zoukankan      html  css  js  c++  java

  • OVN学习(一)

    参考文档

    OVN学习系列参考博文

    部署OVN实验环境

    网络拓扑

    ### Central节点
# cat ifcfg-ens3
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=ens3
DEVICE=ens3
ONBOOT=yes
IPADDR=92.0.0.12
PREFIX=24
# cat ifcfg-ens4
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=ens4
DEVICE=ens4
ONBOOT=yes
IPADDR=192.168.200.12
PREFIX=24
GATEWAY=192.168.200.1
DNS1=114.114.114.114

### Node节点
# cat ifcfg-ens3
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=ens3
DEVICE=ens3
ONBOOT=yes
IPADDR=92.0.0.13
PREFIX=24
# cat ifcfg-ens4
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=ens4
DEVICE=ens4
ONBOOT=yes
IPADDR=192.168.200.13
PREFIX=24
GATEWAY=192.168.200.1
DNS1=114.114.114.114

    安装软件包

    ### Central节点
# yum install -y firewalld-filesystem net-tools
# rpm -ivh openvswitch-kmod-2.8.0-1.el7.centos.x86_64.rpm openvswitch-2.8.0-1.el7.centos.x86_64.rpm openvswitch-ovn-common-2.8.0-1.el7.centos.x86_64.rpm
### 安装控制层
# rpm -ivh openvswitch-ovn-central-2.8.0-1.el7.centos.x86_64.rpm
### 安装数据层
# rpm -ivh openvswitch-ovn-host-2.8.0-1.el7.centos.x86_64.rpm
# systemctl enable ovn-northd openvswitch ovn-controller
# systemctl start ovn-northd openvswitch ovn-controller
# reboot

### Node节点
# yum install -y firewalld-filesystem net-tools
# rpm -ivh openvswitch-kmod-2.8.0-1.el7.centos.x86_64.rpm openvswitch-2.8.0-1.el7.centos.x86_64.rpm openvswitch-ovn-common-2.8.0-1.el7.centos.x86_64.rpm
### 安装数据层
# rpm -ivh openvswitch-ovn-host-2.8.0-1.el7.centos.x86_64.rpm
# systemctl enable openvswitch ovn-controller
# reboot

    配置OVN

    ### Central节点
# ovn-nbctl set-connection ptcp:6641:92.0.0.12
# ovn-sbctl set-connection ptcp:6642:92.0.0.12
# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 92.0.0.12:6641          0.0.0.0:*               LISTEN      817/ovsdb-server
tcp        0      0 92.0.0.12:6642          0.0.0.0:*               LISTEN      857/ovsdb-server
# ovs-vsctl set open . external-ids:ovn-remote=tcp:92.0.0.12:6642
# ovs-vsctl set open . external-ids:ovn-encap-type=geneve
# ovs-vsctl set open . external-ids:ovn-encap-ip=92.0.0.12
# netstat -antp | grep ovn-controller
tcp        0      0 92.0.0.12:57350         92.0.0.12:6642          ESTABLISHED 815/ovn-controller

### Node节点
# ovs-vsctl set open . external-ids:ovn-remote=tcp:92.0.0.12:6642
# ovs-vsctl set open . external-ids:ovn-encap-type=geneve
# ovs-vsctl set open . external-ids:ovn-encap-ip=92.0.0.13
# netstat -antp | grep ovn-controller
tcp        0      0 92.0.0.13:40096         92.0.0.12:6642          ESTABLISHED 807/ovn-controller

    L2网络

    定义逻辑网络

    创建一个逻辑交换机,然后添加两个交换机端口,并为端口设置物理地址

    ### Central节点
# $FQDN|md5sum|sed 's/^(..)(..)(..)(..)(..).*$/02:1:2:3:4:5/'
02:d4:1d:8c:d9:8f
### Node节点
# $FQDN|md5sum|sed 's/^(..)(..)(..)(..)(..).*$/02:1:2:3:4:5/'
02:d4:1d:8c:d9:8e

### Central节点
# ovn-nbctl ls-add ls1
# ovn-nbctl lsp-add ls1 ls1-vm1
# ovn-nbctl lsp-set-addresses ls1-vm1 02:d4:1d:8c:d9:8f
# ovn-nbctl lsp-set-port-security ls1-vm1 02:d4:1d:8c:d9:8f
# ovn-nbctl lsp-add ls1 ls1-vm2
# ovn-nbctl lsp-set-addresses ls1-vm2 02:d4:1d:8c:d9:8e
# ovn-nbctl lsp-set-port-security ls1-vm2 02:d4:1d:8c:d9:8e

    伪造虚拟机

    创建网络命名空间,并在br-int上添加端口,然后将端口添加到命名空间,最后通过设置端口的MAC地址和网卡名完成和交换机端口的映射

    ### Central节点
# ip netns add vm1
# ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal
# ip link set vm1 netns vm1
# ip netns exec vm1 ip link set vm1 address 02:d4:1d:8c:d9:8f
# ip netns exec vm1 ip addr add 172.16.255.11/24 dev vm1
# ip netns exec vm1 ip link set vm1 up
# ovs-vsctl set Interface vm1 external_ids:iface-id=ls1-vm1
# ip netns exec vm1 ip addr show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: vm1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 02:d4:1d:8c:d9:8f brd ff:ff:ff:ff:ff:ff
    inet 172.16.255.11/24 scope global vm1
       valid_lft forever preferred_lft forever
    inet6 fe80::d4:1dff:fe8c:d98f/64 scope link
       valid_lft forever preferred_lft forever

