Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓƵ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Modeler   Code  
»áÔ±   
 
   
 
 
     
   
 ¶©ÔÄ
  ¾èÖú
OpenStack ÍøÂçʵÏÖ£¨Ï£©
 
×÷Õߣºyuwenge À´Ô´£ºAboutÔÆ ·¢²¼ÓÚ 2015-11-23
  2107  次浏览      31
 

ÉîÈëÀí½â Neutron -- OpenStack ÍøÂçʵÏÖ£¨4£©£ºÍøÂçÃû×Ö¿Õ¼ä

ÔÚ Linux ÖУ¬ÍøÂçÃû×Ö¿Õ¼ä¿ÉÒÔ±»ÈÏΪÊǸôÀëµÄÓµÓе¥¶ÀÍøÂçÕ»£¨Íø¿¨¡¢Â·ÓÉת·¢±í¡¢iptables£©µÄ»·¾³¡£ÍøÂçÃû×ֿռ侭³£ÓÃÀ´¸ôÀëÍøÂçÉ豸ºÍ·þÎñ£¬Ö»ÓÐÓµÓÐͬÑùÍøÂçÃû×Ö¿Õ¼äµÄÉ豸£¬²ÅÄÜ¿´µ½±Ë´Ë¡£

¿ÉÒÔÓÃip netns listÃüÁîÀ´²é¿´ÒѾ­´æÔÚµÄÃû×ֿռ䡣

$ ip net
qdhcp-ea3928dc-b1fd-4a1a-940e-82b8c55214e6
qrouter-40fff075-d3a2-477b-942c-6b1adb42e35e

qdhcp¿ªÍ·µÄÃû×Ö¿Õ¼äÊÇdhcp·þÎñÆ÷ʹÓõģ¬qrouter¿ªÍ·µÄÔòÊÇrouter·þÎñʹÓõġ£ ¿ÉÒÔͨ¹ý ip netns exec namespaceid command À´ÔÚÖ¸¶¨µÄÍøÂçÃû×Ö¿Õ¼äÖÐÖ´ÐÐÍøÂçÃüÁÀýÈç

# ip netns exec qdhcp-88b1609c-68e0-49ca-a658-f1edff54a264 ip addr
71: ns-f14c598d-98: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:10:2f:03 brd ff:ff:ff:ff:ff:ff
    inet 10.1.0.3/24 brd 10.1.0.255 scope global ns-f14c598d-98
    inet6 fe80::f816:3eff:fe10:2f03/64 scope link
       valid_lft forever preferred_lft forever

¿ÉÒÔ¿´µ½£¬dhcp·þÎñµÄÍøÂçÃû×Ö¿Õ¼äÖÐÖ»ÓÐÒ»¸öÍøÂç½Ó¿Ú¡°ns-f14c598d-98¡±£¬ËüÁ¬½Óµ½br-intµÄtapf14c598d-98½Ó¿ÚÉÏ¡£

DHCP ·þÎñ

dhcp·þÎñÊÇͨ¹ýdnsmasq½ø³Ì£¨ÇáÁ¿¼¶·þÎñÆ÷£¬¿ÉÒÔÌṩdns¡¢dhcp¡¢tftpµÈ·þÎñ£©À´ÊµÏֵģ¬¸Ã½ø³Ì°ó¶¨µ½dhcpÃû×Ö¿Õ¼äÖеÄbr-intµÄ½Ó¿ÚÉÏ¡£¿ÉÒԲ鿴Ïà¹ØµÄ½ø³Ì¡£

# ip netns exec qdhcp-88b1609c-68e0-49ca-a658-f1edff54a264 ip addr
71: ns-f14c598d-98: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:10:2f:03 brd ff:ff:ff:ff:ff:ff
    inet 10.1.0.3/24 brd 10.1.0.255 scope global ns-f14c598d-98
    inet6 fe80::f816:3eff:fe10:2f03/64 scope link
       valid_lft forever preferred_lft forever

¿ÉÒÔ¿´µ½£¬dhcp·þÎñµÄÍøÂçÃû×Ö¿Õ¼äÖÐÖ»ÓÐÒ»¸öÍøÂç½Ó¿Ú¡°ns-f14c598d-98¡±£¬ËüÁ¬½Óµ½br-intµÄtapf14c598d-98½Ó¿ÚÉÏ¡£

DHCP ·þÎñ

dhcp·þÎñÊÇͨ¹ýdnsmasq½ø³Ì£¨ÇáÁ¿¼¶·þÎñÆ÷£¬¿ÉÒÔÌṩdns¡¢dhcp¡¢tftpµÈ·þÎñ£©À´ÊµÏֵģ¬¸Ã½ø³Ì°ó¶¨µ½dhcpÃû×Ö¿Õ¼äÖеÄbr-intµÄ½Ó¿ÚÉÏ¡£¿ÉÒԲ鿴Ïà¹ØµÄ½ø³Ì¡£

