11. OpenStack networking concepts
• Tenant networks
Flat, VLAN, GRE and VXLAN
• Provider networks
• Subnets
• Ports
• Routers
• Security groups
• Extensions
12. ML2 (Modular Layer 2)
Tenant network types
• Local
• VLAN
• GRE
• VXLAN
Mechanism
• Linux bridge
• Open vSwitch
• L2 population
• Specialized
• Open source
• Proprietary
(vendor)
Agents
• L3
• DHCP
• Metadata
13. ML2 (Modular Layer 2)
・ML2 让大家不局限于每次只能用一种 plugin ( Linux Bridge / OVS )
・底下的实现可以不同,不管是 KVM 还是 hyper-V,只要它们共用一个
VLAN,它们就能通讯。
・让 L3 变成了 L3 as a Service plugin
14. L2 population
为什么需要?
1. Unicast(MAC 未被习得时), multicast, broadcast traffic is flooded
out tunnels to all other compute nodes
2. 有非常多的 ARP,有没有好一点的办法处理它们
3. 如果一个 node 上根本没有 VM,那么那个 node 还需不需要收到那些
broadcast。
http://assafmuller.com/2014/02/23/ml2-address-population/
15. L2 population
L2 population 在宿主机通过 Proxy ARP,
提前拦下 ARP 请求,主动根据数据库回答目标主机在哪。
Without L2 pop With L2 pop
http://docs.openstack.org/admin-guide-cloud/content/ml2_l2pop_scenarios.html
20. Network node cpu-node2cpu-node1
Scenario3: with DVR (Distributed Virtual Router)
SNAT
Router
External
VM with
Network1
VM with
Network2
E-W Traffic
N-S Traffic
(with floating IPs)
Distributed
Router
Distributed
Router
N-S Traffic
(with floating IPs)
N-S Traffic
(without floating IPs)
・East/west traffic:
同个 tenant 的不同 networks。compute-node 之间直接发送,不再需
要走 network-node。
・North/south traffic with floating IPs:
直接由 compute-node 进行路由,不再需要走 network-node。
・North/south traffic without floating IPs:
仍旧去 network-node,走 SNAT 出去。
21. Deploy OpenStack Env
• Devstack
• Salt - cloudbase/salt-openstack
• Docker - stackforge/kolla
• Puppet
• Chef
• Juju
• TripleO - OpenStack on OpenStack
• …
22. Devstack Gate
• http://ci.openstack.org/devstack-gate.html
• An integration test
• All changes to core OpenStack projects are “gated”
on a set of tests so that it will not be merged into the
main repository unless it passes all of the configured
tests.
29. ip link
ip link show up
ip addr # shows status of all physical and virtual devices
ip addr show to/dev/label ... # ip addr show label 'eth*'
ip route show to 10.18.5.0/24
ip route show table main
ip route show to/from/table/type/dev/via/src ...
ip route get to/from/... ...
# Set a Route to the Locally Connected Network eth0
ip route add 192.168.1.0/24 dev eth0
# Set a default route
ip route add default via 192.168.1.254
ip netns
ip netns exec namespasce command
brctl show
ovs-vsctl show # shows interfaces and bridges in the virtual switch
ovs-vsctl add-br br-name
ovs-vsctl add-port br-name interface
ovs-dpctl show # shows data path on the switch
ovs-ofctl dump-flows br-tun
iptables -L -n -v # check iptables rules
iptables-save
tcpdump -n -i interface -w filename
31. How to config br-ex
http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.install-plug-in.ovs.html
http://assafmuller.com/2015/04/06/multinode-dvr-devstack/
But,
32. how?
ifconfig br-ex promisc up
ifconfig eth0 0.0.0.0
ifconfig eth0 promisc
ifconfig br-ex 10.0.2.21 netmask 255.255.255.0
ovs-vsctl add-port br-ex eth0
# Then, re-add the default route if needed
ip route add default via 10.0.2.2