Openstack Neutron网络配置

相关配置

物理部署方案


启用dhcp/l3的高可用

1
2
3
4
5
# cat neutron.conf
[DEFAULT]
dhcp_agents_per_network = 2
l3_ha = true
max_l3_agents_per_router = 3

linuxbridge + vxlan配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# cat ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_vlan]
network_vlan_ranges =

[ml2_type_flat]
flat_networks = physnet1

[ml2_type_vxlan]
vni_ranges = 1:1000
vxlan_group = 239.1.1.1

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[linux_bridge]
physical_interface_mappings = physnet1:enp4s0f1

[vxlan]
l2_population = true
local_ip = 10.200.111.11

创建内部网络 net_vxlan100

1
2
3
4
5
[root@control01 ~]# openstack network create --share --provider-network-type vxlan --provider-segment 100 net_vxlan100
[root@control01 ~]# openstack subnet create --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 --network net_vxlan100 --allocation-pool start=192.168.100.2,end=192.168.100.254 subnet_192_168_100_0

[root@control01 ~]# grep dhcp_agents_per_network /etc/kolla/neutron-server/neutron.conf
dhcp_agents_per_network = 2

由于激活了DHCP,且启用了”neutron_agent_ha”,可见在control01和control02上生成了brqb7073ac3-ec的桥接网卡,并分别通过tap83764a32-90和tap7e419bb7-05(dhcp agent)vxlan-100(enp4s0f0)进行桥接




创建内部网络 net_vxlan200

同理,创建网络 net_vxlan200,用于与net_vxlan100隔离

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@control01 ~]# openstack network create --share --provider-network-type vxlan --provider-segment 200 net_vxlan200
[root@control01 ~]# openstack subnet create --subnet-range 192.168.200.0/24 --gateway 192.168.200.1 --network net_vxlan200 --allocation-pool start=192.168.200.2,end=192.168.200.254 subnet_192_168_200_0
[root@control01 ~]# openstack subnet list
+--------------------------------------+----------------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+----------------------+--------------------------------------+------------------+
| 51464a16-c8f8-47b5-988e-878d8adf69d6 | subnet_192_168_100_0 | b7073ac3-ec81-4a00-99e9-af26655329ad | 192.168.100.0/24 |
| 58c254ce-d3c1-438b-827e-cde399eb6496 | subnet_192_168_200_0 | 8b9e795e-3629-474e-97e4-4aad10292b32 | 192.168.200.0/24 |
+--------------------------------------+----------------------+--------------------------------------+------------------+
[root@control01 ~]# openstack port list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 7e419bb7-051a-49f5-80ba-fa1fd086d715 | | fa:16:3e:38:eb:aa | ip_address='192.168.100.2', subnet_id='51464a16-c8f8-47b5-988e-878d8adf69d6' | ACTIVE |
| 80876a52-b023-46b9-9964-7c69c2d88295 | | fa:16:3e:10:e1:11 | ip_address='192.168.200.3', subnet_id='58c254ce-d3c1-438b-827e-cde399eb6496' | ACTIVE |
| 83764a32-906d-4dfb-9c4a-1590488a84a7 | | fa:16:3e:33:81:f8 | ip_address='192.168.100.3', subnet_id='51464a16-c8f8-47b5-988e-878d8adf69d6' | ACTIVE |
| eaf0544b-dcf0-4fb6-aa37-88c9fead85cb | | fa:16:3e:fc:c1:58 | ip_address='192.168.200.2', subnet_id='58c254ce-d3c1-438b-827e-cde399eb6496' | ACTIVE |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+

创建路由

  • 创建路由:router_100_200

    由于启用了”neutron_agent_ha”,可见在创建路由之后自动生成一个名词为HA subnet tenant <router_project_id>。且同时在3个网络节点上为该路由创建了一个namespace。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@control01 ~]# openstack router create router_100_200
[root@control01 ~]# openstack subnet list
+--------------------------------------+---------------------------------------------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+---------------------------------------------------+--------------------------------------+------------------+
| 51464a16-c8f8-47b5-988e-878d8adf69d6 | subnet_192_168_100_0 | b7073ac3-ec81-4a00-99e9-af26655329ad | 192.168.100.0/24 |
| 58c254ce-d3c1-438b-827e-cde399eb6496 | subnet_192_168_200_0 | 8b9e795e-3629-474e-97e4-4aad10292b32 | 192.168.200.0/24 |
| ed6d4dc8-9102-47e8-bd54-31688694c309 | HA subnet tenant af57ea37dca14356bc619258f44f966d | 7e8c7107-0aab-4581-a05b-0b0d6b496ba4 | 169.254.192.0/18 |
+--------------------------------------+---------------------------------------------------+--------------------------------------+------------------+
[root@control01 ~]# ip netns|grep qrouter
qrouter-e6097133-2e19-4799-aea6-1309af072e43 (id: 2)
[root@control02 ~]# ip netns|grep qrouter
qrouter-e6097133-2e19-4799-aea6-1309af072e43 (id: 1)
[root@control03 ~]# ip netns|grep qrouter
qrouter-e6097133-2e19-4799-aea6-1309af072e43 (id: 1)