# ps -fe | grep 88b1609c-68e0-49ca-a658-f1edff54a264
nobody   23195     1  0 Oct26 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order 
--bind-interfaces --interface=ns-f14c598d-98 --except-interface=
lo --pid-file=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/pid 
--dhcp-hostsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/host 
--dhcp-optsfile=/var/lib/neutron/dhcp/88b1609c-68e0-49ca-a658-f1edff54a264/opts 
--dhcp-script=/usr/bin/neutron-dhcp-agent-dnsmasq-lease-update --leasefile-ro 
--dhcp-range=tag0,10.1.0.0,static,120s --conf-file= --domain=openstacklocal
root     23196 23195  0 Oct26 ?        00:00:00 dnsmasq --no-hosts --no-resolv 
--strict-order --bind-interfaces --interf

·ÓÉ·þÎñ

Ê×ÏÈ£¬ÒªÀí½âʲôÊÇ router£¬routerÊÇÌṩ¿ç subnet µÄ»¥Áª¹¦Äܵġ£±ÈÈçÓû§µÄÄÚ²¿ÍøÂçÖÐÖ÷»úÏëÒª·ÃÎÊÍⲿ»¥ÁªÍøµÄµØÖ·£¬¾ÍÐèÒªrouterÀ´×ª·¢£¨Òò´Ë£¬ËùÓиúÍⲿÍøÂçµÄÁ÷Á¿¶¼±ØÐë¾­¹ýrouter£©¡£Ä¿Ç°routerµÄʵÏÖÊÇͨ¹ýiptables½øÐеġ£

ͬÑùµÄ£¬router·þÎñÒ²ÔËÐÐÔÚ×Ô¼ºµÄÃû×Ö¿Õ¼äÖУ¬¿ÉÒÔͨ¹ýÈçÏÂÃüÁî²é¿´£º

$ sudo ip net exec qrouter-40fff075-d3a2-477b-942c-6b1adb42e35e ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
49: qr-694450d6-f6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:5d:18:10 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-694450d6-f6
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe5d:1810/64 scope link
       valid_lft forever preferred_lft forever
50: qg-e76de35e-90: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:70:24:92 brd ff:ff:ff:ff:ff:ff
    inet 9.186.100.2/24 brd 9.186.100.255 scope global qg-e76de35e-90
       valid_lft forever preferred_lft forever
    inet 9.186.100.129/32 brd 9.186.100.129 scope global qg-e76de35e-90
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe70:2492/64 scope link
       valid_lft forever preferred_lft forever

¿ÉÒÔ¿´³ö£¬¸ÃÃû×Ö¿Õ¼äÖаüÀ¨Á½¸öÍøÂç½Ó¿Ú¡£

µÚÒ»¸ö½Ó¿Ú qr-694450d6-f6£¨10.0.0.1£©¸ú br-int ÉϵĽӿÚÏàÁ¬¡£¼´ÈÎºÎ´Ó br-int À´µÄÕÒ 10.0.0.1 £¨×⻧µÄ˽ÓÐÍø¶Î£©µÄÍø°ü¶¼»áµ½´ïÕâ¸ö½Ó¿Ú¡£

µÚ¶þ¸ö½Ó¿Ú qg-e76de35e-90 Á¬½Óµ½ br-ex ÉϵĽӿڣ¬¼´ÈκδÓÍⲿÀ´µÄÍø°ü£¬Ñ¯ÎÊ 9.186.100.2£¨Ä¬Èϵľ²Ì¬ NAT ÍⲿµØÖ·£©»ò 9.186.100.129£¨×⻧ÉêÇëµÄ floating IP µØÖ·£©£¬¶¼»áµ½´ïÕâ¸ö½Ó¿Ú¡£

²é¿´¸ÃÃû×Ö¿Õ¼äÖеÄ·ÓÉ±í£º

$ sudo ip net exec qrouter-40fff075-d3a2-477b-942c-6b1adb42e35e ip route
default via 9.186.100.1 dev qg-e76de35e-90
9.186.100.0/24 dev qg-e76de35e-90  proto kernel  scope link  src 9.186.100.2
10.0.0.0/24 dev qr-694450d6-f6  proto kernel  scope link  src 10.0.0.1

ĬÈÏÇé¿ö£¬ÒÔ¼°·ÃÎÊÍⲿÍøÂçµÄʱºò£¬ÐÝ»á´Ó qg-xxx ½Ó¿Ú·¢³ö£¬¾­¹ý br-ex ·¢²¼µ½ÍâÍø¡£

·ÃÎÊ×⻧ÄÚÍøµÄʱºò£¬»á´Ó qr-xxx ½Ó¿Ú·¢³ö£¬·¢¸ø br-int¡£

$ sudo ip net exec qrouter-40fff075-d3a2-477b-942c-6b1adb42e35e iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 9.186.100.129/32 -j DNAT --to-destination 10.0.0.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-e76de35e-90 !
-o qg-e76de35e-90 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p 
tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 9.186.100.129/32 -j DNAT --to-destination 10.0.0.2
-A neutron-vpn-agen-float-snat -s 10.0.0.2/32 -j SNAT --to-source 9.186.100.129
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 10.0.0.0/24 -j SNAT --to-source 9.186.100.2

