The configuration of dedicated networks is distributed across all environments and the inventory and is summarized here.

Not necessarily all of these networks have to be separate physical or VLAN networks. Only the external network defined by the host specific variable neutron_external_interface should be a dedicated physical or VLAN network.

The following networks are used:

Management / Console

The management or console network is used to access all nodes via SSH. It is also used by some infrastructure and helper services like phpMyAdmin or the web interface for ARA.

This network is defined by console_interface in the host specific variable file like so:


The internal network is used for communication between services located on different hosts. It is also used for traffic that has no dedicated network. Ansible playbooks also use this network to access target hosts.


The monitoring network normally shares the internal network. A separate network for monitoring services related traffic can be configured at environments/monitorning/configuration.yml.


Traffic between guest virtual machines on different compute nodes or between layer 3 networking components such as virtual routers are usually routed through VXLAN or GRE tunnels on the tunnel network.


Live migration of instances is performed over this network.

External API

External API endpoints are accessible on the external API network. This network is reachable by consumers of the cloud services.


The external network connects virtual machines to the outside world.


This network is used for accessing Loadbalancer as a Service public endpoints.

Storage Frontend

The storage frontend network is the connection between ceph nodes and all other hosts which need access to storage services.

Storage Backend

The storage backend network is the internal connection between ceph nodes.

