neutron ovs+vxlan

---

title: Neutron ovs+vxlan date: 2017-04-26 23:37 tags: Network

---

主机网卡配置

controller:
    ens160:192.168.11.101/24((management network/public/external network))
    ens192:10.0.0.1/24(private network，vxlan tunning)
compute01:
    ens160:192.168.11.102/24((management network/public/external network))
    ens192:10.0.0.2/24(private network，vxlan tunning)

controller安装配置

模拟Network 节点相关实现，比如L3、dhcp-agent实现，为了模拟多节点网络情况，这里Network同时也模拟一个计算节点，模拟M2 openvswitch 实现，上面运行instance1。

安装需要用到的包

yum install libvirt openvswitch python-virtinst xauth tigervnc qemu-* -y

移除默认的libvirt 网络，方便清晰分析网络情况

virsh net-destroy default
virsh net-autostart --disable default
virsh net-undefine default

设置允许ipforwarding

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf
sysctl -p

启动openvswitch

systemctl start openvswitch
systemctl enable openvswitch

创建一个linux bridge

brctl addbr qbr01
ip link set qbr01 up

创建一个instance，并连接到qbr01 Linux Bridge 配置文件如下

vim instance1.xml
<domain type="qemu">
  <uuid>23469de0-a3a0-4214-a60e-a45322bcc370</uuid>
  <name>instance1</name>
  <memory>524288</memory>
  <vcpu>1</vcpu>
  <sysinfo type="smbios">
    <system>
      <entry name="manufacturer">Red Hat Inc.</entry>
      <entry name="product">OpenStack Nova</entry>
      <entry name="version">2014.1.1-3.el6</entry>
      <entry name="serial">b8d4ec5f-acd6-7111-c69b-600912a079bb</entry>
      <entry name="uuid">23469de0-a3a0-4214-a60e-a45322bcc370</entry>
    </system>
  </sysinfo>
  <os>
    <type>hvm</type>
    <boot dev="hd"/>
    <smbios mode="sysinfo"/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <clock offset="utc"/>
  <cpu mode="host-model" match="exact"/>
  <devices>
    <disk type="file" device="disk">
      <driver name="qemu" type="qcow2" cache="none"/>
      <source file="/home/sdn/instance1.img"/>
      <target bus="virtio" dev="vda"/>
    </disk>
     <source bridge='qbr01'/>
      <target dev='tap01'/>
      <model type='virtio'/>
      <driver name='qemu'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type="file">
      <source path="/home/sdn/instance1.log"/>
    </serial>
    <serial type="pty"/>
    <input type="tablet" bus="usb"/>
    <graphics type="vnc" autoport="yes" keymap="en-us" listen="0.0.0.0"/>
    <video>
      <model type="cirrus"/>
    </video>
  </devices>
</domain>

启动虚拟机

mv cirros-0.3.4-x86_64-disk.img instance1.img
virsh define instance1.xml
virsh start instance1
virsh vncdisplay instance1
vncviewer :0

启动console 以后,登录添加ip 地址 172.16.10.11

sudo ip addr add 172.16.10.11/24 dev eth0
sudo route add default gw 172.16.10.1

创建一个内部bridge br-int， 模拟 OpenStack integrated bridge

ovs-vsctl add-br br-int
# gre隧道
# ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=192.168.4.202
# vxlan隧道
ovs-vsctl add-port br-int vxlan0 -- set Interface vxlan0 type=vxlan options:remote_ip=10.0.0.2 

# 创建一个veth peer，连接Linux Bridge 'qbr01' 和  OpenvSwich Bridge 'br-ini'

# 创建一个网卡对
ip link add qvo01 type veth peer name qvb01
brctl addif qbr01 qvb01
ovs-vsctl add-port br-int qvo01
ovs-vsctl set port qvo01 tag=100
ip link set qvb01 up
ip link set qvo01 up

模拟安装计算节点(compute01)

yum install libvirt openvswitch python-virtinst xauth tigervnc  qemu-*

移除libvirt 默认的网络

virsh net-destroy default
virsh net-autostart --disable default
virsh net-undefine default

设置允许ipforwarding

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf
sysctl -p

启动openvswitch

systemctl start openvswitch
systemctl enable openvswitch

创建一个linux bridge

brctl addbr qbr02
ip link set qbr02 up

创建一个vm，并连接到qbr02

cat instance2.xml 
<domain type="qemu">
  <uuid>23469de0-a3a0-4214-a60e-a45322bcc370</uuid>
  <name>instance2</name>
  <memory>524288</memory>
  <vcpu>1</vcpu>
  <sysinfo type="smbios">
    <system>
      <entry name="manufacturer">Red Hat Inc.</entry>
      <entry name="product">OpenStack Nova</entry>
      <entry name="version">2014.1.1-3.el6</entry>
      <entry name="serial">b8d4ec5f-acd6-7111-c69b-600912a079bb</entry>
      <entry name="uuid">23469de0-a3a0-4214-a60e-a45322bcc370</entry>
    </system>
  </sysinfo>
  <os>
    <type>hvm</type>
    <boot dev="hd"/>
    <smbios mode="sysinfo"/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <clock offset="utc"/>
  <cpu mode="host-model" match="exact"/>
  <devices>
    <disk type="file" device="disk">
      <driver name="qemu" type="qcow2" cache="none"/>
      <source file="/home/sdn/instance2.img"/>
      <target bus="virtio" dev="vda"/>
    </disk>
    <interface type='bridge'>
      <source bridge='qbr02'/>
      <target dev='tap02'/>
      <model type='virtio'/>
      <driver name='qemu'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type="file">
        <source path="/home/sdn/instance2.log"/>
    </serial>
    <serial type="pty"/>
    <input type="tablet" bus="usb"/>
    <graphics type="vnc" autoport="yes" keymap="en-us" listen="0.0.0.0"/>
    <video>
      <model type="cirrus"/>
    </video>
  </devices>
</domain>

virsh define instance2.xml
virsh start instance2
virsh vncdisplay instance2
vncviewer :0

