Skip to main content
IMHCloud Logo
Back to support home

Creating and Managing Subnets in OpenStack Horizon

OpenStack

Subnets define IP address ranges within your OpenStack networks, providing structured address allocation for instances. This guide covers creating subnets through the Horizon dashboard, configuring DHCP and DNS settings, managing allocation pools, and using the OpenStack CLI for subnet operations.

Creating Subnets Through Horizon Dashboard

Prerequisites

Before creating a subnet, ensure you have:

  • An existing network (or create one during subnet creation)
  • Determined your IP addressing scheme (CIDR notation)
  • Administrative or network management permissions in your project
  • Planned your gateway IP and allocation ranges

Create a New Subnet

Step 1: Navigate to Network Management

  1. Log into OpenStack Horizon dashboard
  2. Go to Project > Network > Networks
  3. Locate the network where you want to add a subnet
  4. Click the network name to view details

Step 2: Start Subnet Creation

  1. Click the Subnets tab
  2. Click Create Subnet button
  3. The subnet creation wizard appears with multiple tabs

Step 3: Configure Subnet Tab

The Subnet tab defines basic addressing parameters:

Subnet Name: Enter a descriptive name (example: "web-tier-subnet" or "database-network-10")

Network Address (CIDR): Specify your subnet address range in CIDR notation. Common examples:

  • 10.0.0.0/24 - Provides 254 usable IP addresses (10.0.0.1 through 10.0.0.254)
  • 192.168.1.0/24 - Private network with 254 addresses
  • 172.16.0.0/16 - Larger network with 65,534 addresses
  • 10.0.0.0/28 - Small network with 14 usable addresses

Understanding CIDR Notation: The number after the slash indicates network bits. Lower numbers create larger networks:

  • /24 = 256 total addresses (254 usable)
  • /25 = 128 total addresses (126 usable)
  • /26 = 64 total addresses (62 usable)
  • /27 = 32 total addresses (30 usable)
  • /28 = 16 total addresses (14 usable)

IP Version: Select IPv4 or IPv6:

  • IPv4: Standard addressing (most common)
  • IPv6: Modern addressing with significantly larger address space

Gateway IP: Specify the default gateway address (optional but recommended):

  • Typically the first usable address in the range
  • Example: For 10.0.0.0/24, use 10.0.0.1
  • Leave blank to disable gateway functionality
  • Must fall within the CIDR range specified

Disable Gateway: Check this box if you don't want a gateway for this subnet. Use cases include:

  • Isolated storage networks
  • Internal-only communication networks
  • Networks that route through a different mechanism

Step 4: Configure Subnet Details Tab

The Subnet Details tab controls DHCP behavior and advanced options:

Enable DHCP: Check this box (enabled by default) to automatically assign IP addresses to instances. When enabled:

  • Instances receive IP configuration automatically on boot
  • No manual network configuration required inside instances
  • DNS servers are pushed to instances

Disable DHCP when:

  • Using static IP assignments
  • Managing addresses through external tools
  • Configuring specialized network appliances

Allocation Pools: Define IP ranges available for automatic assignment. Format: start_ip,end_ip

Examples:

  • 10.0.0.10,10.0.0.200 - Reserve first 9 addresses for static use
  • 192.168.1.50,192.168.1.100 - Limited pool for controlled allocation
  • Leave empty to use all addresses except gateway

Multiple pools separated by newlines:

110.0.0.10,10.0.0.50
210.0.0.100,10.0.0.200

This reserves addresses 51-99 for manual assignment or future expansion.

DNS Name Servers:
Specify DNS servers for instances (one per line). Common options:

Public DNS:

18.8.8.8
28.8.4.4

Private DNS:

110.0.0.5
210.0.0.6

Instances use these servers for domain name resolution. If left empty, instances may not resolve hostnames properly.

Host Routes:
Define static routes pushed to instances via DHCP (optional). Format:

1destination_network,next_hop

Examples:

1192.168.100.0/24,10.0.0.254
2172.16.0.0/16,10.0.0.253

Use host routes when:

  • Directing traffic to specific networks through non-default gateways
  • Creating complex routing topologies
  • Connecting to networks outside the local subnet

Step 5: Review and Create

  1. Review all subnet parameters
  2. Click Create button
  3. Horizon creates the subnet and returns to the network detail page
  4. The new subnet appears in the Subnets tab

The subnet becomes immediately available for instance attachment. Existing instances on the network may need reboot or DHCP renewal to receive configuration updates.

Create Subnet During Network Creation

You can create a subnet simultaneously with a network:

  1. Navigate to Project > Network > Networks
  2. Click Create Network
  3. On the Network tab, enter network name
  4. Check Create Subnet (enabled by default)
  5. The Subnet and Subnet Details tabs appear
  6. Configure subnet parameters as described above
  7. Click Create

This approach streamlines deployment by combining both operations into a single workflow.

