neutron基础五(vxlans)
架构图画的有点屎,凑合看
架构就是两台服务器
192.168.139.55
192.168.139.221
两台机器先都关闭防火墙,iptables selinux等
在每个服务器上分建立两个namespace:zou和huiying
服务器和namespace通过veth peer连接
55服务器上的两个namespace中的ip都是 10.1.0.5
221服务器上的两个namespace中的ip都是10.1.0.6
每台服务器上设置个两个vxlan,remote都设置成 对方的ip
每台服务器建立两个桥接,每个桥接都对应一个namespace,
桥接上一头接连接namespace的veth 中的一头
另一头接vxlan
这样保证一台服务器上的某个namespace
和另一个服务器上的相同的namespace之间是可以互相ping通的,而且namespace之间的ip是可以相同且互不影响的
现在192.168.139.221这台机器上操作:
开启vxlan的内核模块
添加两个namespace
添加veth peer,并把一头扔进namespace
建立两个桥接
并把veth peer的另一头放到桥上
简历两个vxlan,并把他绑定到对应的桥上,
注意vxlan的remote 指向另一头的ip
查看vxlan
把相应的veth peer namespace中的lo,桥,vxlan都up起来
配置另一台机器139.55,类似的操作,只要把vxlan的remote的ip指向221
这样55对应的两个namespace中的IP都为 10.1.0.5
221对应的两个namespace重点ip都为 10.1.0.6
在55中
先查看vxlan的mac地址
再ping 221那台机器上的namespace中的ip
在221上查看
zou这个namespace中
可以对比对应的mac地址观察
另一个命名空间huiying则没有反应
bridge fdb
架构就是两台服务器
192.168.139.55
192.168.139.221
两台机器先都关闭防火墙,iptables selinux等
[root@centos7 ~]# systemctl stop firewalld [root@centos7 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@centos7 ~]# [root@centos7 ~]# iptables -F
在每个服务器上分建立两个namespace:zou和huiying
服务器和namespace通过veth peer连接
55服务器上的两个namespace中的ip都是 10.1.0.5
221服务器上的两个namespace中的ip都是10.1.0.6
每台服务器上设置个两个vxlan,remote都设置成 对方的ip
每台服务器建立两个桥接,每个桥接都对应一个namespace,
桥接上一头接连接namespace的veth 中的一头
另一头接vxlan
这样保证一台服务器上的某个namespace
和另一个服务器上的相同的namespace之间是可以互相ping通的,而且namespace之间的ip是可以相同且互不影响的
现在192.168.139.221这台机器上操作:
开启vxlan的内核模块
[root@magnum ~]# modprobe vxlan [root@magnum ~]# lsmod|grep vxlan vxlan 41236 0 ip6_udp_tunnel 12755 1 vxlan udp_tunnel 13187 1 vxlan
添加两个namespace
[root@magnum ~]# ip netns add zou [root@magnum ~]# ip netns add huiying [root@magnum ~]# ip netns
添加veth peer,并把一头扔进namespace
[root@magnum ~]# ip link add zouveth0 type veth peer name zouveth1
[root@magnum ~]# ip link add hyveth0 type veth peer name hyveth1
[root@magnum ~]#
[root@magnum ~]# ip link set zouveth1 netns zou
[root@magnum ~]# ip link set hyveth1 netns huiying
[root@magnum ~]#
[root@magnum ~]# ip netns exec zou ip addr add dev zouveth1 10.1.0.5/24
[root@magnum ~]# ip netns exec huiying ip addr add dev hyveth1 10.1.0.5/24
[root@magnum ~]# ip netns exec zou ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: zouveth1@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ca:c6:5f:d3:4d:78 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.1.0.5/24 scope global zouveth1
valid_lft forever preferred_lft forever
建立两个桥接
并把veth peer的另一头放到桥上
[root@magnum ~]# brctl addbr br-zou [root@magnum ~]# brctl addbr br-hy [root@magnum ~]# brctl show bridge name bridge id STP enabled interfaces br-hy 8000.000000000000 no br-zou 8000.000000000000 no virbr0 8000.525400f67072 yes virbr0-nic [root@magnum ~]# [root@magnum ~]# brctl addif br-zou zouveth0 [root@magnum ~]# brctl addif br-hy hyveth0
简历两个vxlan,并把他绑定到对应的桥上,
注意vxlan的remote 指向另一头的ip
[root@magnum ~]# ip link add vxlan-10 type vxlan id 10 remote 192.168.139.55 dev eth0
vxlan: destination port not specified
Will use Linux kernel default (non-standard value)
Use 'dstport 4789' to get the IANA assigned value
Use 'dstport 0' to get default and quiet this message
[root@magnum ~]#
