|
|
http://jasonyu37.blog.51cto.com/8877469/1536589
上一篇,有一个问题,那就是,如果我想给外网提供服务(把External Network 和 Management Network分开), 怎么做?这个应该是很实用的。但是我是个穷人,没有两块网卡。
然后我就去看了vmware的workstation 网络相关的,有一个VMnet1(192.168.179.0/24),是hostonly模式。在VM上添加一个网卡,选择自定义模式(VMNet1),这样相当于在主机上插了一块网卡,eth2出来了,设置IP,192.168.179.20,笔记本上ping,通了。
其他地方就和上一篇差不多了,就是br-ex桥接到eth2就行了,
#传说中的management network
#cat ifcfg-eth1
TYPE=Ethernet
IPV6INIT=no
NAME=eth1
UUID=0e6e86b5-721d-4219-a9fd-2076990f9e1f
ONBOOT=yes
HWADDR=00:0C:29:39:36:53
BOOTPROTO=none
IPADDR=192.168.1.20
PREFIX=24
GATEWAY=192.168.1.1
DNS1=202.106.0.20
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
LAST_CONNECT=1401649435
#传说中的external network
# cat ifcfg-eth2
HWADDR=00:0C:29:39:36:5D
DEVICE=eth2
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
# BOOTPROTO=none
# IPADDR=192.168.179.20
# PREFIX=24
# GATEWAY=192.168.179.1
# DNS1=202.106.0.20
# DEFROUTE=yes
# IPV4_FAILURE_FATAL=yes
# IPV6INIT=no
# NAME=eth2
# UUID=dd6c8917-b2ac-40a8-ad29-ad165df9e2a6
# ONBOOT=yes
LAST_CONNECT=1407354181
#cat ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.179.20
NETMASK=255.255.255.0
ONBOOT=yes
登录到dashboard.
1, 添加外部网络(就是VMNet1网络) External_Network
添加 External_Subnet 192.168.179.0/24
2, 添加私有网络(就是VM所使用的网络) Private_Network
添加Private_Subnet 172.16.1.0/24
3, 添加路由器,router, 设置网关gateway为外部网络External_Subnet.
在路由器router上, 添加 172.16.1.0/24 子网的接口
4, 启动实例, 选择 Private_Subnet.
5,设置 floating IP. (192.168.179.101)
6,设置安全规则,允许icmp和ssh对内部网络的访问.
# ip netns exec qrouter-9bd86521-4685-4af8-9264-176fae5e2a5c ip addr
19: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
20: qg-3f586ddc-60: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:e0:66:3f brd ff:ff:ff:ff:ff:ff
inet 192.168.179.100/24 brd 192.168.179.255 scope global qg-3f586ddc-60
inet 192.168.179.101/32 brd 192.168.179.101 scope global qg-3f586ddc-60
inet6 fe80::f816:3eff:fee0:663f/64 scope link
valid_lft forever preferred_lft forever
21: qr-575f4992-4c: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:79:e2:b0 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global qr-575f4992-4c
inet6 fe80::f816:3eff:fe79:e2b0/64 scope link
valid_lft forever preferred_lft forever
# ip netns exec qrouter-9bd86521-4685-4af8-9264-176fae5e2a5c iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A neutron-l3-agent-OUTPUT -d 192.168.179.101/32 -j DNAT --to-destination 172.16.1.2
-A neutron-l3-agent-POSTROUTING ! -i qg-3f586ddc-60 ! -o qg-3f586ddc-60 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 192.168.179.101/32 -j DNAT --to-destination 172.16.1.2
-A neutron-l3-agent-float-snat -s 172.16.1.2/32 -j SNAT --to-source 192.168.179.101
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 172.16.1.0/24 -j SNAT --to-source 192.168.179.100
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
上个图吧:
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-6-2 08:39:32
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