Choosing Appropriate CIDR Ranges

Private Address Ranges

RFC 1918 defines private IP ranges for internal networks:

Class A: 10.0.0.0/8

  • Range: 10.0.0.0 to 10.255.255.255
  • Provides: 16,777,216 addresses
  • Best for: Large organizations with many subnets
  • Example usage: 10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24

Class B: 172.16.0.0/12

  • Range: 172.16.0.0 to 172.31.255.255
  • Provides: 1,048,576 addresses
  • Best for: Medium-sized deployments
  • Example usage: 172.16.1.0/24, 172.16.2.0/24

Class C: 192.168.0.0/16

  • Range: 192.168.0.0 to 192.168.255.255
  • Provides: 65,536 addresses
  • Best for: Smaller networks, department-level
  • Example usage: 192.168.1.0/24, 192.168.2.0/24

Subnet Sizing Best Practices

Estimate Required Addresses:
Count expected instances plus growth margin:

  • 10-20 instances: /27 (30 addresses)
  • 20-50 instances: /26 (62 addresses)
  • 50-100 instances: /25 (126 addresses)
  • 100-250 instances: /24 (254 addresses)

Plan for Overhead:
Reserve addresses for:

  • Gateway IP (typically 1 address)
  • DHCP server (if applicable)
  • Load balancers and network appliances
  • Future expansion (20-30% buffer)

Avoid Common Conflicts:
Check that your chosen CIDR doesn't overlap with:

  • Other OpenStack networks in your project
  • VPN networks you'll connect to
  • Corporate networks if using hybrid cloud
  • Default Docker networks (typically 172.17.0.0/16)

Subnet Organization Strategies

By Function:

110.0.1.0/24 - Web servers
210.0.2.0/24 - Application servers
310.0.3.0/24 - Database servers
410.0.4.0/24 - Management/monitoring

By Environment:

110.10.0.0/24 - Production
210.20.0.0/24 - Staging
310.30.0.0/24 - Development
410.40.0.0/24 - Testing

By Security Zone:

110.0.1.0/24 - Public-facing (DMZ)
210.0.10.0/24 - Internal services
310.0.20.0/24 - Sensitive data
410.0.30.0/24 - Management

Managing Existing Subnets

View Subnet Details

Access Subnet Information:

  1. Navigate to Project > Network > Networks
  2. Click the network name containing your subnet
  3. Click the Subnets tab
  4. Click the subnet name to view full details

The detail page displays:

  • CIDR and IP version
  • Gateway IP address
  • DHCP enable/disable status
  • Allocation pools
  • DNS nameservers
  • Host routes
  • Associated ports (instances using addresses from this subnet)

Edit Subnet Properties

Modify Subnet Configuration:

  1. Navigate to the subnet as described above
  2. From the Actions dropdown, select Edit Subnet
  3. Modify available parameters:
  • Subnet name
  • Gateway IP (can disable/enable)
  • DHCP enable/disable
  • Allocation pools
  • DNS nameservers
  • Host routes
  1. Click Submit

Note: You cannot change the CIDR address range after creation. If you need a different address range, create a new subnet and migrate instances.

Common Edit Scenarios:

Add DNS Server:
Useful when deploying internal DNS infrastructure after subnet creation.

Modify Allocation Pools:
Adjust ranges to reserve addresses for static assignment:

  • Original: 10.0.0.2,10.0.0.254
  • Modified: 10.0.0.50,10.0.0.254 (reserves .2 through .49)

Change Gateway:
Update gateway address if network topology changes or you're migrating to a new router.

Add Host Routes:
Insert routes after deploying additional network segments or VPN connections.

Delete Subnet

Prerequisites for Deletion:

  • Remove all instances from the network using this subnet
  • Delete all ports allocated from the subnet
  • Detach router interfaces connected to the subnet

Delete Process:

  1. Navigate to Project > Network > Networks
  2. Click the network name
  3. Click the Subnets tab
  4. Locate the subnet to delete
  5. Click the Actions dropdown next to the subnet
  6. Select Delete Subnet
  7. Confirm deletion in the dialog

Warning: Deletion is immediate and irreversible. Ensure no resources depend on the subnet before proceeding. If deletion fails, check for:

  • Active ports (instance network interfaces)
  • Router interfaces
  • Load balancer associations
  • Floating IP assignments

To view ports using the subnet:

  1. Go to Project > Network > Networks
  2. Click network name > Ports tab
  3. Review fixed IPs column for addresses in the subnet range

Delete or move ports to other subnets before deleting the subnet.