### Node节点
# ip netns add vm2
# ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal
# ip link set vm2 netns vm2
# ip netns exec vm2 ip link set vm2 address 02:d4:1d:8c:d9:8e
# ip netns exec vm2 ip addr add 172.16.255.22/24 dev vm2
# ip netns exec vm2 ip link set vm2 up
# ovs-vsctl set Interface vm2 external_ids:iface-id=ls1-vm2
# ip netns exec vm2 ip addr show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: vm2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 02:d4:1d:8c:d9:8e brd ff:ff:ff:ff:ff:ff
    inet 172.16.255.22/24 scope global vm2
       valid_lft forever preferred_lft forever
    inet6 fe80::d4:1dff:fe8c:d98e/64 scope link
       valid_lft forever preferred_lft forever

    测试

    ### Central节点
# ovn-sbctl show
Chassis "8bd09faf-5ba2-49ad-931b-11155ff3ab00"
    hostname: localhost
    Encap geneve
        ip: "92.0.0.12"
        options: {csum="true"}
    Port_Binding "ls1-vm1"
Chassis "303ab2d5-3525-4550-b17f-781faa70ab4a"
    hostname: localhost
    Encap geneve
        ip: "92.0.0.13"
        options: {csum="true"}
    Port_Binding "ls1-vm2"

# ip netns exec vm1 ping -c 2 172.16.255.22
PING 172.16.255.22 (172.16.255.22) 56(84) bytes of data.
64 bytes from 172.16.255.22: icmp_seq=1 ttl=64 time=0.507 ms
64 bytes from 172.16.255.22: icmp_seq=2 ttl=64 time=0.448 ms

--- 172.16.255.22 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.448/0.477/0.507/0.036 ms

    新增伪造虚拟机

    ### Central节点
# ovn-nbctl lsp-add ls1 ls1-vm3
# ovn-nbctl lsp-set-addresses ls1-vm3 02:d4:1d:8c:d9:8d
# ovn-nbctl lsp-set-port-security ls1-vm3 02:d4:1d:8c:d9:8d
# ovn-nbctl show
switch 5e62ba49-df50-40f0-b778-8e56a7f8cefe (ls1)
    port ls1-vm3
        addresses: ["02:d4:1d:8c:d9:8d"]
    port ls1-vm2
        addresses: ["02:d4:1d:8c:d9:8e"]
    port ls1-vm1
        addresses: ["02:d4:1d:8c:d9:8f"]

### Node节点
# ip netns add vm3
# ovs-vsctl add-port br-int vm3 -- set interface vm3 type=internal
# ip link set vm3 netns vm3
# ip netns exec vm3 ip link set vm3 address  02:d4:1d:8c:d9:8d
# ip netns exec vm3 ip addr add 172.16.255.33/24 dev vm3
# ip netns exec vm3 ip link set vm3 up
# ovs-vsctl set Interface vm3 external_ids:iface-id=ls1-vm3
# ip netns exec vm3 ip addr show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: vm3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 02:d4:1d:8c:d9:8d brd ff:ff:ff:ff:ff:ff
    inet 172.16.255.33/24 scope global vm3
       valid_lft forever preferred_lft forever
    inet6 fe80::d4:1dff:fe8c:d98d/64 scope link
       valid_lft forever preferred_lft forever

# ip netns exec vm3 ping -c 2 172.16.255.22
PING 172.16.255.22 (172.16.255.22) 56(84) bytes of data.
64 bytes from 172.16.255.22: icmp_seq=1 ttl=64 time=0.584 ms
64 bytes from 172.16.255.22: icmp_seq=2 ttl=64 time=0.060 ms

--- 172.16.255.22 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.060/0.322/0.584/0.262 ms

### Central节点
# ovn-sbctl show
Chassis "8bd09faf-5ba2-49ad-931b-11155ff3ab00"
    hostname: localhost
    Encap geneve
        ip: "92.0.0.12"
        options: {csum="true"}
    Port_Binding "ls1-vm1"
Chassis "303ab2d5-3525-4550-b17f-781faa70ab4a"
    hostname: localhost
    Encap geneve
        ip: "92.0.0.13"
        options: {csum="true"}
    Port_Binding "ls1-vm3"
    Port_Binding "ls1-vm2"
  • 相关阅读:
    基本排序算法分析
    Linux内核浅谈
    Linux内核浅谈
    Linux内核浅谈
    淘宝架构技术的演变
    淘宝架构技术的演变
    淘宝架构技术的演变
    中间件小结
    中间件小结
    中间件小结
  • 原文地址:https://www.cnblogs.com/silvermagic/p/7666111.html
Copyright © 2011-2022 走看看