Openstack Neutron 网络配置(OpenvSwitch)
目录:[*]启用OVS
[*]配置VDR
启用OVS
安装openvswitch
apt install neutron-openvswitch-agent
查看neutron agent-list
root@server01:~# neutron agent-list
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
| 2b37ee1e-a0a6-40e2-9d23-cd48aac362ea | Metadata agent | server01 | | :-) | True | neutron-metadata-agent |
| 582645c0-ed97-484f-9f6c-97b0dd0301d2 | Open vSwitch agent | server01 | | :-) | True | neutron-openvswitch-agent |
| 989f6ba7-87b0-4851-801a-90392b5ce90f | Open vSwitch agent | server03 | | :-) | True | neutron-openvswitch-agent |
| 98d66775-2d19-4ebe-8812-6b51fc526e11 | DHCP agent | server01 | nova | :-) | True | neutron-dhcp-agent |
| edc3832d-4554-41ed-a16a-800e6842d583 | Open vSwitch agent | server02 | | :-) | True | neutron-openvswitch-agent |
| f58aea27-510c-4dd6-aa58-c2da53866d34 | L3 agent | server01 | nova | :-) | True | neutron-l3-agent |
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
修改/etc/neutron/plugins/ml2/ml2_conf.ini(neutron server上配置)
ml2 - mechanism_drivers
type_drivers = local,flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = provider
ml2_type_vxlan
vni_ranges = 1:1000
修改/etc/neutron/plugins/ml2/openvswitch_agent.ini(所有neutron agent上配置)
tunnel_types = vxlan
l2_population = true
arp_responder = true
integration_bridge = br-int
tunnel_bridge = br-tun
int_peer_patch_port = patch-tun
tun_peer_patch_port = patch-int
local_ip = 10.10.10.1
L3_agent dhcp_agent 配置文件的interface_driver也需要修改为OVS
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
重启服务
service neutron-service restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart
查看ovs
root@server03:~# ovs-vsctl show
2b432694-a32a-4b05-b5de-f942357dd5f1
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Bridge br-int
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
ovs_version: "2.6.0"
配置DVR
通过使用 DVR,三层的转发(L3 Forwarding)和 NAT 功能都会被分布到计算节点上,这意味着计算节点也有了网络节点的功能。但是,DVR 依然不能消除集中式的 Virtual Router,这是为了节省宝贵的 IPV4 公网地址,所有依然将 SNAT 放在网络节点上提供。这样,计算和网络节点就看起来如下:
[*]网络节点:提供 南-北 SNAT,即在不使用浮动 IP 时,虚机访问外网的网络得经过网络节点。也就是说,网络节点依然必须走传统的 HA 解决方法,比如 VRRP 和 PeaceMaker。但可惜的是,Juno 版本不支持同时使用 HA 和 DVR。
[*]计算节点:提供 南-北 DNAT, 即外网访问虚机的网络流量得经过计算节点;以及 东-西 转发,即虚机之间的网络经过计算节点。因为所有计算节点的参与,这部分的网络处理负载也就自然地被均衡了。
配置步骤
1、compute节点安装l3-agent
apt install neutron-l3-agent
2、修改Neutron.conf
[*]router_distributed = True
[*]This sets the default for new router creation to be DVR.
[*]The admin user can convert existing routers to distributed without setting this option to True.
3、修改L3 Agent.ini (l3_agent.ini)
[*]Network host (or single node deployment)
[*]agent_mode = dvr_snat
[*]use_namespaces = True
[*]Compute host
[*]agent_mode = dvr
[*]use_namespaces = True
4、修改L2 Agent.ini (ml2_conf.ini)
[*]ml2_conf.ini
[*]ml2 section
[*]append ",l2population" to mechanism_drivers
[*]agent section (在newton版本中该部分配置以及分裂到linuxbridge_agent.ini或openvswitch_agent.ini中)
[*]l2_population = True
[*]tunnel_types = vxlan
[*]enable_distributed_routing = True
5、修改ipv4_forward
root@compute2:/var/log/nova# vi /etc/sysctl.conf
root@compute2:/var/log/nova# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
验证:
1、创建一个DVR
2、关联Interface
3、Interface下关联Instance
4、在每个关联了Instance的Compute节点查看 ip netns list
会看到相同的qrouter-xxxx
页:
[1]