  • 连接vxlan100和vxlan200

连接vxlan100和vxlan200后,将创建相应的接口作为网关,并绑定到其中一个节点的qrouter命名空间中,通过veth pair与tap相连。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[root@control01 ~]# openstack router add subnet router_100_200 51464a16-c8f8-47b5-988e-878d8adf69d6
[root@control01 ~]# openstack router add subnet router_100_200 58c254ce-d3c1-438b-827e-cde399eb6496
[root@control01 ~]# openstack port list
+--------------------------------------+-------------------------------------------------+-------------------+------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+-------------------------------------------------+-------------------+------------------------------------------------------------------------------+--------+
| 25b37e36-8947-4483-8098-3b9600e0052a | | fa:16:3e:c7:55:7c | ip_address='192.168.200.1', subnet_id='58c254ce-d3c1-438b-827e-cde399eb6496' | ACTIVE |
| 2e107d17-77a1-4973-aa77-982fc4520070 | HA port tenant af57ea37dca14356bc619258f44f966d | fa:16:3e:80:2b:9d | ip_address='169.254.192.7', subnet_id='3c595f26-3384-4ab3-880d-ae3e2a9ff78f' | ACTIVE |
| 4b95d8d0-87e8-4c3a-b78d-10c7b65c5200 | | fa:16:3e:c4:e2:d1 | ip_address='192.168.100.1', subnet_id='51464a16-c8f8-47b5-988e-878d8adf69d6' | ACTIVE |
| 5d568c92-178c-4f1b-a553-edea6cd5d61d | HA port tenant af57ea37dca14356bc619258f44f966d | fa:16:3e:a1:91:06 | ip_address='169.254.192.2', subnet_id='3c595f26-3384-4ab3-880d-ae3e2a9ff78f' | ACTIVE |
| 7e419bb7-051a-49f5-80ba-fa1fd086d715 | | fa:16:3e:38:eb:aa | ip_address='192.168.100.2', subnet_id='51464a16-c8f8-47b5-988e-878d8adf69d6' | ACTIVE |
| 80876a52-b023-46b9-9964-7c69c2d88295 | | fa:16:3e:10:e1:11 | ip_address='192.168.200.3', subnet_id='58c254ce-d3c1-438b-827e-cde399eb6496' | ACTIVE |
| 83764a32-906d-4dfb-9c4a-1590488a84a7 | | fa:16:3e:33:81:f8 | ip_address='192.168.100.3', subnet_id='51464a16-c8f8-47b5-988e-878d8adf69d6' | ACTIVE |
| eaf0544b-dcf0-4fb6-aa37-88c9fead85cb | | fa:16:3e:fc:c1:58 | ip_address='192.168.200.2', subnet_id='58c254ce-d3c1-438b-827e-cde399eb6496' | ACTIVE |
| fbe2cea1-540d-4b85-8f54-94158ee2d0ba | HA port tenant af57ea37dca14356bc619258f44f966d | fa:16:3e:5f:52:30 | ip_address='169.254.192.9', subnet_id='3c595f26-3384-4ab3-880d-ae3e2a9ff78f' | ACTIVE |
+--------------------------------------+-------------------------------------------------+-------------------+------------------------------------------------------------------------------+--------+
[root@control03 ~]# ip netns exec qrouter-e6097133-2e19-4799-aea6-1309af072e43 ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ha-fbe2cea1-54@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:5f:52:30 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.192.9/18 brd 169.254.255.255 scope global ha-fbe2cea1-54
valid_lft forever preferred_lft forever
inet 169.254.0.1/24 scope global ha-fbe2cea1-54
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe5f:5230/64 scope link
valid_lft forever preferred_lft forever
3: qr-4b95d8d0-87@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:c4:e2:d1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.100.1/24 scope global qr-4b95d8d0-87
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fec4:e2d1/64 scope link
valid_lft forever preferred_lft forever
4: qr-25b37e36-89@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether fa:16:3e:c7:55:7c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.200.1/24 scope global qr-25b37e36-89
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fec7:557c/64 scope link
valid_lft forever preferred_lft forever

创建外部网络

1
2
[root@control01 ~]# openstack network create --share --provider-network-type flat --provider-physical-network physnet1 --external net_external
[root@control01 ~]# openstack subnet create --subnet-range 10.200.112.0/24 --gateway 10.200.112.254 --network net_external --allocation-pool start=10.200.112.20,end=10.200.112.250 --dns-nameserver 10.100.1.10 --no-dhcp subnet_10_200_112_0
  • 为路由”router_100_200”设置网关

    需要为内部网络设置网关才可绑定浮动IP

1
[root@control01 ~]# openstack router set --external-gateway net_external router_100_200

坚持原创技术分享,您的支持将鼓励我继续创作!
0%