Neutron运行机制解析

一 关于ip addr和ovs-vsctl show命令

计算节点：

网络节点：

二 计算节点和控制节点网络内部逻辑图

三 虚拟网络设备命名规则

q-quantum、v-veth、br-bridge、o-openvSwitch

qvo: veth pair openvswitch side

qvb: veth pair bridge side

qbr: bridge

qr: l3 agent managed port, router side

qg: l3 agent managed port, gateway side

四 计算节点单虚拟机连接网络拓扑

五 计算节点整体网络拓扑

六 节点间通过GRE隧道通信

七 网络节点openvswitch内部网络拓扑

八 网络节点openvswitch和外部网络通信拓扑

DHCP相关端口

路由相关端口，下图中qg和br-ex连，qr和br-ini相连

[root@network0 ~]# ip -d link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:9c:e5:56 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:42:26:7b brd ff:ff:ff:ff:ff:ff
4: eth2:  mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:56:10:6c brd ff:ff:ff:ff:ff:ff
5: eth3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:35:5e:ab brd ff:ff:ff:ff:ff:ff
6: ovs-system:  mtu 1500 qdisc noop state DOWN
    link/ether da:bf:58:46:7b:4f brd ff:ff:ff:ff:ff:ff
7: br-ex:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 08:00:27:42:26:7b brd ff:ff:ff:ff:ff:ff
9: br-int:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 4a:f0:1c:b0:ef:45 brd ff:ff:ff:ff:ff:ff
13: virbr0:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 52:54:00:a0:04:3d brd ff:ff:ff:ff:ff:ff
    bridge
14: virbr0-nic:  mtu 1500 qdisc noop state DOWN qlen 500
    link/ether 52:54:00:a0:04:3d brd ff:ff:ff:ff:ff:ff
    tun
16: br-tun:  mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 7a:2a:d2:c3:aa:43 brd ff:ff:ff:ff:ff:ff

连接外网

九 Neuteon的iptables机制

路由规则：目的IP是192.168.2.0/24网段，走qr端口（内网），其它IP都走qg端口（外网）

NAT规则

十 注意

启动虚拟机后才会有tap设备，简单理解是虚拟机的网络端口。

Iptables不兼容openvswitch，要实现iptables，就引入了Linux Bridge，安全组策略由Linux Bridge实现。所以每一个虚拟机都有一个虚拟网桥。

Veth pair理解为一根虚拟网线。一端连到qbr，一端连到br-int.