|
ÉîÈëÀí½â Neutron -- OpenStack ÍøÂçʵÏÖ£¨1£©£ºGRE
ģʽ
¸ÅÊö
Neutron µÄÉè¼ÆÄ¿±êÊÇʵÏÖ¡°ÍøÂç¼´·þÎñ¡±£¬ÎªÁË´ïµ½ÕâһĿ±ê£¬ÔÚÉè¼ÆÉÏ×ñÑÁË»ùÓÚ¡°Èí¼þ¶¨ÒåÍøÂ硱ʵÏÖÍøÂçÐéÄ⻯µÄÔÔò£¬ÔÚʵÏÖÉϳä·ÖÀûÓÃÁË
Linux ϵͳÉϵĸ÷ÖÖÍøÂçÏà¹ØµÄ¼¼Êõ¡£
Àí½âÁË Linux ϵͳÉϵÄÕâЩ¸ÅÄÓÐÀûÓÚ¿ìËÙÀí½â Neutron µÄÔÀíºÍʵÏÖ¡£
Éæ¼°µÄ Linux ÍøÂç¼¼Êõ
bridge£ºÍøÇÅ£¬LinuxÖÐÓÃÓÚ±íʾһ¸öÄÜÁ¬½Ó²»Í¬ÍøÂçÉ豸µÄÐéÄâÉ豸£¬linuxÖд«Í³ÊµÏÖµÄÍøÇÅÀàËÆÒ»¸öhubÉ豸£¬¶øovs¹ÜÀíµÄÍøÇÅÒ»°ãÀàËƽ»»»»ú¡£
br-int£ºbridge-integration£¬×ÛºÏÍøÇÅ£¬³£ÓÃÓÚ±íʾʵÏÖÖ÷ÒªÄÚ²¿ÍøÂ繦ÄܵÄÍøÇÅ¡£
br-ex£ºbridge-external£¬ÍⲿÍøÇÅ£¬Í¨³£±íʾ¸ºÔð¸úÍⲿÍøÂçͨÐŵÄÍøÇÅ¡£
GRE£ºGeneral Routing Encapsulation£¬Ò»ÖÖͨ¹ý·â×°À´ÊµÏÖËíµÀµÄ·½Ê½¡£ÔÚopenstackÖÐÒ»°ãÊÇ»ùÓÚL3µÄgre£¬¼´original
pkt/GRE/IP/Ethernet
VETH£ºÐéÄâethernet½Ó¿Ú£¬Í¨³£ÒÔpairµÄ·½Ê½³öÏÖ£¬Ò»¶Ë·¢³öµÄÍø°ü£¬»á±»ÁíÒ»¶Ë½ÓÊÕ£¬¿ÉÒÔÐγÉÁ½¸öÍøÇÅÖ®¼äµÄͨµÀ¡£
qvb£ºneutron veth, Linux Bridge-side
qvo£ºneutron veth, OVS-side
TAPÉ豸£ºÄ£ÄâÒ»¸ö¶þ²ãµÄÍøÂçÉ豸£¬¿ÉÒÔ½ÓÊܺͷ¢ËͶþ²ãÍø°ü¡£
TUNÉ豸£ºÄ£ÄâÒ»¸öÈý²ãµÄÍøÂçÉ豸£¬¿ÉÒÔ½ÓÊܺͷ¢ËÍÈý²ãÍø°ü¡£
iptables£ºLinux Éϳ£¼ûµÄʵÏÖ°²È«²ßÂԵķÀ»ðǽÈí¼þ¡£
Vlan£ºÐéÄâ Lan£¬Í¬Ò»¸öÎïÀí Lan ÏÂÓñêǩʵÏÖ¸ôÀ룬¿ÉÓñêºÅΪ1-4094¡£
VXLAN£ºÒ»Ì×ÀûÓà UDP ÐÒé×÷Ϊµ×²ã´«ÊäÐÒéµÄ Overlay ʵÏÖ¡£Ò»°ãÈÏΪ×÷Ϊ
VLan ¼¼ÊõµÄÑÓÉì»òÌæ´úÕß¡£
namespace£ºÓÃÀ´ÊµÏÖ¸ôÀëµÄÒ»Ì×»úÖÆ£¬²»Í¬ namespace ÖеÄ×ÊÔ´Ö®¼ä±Ë´Ë²»¿É¼û¡£
»ù±¾¸ÅÄî
Neutron¹ÜÀíÏÂÃæµÄʵÌ壺
ÍøÂ磺¸ôÀëµÄ L2 Óò£¬¿ÉÒÔÊÇÐéÄâ¡¢Âß¼»ò½»»»£¬Í¬Ò»¸öÍøÂçÖеÄÖ÷»ú±Ë´Ë
L2 ¿É¼û¡£
×ÓÍø£º¸ôÀëµÄ L3 Óò£¬IP µØÖ·¿é¡£ÆäÖÐÿ¸ö»úÆ÷ÓÐÒ»¸ö IP£¬Í¬Ò»¸ö×ÓÍøµÄÖ÷»ú±Ë´Ë
L3 ¿É¼û¡£
¶Ë¿Ú£ºÍøÂçÉÏÐéÄâ¡¢Âß¼»ò½»»»¶Ë¿Ú¡£ ËùÓÐÕâЩʵÌ嶼ÊÇÐéÄâµÄ£¬ÓµÓÐ×Ô¶¯Éú³ÉµÄΨһ±êʾid£¬Ö§³ÖCRUD¹¦ÄÜ£¬²¢ÔÚÊý¾Ý¿âÖиú×ټǼ״̬¡£
ÍøÂç
¸ôÀëµÄ L2 ¹ã²¥Óò£¬Ò»°ãÊÇ´´½¨ËüµÄÓû§ËùÓС£Óû§¿ÉÒÔÓµÓжà¸öÍøÂç¡£ÍøÂçÊÇ×î»ù´¡µÄ£¬×ÓÍøºÍ¶Ë¿Ú¶¼ÐèÒª¹ØÁªµ½ÍøÂçÉÏ¡£
ÍøÂçÉÏ¿ÉÒÔÓжà¸ö×ÓÍø¡£Í¬Ò»¸öÍøÂçÉϵÄÖ÷»úÒ»°ã¿ÉÒÔͨ¹ý½»»»»ú»ò·ÓÉÆ÷Á¬Í¨ÆðÀ´¡£
×ÓÍø
¸ôÀëµÄ L3 Óò£¬×ÓÍø´ú±íÁËÒ»×é·ÖÅäÁË IP µÄÐéÄâ»ú¡£Ã¿¸ö×ÓÍø±ØÐëÓÐÒ»¸ö
CIDR ºÍ¹ØÁªµ½Ò»¸öÍøÂç¡£IP ¿ÉÒÔ´Ó CIDR »òÕßÓû§Ö¸¶¨³ØÖÐÑ¡È¡¡£
×ÓÍø¿ÉÄÜ»áÓÐÒ»¸öÍø¹Ø¡¢Ò»×é DNS ºÍÖ÷»ú·ÓÉ¡£²»Í¬×ÓÍøÖ®¼ä L2 ÊÇ»¥Ï಻¿É¼ûµÄ£¬±ØÐëͨ¹ýÒ»¸öÈý²ãÍø¹Ø£¨¼´Â·ÓÉÆ÷£©¾¹ý
L3 ÉϽøÐÐͨÐÅ¡£
¶Ë¿Ú
¿ÉÒÔ½ø³öÁ÷Á¿µÄ½Ó¿Ú£¬ÍùÍù°ó¶¨ÉÏÈô¸É MAC µØÖ·ºÍ IP µØÖ·£¬ÒÔ½øÐÐÑ°Ö·¡£Ò»°ãΪÐéÄâ½»»»»úÉϵÄÐéÄâ½Ó¿Ú¡£
ÐéÄâ»ú¹ÒÔØÍø¿¨µ½¶Ë¿ÚÉÏ£¬Í¨¹ý¶Ë¿Ú·ÃÎÊÍøÂç¡£µ±¶Ë¿ÚÓÐ IP µÄʱºò£¬Òâζ×ÅËüÊôÓÚij¸ö×ÓÍø¡£
³éÏóϵͳ¼Ü¹¹
ÎÞÂÛÄÄÖÖ¾ßÌåµÄÍøÂçÐéÄ⻯ʵÏÖ£¬ÔÚÆôÓà DVR ÌØÐÔ£¨J °æ±¾ÒÔºóÖ§³Ö£©Ö®Ç°£¬ËùÓÐÁ÷Á¿£¨¶«Î÷Ïò¡¢Äϱ±Ïò£©¶¼ÐèÒª¾¹ýÍøÂç½ÚµãµÄת·¢£»DVR
ÌØÐÔÔòÔÊÐí¶«Î÷ÏòÁ÷Á¿ºÍ´øÓÐ Floating IP µÄÄϱ±ÏòÁ÷Á¿²»¾¹ýÍøÂç½ÚµãµÄת·¢£¬Ö±½Ó´Ó¼ÆËã½ÚµãµÄÍⲿÍøÂç³öÈ¥¡£
GRE ģʽ
ÏÂͼ¸ø³öÁËÔÚOpenStackÖÐÍøÂçʵÏÖµÄÒ»¸ö¼ò»¯µÄ¼Ü¹¹Ê¾Òâ¡£
Ò»°ãµÄ£¬OpenStackÖÐÍøÂçʵÏÖ°üÀ¨vlan¡¢gre¡¢vxlan µÈģʽ£¬´Ë´¦ÒÔgreģʽΪÀý¡£
ÔÚOpenStackÖУ¬ËùÓÐÍøÂçÓйصÄÂß¼¹ÜÀí¾ùÔÚNetwork½ÚµãÖÐʵÏÖ£¬ÀýÈçDNS¡¢DHCPÒÔ¼°Â·Óɵȡ£Compute½ÚµãÉÏÖ»ÐèÒª¶ÔËù²¿ÊôµÄÐéÄâ»úÌṩ»ù±¾µÄÍøÂ繦ÄÜÖ§³Ö£¬°üÀ¨¸ôÀ벻ͬ×⻧µÄÐéÄâ»úºÍ½øÐÐһЩ»ù±¾µÄ°²È«²ßÂÔ¹ÜÀí£¨¼´security
group£©¡£
¼ÆËã½Úµã
Compute½ÚµãÉÏ°üÀ¨Á½Ì¨ÐéÄâ»úVM1ºÍVM2£¬·Ö±ð¾¹ýÒ»¸öÍøÇÅ£¨Èçqbr-XXX£©Á¬½Óµ½ br-int
ÍøÇÅÉÏ¡£br-int ÍøÇÅÔÙ¾¹ý br-tun ÍøÇÅ£¨ÎïÀíÍøÂçÊÇ GRE ʵÏÖ£©Á¬½Óµ½ÎïÀíÖ÷»úÍⲿÍøÂç¡£
¶ÔÓÚÎïÀíÍøÂçͨ¹ývlanÀ´¸ôÀëµÄÇé¿ö£¬ÔòÒ»°ã»á´æÔÚÒ»¸öbr-ethÍøÇÅ£¬Ìæ´ú br-tun ÍøÇÅ¡£
qbr
