To make sure that the external network works properly you have to configure the bridge as explained in the post Configure the external bridge
To create an external network we need to connect as admin. This is not a task allowed for non admin users.
source keystonerc_admin
The first step is create the external network called all-external that will be shared to all the tenants but not editable. This is accomplished setting the tenant owner as services. The –router:external=True is used to specify that this network is an external network instead of an isolated tenant network.
neutron net-create --tenant-id services all-external --router:external=True --shared
Now you have to create the subnet called all-external-sub1 that will allow the IPs from 192.168.3.150 to 199 to be used as floating IPs for instances. DHCP is disabled to avoid issues with other DHCP servers that you can already have in your external network.
neutron subnet-create --name all-external-sub1 --tenant-id services all-external 192.168.3.0/24 --disable-dhcp --allocation-pool start=192.168.3.150,end=192.168.3.199
The last step is to set up this new network as a gateway for the internal network that was created in the other post Neutron: create a tenant private network
neutron router-gateway-set t1-router1 all-external
Now all instances that you assign a floating IP will be able to be reachable from outside the internal network (if the security group allows it).
OpenStack Administration 