ÆäÖÐSNATºÍDNAT¹æÔòÍê³ÉÍⲿ floating ip £¨9.186.100.129£©µ½ÄÚ²¿ ip£¨10.0.0.2£© µÄÓ³É䣺

-A neutron-vpn-agen-OUTPUT -d 9.186.100.129/32 -j DNAT --to-destination 10.0.0.2
-A neutron-vpn-agen-PREROUTING -d 9.186.100.129/32 -j DNAT --to-destination 10.0.0.2
-A neutron-vpn-agen-float-snat -s 10.0.0.2/32 -j SNAT --to-source 9.186.100.129

ÁíÍâÓÐÒ»ÌõSNAT¹æÔò°ÑËùÓÐÆäËûµÄÄÚ²¿IP³öÀ´µÄÁ÷Á¿¶¼Ó³Éäµ½ÍⲿIP 9.186.100.2¡£ÕâÑù¼´Ê¹ÔÚÄÚ²¿ÐéÄâ»úûÓÐÍⲿIPµÄÇé¿öÏ£¬Ò²¿ÉÒÔ·¢Æð¶ÔÍâÍøµÄ·ÃÎÊ¡£

-A neutron-vpn-agen-snat -s 10.0.0.0/24 -j SNAT --to-source 9.186.100.2
   
2107 ´Îä¯ÀÀ       31
 
Ïà¹ØÎÄÕÂ
ÔƼÆËãµÄ¼Ü¹¹
¶ÔÔƼÆËã·þÎñÄ£ÐÍ
ÔƼÆËãºËÐļ¼ÊõÆÊÎö
Á˽âÔƼÆËãµÄ©¶´
 
Ïà¹ØÎĵµ
ÔƼÆËã¼ò½é
ÔƼÆËã¼ò½éÓëÔÆ°²È«
ÏÂÒ»´úÍøÂç¼ÆËã--ÔƼÆËã
ÈídzÎöÔƼÆËã
 
Ïà¹Ø¿Î³Ì
ÔƼÆËãÔ­ÀíÓëÓ¦ÓÃ
ÔƼÆËãÓ¦ÓÃÓ뿪·¢
CMMIÌåϵÓëʵ¼ù
»ùÓÚCMMI±ê×¼µÄÈí¼þÖÊÁ¿±£Ö¤
×îл¼Æ»®
DeepSeek´óÄ£ÐÍÓ¦Óÿª·¢ 6-12[ÏÃÃÅ]
È˹¤ÖÇÄÜ.»úÆ÷ѧϰTensorFlow 6-22[Ö±²¥]
»ùÓÚ UML ºÍEA½øÐзÖÎöÉè¼Æ 6-30[±±¾©]
ǶÈëʽÈí¼þ¼Ü¹¹-¸ß¼¶Êµ¼ù 7-9[±±¾©]
Óû§ÌåÑé¡¢Ò×ÓÃÐÔ²âÊÔÓëÆÀ¹À 7-25[Î÷°²]
ͼÊý¾Ý¿âÓë֪ʶͼÆ× 8-23[±±¾©]
ר¼ÒÊӽǿ´ITÓë¼Ü¹¹
Èí¼þ¼Ü¹¹Éè¼Æ
ÃæÏò·þÎñÌåϵ¼Ü¹¹ºÍÒµÎñ×é¼þµÄ˼¿¼
ÈËÈËÍøÒƶ¯¿ª·¢¼Ü¹¹
¼Ü¹¹¸¯»¯Ö®ÃÕ
̸ƽ̨¼´·þÎñPaaS
Ïà¹ØÅàѵ¿Î³Ì
ÔƼÆËãÔ­ÀíÓëÓ¦ÓÃ
Windows Azure ÔƼÆËãÓ¦ÓÃ
ĦÍÐÂÞÀ­ ÔÆƽ̨µÄ¹¹½¨ÓëÓ¦ÓÃ
ͨÓù«Ë¾GE DockerÔ­ÀíÓëʵ¼ù
ijÑз¢ÖÐÐÄ Openstackʵ¼ù
ÖªÃûµç×Ó¹«Ë¾ ÔÆƽ̨¼Ü¹¹ÓëÓ¦ÓÃ
ijµçÁ¦ÐÐÒµ »ùÓÚÔÆƽ̨¹¹½¨ÔÆ·þÎñ
ÔƼÆËãÓëWindows AzureÅàѵ
±±¾© ÔƼÆËãÔ­ÀíÓëÓ¦ÓÃ