what?
vlan network 是带 tag 的网络,是实际应用最广泛的网络类型。
下图是 vlan100 网络的示例:
vlan100.png
因为物理网卡 eth1 上面可以走多个 vlan 的数据,那么物理交换机上与 eth1 相连的的 port 要设置成 trunk 模式,而不是 access 模式。
how?
- 设置默认网络类型:
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vlan
- 设置vlan的范围:
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges physnet1:3001:4000
- 检查ml2配置
[root@openstack-controller ~]# grep -C1 "^[a-z]" /etc/neutron/plugins/ml2/ml2_conf.ini | grep -Ev "^#|^-"
[ml2]
type_drivers = local,flat,vlan,gre,vxlan
tenant_network_types = vlan
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vlan]
network_vlan_ranges = physnet1:3001:4000
[securitygroup]
enable_ipset = True
- 检查网桥控制
[root@openstack-controller ~]# grep -C1 "^[a-z]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini | grep -Ev "^-|^#"
[linux_bridge]
physical_interface_mappings = physnet1:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 重启相关网络服务:
systemctl restart neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-linuxbridge-agent.service
- 创建网络:
[root@openstack-controller ~]# neutron net-create --shared --provider:network_type vlan --provider:physical_network physnet1 first-vlan
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 11d7cb82-7e8f-4d18-8d64-154ec7aea6f5 |
| mtu | 0 |
| name | first-vlan |
| port_security_enabled | True |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1067 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+---------------------------+--------------------------------------+
- 创建subnet:
[root@openstack-controller ~]# neutron subnet-create --name vlan100 --gateway 172.16.100.1 --allocation-pool start=172.16.100.100,end=172.16.100.200 --dns-nameserver 8.8.8.8 --enable-dhcp 11d7cb82-7e8f-4d18-8d64-154ec7aea6f5 172.16.100.0/24
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "172.16.100.100", "end": "172.16.100.200"} |
| cidr | 172.16.100.0/24 |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 172.16.100.1 |
| host_routes | |
| id | df22e0c7-370c-4678-a19a-2eb8f8caecaa |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | vlan100 |
| network_id | 11d7cb82-7e8f-4d18-8d64-154ec7aea6f5 |
| subnetpool_id | |
| tenant_id | 471592a4281e4223b2ad578b5c9b8442 |
+-------------------+------------------------------------------------------+
- 创建虚拟机:
[root@openstack-controller ~]# nova boot --flavor cirros --image cirros --key-name mykey --security-groups default --nic net-id=11d7cb82-7e8f-4d18-8d64-154ec7aea6f5 instance-vlan100-1
[root@openstack-controller ~]# nova boot --flavor cirros --image cirros --key-name mykey --security-groups default --nic net-id=11d7cb82-7e8f-4d18-8d64-154ec7aea6f5 instance-vlan100-2
- 检查网络变化:
[root@openstack-controller ~]# brctl show
bridge name bridge id STP enabled interfaces
brq11d7cb82-7e 8000.000c2927f89e no eth1.1067
tap8b0e08f8-24
[root@openstack-controller ~]# ip link list
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:27:f8:94 brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:27:f8:9e brd ff:ff:ff:ff:ff:ff
4: tap8b0e08f8-24@if2: mtu 1500 qdisc noqueue master brq11d7cb82-7e state UP mode DEFAULT qlen 1000
link/ether d2:10:22:ab:80:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0
5: eth1.1067@eth1: mtu 1500 qdisc noqueue master brq11d7cb82-7e state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:27:f8:9e brd ff:ff:ff:ff:ff:ff
6: brq11d7cb82-7e: mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:27:f8:9e brd ff:ff:ff:ff:ff:ff
[root@openstack-compute ~]# brctl show
bridge name bridge id STP enabled interfaces
brq11d7cb82-7e 8000.000c290a9852 no eth1.1067
tap3ebca4e1-1b
tap4742ee50-7f
[root@openstack-compute ~]# ip link list
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:0a:98:48 brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:0a:98:52 brd ff:ff:ff:ff:ff:ff
4: brq11d7cb82-7e: mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:0a:98:52 brd ff:ff:ff:ff:ff:ff
5: tap4742ee50-7f: mtu 1500 qdisc pfifo_fast master brq11d7cb82-7e state UNKNOWN mode DEFAULT qlen 1000
link/ether fe:16:3e:40:70:08 brd ff:ff:ff:ff:ff:ff
6: eth1.1067@eth1: mtu 1500 qdisc noqueue master brq11d7cb82-7e state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:0a:98:52 brd ff:ff:ff:ff:ff:ff
7: tap3ebca4e1-1b: mtu 1500 qdisc pfifo_fast master brq11d7cb82-7e state UNKNOWN mode DEFAULT qlen 1000