ÔÚVM1ÖУ¬ÐéÄâ»úµÄÍø¿¨Êµ¼ÊÉÏÁ¬½Óµ½ÁËÎïÀí»úµÄÒ»¸öTAPÉ豸£¨¼´A£¬³£¼ûÃû³ÆÈçtap-XXX£©ÉÏ£¬AÔò½øÒ»²½Í¨¹ýVETH
pair£¨A-B£©Á¬½Óµ½ÍøÇÅqbr-XXXµÄ¶Ë¿Úvnet0£¨¶Ë¿ÚB£©ÉÏ£¬Ö®ºóÔÙͨ¹ýVETH pair£¨C-D£©Á¬µ½br-intÍøÇÅÉÏ¡£Ò»°ãCµÄÃû×Ö¸ñʽΪqvb-XXX£¬¶øDµÄÃû×Ö¸ñʽΪqvo-XXX¡£×¢ÒâËüÃǵÄÃû³Æ³ýÁËǰ׺Í⣬ºóÃæµÄid¶¼ÊÇÒ»ÑùµÄ£¬±íʾλÓÚͬһ¸öÐéÄâ»úÍøÂçµ½ÎïÀí»úÍøÂçµÄÁ¬½ÓÉÏ¡£
Ö®ËùÒÔTAPÉ豸AûÓÐÖ±½ÓÁ¬½Óµ½ÍøÇÅbr-intÉÏ£¬ÊÇÒòΪOpenStackÐèҪͨ¹ýiptablesʵÏÖsecurity
groupµÄ°²È«²ßÂÔ¹¦ÄÜ¡£Ä¿Ç°openvswitch²¢²»Ö§³ÖÓ¦ÓÃiptables¹æÔòµÄTapÉ豸¡£
ÒòΪqbrµÄ´æÔÚÖ÷ÒªÊÇΪÁ˸¨ÖúiptablesÀ´ÊµÏÖsecurity group¹¦ÄÜ£¬ÓÐʱºòÒ²±»³ÆΪfirewall
bridge¡£Ïê¼ûsecurity group²¿·ÖµÄ·ÖÎö¡¾ºóÃæƪÕ»á¸ø³ö¡¿¡£
br-int
Ò»¸öµäÐ͵Äbr-intµÄ¶Ë¿ÚÈçÏÂËùʾ£º
Bridge br-int
Port "qvo-XXX"
tag: 1
Interface "qvo-XXX"
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal |
ÆäÖÐbr-intΪÄÚ²¿¶Ë¿Ú¡£
¶Ë¿Úpatch-tun£¨¼´¶Ë¿ÚE£¬¶Ë¿ÚºÅΪ1£©Á¬½Óµ½br-tunÉÏ£¬ÊµÏÖµ½ÍⲿÍøÂçµÄËíµÀ¡£ ¶Ë¿Úqvo-XXX£¨¼´¶Ë¿ÚD£¬¶Ë¿ÚºÅΪ2£©´øÓÐtag1£¬ËµÃ÷Õâ¸ö¿ÚÊÇÒ»¸ö1ºÅvlanµÄaccess¶Ë¿Ú¡£ÐéÄâ»ú·¢³öµÄ´Ó¸Ã¶Ë¿Úµ½´ïbr-intµÄÍø°ü½«±»×Ô¶¯´øÉÏvlan
tag 1£¬¶øÆäËû´øÓÐvlan tag 1µÄÍø°üÔò¿ÉÒÔÔÚÈ¥µôvlan tagºó´Ó¸Ã¶Ë¿Ú·¢³ö£¨¾ßÌåÇë²éѯvlan
access¶Ë¿Ú£©¡£Õâ¸övlan tagÊÇÓÃÀ´ÊµÏÖ²»Í¬ÍøÂçÏ໥¸ôÀëµÄ£¬±ÈÈç×⻧´´½¨Ò»¸öÍøÂ磨neutron
net-create£©£¬Ôò»á±»·ÖÅäÒ»¸öΨһµÄvlan tag¡£
br-intÔÚGREģʽÖÐ×÷Ϊһ¸öNORMAL½»»»»úʹÓã¬Òò´ËÓÐЧ¹æÔòÖ»ÓÐÒ»ÌõÕý³£×ª·¢¡£Èç¹ûÁ½¸öÔÚͬһÖ÷»úÉϵÄvmÊôÓÚͬһ¸ötenantµÄ£¨Í¬Ò»¸övlan
tag£©£¬ÔòËüÃÇÖ®¼äµÄͨÐÅÖ»ÐèÒª¾¹ýbr-int¼´¿É¡£
# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=10727.864s, table=0, n_packets=198, n_bytes=17288, idle_age=13, priority=1 actions=NORMAL |
br-tun
Ò»¸öµäÐ͵Äbr-tunÉϵĶ˿ÚÀàËÆ£º
Bridge br-tun
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-1"
Interface "gre-1"
type: gre
options: {in_key=flow, local_ip="10.0.0.101", out_key=flow, remote_ip="10.0.0.100"}
Port br-tun
Interface br-tun
type: internal |
ÆäÖÐpatch-int£¨¼´¶Ë¿ÚF£¬¶Ë¿ÚºÅΪ1£©ÊÇÁ¬½Óµ½br-intÉϵÄveth pairµÄ¶Ë¿Ú£¬gre-1¿Ú£¨¼´¶Ë¿ÚG£¬¶Ë¿ÚºÅΪ2£©¶ÔÓ¦vmµ½ÍâÃæµÄËíµÀ¡£
gre-1¶Ë¿ÚÊÇÐéÄâgre¶Ë¿Ú£¬µ±Íø°ü·¢Ë͵½Õâ¸ö¶Ë¿ÚµÄʱºò£¬»á¾¹ýÄں˷â°ü£¬È»ºó´Ó10.0.0.101·¢Ë͵½10.0.0.100£¬¼´´Ó±¾µØµÄÎïÀíÍø¿¨£¨10.0.0.101£©·¢³ö¡£
br-tun½«´øÓÐvlan tagµÄvm¸úÍⲿͨÐŵÄÁ÷Á¿×ª»»µ½¶ÔÓ¦µÄgreËíµÀ£¬ÕâÉÏÃæҪʵÏÖÖ÷ÒªµÄת»»Âß¼£¬¹æÔòÒª¸´ÔÓ£¬Ò»°ãͨ¹ý¶àÕűíÀ´ÊµÏÖ¡£
µäÐ͵Äת·¢¹æÔòΪ£º
# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=10970.064s, table=0, n_packets=189,
n_bytes=16232, idle_age=16, priority=1,in_port=1 actions=resubmit(,1)
cookie=0x0, duration=10906.954s, table=0, n_packets=29, n_bytes=5736, idle_age=16,
priority=1,in_port=2 actions=resubmit(,2)
cookie=0x0, duration=10969.922s, table=0, n_packets=3, n_bytes=230, idle_age=10962,
priority=0 actions=drop
cookie=0x0, duration=10969.777s, table=1, n_packets=26, n_bytes=5266, idle_age=16,
priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x0, duration=10969.631s, table=1, n_packets=163, n_bytes=10966, idle_age=21,
priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,21)
cookie=0x0, duration=688.456s, table=2, n_packets=29, n_bytes=5736,
idle_age=16, priority=1,tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)
cookie=0x0, duration=10969.488s, table=2, n_packets=0, n_bytes=0, idle_age=10969, priority=0 actions=drop