启动console 以后,登录添加ip 地址 172.16.10.12

sudo ip addr add 172.16.10.12/24 dev eth0
sudo route add default gw 172.16.10.1

创建一个内部bridge br-int， 模拟 OpenStack integrated bridge

ovs-vsctl add-br br-int
# ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=192.168.4.201
ovs-vsctl add-port br-int vxlan0 -- set Interface vxlan0 type=vxlan options:remote_ip=10.0.0.1

创建一个veth peer，连接Linux Bridge 'qbr02' 和 OpenvSwich Bridge 'br-ini'

ip link add qvo02 type veth peer name qvb02
brctl addif qbr02 qvb02
ovs-vsctl add-port br-int qvo02
ovs-vsctl set port qvo02 tag=100
ip link set qvb02 up
ip link set qvo02 up

检查是否能连通instance1，在instance2的控制台

# 结果是能ping通的
ping 172.16.10.11

##通过 Network Namespace 实现租户私有网络互访 (在控制节点) 添加一个namespace，dhcp01用于隔离租户网络。

ip netns add dhcp01

为私有网络172.16.10.0/24 ，在命名空间dhcp01 中 创建dhcp 服务

ovs-vsctl add-port br-int tapdhcp01 -- set interface tapdhcp01 type=internal
ovs-vsctl set port tapdhcp01 tag=100
# 把br-int 上的tapdhcp01上的port连接到dhcp01 命名空间中
ip link set tapdhcp01 netns dhcp01
# 为dhcp01命名空间上的tapdhcp01端口分配一个  172.16.10.2/24的ip地址 
ip netns exec dhcp01 ip addr add 172.16.10.2/24 dev tapdhcp01
ip netns exec dhcp01 ip link set tapdhcp01 up

检查网络是否连通，在namespace 访问instance1 和 instance2

ip netns exec dhcp01 ping 172.16.10.12
ip netns exec dhcp01 ping 172.16.10.11

##通过 Network Namespace 和Iptables 实现L3 router

ovs-vsctl add-br br-ex

重新配置 ens160 和 br-ex

vim /etc/sysconfig/network-scripts/ifcfg-ens160

DEVICE=ens160
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes

vi /etc/sysconfig/network-scripts/ifcfg-br-ex

DEVICE=br-ex
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.11.101
NETMASK=255.255.255.0
GATEWAY=192.168.11.1
DNS1=218.2.2.2

重启启动网络服务

ovs-vsctl add-port br-ex ens160 && systemctl restart network

检查网络，配置后是否连通

ping 192.168.11.1

添加一个namespace，router01 用于路由和floating ip 分配

ip netns add router01

在br-int添加一个接口，作为私有网络172.16.10.0/24的网关

ovs-vsctl add-port br-int qr01 -- set interface qr01 type=internal
ovs-vsctl set port qr01 tag=100
ip link set qr01 netns router01
ip netns exec router01 ip addr add 172.16.10.1/24 dev qr01
ip netns exec router01 ip link set qr01 up
ip netns exec router01 ip link set lo up

在br-ex中添加一个接口，用于私网172.16.10.0/24设置下一跳地址

ovs-vsctl add-port br-ex qg01 -- set interface qg01  type=internal
ip link set qg01  netns router01
ip netns exec router01 ip addr add 192.168.11.200/24 dev qg01 
ip netns exec router01 ip link set qg01 up
ip netns exec router01 ip link set lo up

模拟分配floating ip 访问instance1

为instance1 172.16.10.11 分配floating ip，192.168.11.201

ip netns exec router01 ip addr add 192.168.11.201/32 dev qg01 
ip netns exec router01  iptables -t nat -A OUTPUT -d 192.168.11.201/32  -j DNAT --to-destination 172.16.10.11
ip netns exec router01  iptables -t nat -A PREROUTING -d 192.168.11.201/32 -j DNAT --to-destination 172.16.10.11
ip netns exec router01  iptables -t nat -A POSTROUTING -s 172.16.10.11/32 -j SNAT --to-source 192.168.11.201
ip netns exec router01  iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -j SNAT --to-source 192.168.11.200

################# 测试floating ip

ping 192.168.11.201

如果需要清除nat chain

iptables -t nat -F

<!-- 
ip netns exec router01 iptables -t nat -A OUTPUT -d 192.168.2.102/32 -j DNAT --to-destination 192.168.10.11
ip netns exec router01 iptables -t nat -A PREROUTING -d 192.168.2.102/32 -j DNAT --to-destination 192.168.10.11
ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.10.11/32 -j SNAT --to-source 192.168.2.102

ip netns exec router01 ip addr add 192.168.2.103/32 dev qg01
ip netns exec router01 iptables -t nat -A OUTPUT -d 192.168.2.103/32 -j DNAT --to-destination 192.168.10.11
ip netns exec router01 iptables -t nat -A PREROUTING -d 192.168.2.103/32 -j DNAT --to-destination 192.168.10.11
ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.10.11/32 -j SNAT --to-source 192.168.2.103

ip netns exec router01 route add default gw 192.168.2.1
ip netns exec router01 route -n -->