6. Confirm the deletion

You cannot delete a router that still has interfaces or an external gateway configured.

CLI Equivalents

All router management operations can be performed using the OpenStack command-line interface, which is useful for automation and scripting.

Create a router:

1openstack router create my-router

Set an external gateway:

1openstack router set --external-gateway public my-router

Enable SNAT on the external gateway:

1openstack router set --external-gateway public --enable-snat my-router

Add an interface to connect a subnet:

1openstack router add subnet my-router private-subnet-1

Add an interface with a specific IP address:

1openstack router add port my-router my-port

List all routers:

1openstack router list

Show router details:

1openstack router show my-router

Add a static route:

1openstack router set my-router --route destination=172.16.0.0/24,gateway=10.0.1.100

Remove a static route:

1openstack router unset my-router --route destination=172.16.0.0/24,gateway=10.0.1.100

Remove an interface:

1openstack router remove subnet my-router private-subnet-1

Clear the external gateway:

1openstack router unset --external-gateway my-router

Delete a router:

1openstack router delete my-router

View router interfaces:

1openstack port list --router my-router

The OpenStack CLI provides additional options for filtering, formatting output, and automating complex workflows. Use openstack router --help to see all available commands and options.

Best Practices

When working with routers in OpenStack:

  • Use descriptive names that indicate the router's purpose or the networks it connects
  • Set external gateways only when instances need internet or external network access
  • Enable SNAT for typical scenarios where private instances need outbound connectivity
  • Plan your network topology before creating routers to avoid unnecessary reconfiguration
  • Use static routes sparingly and document their purpose for future administrators
  • Remove unused interfaces before deleting routers to avoid errors
  • Consider creating separate routers for different environments (development, staging, production) to maintain isolation
  • Review security group rules in conjunction with routing to ensure proper access control

Routers are fundamental components of OpenStack networking that enable connectivity between isolated networks and provide access to external resources. Proper router configuration ensures your cloud infrastructure has the network connectivity it needs while maintaining security and isolation between different network segments.