Skip to main content
IMHCloud Logo
Back to support home

Managing Instance Network Interfaces in OpenStack

NetworkingCompute

Introduction

Network interfaces control how your OpenStack instances connect to networks. Each interface acts as a virtual network adapter that can connect to different networks, enabling you to build flexible network architectures. Whether you need to add a new interface for isolated traffic, replace a failed connection, or reconfigure networking after deployment, understanding interface management is essential for maintaining reliable cloud infrastructure.

This guide covers attaching and detaching network interfaces, configuring multiple networks per instance, and resolving common connectivity issues in OpenStack environments.

Understanding Network Interfaces in OpenStack

A network interface (also called a port in OpenStack Neutron terminology) represents a connection point between an instance and a network. Each interface has:

  • A unique MAC address
  • One or more IP addresses from the connected network
  • Security group rules that control traffic
  • A connection to a specific network or subnet

Instances can have multiple interfaces attached simultaneously, allowing them to communicate on different networks. This capability supports use cases like separating management traffic from application traffic or connecting instances across multiple availability zones.

Prerequisites

Before managing network interfaces, ensure you have:

  • Access to OpenStack Horizon dashboard or CLI tools
  • Appropriate permissions to manage instances and networks
  • Existing networks and subnets configured
  • Understanding of your instance's current network configuration

How to Manage Network Interfaces in Horizon Dashboard

Viewing Current Interfaces

  1. Navigate to Project > Compute > Instances
  2. Click on the instance name to view details
  3. Select the Interfaces tab
  4. Review attached interfaces showing:
  • Network name
  • IP addresses
  • MAC addresses
  • Port status

Attaching a Network Interface

  1. Navigate to Project > Compute > Instances
  2. Click the dropdown menu for your instance
  3. Select Attach Interface
  4. Choose the target network from the dropdown
  5. Optional: Specify a fixed IP address or leave blank for automatic assignment
  6. Click Attach Interface

The interface attaches within seconds, but the instance's operating system may require additional configuration to activate it.

Configuring the Interface Inside the Instance:

After attaching an interface through Horizon, configure it within the instance's operating system.

For Linux instances:

  1. SSH into the instance
  2. Identify the new interface:
1ip link show
  1. Configure the interface with DHCP:
1sudo dhclient <interface-name>
  1. For persistent configuration on Ubuntu/Debian, edit /etc/netplan/ configuration:
1network:
2  version: 2
3  ethernets:
4    ens4:
5      dhcp4: true
  1. Apply changes:
1sudo netplan apply

For CentOS/RHEL instances:

Create a configuration file at /etc/sysconfig/network-scripts/ifcfg-<interface-name>:

1DEVICE=eth1
2BOOTPROTO=dhcp
3ONBOOT=yes
4TYPE=Ethernet

Activate the interface:

1sudo ifup <interface-name>

For Windows instances:

  1. Access the instance via console or RDP
  2. Open Network and Sharing Center
  3. Click Change adapter settings
  4. Right-click the new adapter
  5. Select Properties > Internet Protocol Version 4 (TCP/IPv4)
  6. Configure to obtain IP address automatically or set static IP

Detaching a Network Interface

  1. Navigate to Project > Compute > Instances
  2. Click on the instance name
  3. Go to the Interfaces tab
  4. Click Detach Interface next to the interface you want to remove
  5. Confirm the action

Important: You cannot detach the primary network interface (the one created with the instance). At least one interface must remain attached.

How to Manage Network Interfaces Using OpenStack CLI

Viewing Current Interfaces

  1. List all interfaces attached to an instance:
1openstack server show <instance-name-or-id> -c addresses
  1. For detailed port information:
1openstack port list --server <instance-name-or-id>
  1. View specific port details:
1openstack port show <port-id>

Attaching a Network Interface

  1. Attach an interface and let OpenStack assign an IP automatically:
1openstack server add port <instance-name-or-id> <port-id>
  1. Or create a new port and attach it in one step:
1openstack server add network <instance-name-or-id> <network-name-or-id>
  1. Attach with a specific IP address:
1openstack port create --network <network-id> --fixed-ip subnet=<subnet-id>,ip-address=<ip-address> <port-name>
2openstack server add port <instance-name-or-id> <port-id>

Configuring the Interface Inside the Instance:

After attaching an interface through the CLI, configure it within the instance's operating system using the same steps described in the Horizon section above.