cookie=0x0, duration=10969.343s, table=3, n_packets=0, n_bytes=0, idle_age=10969, priority=0 actions=drop
cookie=0x0, duration=10969.2s, table=10, n_packets=29, n_bytes=5736, idle_age=16,
priority=1 actions=learn(table=20,hard_timeout=300,priority=1,
NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],
load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],
output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=682.603s, table=20, n_packets=26, n_bytes=5266,
hard_timeout=300, idle_age=16, hard_age=16, priority=1,vlan_tci=0x0001/0x0fff,
dl_dst=fa:16:3e:32:0d:db actions=load:0->NXM_OF_VLAN_TCI[],load:0x1->NXM_NX_TUN_ID[],output:2
cookie=0x0, duration=10969.057s, table=20, n_packets=0, n_bytes=0,
idle_age=10969, priority=0 actions=resubmit(,21)
cookie=0x0, duration=688.6s, table=21, n_packets=161, n_bytes=10818,
idle_age=21, priority=1,dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:2
cookie=0x0, duration=10968.912s, table=21, n_packets=2, n_bytes=148,
idle_age=689, priority=0 actions=drop |
ÆäÖУ¬±í0ÖÐÓÐ3Ìõ¹æÔò£º´Ó¶Ë¿Ú1£¨¼´patch-int£©À´µÄ£¬ÈÓµ½±í1£¬´Ó¶Ë¿Ú2£¨¼´gre-1£©À´µÄ£¬ÈÓµ½±í2¡£
cookie=0x0, duration=10970.064s, table=0, n_packets=189, n_bytes=16232,
idle_age=16, priority=1,in_port=1 actions=resubmit(,1)
cookie=0x0, duration=10906.954s, table=0, n_packets=29,
n_bytes=5736, idle_age=16, priority=1,in_port=2 actions=resubmit(,2)
cookie=0x0, duration=10969.922s, table=0, n_packets=3,
n_bytes=230, idle_age=10962, priority=0 actions=drop |
±í1ÓÐ2Ìõ¹æÔò£ºÈç¹ûÊǵ¥²¥£¨00:00:00:00:00:00/01:00:00:00:00:00£©£¬ÔòÈÓµ½±í20£»Èç¹ûÊǶಥµÈ£¨01:00:00:00:00:00/01:00:00:00:00:00£©£¬ÔòÈÓµ½±í21¡£
cookie=0x0, duration=10969.777s, table=1, n_packets=26, n_bytes=5266,
idle_age=16, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x0, duration=10969.631s, table=1, n_packets=163, n_bytes=10966,
idle_age=21, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,21) |
±í2ÓÐ2Ìõ¹æÔò£ºÈç¹ûÊÇtunnel 1µÄÍø°ü£¬ÔòÐÞ¸ÄÆävlan idΪ1£¬²¢ÈÓµ½±í10£»·Çtunnel
1µÄÍø°ü£¬Ôò¶ªÆú¡£
cookie=0x0, duration=688.456s, table=2, n_packets=29, n_bytes=5736,
idle_age=16, priority=1,tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)
cookie=0x0, duration=10969.488s, table=2, n_packets=0,
n_bytes=0, idle_age=10969, priority=0 actions=drop |
±í3Ö»ÓÐ1Ìõ¹æÔò£º¶ªÆú¡£
±í10ÓÐÒ»Ìõ¹æÔò£¬»ùÓÚlearnÐж¯À´´´½¨·´Ïò£¨´Ógre¶Ë¿ÚµÖ´ï£¬ÇÒÄ¿±êÊǵ½vmµÄÍø°ü£©µÄ¹æÔò¡£learnÐж¯²¢·Ç±ê×¼µÄopenflowÐж¯£¬ÊÇopenvswitch×ÔÉíµÄÀ©Õ¹Ðж¯£¬Õâ¸öÐж¯¿ÉÒÔ¸ù¾ÝÁ÷ÄÚÈݶ¯Ì¬À´ÐÞ¸ÄÁ÷±íÄÚÈÝ¡£ÕâÌõ¹æÔòÊ×ÏÈ´´½¨ÁËÒ»ÌõеÄÁ÷£¨¸ÃÁ÷¶ÔÓ¦vm´Óbr-tunµÄgre¶Ë¿Ú·¢³öµÄ¹æÔò£©£ºÆäÖÐtable=20±íʾ¹æÔòÌí¼ÓÔÚ±í20£»NXM_OF_VLAN_TCI[0..11]±íʾƥÅä°ü×Ô´øµÄvlan
id£»NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]±íʾL2Ä¿±êµØÖ·ÐèҪƥÅä°üµÄL2Ô´µØÖ·£»load:0->NXM_OF_VLAN_TCI[]£¬È¥µôvlan£¬load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]£¬Ìí¼ÓtunnelºÅΪÔʼtunnelºÅ£»output:NXM_OF_IN_PORT[]£¬·¢³ö¶Ë¿ÚΪÔʼ°üµÖ´ïµÄ¶Ë¿Ú¡£×îºó¹æÔò½«Æ¥ÅäµÄÍø°ü´Ó¶Ë¿Ú1£¨¼´patch-int£©·¢³ö¡£
cookie=0x0, duration=10969.2s, table=10, n_packets=29, n_bytes=5736, idle_age=16,
priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 |
±í20ÖÐÓÐÁ½Ìõ¹æÔò£¬ÆäÖеÚÒ»Ìõ¼´±í10ÖйæÔòÀûÓÃlearnÐж¯´´½¨µÄÁ÷±íÏµÚ2ÌõÌá½»ÆäËûÁ÷µ½±í21¡£
cookie=0x0, duration=682.603s, table=20, n_packets=26, n_bytes=5266, hard_timeout=300,
idle_age=16, hard_age=16, priority=1,vlan_tci=0x0001/0x0fff,
dl_dst=fa:16:3e:32:0d:db actions=load:0->NXM_OF_VLAN_TCI[],load:0x1->NXM_NX_TUN_ID[],output:2
cookie=0x0, duration=10969.057s, table=20, n_packets=0, n_bytes=0,
idle_age=10969, priority=0 actions=resubmit(,21) |
±í21ÓÐ2Ìõ¹æÔò£¬µÚÒ»ÌõÊÇÆ¥ÅäËùÓÐÄ¿±êvlanΪ1µÄÍø°ü£¬È¥µôvlan£¬È»ºó´Ó¶Ë¿Ú2£¨gre¶Ë¿Ú£©·¢³ö¡£µÚ¶þÌõÊǶªÆú¡£
cookie=0x0, duration=688.6s, table=21, n_packets=161, n_bytes=10818,
idle_age=21, priority=1,dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:2
cookie=0x0, duration=10968.912s, table=21, n_packets=2, n_bytes=148,
idle_age=689, priority=0 actions=drop |
ÕâЩ¹æÔòËù×é³ÉµÄÕûÌåת·¢Âß¼ÈçÏÂͼËùʾ¡£
ÍøÂç½Úµã
br-tun
Bridge br-tun
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-2"
Interface "gre-2"
type: gre
options: {in_key=flow, local_ip="10.0.0.100", out_key=flow, remote_ip="10.0.0.101"} |
Compute½ÚµãÉÏ·¢ÍùGREËíµÀµÄÍø°ü×îÖÕµÖ´ïNetwork½ÚµãÉϵÄbr-tun£¬¸ÃÍøÇŵĹæÔò°üÀ¨£º
# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=19596.862s, table=0, n_packets=344, n_bytes=66762,
idle_age=4, priority=1,in_port=1 actions=resubmit(,1)
cookie=0x0, duration=19537.588s, table=0, n_packets=625, n_bytes=125972,
idle_age=4, priority=1,in_port=2 actions=resubmit(,2)
cookie=0x0, duration=19596.602s, table=0, n_packets=2, n_bytes=140,
idle_age=19590, priority=0 actions=drop
cookie=0x0, duration=19596.343s, table=1, n_packets=323, n_bytes=65252,
idle_age=4, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x0, duration=19596.082s, table=1, n_packets=21, n_bytes=1510,
idle_age=5027, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,21)
cookie=0x0, duration=9356.289s, table=2, n_packets=625, n_bytes=125972,
idle_age=4, priority=1,tun_id=0x1 actions=mod_vlan_vid:1,resubmit(,10)
cookie=0x0, duration=19595.821s, table=2, n_packets=0, n_bytes=0,
idle_age=19595, priority=0 actions=drop
cookie=0x0, duration=19595.554s, table=3, n_packets=0, n_bytes=0, idle_age=19595, priority=0 actions=drop
cookie=0x0, duration=19595.292s, table=10, n_packets=625, n_bytes=125972, idle_age=4,
priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=9314.338s, table=20, n_packets=323, n_bytes=65252,
hard_timeout=300, idle_age=4, hard_age=3, priority=1,vlan_tci=0x0001/0x0fff,
dl_dst=fa:16:3e:cb:11:f6 actions=load:0->NXM_OF_VLAN_TCI[],load:0x1->NXM_NX_TUN_ID[],output:2
cookie=0x0, duration=19595.026s, table=20, n_packets=0, n_bytes=0,
idle_age=19595, priority=0 actions=resubmit(,21)
cookie=0x0, duration=9356.592s, table=21, n_packets=9, n_bytes=586,
idle_age=5027, priority=1,dl_vlan=1 actions=strip_vlan,set_tunnel:0x1,output:2
cookie=0x0, duration=19594.759s, table=21, n_packets=12, n_bytes=924,
idle_age=5057, priority=0 actions=drop |
ÕâЩ¹æÔò¸úCompute½ÚµãÉÏbr-tunµÄ¹æÔòÏàËÆ£¬Íê³Étunnel¸úvlanÖ®¼äµÄת»»¡£
br-int
