|
|
|
在CentOS7上配置Open vSwitch和VXLAN
环境
实验环境
主机环境
[yuwh@node0 ~]$ uname -a
Linux node0 3.10.0-123.9.3.el7.x86_64 #1 SMP Thu Nov 6 15:06:03 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[yuwh@node0 ~]$ cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)Open vSwitch
安装Open vSwitch
[root@node0 ~]# yum -y install wget openssl-devel kernel-devel
[root@node0 ~]# yum groupinstall "Development Tools"
[root@node0 ~]# yum -y install wget openssl-devel kernel-devel
[root@node0 ~]# yum groupinstall "Development Tools"
[root@node0 ~]# adduser ovswitch
[root@node0 ~]# su - ovswitch
[ovswitch@node0 ~]$ wget http://openvswitch.org/releases/openvswitch-2.3.0.tar.gz
[ovswitch@node0 ~]$ tar xfz openvswitch-2.3.0.tar.gz
[ovswitch@node0 ~]$ mkdir -p ~/rpmbuild/SOURCES
[ovswitch@node0 ~]$ cp openvswitch-2.3.0.tar.gz ~/rpmbuild/SOURCES
去除Nicira提供的openvswitch-kmod依赖包,创建新的spec文件
[ovswitch@node0 ~]$ sed 's/openvswitch-kmod, //g' openvswitch-2.3.0/rhel/openvswitch.spec > openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec
[ovswitch@node0 ~]$ rpmbuild -bb --without check ~/openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec
[ovswitch@node0 ~]$ exit
[root@node0 ~]# yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.0-1.x86_64.rpm
安装完成,验证一下:
[root@node0 ~]# rpm -qf `which ovs-vsctl`
openvswitch-2.3.0-1.x86_64启动Open vSwitch
SELinux会影响Open vSwitch的运行,比如报错:
error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory)原因是没有权限修改/etc/openvswitch的owner
如果环境允许可用关掉SELinux;想保持enabled需要做如下修改:
[root@node0 ~]# mkdir /etc/openvswitch
[root@node0 ~]# semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?"
[root@node0 ~]# restorecon -Rv /etc/openvswitch
启动服务:
[root@node0 ~]# systemctl start openvswitch.service查看结果:
[root@node0 ~]# systemctl -l status openvswitch.service
配置Open vSwitch
ovs-vsctl add-br ovsbr0去掉NetworkManager
systemctl stop NetworkManager.service
systemctl disable NetworkManager.service改用network.services,修改/etc/sysconfig/network-scripts/下的配置文件
/etc/sysconfig/network-scripts/ifcfg-mgmt0
DEVICE=mgmt0
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSIntPort
OVS_BRIDGE=ovsbr0
USERCTL=no
BOOTPROTO=none
HOTPLUG=no
IPADDR0=10.0.0.2
PREFIX0=23/etc/sysconfig/network-scripts/ifcfg-ovsbr0
DEVICE=ovsbr0
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSBridge
HOTPLUG=no
USERCTL=no/etc/sysconfig/network-scripts/ifcfg-enp2s0f0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp2s0f0
UUID=d81f76d3-7163-42d3-bc07-d936a8536d17
ONBOOT=yes
IPADDR=192.168.3.4
PREFIX=23
GATEWAY=192.168.3.1
DNS1=8.8.8.8
DNS2=4.4.4.4
HWADDR=10:51:72:37:76:04
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes虚拟机
配置网络
libvirt 默认会启用virbr0来作为虚拟机的网桥并启动DHCPD;删除该网桥,使用ovs bridge来替代:
virsh net-destroy defaultvi /etc/libvirt/qemu/CentOS7.xml
或者通过virt-manager来配置
配置VXLAN
在ovsbr0中添加接口vxlan0
node0上的配置:注意remote_ip node1的ip:192.168.3.5。
ovs-vsctl add-port ovsbr0 vxlan0 -- set interface vxlan0 type=vxlan options:remote_ip=192.168.3.5启动两个虚拟机后的配置:
[root@node0 samba]# ovs-vsctl show
b15949b6-9d9f-4b14-9fd9-277d2b203376
Bridge "ovsbr0"
Port "mgmt0"
Interface "mgmt0"
type: internal
Port "vnet0"
Interface "vnet0"
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {remote_ip="192.168.3.5"}
Port "ovsbr0"
Interface "ovsbr0"