Detaching a Network Interface

  1. Remove an interface by port ID:
1openstack server remove port <instance-name-or-id> <port-id>
  1. After detaching, the port remains available for reuse unless you explicitly delete it:
1openstack port delete <port-id>

Important: You cannot detach the primary network interface. At least one interface must remain attached.

Configuring Multiple Networks

Multiple network interfaces enable advanced networking configurations like:

  • Separating public and private traffic
  • Isolating storage or backup networks
  • Connecting to multiple tenant networks
  • Implementing network segmentation for security

Common Multi-Network Patterns

Pattern 1: Public and Private Networks

  • Interface 1: Public network for external access
  • Interface 2: Private network for internal services and databases

Pattern 2: Three-Tier Architecture

  • Interface 1: Web tier network (public-facing)
  • Interface 2: Application tier network (internal)
  • Interface 3: Database tier network (isolated)

Pattern 3: Management Separation

  • Interface 1: Production network
  • Interface 2: Management network for monitoring and administration

Routing Configuration for Multiple Interfaces

When using multiple interfaces, configure routing to ensure traffic flows through the correct interface.

View current routing table:

1ip route show

Add a specific route through a particular interface:

1sudo ip route add <destination-network> via <gateway-ip> dev <interface-name>

Set up policy-based routing for source-based traffic steering:

1sudo ip rule add from <source-network> table <table-number>
2sudo ip route add default via <gateway-ip> dev <interface-name> table <table-number>

Make routing changes persistent by adding them to network configuration files or using network management tools like systemd-networkd.

Security Groups and Network Interfaces

Each interface inherits security group rules that control allowed traffic. When attaching a new interface, verify security group assignments to prevent connectivity issues.

Viewing Security Groups for an Interface

1openstack port show <port-id> -c security_group_ids

Modifying Security Groups

Update security groups for a port:

1openstack port set --security-group <security-group-id> <port-id>

Add an additional security group without replacing existing ones:

1openstack port set --security-group <existing-group-id> --security-group <new-group-id> <port-id>

Common Security Group Configurations

Allow SSH access:

1openstack security group rule create --protocol tcp --dst-port 22 <security-group-id>

Allow HTTP/HTTPS:

1openstack security group rule create --protocol tcp --dst-port 80 <security-group-id>
2openstack security group rule create --protocol tcp --dst-port 443 <security-group-id>

Allow all traffic within a network:

1openstack security group rule create --remote-ip <subnet-cidr> <security-group-id>

Troubleshooting Network Interface Issues

Interface Attached but Not Working

Symptoms: Interface shows as attached in OpenStack but traffic fails.

Resolution steps:

  1. Verify the interface status in OpenStack:
1openstack port show <port-id> -c status

The status should be "ACTIVE". If "DOWN", check the instance state and network connectivity.

  1. Check if the interface is configured in the operating system:
1ip addr show

If missing, configure the interface manually as described in the configuration section.

  1. Verify security group rules allow the required traffic
  2. Check routing table to ensure traffic routes through the correct interface
  3. Test connectivity from both directions if applicable

IP Address Conflicts

Symptoms: Interface configured but connectivity intermittent or failing.

Resolution:

  1. Verify no duplicate IP addresses exist on the network:
1openstack port list --fixed-ip ip-address=<ip-address>
  1. If conflicts exist, detach the interface and reattach with a different IP:
1openstack server remove port <instance-id> <port-id>
2openstack port create --network <network-id> --fixed-ip subnet=<subnet-id>,ip-address=<new-ip> <new-port-name>
3openstack server add port <instance-id> <new-port-id>

DHCP Not Assigning IP Address

Symptoms: Interface attached but no IP address assigned via DHCP.