Bridge br-int
Port "qr-ff19a58b-3d"
tag: 1
Interface "qr-ff19a58b-3d"
type: internal
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "tap4385f950-8b"
tag: 1
Interface "tap4385f950-8b"
type: internal |
¸Ã¼¯³ÉÍøÇÅÉϹÒÔØÁ˺ܶà½ø³ÌÀ´ÌṩÍøÂç·þÎñ£¬°üÀ¨Â·ÓÉÆ÷¡¢DHCP·þÎñÆ÷µÈ¡£ÕâЩ½ø³Ì²»Í¬µÄ×⻧¿ÉÄܶ¼ÐèÒª£¬±Ë´ËµÄµØÖ·¿Õ¼ä¿ÉÄܳåÍ»£¬Ò²¿ÉÄܸúÎïÀíÍøÂçµÄµØÖ·¿Õ¼ä³åÍ»£¬Òò´Ë¶¼ÔËÐÐÔÚ¶ÀÁ¢µÄÍøÂçÃû×Ö¿Õ¼äÖС£
¹æÔò¸úcomputer½ÚµãµÄbr-int¹æÔòÒ»Ö£¬±íÏÖΪһ¸öÕý³£½»»»»ú¡£
# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=18198.244s, table=0, n_packets=849, n_bytes=164654, idle_age=43, priority=1 actions=NORMAL |
ÍøÂçÃû×Ö¿Õ¼ä
ÔÚlinuxÖУ¬ÍøÂçÃû×Ö¿Õ¼ä¿ÉÒÔ±»ÈÏΪÊǸôÀëµÄÓµÓе¥¶ÀÍøÂçÕ»£¨Íø¿¨¡¢Â·ÓÉת·¢±í¡¢iptables£©µÄ»·¾³¡£ÍøÂçÃû×ֿռ侳£ÓÃÀ´¸ôÀëÍøÂçÉ豸ºÍ·þÎñ£¬Ö»ÓÐÓµÓÐͬÑùÍøÂçÃû×Ö¿Õ¼äµÄÉ豸£¬²ÅÄÜ¿´µ½±Ë´Ë¡£
¿ÉÒÔÓÃip netns listÃüÁîÀ´²é¿´ÒѾ´æÔÚµÄÃû×ֿռ䡣
# ip netns
qdhcp-88b1609c-68e0-49ca-a658-f1edff54a264
qrouter-2d214fde-293c-4d64-8062-797f80ae2d8f |
qdhcp¿ªÍ·µÄÃû×Ö¿Õ¼äÊÇdhcp·þÎñÆ÷ʹÓõģ¬qrouter¿ªÍ·µÄÔòÊÇrouter·þÎñʹÓõġ£ ¿ÉÒÔͨ¹ý
ip netns exec namespaceid command À´ÔÚÖ¸¶¨µÄÍøÂçÃû×Ö¿Õ¼äÖÐÖ´ÐÐÍøÂçÃüÁÀýÈç
# ip netns exec qdhcp-88b1609c-68e0-49ca-a658-f1edff54a264 ip addr
71: ns-f14c598d-98: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:10:2f:03 brd ff:ff:ff:ff:ff:ff
inet 10.1.0.3/24 brd 10.1.0.255 scope global ns-f14c598d-98
inet6 fe80::f816:3eff:fe10:2f03/64 scope link
valid_lft forever preferred_lft forever |
¿ÉÒÔ¿´µ½£¬dhcp·þÎñµÄÍøÂçÃû×Ö¿Õ¼äÖÐÖ»ÓÐÒ»¸öÍøÂç½Ó¿Ú¡°ns-f14c598d-98¡±£¬ËüÁ¬½Óµ½br-intµÄtapf14c598d-98½Ó¿ÚÉÏ¡£
dhcp ·þÎñ
dhcp·þÎñÊÇͨ¹ýdnsmasq½ø³Ì£¨ÇáÁ¿¼¶·þÎñÆ÷£¬¿ÉÒÔÌṩdns¡¢dhcp¡¢tftpµÈ·þÎñ£©À´ÊµÏֵģ¬¸Ã½ø³Ì°ó¶¨µ½dhcpÃû×Ö¿Õ¼äÖеÄbr-intµÄ½Ó¿ÚÉÏ¡£¿ÉÒԲ鿴Ïà¹ØµÄ½ø³Ì¡£
# ps -fe | grep 88b1609c-68e0-49ca-a658-f1edff54a264
nobody 23195 1 0 Oct26 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces
--interface=ns-f14c598d-98 --except-interface=lo
--pid-file=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/host
--dhcp-optsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/opts
--dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro
--dhcp-range=tag0,10.1.0.0,static,120s --conf-file= --domain=openstacklocal
root 23196 23195 0 Oct26 ? 00:00:00 dnsmasq --no-hosts --no-resolv
--strict-order --bind-interfaces
--interface=ns-f14c598d-98 --except-interface=lo
--pid-file=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/host
--dhcp-optsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/opts
--dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro
--dhcp-range=tag0,10.1.0.0,static,120s --conf-file= --domain=openstacklocal |
router·þÎñ
Ê×ÏÈ£¬ÒªÀí½âʲôÊÇrouter£¬routerÊÇÌṩ¿çsubnetµÄ»¥Áª¹¦Äܵġ£±ÈÈçÓû§µÄÄÚ²¿ÍøÂçÖÐÖ÷»úÏëÒª·ÃÎÊÍⲿ»¥ÁªÍøµÄµØÖ·£¬¾ÍÐèÒªrouterÀ´×ª·¢£¨Òò´Ë£¬ËùÓиúÍⲿÍøÂçµÄÁ÷Á¿¶¼±ØÐë¾¹ýrouter£©¡£Ä¿Ç°routerµÄʵÏÖÊÇͨ¹ýiptables½øÐеġ£
ͬÑùµÄ£¬router·þÎñÒ²ÔËÐÐÔÚ×Ô¼ºµÄÃû×Ö¿Õ¼äÖУ¬¿ÉÒÔͨ¹ýÈçÏÂÃüÁî²é¿´£º
# ip netns exec qrouter-2d214fde-293c-4d64-8062-797f80ae2d8f ip addr
66: qg-d48b49e0-aa: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:5c:a2:ac brd ff:ff:ff:ff:ff:ff
inet 172.24.4.227/28 brd 172.24.4.239 scope global qg-d48b49e0-aa