Managing Subnet Connectivity

Connect Subnet to Router

Subnets require router connections to communicate with external networks or other subnets:

Add Router Interface:

  1. Navigate to Project > Network > Routers
  2. Click the router name
  3. Click Interfaces tab
  4. Click Add Interface button
  5. Select subnet from dropdown
  6. Optionally specify IP address (or accept automatic assignment)
  7. Click Submit

The router interface uses an IP from the subnet (typically the gateway address) and enables routing between this subnet and other connected networks.

Configure Security

After creating subnets, secure network traffic:

Security Groups:
Control instance-level firewall rules. See Security Groups documentation for details.

Network ACLs (if available):
Some OpenStack deployments offer network-level access control lists for subnet-wide filtering.

Private vs. Public:

  • Private subnets: No direct internet access, routing through NAT
  • Public subnets: Instances can receive floating IPs for direct internet access

Using the OpenStack CLI

The OpenStack command-line interface provides scriptable access to subnet operations.

Prerequisites

Install OpenStack Client:

1pip install python-openstackclient

Authenticate: Download RC file from Horizon (User menu > OpenStack RC File) and source it:

1source openrc.sh

Enter your password when prompted.

Create Subnet via CLI

Basic Subnet Creation:

1openstack subnet create \
2  --network web-network \
3  --subnet-range 10.0.1.0/24 \
4  --gateway 10.0.1.1 \
5  web-subnet

With DHCP and DNS Configuration:

1openstack subnet create \
2  --network app-network \
3  --subnet-range 192.168.10.0/24 \
4  --gateway 192.168.10.1 \
5  --dhcp \
6  --dns-nameserver 8.8.8.8 \
7  --dns-nameserver 8.8.4.4 \
8  app-subnet

With Allocation Pools:

1openstack subnet create \
2  --network database-network \
3  --subnet-range 10.0.2.0/24 \
4  --gateway 10.0.2.1 \
5  --allocation-pool start=10.0.2.50,end=10.0.2.200 \
6  --dns-nameserver 10.0.0.5 \
7  database-subnet

IPv6 Subnet:

1openstack subnet create \
2  --network ipv6-network \
3  --subnet-range 2001:db8::/64 \
4  --ip-version 6 \
5  --ipv6-address-mode slaac \
6  --ipv6-ra-mode slaac \
7  ipv6-subnet

No Gateway Configuration:

1openstack subnet create \
2  --network storage-network \
3  --subnet-range 10.0.3.0/24 \
4  --no-gateway \
5  storage-subnet

List Subnets

List All Subnets:

1openstack subnet list

Filter by Network:

1openstack subnet list --network web-network

Show Detailed Information:

1openstack subnet show web-subnet

Output includes:

  • ID and name
  • CIDR and IP version
  • Gateway IP
  • DHCP status
  • Allocation pools
  • DNS nameservers
  • Host routes
  • Network ID

Output in Different Formats:

1openstack subnet show -f json web-subnet
2openstack subnet show -f yaml web-subnet

Modify Subnet

Update Subnet Name:

1openstack subnet set --name production-web-subnet web-subnet

Add DNS Nameserver:

1openstack subnet set --dns-nameserver 8.8.8.8 web-subnet

Change Gateway:

1openstack subnet set --gateway 10.0.1.254 web-subnet

Disable DHCP:

1openstack subnet set --no-dhcp web-subnet

Enable DHCP:

1openstack subnet set --dhcp web-subnet

Add Allocation Pool:

1openstack subnet set \
2  --allocation-pool start=10.0.1.100,end=10.0.1.150 \
3  web-subnet

Add Host Route:

1openstack subnet set \
2  --host-route destination=192.168.100.0/24,gateway=10.0.1.254 \
3  web-subnet

Delete Subnet

Delete Subnet:

1openstack subnet delete web-subnet

Delete Multiple Subnets:

1openstack subnet delete subnet1 subnet2 subnet3

Force Deletion (if supported):

1openstack subnet delete --force web-subnet

Note: Force deletion may not be available in all OpenStack deployments. Address dependencies (ports, router interfaces) before deletion.

Advanced CLI Operations

Create Multiple Allocation Pools:

1openstack subnet create \
2  --network production-network \
3  --subnet-range 10.10.0.0/24 \
4  --allocation-pool start=10.10.0.10,end=10.10.0.50 \
5  --allocation-pool start=10.10.0.100,end=10.10.0.200 \
6  production-subnet

Subnet with Tags:

1openstack subnet create \
2  --network dev-network \
3  --subnet-range 10.20.0.0/24 \
4  --tag development \
5  --tag team-alpha \
6  dev-subnet

Query Subnets by Tag:

1openstack subnet list --tags development

Export Subnet Configuration:

1openstack subnet show -f json web-subnet > web-subnet-config.json

This JSON can document your configuration or serve as a template for similar subnets.