Resolution:

  1. Verify DHCP is enabled on the subnet:
1openstack subnet show <subnet-id> -c enable_dhcp
  1. Check if DHCP agent is running:
1openstack network agent list --agent-type dhcp
  1. Manually trigger DHCP renewal in the instance:
1sudo dhclient -r <interface-name>
2sudo dhclient <interface-name>
  1. If DHCP consistently fails, assign a static IP address from the subnet's allocation pool

Cannot Detach Interface

Symptoms: Detach operation fails or is not allowed.

Common causes:

  1. Attempting to detach the primary interface (not permitted)
  2. Port has a floating IP associated

Resolution:

First, check if a floating IP is attached:

1openstack floating ip list --port <port-id>

If found, disassociate it:

1openstack server remove floating ip <instance-id> <floating-ip>

Then retry the detach operation.

Performance Issues with Multiple Interfaces

Symptoms: Network performance degrades when multiple interfaces are active.

Possible causes:

  1. Routing loops or misconfigured routing tables
  2. MTU mismatches between networks
  3. Insufficient instance resources (CPU, network bandwidth)

Resolution:

  1. Verify routing table has no conflicting routes:
1ip route show
  1. Check MTU settings on all interfaces:
1ip link show

Adjust if needed:

1sudo ip link set dev <interface-name> mtu <mtu-size>
  1. Monitor instance resource usage:
1top
2iftop -i <interface-name>
  1. Consider upgrading instance flavor if resources are constrained

Best Practices

Plan network architecture before deployment: Define which networks each instance needs access to before creating instances. This reduces the need for post-deployment interface changes.

Use meaningful port names: When creating ports manually, use descriptive names that indicate their purpose (e.g., web-server-public, db-backup-network).

Document interface assignments: Maintain records of which interface connects to which network, especially in complex multi-network environments.

Test connectivity after changes: After attaching or detaching interfaces, verify connectivity from both the instance and external sources.

Automate configuration with cloud-init: Use cloud-init scripts to configure network interfaces automatically when instances launch, reducing manual configuration errors.

Apply security groups carefully: Review security group rules before attaching interfaces to prevent unintended exposure or blocked traffic.

Monitor interface status: Set up monitoring to alert on interface state changes or connectivity issues.

Use network namespaces for isolation: In advanced scenarios, consider using Linux network namespaces to isolate traffic between interfaces within the same instance.

Advanced Scenarios

Hot-Plugging Network Interfaces

OpenStack supports attaching and detaching interfaces while instances are running (hot-plugging). However, the instance's operating system must support hot-plug detection.

Modern Linux distributions with systemd automatically detect new interfaces. For older systems or custom configurations, you may need to manually trigger interface detection:

1sudo echo 1 > /sys/class/net/<interface-name>/device/rescan

Using Allowed Address Pairs

Allowed address pairs enable an interface to send and receive traffic for IP addresses beyond its assigned IP. This is useful for:

  • High availability configurations with virtual IPs
  • Network appliances that proxy traffic
  • Complex routing scenarios

Add an allowed address pair:

1openstack port set --allowed-address ip-address=<virtual-ip> <port-id>

Port Binding for Performance

Some OpenStack deployments support SR-IOV (Single Root I/O Virtualization) or hardware offload features for improved network performance. Configure port binding during port creation:

1openstack port create --network <network-id> --vnic-type direct <port-name>

Check your OpenStack administrator for available vNIC types and their requirements.

Conclusion

Managing network interfaces in OpenStack provides flexibility to adapt instance networking to changing requirements. By understanding how to attach, detach, and configure interfaces, you can build resilient network architectures that separate traffic, improve security, and support complex application topologies.

Start with single-interface configurations for simple deployments, then add interfaces as networking requirements become more sophisticated. Always test connectivity after interface changes and document your network topology for future reference.

For further assistance with OpenStack networking, consult your cloud provider's documentation or contact technical support for guidance specific to your deployment.