inet 172.24.4.228/32 brd 172.24.4.228 scope global qg-d48b49e0-aa
inet6 fe80::f816:3eff:fe5c:a2ac/64 scope link
valid_lft forever preferred_lft forever
68: qr-c2d7dd02-56: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:ea:64:6e brd ff:ff:ff:ff:ff:ff
inet 10.1.0.1/24 brd 10.1.0.255 scope global qr-c2d7dd02-56
inet6 fe80::f816:3eff:feea:646e/64 scope link
valid_lft forever preferred_lft forever |
¿ÉÒÔ¿´³ö£¬¸ÃÃû×Ö¿Õ¼äÖаüÀ¨Á½¸öÍøÂç½Ó¿Ú¡£
µÚÒ»¸ö½Ó¿Úqg-d48b49e0-aa£¨¼´K£©ÊÇÍⲿ½Ó¿Ú£¨qg=q gateway£©£¬½«Â·ÓÉÆ÷µÄÍø¹ØÖ¸ÏòĬÈÏÍø¹Ø£¨Í¨¹ýrouter-gateway-setÃüÁîÖ¸¶¨£©£¬Õâ¸ö½Ó¿ÚÁ¬½Óµ½br-exÉϵÄtapd48b49e0-aa£¨¼´L£©¡£
µÚ¶þ¸ö½Ó¿Úqr-c2d7dd02-56£¨¼´N£¬qr=q bridge£©¸úbr-intÉϵÄtapc2d7dd02-56¿Ú£¨¼´M£©ÏàÁ¬£¬½«router½ø³ÌÁ¬½Óµ½¼¯³ÉÍøÇÅÉÏ¡£
²é¿´¸ÃÃû×Ö¿Õ¼äÖеÄ·ÓÉ±í£º
# ip netns exec qrouter-2d214fde-293c-4d64-8062-797f80ae2d8f ip route
172.24.4.224/28 dev qg-d48b49e0-aa proto kernel scope link src 172.24.4.227
10.1.0.0/24 dev qr-c2d7dd02-56 proto kernel scope link src 10.1.0.1
default via 172.24.4.225 dev qg-d48b49e0-aa |
ÆäÖУ¬µÚÒ»Ìõ¹æÔòÊǽ«µ½172.24.4.224/28¶ÎµÄ·ÃÎʶ¼´ÓÍø¿¨qg-d48b49e0-aa£¨¼´K£©·¢³ö¡£
µÚ¶þÌõ¹æÔòÊǽ«µ½10.1.0.0/24¶ÎµÄ·ÃÎʶ¼´ÓÍø¿¨qr-c2d7dd02-56£¨¼´N£©·¢³ö¡£ ×îºóÒ»ÌõÊÇĬÈÏ·ÓÉ£¬ËùÓеÄͨ¹ýqg-d48b49e0-aaÍø¿¨£¨¼´K£©·¢³ö¡£
floating ip·þÎñͬÑùÔÚ·ÓÉÆ÷Ãû×Ö¿Õ¼äÖÐʵÏÖ£¬ÀýÈçÈç¹û°ó¶¨ÁËÍⲿµÄfloating ip 172.24.4.228µ½Ä³¸öÐéÄâ»ú10.1.0.2£¬Ôònat±íÖйæÔòΪ£º
# ip netns exec qrouter-2d214fde-293c-4d64-8062-797f80ae2d8f iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A neutron-l3-agent-OUTPUT -d 172.24.4.228/32 -j DNAT --to-destination 10.1.0.2
-A neutron-l3-agent-POSTROUTING ! -i qg-d48b49e0-aa !
-o qg-d48b49e0-aa -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 172.24.4.228/32 -j DNAT --to-destination 10.1.0.2
-A neutron-l3-agent-float-snat -s 10.1.0.2/32 -j SNAT --to-source 172.24.4.228
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 10.1.0.0/24 -j SNAT --to-source 172.24.4.227
-A neutron-postrouting-bottom -j neutron-l3-agent-snat |
ÆäÖÐSNATºÍDNAT¹æÔòÍê³ÉÍⲿfloating ipµ½ÄÚ²¿ipµÄÓ³É䣺
-A neutron-l3-agent-OUTPUT -d 172.24.4.228/32 -j DNAT --to-destination 10.1.0.2
-A neutron-l3-agent-PREROUTING -d 172.24.4.228/32 -j DNAT --to-destination 10.1.0.2
-A neutron-l3-agent-float-snat -s 10.1.0.2/32 -j SNAT --to-source 172.24.4.228 |
ÁíÍâÓÐÒ»ÌõSNAT¹æÔò°ÑËùÓÐÆäËûµÄÄÚ²¿IP³öÀ´µÄÁ÷Á¿¶¼Ó³Éäµ½ÍⲿIP 172.24.4.227¡£ÕâÑù¼´Ê¹ÔÚÄÚ²¿ÐéÄâ»úûÓÐÍⲿIPµÄÇé¿öÏ£¬Ò²¿ÉÒÔ·¢Æð¶ÔÍâÍøµÄ·ÃÎÊ¡£
-A neutron-l3-agent-snat -s 10.1.0.0/24 -j SNAT --to-source 172.24.4.227 |
br-ex
Bridge br-ex
Port "eth1"
Interface "eth1"
Port br-ex
Interface br-ex
type: internal
Port "qg-1c3627de-1b"
Interface "qg-1c3627de-1b"
type: internal |
br-exÉÏÖ±½ÓÁ¬½Óµ½ÍⲿÎïÀíÍøÂ磬һ°ãÇé¿öÏÂÍø¹ØÔÚÎïÀíÍøÂçÖÐÒѾ´æÔÚ£¬ÔòÖ±½Óת·¢¼´¿É¡£
# ovs-ofctl dump-flows br-exNXST_FLOW reply (xid=0x4):
cookie=0x0, duration=23431.091s, table=0, n_packets=893539,
n_bytes=504805376, idle_age=0, priority=0 actions=NORMAL |
Èç¹û¶ÔÍⲿÍøÂçµÄÍø¹ØµØÖ·ÅäÖõ½ÁËbr-ex£¨¼´br-ex×÷Ϊһ¸öÍø¹Ø£©£º
# ip addr add 172.24.4.225/28 dev br-ex |
ÐèÒª½«ÄÚ²¿ÐéÄâ»ú·¢³öµÄÁ÷Á¿½øÐÐSNAT£¬Ö®ºó·¢³ö¡£