[root@magnum ~]#
[root@magnum ~]# ip link add vxlan-20 type vxlan id 20 remote 192.168.139.55 dev eth0
vxlan: destination port not specified
Will use Linux kernel default (non-standard value)
Use 'dstport 4789' to get the IANA assigned value
Use 'dstport 0' to get default and quiet this message
[root@magnum ~]#
[root@magnum ~]# brctl addif br-zou vxlan-10
[root@magnum ~]# brctl addif br-hy vxlan-20
[root@magnum ~]# brctl show
bridge name bridge id STP enabled interfaces
br-hy 8000.2a1d69b51d52 no hyveth0
vxlan-20
br-zou 8000.1a724b6efa37 no vxlan-10
zouveth0
virbr0 8000.525400f67072 yes virbr0-nic
查看vxlan
[root@magnum ~]# ip -d link show vxlan-10
11: vxlan-10: <BROADCAST,MULTICAST> mtu 1450 qdisc noop master br-zou state DOWN mode DEFAULT
link/ether 92:fa:81:6a:1a:53 brd ff:ff:ff:ff:ff:ff promiscuity 1
vxlan id 10 remote 192.168.139.55 dev eth0 srcport 0 0 dstport 8472 ageing 300 addrgenmode eui64
[root@magnum ~]# ip -d link show vxlan-20
12: vxlan-20: <BROADCAST,MULTICAST> mtu 1450 qdisc noop master br-hy state DOWN mode DEFAULT
link/ether 2a:1d:69:b5:1d:52 brd ff:ff:ff:ff:ff:ff promiscuity 1
vxlan id 20 remote 192.168.139.55 dev eth0 srcport 0 0 dstport 8472 ageing 300 addrgenmode eui64
[root@magnum ~]#
把相应的veth peer namespace中的lo,桥,vxlan都up起来
[root@magnum ~]# ip link set dev zouveth0 up [root@magnum ~]# ip link set dev hyveth0 up [root@magnum ~]# [root@magnum ~]# ip netns exec zou ip link set dev zouveth1 up [root@magnum ~]# ip netns exec huiying ip link set dev hyveth1 up [root@magnum ~]# [root@magnum ~]# ip netns exec zou ip link set dev lo up [root@magnum ~]# ip netns exec huiying ip link set dev lo up [root@magnum ~]# [root@magnum ~]# ip link set dev br-zou up [root@magnum ~]# [root@magnum ~]# ip link set dev br-hy up [root@magnum ~]# [root@magnum ~]# ip link set dev vxlan-10 up [root@magnum ~]# [root@magnum ~]# ip link set dev vxlan-20 up
配置另一台机器139.55,类似的操作,只要把vxlan的remote的ip指向221
modprobe vxlan lsmod|grep vxlan ip netns add zou ip netns add huiying ip netns show ip link add zouveth0 type veth peer name zouveth1 ip link add hyveth0 type veth peer name hyveth1 ip link set zouveth1 netns zou ip link set hyveth1 netns huiying ip netns exec zou ip a add dev zouveth1 10.1.0.5/24 ip netns exec huiying ip a add dev hyveth1 10.1.0.5/24 brctl addbr br-zou brctl addbr br-hy brctl addif br-zou zouveth0 brctl addif br-hy hyveth0 brctl show ip link add vxlan-10 type vxlan id 10 remote 192.168.139.221 dev eth0 ip link add vxlan-20 type vxlan id 20 remote 192.168.139.221 dev eth0 ip -d link show vxlan-10 ip -d link show vxlan-20 brctl addif br-zou vxlan-10 brctl addif br-hy vxlan-20 brctl show ip link set dev zouveth0 up ip link set dev hyveth0 up ip netns exec zou ip link set dev zouveth1 up ip netns exec huiying ip link set dev hyveth1 up ip netns exec zou ip link set dev lo up ip netns exec huiying ip link set dev lo up ip link set dev br-zou up ip link set dev br-hy up ip link set dev vxlan-10 up ip link set dev vxlan-20 up
这样55对应的两个namespace中的IP都为 10.1.0.5
221对应的两个namespace重点ip都为 10.1.0.6
在55中
先查看vxlan的mac地址
