4.网络创建
Allocate the floating pools (external networks)
NETNAME=vlannet EXTNET=floating-198-18-0 VLAN=100 neutron net-create --provider:network_type vlan --provider:physical_network=$NETNAME \ --router:external true --provider:segmentation_id $VLAN ${EXTNET} NID=$(neutron net-external-list -f csv | grep $EXTNET | cut -d ',' -f 1 | sed 's/"//g') neutron subnet-create --allocation-pool start=198.18.1.0,end=198.18.14.255 --ip-version 4 --gateway 198.18.0.1 \ --disable-dhcp --name $EXTNET --dns-nameserver 8.8.8.8 $NID 198.18.0.0/20 EXTNET=floating-198-18-16 VLAN=101 neutron net-create --provider:network_type vlan --provider:physical_network=$NETNAME \ --router:external true --provider:segmentation_id $VLAN ${EXTNET} NID=$(neutron net-external-list -f csv | grep $EXTNET | cut -d ',' -f 1 | sed 's/"//g') neutron subnet-create --allocation-pool start=198.18.17.0,end=198.18.30.255 --ip-version 4 --gateway 198.18.16.1 \ --disable-dhcp --name $EXTNET --dns-nameserver 8.8.8.8 $NID 198.18.16.0/20 neutron net-external-list +--------------------------------------+---------------------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------------+-----------------------------------------------------+ | f79385f6-e878-4450-9ed9-e906f6985149 | floating-198-18-0 | 7b9a75c2-fbbc-455b-9aa7-1a1bf286571e 198.18.0.0/20 | | 97d1c4c7-c5a2-4399-9d12-cf9bf6bef739 | floating-198-18-16 | 3af17d23-8229-4022-a49f-f8b41939adc9 198.18.16.0/20 | +--------------------------------------+---------------------+-----------------------------------------------------+
Allocate the flat pools (to attach VMs without NAT)
NETNAME=vlannet EXTNET=flat-198-19-1 VLAN=200 neutron net-create ${EXTNET} --provider:network_type vlan --provider:physical_network=$NETNAME \ --router:external false --provider:segmentation_id $VLAN --shared NID=$(neutron net-list -f csv | grep $EXTNET | cut -d ',' -f 1 | sed 's/"//g') neutron subnet-create --allocation-pool start=198.19.1.100,end=198.19.1.199 --ip-version 4 \ --no-gateway --host-route destination=0.0.0.0/0,nexthop=198.19.1.1 \ --enable-dhcp --name $EXTNET --dns-nameserver 8.8.8.8 $NID 198.19.1.0/24 EXTNET=flat-198-19-2 VLAN=201 neutron net-create ${EXTNET} --provider:network_type vlan --provider:physical_network=$NETNAME \ --router:external false --provider:segmentation_id $VLAN --shared NID=$(neutron net-list -f csv | grep $EXTNET | cut -d ',' -f 1 | sed 's/"//g') neutron subnet-create --allocation-pool start=198.19.2.100,end=198.19.2.199 --ip-version 4 \ --no-gateway --host-route destination=0.0.0.0/0,nexthop=198.19.2.1 \ --enable-dhcp --name $EXTNET --dns-nameserver 8.8.8.8 $NID 198.19.2.0/24 neutron net-list
执行完以上创建floating pool和flat pool后,网络状态为:
br-int、br-vlan和br-tun的流表配置信息可以参考原文,不再详细描述
5.添加路由、网络和子网
创建第一个router和set gateway
neutron router-create r1 neutron net-external-list +--------------------------------------+---------------------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------------+-----------------------------------------------------+ | f79385f6-e878-4450-9ed9-e906f6985149 | floating-198-18-0 | 7b9a75c2-fbbc-455b-9aa7-1a1bf286571e 198.18.0.0/20 | | 97d1c4c7-c5a2-4399-9d12-cf9bf6bef739 | floating-198-18-16 | 3af17d23-8229-4022-a49f-f8b41939adc9 198.18.16.0/20 | +--------------------------------------+---------------------+-----------------------------------------------------+ neutron router-list +--------------------------------------+------+-----------------------+ | id | name | external_gateway_info | +--------------------------------------+------+-----------------------+ | 4b965826-e67d-4473-8436-a21db3955c38 | r1 | null | +--------------------------------------+------+-----------------------+ neutron router-gateway-set 4b965826-e67d-4473-8436-a21db3955c38 f79385f6-e878-4450-9ed9-e906f6985149
创建router r1和router-gateway-set与floating-198-18-0连接后,网络的配置状况为以下图:
通过上图可以看到以下信息:
1)网络节点上创建router r1命名空间,r1命名空间通过qr设备与br-int连接,并且qr设备配置localvlan 1,此localvlan只起到在br-int集成网桥的vlan隔离作用,保证与其他命名空间隔离。
2)router r1对外部网络floating-198-18-0使用的实际vlan=100,因此在neutron的vlan typedriver下br-int与br-vlan桥之间需要做vlan1和vlan100间的转换,以保证router r1对外部网络vlan100提供服务。
# on br-vlan cookie=0x0, duration=16s, table=0, n_packets=5, n_bytes=115, idle_age=1711, hard_age=65534,priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:100,NORMAL # on br-int cookie=0x0, duration=16s, table=0, n_packets=11, n_bytes=1479, idle_age=216, hard_age=65534,priority=3,in_port=1,dl_vlan=100 actions=mod_vlan_vid:1,NORMAL
创建第二个router和set gateway
创建租户网络并且挂接在r2上
neutron net-create n1 neutron subnet-create --name s1 n1 192.168.1.0/24 neutron router-interface-add r2 s1
