Skip to main content

OpenStack Neutron

OpenStack Neutron is the OpenStack project that provides programmable virtual networking services (cloud networking) for other OpenStack components, primarily OpenStack Compute.

  • Core networking abstraction and Application Programming Interface (API) for creating and managing networks, subnets, and ports (cloud networking)
  • Support for multiple network backends and plugins, including Software Defined Networking (SDN) controllers and vendor drivers (SDN / network integration)
  • Provisioning of L3 routing, Network Address Translation (NAT), and floating Intrusion Prevention System (IPS) for tenant networks (virtual routing)
  • Security groups, firewalling constructs, and network isolation for tenant traffic (network security)
  • Integration with other OpenStack services such as Nova and Keystone to deliver multi-tenant, self-service networking (cloud infrastructure orchestration)

More About OpenStack Neutron

OpenStack Neutron is the networking service within the OpenStack cloud platform (cloud networking). It provides an API for users and administrators to define and operate networking resources that connect compute instances, services, and external networks in an OpenStack deployment.

The primary problem space for Neutron is multi-tenant virtual networking in private and public clouds (cloud infrastructure). It introduces abstractions such as networks, subnets, and ports that map to Layer 2 and Layer 3 constructs. Through these abstractions, Neutron enables operators and tenants to create isolated tenant networks, attach virtual machines to those networks, and manage IP addressing and connectivity policies in a programmable way.

Neutron supports an extensible plugin and driver architecture (platform extensibility). Different backends can implement the Neutron API, including software switches, SDN controllers, and hardware-based solutions, depending on the deployment’s requirements. The core services typically include Layer 2 networking, Dynamic Host Configuration Protocol (DHCP) services for IP assignment, and Layer 3 routing with NAT and floating IPS that allow instances on private networks to reach or be reached from external networks.

Security and isolation are provided through constructs such as security groups and network segmentation (network security). Security groups apply rules to instance ports to control ingress and egress traffic. Network segmentation is usually implemented with VLANs, Virtual Extensible LAN (VXLAN), or Generic Routing Encapsulation (GRE) tunnels, as supported by the chosen backend. These features support tenant isolation and policy-based traffic control in multi-tenant environments.

In enterprise deployments, Neutron integrates with other OpenStack components such as Nova (compute), Keystone (identity), and Horizon (dashboard) to support self-service networking workflows (cloud infrastructure orchestration). Tenants can create networks, subnets, routers, and security groups through APIs or the web dashboard, while operators manage the underlying physical and virtual network infrastructure. This model supports on-premises (on-prem) private clouds, hosted private clouds, and service provider environments.

From an architectural perspective, Neutron typically runs as a set of services including the Neutron server (API service), various agents for L2, L3, DHCP, and metadata, and optional agents or drivers for load balancing, Virtual Private Network (VPN), or other network services when available (network services). The Neutron database stores networking state, and the message queue coordinates operations among services. This architecture allows Neutron to be distributed across multiple controller and network nodes for scalability and fault tolerance.

In a technical taxonomy, OpenStack Neutron fits in the categories of cloud networking, virtual network management, and SDN integration (cloud networking / SDN). It functions as the central networking control plane for OpenStack-based clouds, providing the abstractions and APIs that enable automated, multi-tenant virtual networks on top of diverse physical and virtual network infrastructures.