[root@centos7 ~]# ip netns exec zou ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: zouveth1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether da:6f:4f:60:05:cd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@centos7 ~]#
再ping 221那台机器上的namespace中的ip
[root@centos7 ~]# ip netns exec zou ping 10.1.0.6 PING 10.1.0.6 (10.1.0.6) 56(84) bytes of data. 64 bytes from 10.1.0.6: icmp_seq=1 ttl=64 time=0.026 ms 64 bytes from 10.1.0.6: icmp_seq=2 ttl=64 time=0.031 ms
在221上查看
zou这个namespace中
[root@magnum ~]# ip netns exec zou tcpdump -i zouveth1 -e -l -v|grep "da.*6f" tcpdump: listening on zouveth1, link-type EN10MB (Ethernet), capture size 65535 bytes 15:12:13.848660 da:6f:4f:60:05:cd (oui Unknown) > ca:c6:5f:d3:4d:78 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 63120, offset 0, flags [DF], proto ICMP (1), length 84) 15:12:13.848693 ca:c6:5f:d3:4d:78 (oui Unknown) > da:6f:4f:60:05:cd (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 16897, offset 0, flags [none], proto ICMP (1), length 84) 15:12:14.849065 da:6f:4f:60:05:cd (oui Unknown) > ca:c6:5f:d3:4d:78 (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 63121, offset 0, flags [DF], proto ICMP (1), length 84) 15:12:14.849095 ca:c6:5f:d3:4d:78 (oui Unknown) > da:6f:4f:60:05:cd (oui Unknown), ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 16898, offset 0, flags [none], proto ICMP (1), length 84)
可以对比对应的mac地址观察
另一个命名空间huiying则没有反应
[root@magnum ~]# ip netns exec huiying tcpdump -i hyveth1 -e -l -v|grep "da.*6f" tcpdump: listening on hyveth1, link-type EN10MB (Ethernet), capture size 65535 bytes
bridge fdb
[root@centos7 ~]# bridge fdb 01:00:5e:00:00:01 dev eth0 self permanent 33:33:00:00:00:01 dev eth0 self permanent 33:33:ff:aa:80:17 dev eth0 self permanent 01:00:5e:00:00:fb dev eth0 self permanent 52:54:00:71:94:cc dev virbr0-nic master virbr0 permanent 02:79:96:c5:98:ab dev virbr0 vlan 1 master virbr0 permanent 52:54:00:71:94:cc dev virbr0-nic vlan 1 master virbr0 permanent 01:00:5e:00:00:01 dev virbr0-nic self permanent 33:33:00:00:00:01 dev zouveth0 self permanent 01:00:5e:00:00:01 dev zouveth0 self permanent 33:33:ff:72:d9:0a dev zouveth0 self permanent 33:33:00:00:00:01 dev hyveth0 self permanent 01:00:5e:00:00:01 dev hyveth0 self permanent 33:33:ff:b6:40:3f dev hyveth0 self permanent de:6b:2c:60:e9:c5 dev vxlan-10 vlan 1 master br-zou permanent ca:c6:5f:d3:4d:78 dev vxlan-10 master br-zou 7a:c0:eb:72:d9:0a dev zouveth0 vlan 1 master br-zou permanent da:6f:4f:60:05:cd dev zouveth0 master br-zou 7a:c0:eb:72:d9:0a dev zouveth0 master br-zou permanent de:6b:2c:60:e9:c5 dev vxlan-10 master br-zou permanent 46:78:2b:25:71:e9 dev br-zou vlan 1 master br-zou permanent 4a:30:4f:b6:40:3f dev hyveth0 vlan 1 master br-hy permanent fa:09:12:47:8f:77 dev br-hy vlan 1 master br-hy permanent 0e:f6:b2:b5:cb:d9 dev vxlan-20 vlan 1 master br-hy permanent 0e:f6:b2:b5:cb:d9 dev vxlan-20 master br-hy permanent 4a:30:4f:b6:40:3f dev hyveth0 master br-hy permanent 00:00:00:00:00:00 dev vxlan-10 dst 192.168.139.221 via eth0 self permanent ca:c6:5f:d3:4d:78 dev vxlan-10 dst 192.168.139.221 self 00:00:00:00:00:00 dev vxlan-20 dst 192.168.139.221 via eth0 self permanent [root@centos7 ~]#