# iptables -A FORWARD -d 172.24.4.224/28 -j ACCEPT
# iptables -A FORWARD -s 172.24.4.224/28 -j ACCEPT
# iptables -t nat -I POSTROUTING 1 -s 172.24.4.224/28 -j MASQUERADE |
ÉîÈëÀí½â Neutron -- OpenStack ÍøÂçʵÏÖ£¨2£©£ºVLAN
ģʽ
VlanģʽϵÄϵͳ¼Ü¹¹¸úGREģʽÏÂÀàËÆ£¬ÈçÏÂͼËùʾ¡£
ÐèҪעÒâµÄÊÇ£¬ÔÚvlanģʽÏ£¬vlan tagµÄת»»ÐèÒªÔÚbr-intºÍbr-ethxÁ½¸öÍøÇÅÉϽøÐÐÏ໥ÅäºÏ¡£¼´br-int¸ºÔð´Óint-br-ethX¹ýÀ´µÄ°ü£¨´øÍⲿvlan£©×ª»»ÎªÄÚ²¿vlan£¬¶øbr-ethx¸ºÔð´Óphy-br-ethx¹ýÀ´µÄ°ü£¨´øÄÚ²¿vlan£©×ª»¯ÎªÍⲿµÄvlan¡£
£¨¸öÈ˶Ôvlan tagµÄÀí½â£¬Ó¦¸ÃÊǶÔvlanµÄÒ»¸öÈËΪ±ê¼Ç£¬Æðµ½Ê¶±ðµÄ×÷Óã©
ÏÂÃæ½øÐÐһЩϸ½ÚµÄ²¹³äÌÖÂÛ£¬ÒÔVlan×÷ΪÎïÀíÍøÂç¸ôÀëµÄʵÏÖ¡£¼ÙÈçҪʵÏÖͬһ¸ö×⻧ÏÂÁ½¸ö×ÓÍø£¬ÈçÏÂͼËùʾ£º
¼ÆËã½Úµã
²é¿´ÍøÇÅÐÅÏ¢£¬Ö÷Òª°üÀ¨Á½¸öÍøÇÅ£ºbr-intºÍbr-eth1£º
[root@Compute ~]# ovs-vsctl show
f758a8b8-2fd0-4a47-ab2d-c49d48304f82
Bridge "br-eth1"
Port "phy-br-eth1"
Interface "phy-br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1"
Interface "eth1"
Bridge br-int
Port "qvoXXX"
tag: 1
Interface "qvoXXX"
Port "qvoYYY"
tag: 1
Interface "qvoYYY"
Port "qvoZZZ"
tag: 2
Interface "qvoZZZ"
Port "qvoWWW"
tag: 2
Interface "qvoWWW"
Port "int-br-eth1"
Interface "int-br-eth1"
Port br-int
Interface br-int
type: internal |
ÀàËÆGREģʽÏ£¬br-int¸ºÔð×⻧¸ôÀ룬br-eth1¸ºÔð¸ú¼ÆËã½ÚµãÍâµÄÍøÂçͨÐÅ¡£ ÔÚVlanģʽÏ£¬×⻧µÄÁ÷Á¿¸ôÀëÊÇͨ¹ývlanÀ´½øÐеģ¬Òò´Ë´Ëʱ°üÀ¨Á½ÖÖvlan£¬ÐéÄâ»úÔÚCompute
NodeÄÚÁ÷Á¿´øÓеÄlocal vlanºÍÔÚCompute NodeÖ®ÍâÎïÀíÍøÂçÉϸôÀ벻ͬ×⻧µÄvlan¡£
br-intºÍbr-eth1·Ö±ð¶Ô´Ó¶Ë¿Úint-br-eth1ºÍphy-br-eth1Éϵ½´ïµÄÍø°ü½øÐÐvlan
tagµÄ´¦Àí¡£´Ë´¦ÓÐÁ½¸öÍø£¬·Ö±ð´øÓÐÁ½¸övlan tag£¨ÄÚ²¿tag1¶ÔÓ¦Íⲿtag101£¬ÄÚ²¿tag2¶ÔÓ¦Íⲿtag102£©¡£
ÆäÖУ¬°²È«×é²ßÂÔÈÔÈ»ÔÚqbrÏà¹ØµÄiptablesÉÏʵÏÖ¡£
br-int
ÓëGREģʽ²»Í¬µÄÊÇ£¬br-intÍê³É´Óbr-eth1ÉϹýÀ´Á÷Á¿£¨´Ó¿Úint-br-eth1µ½´ï£©µÄvlan
tagת»»£¬¿ÉÄܵĹæÔòΪ
#ovs-ofctl dump-flows br-int
cookie=0x0, duration=100.795s, table=0, n_packets=6,
n_bytes=468, idle_age=90, priority=2,in_port=3 actions=drop
cookie=0x0, duration=97.069s, table=0, n_packets=22, n_bytes=6622, idle_age=31,
priority=3,in_port=3,dl_vlan=101 actions=mod_vlan_vid:1,NORMAL
cookie=0x0, duration=95.781s, table=0, n_packets=8, n_bytes=1165, idle_age=11,
priority=3,in_port=3,dl_vlan=102 actions=mod_vlan_vid:2,NORMAL
cookie=0x0, duration=103.626s, table=0, n_packets=47,
n_bytes=13400, idle_age=11, priority=1 actions=NORMAL |
br-eth1
br-eth1ÉϸºÔð´Óbr-intÉϹýÀ´µÄÁ÷Á¿£¨´Ó¿Úphy-br-eth1µ½´ï£©£¬ÊµÏÖlocal vlanµ½ÍⲿvlanµÄת»»¡£
#ovs-ofctl dump-flows br-eth0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=73.461s, table=0, n_packets=51, n_bytes=32403,
idle_age=2, hard_age=65534, priority=4,in_port=4,dl_vlan=1 actions=mod_vlan_vid:101,NORMAL
cookie=0x0, duration=83.461s, table=0, n_packets=51, n_bytes=32403,
idle_age=2, hard_age=65534, priority=4,in_port=4,dl_vlan=2 actions=mod_vlan_vid:102,NORMAL
cookie=0x0, duration=651.538s, table=0, n_packets=72, n_bytes=3908,
idle_age=2574, hard_age=65534, priority=2,in_port=4 actions=drop
cookie=0x0, duration=654.002s, table=0, n_packets=31733, n_bytes=6505880,
idle_age=2, hard_age=65534, priority=1 actions=NORMAL |
ÍøÂç½Úµã