通过创建租户网络命令可以看出:
1.租户网络对比provider网络的区别就是租户网络是由租户自己创建,并且完全是一个虚拟网络,相对于provider网络里需要配置vlan和物理网络信息等来说,租户网络完全是一种虚拟的隔离网络,并且网络隔离方式通过隧道Vxlan或GRE等协议实现,完全突破了vlan 4096的限制。
根据上图可以看出:
1.租户网络n1在br-int上创建qr设备配置localvlan 3与r2路由相连。
2.租户网络n1通过l3vxlan设备的ip建立隧道连接tunnelid 0x10001。
3.br-tun来实现vlan 3与Vxlan 0x10001隧道之间的转换。
# map vlan --> vxlan cookie=0x0, duration=33.693s, table=4, n_packets=0, n_bytes=0, idle_age=33, priority=1,tun_id=0x10001 actions=mod_vlan_vid:3,resubmit(,10) # map vxlan -> vlan (this is a flooding entry, the traffic is flooded to all nodes in the vxlan mesh) cookie=0x0, duration=33.750s, table=22, n_packets=3, n_bytes=182, idle_age=25,dl_vlan=3 actions=strip_vlan,set_tunnel:0x10001,output:2
6.在租户网络启动虚机
glance image-list +--------------------------------------+-----------------------+-------------+------------------+-----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+-----------------------+-------------+------------------+-----------+--------+ | a13badd0-28a6-4d2a-a05b-7c064b747b7e | Cirros 64 Bit | qcow2 | bare | 13167616 | active | +--------------------------------------+-----------------------+-------------+------------------+-----------+--------+ neutron net-list | grep -w n1 +--------------------------------------+---------------------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------------+------------------------------------------------------+ | 53fa05ef-9a39-4c30-825f-485bf9480388 | n1 | a107c408-08e2-4158-b75b-4ed74abc4e18 192.168.1.0/24 | +--------------------------------------+---------------------+------------------------------------------------------+ nova flavor-list +----+------------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+------------+-----------+------+-----------+------+-------+-------------+-----------+ | 30 | Cirros | 256 | 1 | 0 | | 1 | 1.0 | True | +----+------------+-----------+------+-----------+------+-------+-------------+-----------+ nova boot --image a13badd0-28a6-4d2a-a05b-7c064b747b7e --flavor Cirros --nic net-id=53fa05ef-9a39-4c30-825f-485bf9480388 testvm1
以下组件进行了配置:
网络节点:
1)neutron启动DHCP服务为tenant网络n1提供服务,DHCP服务运行在qdhcp命名空间,设置localvlan 3
计算节点:
1)在br-int上分配一个local vlan,并与vxlan tunnelid 0x10001连接。此处配置vlan 1。
2)br-tun上完成local vlan 1与vxlan tunnel id 0x10001之间的转换。
3)虚机通过linux bridge与br-int连接,安全组规则在bridge上实现。
为虚机分配floating ip
neutron net-external-list +--------------------------------------+---------------------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------------+-----------------------------------------------------+ | f79385f6-e878-4450-9ed9-e906f6985149 | floating-198-18-0 | 7b9a75c2-fbbc-455b-9aa7-1a1bf286571e 198.18.0.0/20 | | 97d1c4c7-c5a2-4399-9d12-cf9bf6bef739 | floating-198-18-16 | 3af17d23-8229-4022-a49f-f8b41939adc9 198.18.16.0/20 | +--------------------------------------+---------------------+-----------------------------------------------------+ neutron floatingip-create f79385f6-e878-4450-9ed9-e906f6985149 neutron floatingip-list +--------------------------------------+------------------+---------------------+---------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+---------+ | a0a7dea2-4461-4005-94d6-8ebcc5e5ebbf | | 198.18.0.3 | | +--------------------------------------+------------------+---------------------+---------+ nova list +--------------------------------------+---------+--------+------------+-------------+----------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+---------+--------+------------+-------------+----------------+ | 189d0c60-d6ad-4652-b61c-bea390c6c507 | testvm1 | ACTIVE | - | Running | n1=192.168.1.2 | +--------------------------------------+---------+--------+------------+-------------+----------------+ neutron port-list +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ | 11db8e63-6d88-404a-93a1-1d741568ad36 | | fa:16:3e:2b:26:f1 | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.1"} | | b4370b20-d588-4109-b681-b4f600062e2f | | fa:16:3e:b4:c8:c9 | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.3"} | | f609efc7-15a3-4928-9785-88bfcecd858c | | fa:16:3e:84:09:ff | {"subnet_id": "a107c408-08e2-4158-b75b-4ed74abc4e18", "ip_address": "192.168.1.2"} | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ neutron floatingip-associate a0a7dea2-4461-4005-94d6-8ebcc5e5ebbf f609efc7-15a3-4928-9785-88bfcecd858c
7.在FLAT网络启动虚机
nova boot --image a13badd0-28a6-4d2a-a05b-7c064b747b7e --flavor Cirros --nic net-id=<NET ID of the first flat network> testvmflat1
通过以上两部分关于Liberty网络实现的介绍文章,介绍了一些比较新的Liberty网络实现方式,此种网络实现方式与传统Openstack网络实现(基于多eth网卡)、Fuel的三网卡和四网卡网络实现方式还有些区别,在今后的项目中,计算节点和网络节点生产环境网络架构设计需要综合以上几种实现方式来借鉴。