type: internal
Port "vnet1"
Interface "vnet1"
ovs_version: "2.3.0"
[root@node0 ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0f0: mtu 1500 qdisc mq state UP qlen 1000
link/ether 10:51:72:37:76:04 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.4/23 brd 192.168.3.255 scope global enp2s0f0
valid_lft forever preferred_lft forever
inet6 fe80::1251:72ff:fe37:7604/64 scope link
valid_lft forever preferred_lft forever
8: ovs-system: mtu 1500 qdisc noop state DOWN
link/ether 02:32:3a:73:15:08 brd ff:ff:ff:ff:ff:ff
//删掉了不相干部分
48: ovsbr0: mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:45:84:ec:7c:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc45:84ff:feec:7c43/64 scope link
valid_lft forever preferred_lft forever
49: mgmt0: mtu 1500 qdisc noqueue state UNKNOWN
link/ether d6:c5:ed:c4:aa:45 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/23 brd 10.0.1.255 scope global mgmt0
valid_lft forever preferred_lft forever
inet6 fe80::d4c5:edff:fec4:aa45/64 scope link
valid_lft forever preferred_lft forever
51: vnet1: mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN qlen 500
link/ether fe:54:00:13:04:d8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe13:4d8/64 scope link
valid_lft forever preferred_lft forever
52: vnet0: mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN qlen 500
link/ether fe:54:00:18:16:99 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe18:1699/64 scope link
valid_lft forever preferred_lft forever测试
以上配置,只列出了node0的操作过程;node1作同样配置,ip不同而已。
node0内部vm间通信
vm1 ping vm2:
[root@node0_0 ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:18:16:99 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe18:1699/64 scope link
valid_lft forever preferred_lft forever
[root@node0_0 ~]# ping 10.0.0.4
PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=0.545 ms
64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=0.235 ms
64 bytes from 10.0.0.4: icmp_seq=3 ttl=64 time=0.223 ms
^C
--- 10.0.0.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.223/0.334/0.545/0.149 mswireshark抓包,物理网卡上没有对应的流量,vnet0上的包是普通的ICMP包
node0 vm和node1 vm通信
vm1 ping vm3:
[root@node0_0 ~]# ping 10.0.0.34
PING 10.0.0.34 (10.0.0.34) 56(84) bytes of data.
64 bytes from 10.0.0.34: icmp_seq=1 ttl=64 time=1.62 ms
64 bytes from 10.0.0.34: icmp_seq=2 ttl=64 time=0.383 ms
^C
--- 10.0.0.34 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.383/1.003/1.623/0.620 msvnet0上抓到的报文:普通ICMP包
物理网卡上抓到的报文:vxlan封装的ICMP包 frame 18
vxlan格式
vxlan报文解码
用新版本wireshark(1.12.2)查看 frame 18
node0 vm和node1 ovsbr0管理口通信
[root@node0_0 ~]# ping 10.0.0.32
PING 10.0.0.32 (10.0.0.32) 56(84) bytes of data.
64 bytes from 10.0.0.32: icmp_seq=1 ttl=64 time=1.68 ms
64 bytes from 10.0.0.32: icmp_seq=2 ttl=64 time=0.422 ms
64 bytes from 10.0.0.32: icmp_seq=3 ttl=64 time=0.288 ms
^C
--- 10.0.0.32 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.288/0.796/1.680/0.627 ms参考:
https://n40lab.wordpress.com/2014/09/04/openvswitch-2-3-0-lts-and-centos-7/
http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/
http://www.astroarch.com/2014/06/rhev-upgrade-saga-installing-open-vswitch-on-rhel-7/
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2019-1-26 14:49:10
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