ÀàËÆGREģʽÏ£¬br-eth1ÊÕµ½µ½´ïµÄÍø°ü£¬int-br-eth1ºÍphy-br-eth1ÉÏ·Ö±ð½øÐÐvlanת»»£¬±£Ö¤µ½´ïbr-intÉϵÄÍø°ü¶¼ÊÇ´øÓÐÄÚ²¿vlan
tag£¬µ½´ïbr-eth1ÉϵĶ¼ÊÇ´øÓÐÍⲿvlan tag¡£br-exÔòÍê³Éµ½OpenStackÒÔÍâÍøÂçµÄÁ¬½Ó¡£
²é¿´ÍøÇÅÐÅÏ¢£¬°üÀ¨Èý¸öÍøÇÅ£¬br-eth1¡¢br-intºÍbr-ex¡£
#ovs
3bd78da8-d3b5-4112-a766-79506a7e2801
Bridge br-ex
Port "qg-VVV"
Interface "qg-VVV"
type: internal
Port br-ex
Interface br-ex
type: internal
Port "eth0"
Interface "eth0"
Bridge br-int
Port br-int
Interface br-int
type: internal
Port "int-br-eth1"
Interface "int-br-eth0"
Port "tapXXX"
tag: 1
Interface "tapXXX"
type: internal
Port "tapWWW"
tag: 2
Interface "tapWWW"
type: internal
Port "qr-YYY"
tag: 1
Interface "qr-YYY"
type: internal
Port "qr-ZZZ"
tag: 2
Interface "qr-ZZZ"
type: internal
Bridge "br-eth1"
Port "phy-br-eth1"
Interface "phy-br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1"
Interface "eth1" |
br-eth1
br-eth1Ö÷Òª¸ºÔð°ÑÎïÀíÍøÂçÉÏÍⲿvlanת»¯Îªlocal vlan¡£
#ovs-ofctl dump-flows br-eth1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=144.33s, table=0, n_packets=13, n_bytes=28404, idle_age=24,
hard_age=65534, priority=4,in_port=5,dl_vlan=101 actions=mod_vlan_vid:1,NORMAL
cookie=0x0, duration=144.33s, table=0, n_packets=13, n_bytes=28404, idle_age=24,
hard_age=65534, priority=4,in_port=5,dl_vlan=102 actions=mod_vlan_vid:2,NORMAL
cookie=0x0, duration=608.373s, table=0, n_packets=23, n_bytes=1706,
idle_age=65534, hard_age=65534, priority=2,in_port=5 actions=drop
cookie=0x0, duration=675.373s, table=0, n_packets=58,
n_bytes=10625, idle_age=24, hard_age=65534, priority=1 actions=NORMAL |
br-int
br-intÉϹÒÔØÁË´óÁ¿µÄagentÀ´Ìṩ¸÷ÖÖÍøÂç·þÎñ£¬ÁíÍ⸺Ôð¶Ô·¢Íùbr-eth1µÄÁ÷Á¿£¬ÊµÏÖlocal
vlanת»¯ÎªÍⲿvlan¡£
#ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=147294.121s, table=0, n_packets=224, n_bytes=33961,
idle_age=13, hard_age=65534, priority=3,in_port=4,dl_vlan=1 actions=mod_vlan_vid:101,NORMAL
cookie=0x0, duration=603538.84s, table=0, n_packets=19, n_bytes=2234,
idle_age=18963, hard_age=65534, priority=2,in_port=4 actions=drop
cookie=0x0, duration=603547.134s, table=0, n_packets=31901,
n_bytes=6419756, idle_age=13, hard_age=65534, priority=1 actions=NORMAL |
dnsmasq¸ºÔðÌṩDHCP·þÎñ£¬°ó¶¨µ½Ä³¸öÌض¨µÄÃû×Ö¿Õ¼äÉÏ£¬Ã¿¸öÐèÒªDHCP·þÎñµÄ×⻧ÍøÂçÓÐ×Ô¼º×¨Êô¸ôÀëµÄDHCP·þÎñ£¨Í¼ÖеÄtapXXXºÍtapWWWÉϸ÷×Ô¼àÌýÁËÒ»¸ödnsmasq£©¡£
·ÓÉÊÇL3 agentÀ´ÊµÏÖ£¬Ã¿¸ö×ÓÍøÔÚbr-intÉÏÓÐÒ»¸ö¶Ë¿Ú£¨qr-YYYºÍqr-ZZZ£¬ÒÑÅäÖÃIP£¬·Ö±ðÊǸ÷×ÔÄÚ²¿×ÓÍøµÄÍø¹Ø£©£¬L3
agent°ó¶¨µ½ÉÏÃæ¡£Òª·ÃÎÊÍⲿµÄ¹«¹²ÍøÂ磬ÐèҪͨ¹ýL3 agent·¢³ö£¬¶ø²»ÊǾ¹ýint-br-exµ½phy-br-ex£¨Êµ¼ÊÉϲ¢Ã»ÓÐÍø°ü´ÓÕâ¸öveth
pair´«Ê䣩¡£Èç¹ûҪʹÓÃÍⲿ¿É¼ûµÄfloating IP£¬L3 agentÈÔÈ»ÐèҪͨ¹ýiptablesÀ´½øÐÐNAT¡£
ÿ¸öL3 agent»òdnsmasq¶¼ÔÚ¸÷×Ô¶ÀÁ¢µÄÃû×Ö¿Õ¼äÖУ¬ÈçÏÂͼËùʾ£¬ÆäÖÐͬһ×⻧µÄÁ½¸ö×ÓÍø¶¼Ê¹ÓÃÁËͬһ¸ö·ÓÉÆ÷¡£
¶ÔÓÚ×ÓÍøʹÓò»Í¬Â·ÓÉÆ÷µÄÇé¿ö£¬¶à¸ö·ÓÉÆ÷»áÔÚ×Ô¼º¶ÀÁ¢µÄÃû×Ö¿Õ¼äÖС£ÀýÈçҪʵÏÖÁ½¸ö×⻧µÄÁ½¸ö×ÓÍøµÄÇé¿ö£¬ÈçÏÂͼËùʾ¡£
ÕâÖÖÇé¿öÏ£¬ÍøÂç½ÚµãÉϵÄÃû×Ö¿Õ¼äÈçÏÂͼËùʾ¡£
br-ex
br-exÒª×öµÄÊÂÇéºÜ¼òµ¥£¬Ö»ÐèÒªÕý³£×ª·¢¼´¿É¡£
#ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6770.969s, table=0, n_packets=5411, n_bytes=306944,
idle_age=0, hard_age=65534, priority=0 actions=NORMAL |
|