Troubleshooting Common Issues

Cannot Create Subnet

Symptom: Error message when creating subnet

Common Causes and Solutions:

Overlapping CIDR: Ensure the subnet CIDR doesn't overlap with existing subnets on the same network or connected networks.

Check existing subnets:

1openstack subnet list

Invalid CIDR Format: Verify CIDR notation is correct: network_address/prefix_length

Examples:

  • Correct: 10.0.1.0/24
  • Incorrect: 10.0.1.0/24.0, 10.0.1/24, 10.0.1.0-24

Gateway Outside CIDR Range: Gateway IP must fall within the specified subnet range.

  • CIDR: 10.0.1.0/24
  • Valid gateway: 10.0.1.1 (within range)
  • Invalid gateway: 10.0.2.1 (different network)

Instances Not Receiving IP Addresses

Symptom: Instances boot without network configuration

Troubleshooting Steps:

Verify DHCP Enabled:

1openstack subnet show your-subnet | grep dhcp

Should show enable_dhcp | True

Check Network Status: Ensure the network is active:

1openstack network show your-network

Status should be "ACTIVE"

Review Allocation Pools: Verify available addresses remain in allocation pools. If all addresses are consumed, expand the pool or delete unused ports.

Restart Instance: After enabling DHCP or modifying subnet configuration, restart instances:

1openstack server reboot your-instance

Cannot Delete Subnet

Symptom: Deletion fails with error message

Resolution Steps:

Remove Router Interfaces:

1openstack router remove subnet your-router your-subnet

Delete Ports: List ports on the subnet:

1openstack port list --network your-network

Delete each port:

1openstack port delete port-id

Note: You cannot delete ports attached to running instances. Stop or delete instances first.

Check Load Balancers: If using load balancing services, remove load balancer members and pools associated with the subnet before deletion.

Gateway Not Responding

Symptom: Instances cannot reach gateway or external networks

Troubleshooting:

Verify Router Connection: Check router has interface on the subnet:

1openstack router show your-router

Add interface if missing:

1openstack router add subnet your-router your-subnet

Check Router External Gateway: For internet access, router needs external gateway:

1openstack router show your-router | grep external_gateway

Set external gateway if needed:

1openstack router set --external-gateway external-network your-router

Review Security Groups: Ensure security groups allow traffic:

  • Egress rules for outbound connectivity
  • Ingress rules for return traffic

Verify Routing Table: Inside an instance, check routing:

1ip route show

Default route should point to subnet gateway.

Best Practices

Subnet Design

Plan Address Space:

  • Document your IP allocation scheme before implementation
  • Use consistent sizing within security zones or functions
  • Leave room for future growth

Segment by Function:

  • Separate web, application, and database tiers
  • Isolate management networks
  • Create dedicated storage networks when needed

Use Meaningful Names:

  • Include network function: web-tier-subnet
  • Reference CIDR: prod-10-0-1-0-24
  • Indicate environment: dev-app-subnet

Security Considerations

Principle of Least Privilege:

  • Restrict allocation pools to only required ranges
  • Use security groups to control traffic between subnets
  • Isolate sensitive data in separate subnets

DNS Configuration:

  • Use internal DNS servers for private name resolution
  • Configure public DNS as fallback
  • Document DNS server purposes and ownership

Regular Audits:

  • Review subnet utilization periodically
  • Remove unused subnets to reduce complexity
  • Monitor for IP address exhaustion

Operational Excellence

Document Configuration:

  • Maintain records of CIDR assignments
  • Document gateway IPs and routing decisions
  • Track which applications use which subnets

Use Consistent Patterns:

  • Apply standard allocation pool strategies
  • Use consistent gateway addresses (first or last in range)
  • Standardize DNS server configuration across similar subnets

Automate When Possible:

  • Use CLI or API for repeatable deployments
  • Script subnet creation for new environments
  • Integrate with infrastructure-as-code tools (Terraform, Ansible)

Monitor Utilization:

  • Track IP address consumption
  • Set alerts for subnets approaching capacity
  • Plan expansion before exhaustion

Summary

Subnet configuration forms the foundation of network architecture in OpenStack. Through the Horizon dashboard or CLI, you can create subnets with precisely tuned CIDR ranges, DHCP settings, allocation pools, and routing parameters. Proper subnet design balances capacity planning, security requirements, and operational simplicity.

Start with clear address space planning, use private IP ranges appropriately sized for your workload, and organize subnets by function or environment. Enable DHCP for automatic configuration, specify DNS servers for name resolution, and configure allocation pools to reserve addresses for static assignment. Connect subnets to routers for inter-network communication and apply security groups to control traffic flow.

Regular monitoring and documentation ensure your subnet architecture scales with your infrastructure while maintaining security and manageability.