神刀安全网

RDO Mitaka && several external networks VLAN provider setup

Post bellow is addressing the question when Controller/Network RDO Mitaka Node has to have external networks of VLAN type with predefined vlan tags. Straight forward packstack deployment doesn’t  allow to achieve desired network configuration. External network provider of vlan type appears to be required. In particular case, office networks 10.10.10.0/24 vlan tagged (157) ,10.10.50.0/24 vlan tagged (172) already exists when RDO install is running. If demo_provision was "y" , then delete router1 and created external network of VXLAN type

First

***********************************************************

Update /etc/neutron/plugins/ml2/ml2_conf.ini

***********************************************************

[root@ip-192-169-142-52 ml2(keystone_demo)]# cat ml2_conf.ini

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vlan,vxlan

mechanism_drivers =openvswitch

path_mtu = 0

[ml2_type_flat]

[ml2_type_vlan]

network_vlan_ranges = vlan157:157:157,vlan172:172:172

[ml2_type_gre]

[ml2_type_vxlan]

vni_ranges =10:100

vxlan_group =224.0.0.1

[ml2_type_geneve]

[securitygroup]

enable_security_group = True

**************

Then

**************

# openstack-service restart neutron

***************************************************

Invoke external network provider

***************************************************

[root@ip-192-169-142-52 ~(keystone_admin]#neutron net-create vlan157 –shared –provider:network_type vlan –provider:segmentation_id 157 –provider:physical_network vlan157 –router:external

[root@ip-192-169-142-52 ~(keystone_admin]# neutron subnet-create –name sub-vlan157 –gateway 10.10.10.1  –allocation-pool start=10.10.10.100,end=10.10.10.200 vlan157 10.10.10.0/24

***********************************************

Create second external network

***********************************************

[root@ip-192-169-142-52 ~(keystone_admin]# neutron net-create vlan172 --shared --provider:network_type vlan --provider:segmentation_id 172 --provider:physical_network vlan172  --router:external

[root@ip-192-169-142-52 ~(keystone_admin]# neutron subnet-create --name sub-vlan172 --gateway 10.10.50.1 --allocation-pool start=10.10.50.100,end=10.10.50.200 vlan172 10.10.50.0/24


***********************************************************
No need to update sub-net ( vs [ 1 ]). No switch to "enable_isolataed_metadata=True"
Neutron L3 agent configuration results attaching qg- interfaces to br-int
***********************************************************

[root@ServerCentOS72 ~(keystone_admin)]# neutron net-show vlan157

+—————————+————————————–+

| Field                     | Value                                |

+—————————+————————————–+

| admin_state_up            | True                                 |

| availability_zone_hints   |                                      |

| availability_zones        | nova                                 |

| created_at                | 2016-05-05T11:04:57                  |

| description               |                                      |

| id                        | 98116982-6553-4b7e-920c-0284a7200916 |

| ipv4_address_scope        |                                      |

| ipv6_address_scope        |                                      |

| is_default                | False                                |

| mtu                       | 1500                                 |

| name                      | vlan157                              |

| provider:network_type     | vlan                                 |

| provider:physical_network | vlan157                              |

| provider:segmentation_id  | 157                                  |

| router:external           | True                                 |

| shared                    | True                                 |

| status                    | ACTIVE                               |

| subnets                   | d50fddd2-46e7-4c67-8ab5-97e952bc11c9 |

| tags                      |                                      |

| tenant_id                 | 5d0e67d2fe7a403180fe77232b0cdcd5     |

| updated_at                | 2016-05-05T11:04:57                  |

+—————————+————————————–+

[root@ServerCentOS72 ~(keystone_admin)]# neutron subnet-show sub-vlan157

+——————-+————————————————–+

| Field             | Value                                            |

+——————-+————————————————–+

| allocation_pools  | {"start": "10.10.10.100", "end": "10.10.10.200"} |

| cidr              | 10.10.10.0/24                                    |

| created_at        | 2016-05-05T11:05:27                              |

| description       |                                                  |

| dns_nameservers   |                                                  |

| enable_dhcp       | True                                             |

| gateway_ip        | 10.10.10.1                                       |

| host_routes       |                                                  |

| id                | d50fddd2-46e7-4c67-8ab5-97e952bc11c9             |

| ip_version        | 4                                                |

| ipv6_address_mode |                                                  |

| ipv6_ra_mode      |                                                  |

| name              | sub-vlan157                                      |

| network_id        | 98116982-6553-4b7e-920c-0284a7200916             |

| subnetpool_id     |                                                  |

| tenant_id         | 5d0e67d2fe7a403180fe77232b0cdcd5                 |

| updated_at        | 2016-05-05T11:05:27                              |

+——————-+————————————————–+

[root@ServerCentOS72 ~(keystone_admin)]# neutron net-show vlan172

+—————————+————————————–+

| Field                     | Value                                |

+—————————+————————————–+

| admin_state_up            | True                                 |

| availability_zone_hints   |                                      |

| availability_zones        | nova                                 |

| created_at                | 2016-05-05T11:05:46                  |

| description               |                                      |

| id                        | 6fc89f42-cb85-4cdb-be5f-4d1768b05e14 |

| ipv4_address_scope        |                                      |

| ipv6_address_scope        |                                      |

| is_default                | False                                |

| mtu                       | 1500                                 |

| name                      | vlan172                              |

| provider:network_type     | vlan                                 |

| provider:physical_network | vlan172                              |

| provider:segmentation_id  | 172                                  |

| router:external           | True                                 |

| shared                    | True                                 |

| status                    | ACTIVE                               |

| subnets                   | 2d4f907b-1f80-451a-a663-b87bbd683d58 |

| tags                      |                                      |

| tenant_id                 | 5d0e67d2fe7a403180fe77232b0cdcd5     |

| updated_at                | 2016-05-05T11:05:46                  |

+—————————+————————————–+

[root@ServerCentOS72 ~(keystone_admin)]# neutron subnet-show sub-vlan172

+——————-+————————————————–+

| Field             | Value                                            |

+——————-+————————————————–+

| allocation_pools  | {"start": "10.10.50.100", "end": "10.10.50.200"} |

| cidr              | 10.10.50.0/24                                    |

| created_at        | 2016-05-05T11:10:18                              |

| description       |                                                  |

| dns_nameservers   |                                                  |

| enable_dhcp       | True                                             |

| gateway_ip        | 10.10.50.1                                       |

| host_routes       |                                                  |

| id                | 2d4f907b-1f80-451a-a663-b87bbd683d58             |

| ip_version        | 4                                                |

| ipv6_address_mode |                                                  |

| ipv6_ra_mode      |                                                  |

| name              | sub-vlan172                                      |

| network_id        | 6fc89f42-cb85-4cdb-be5f-4d1768b05e14             |

| subnetpool_id     |                                                  |

| tenant_id         | 5d0e67d2fe7a403180fe77232b0cdcd5                 |

| updated_at        | 2016-05-05T11:10:18                              |

+——————-+————————————————–+

Enable EPEL 7 to install vconfig ( or use ip CLI )

**************

Next Step

**************

# modprobe 8021q

# ovs-vsctl add-br br-vlan

# ovs-vsctl add-port br-vlan eth2

# vconfig add br-vlan 157

# ovs-vsctl add-br br-vlan2

# ovs-vsctl add-port br-vlan2 eth3

# vconfig add br-vlan2 172

****************************************************

Update Neutron OVS configuration files

****************************************************

Start with the following comment in l3_agent.ini :

# When external_network_bridge is set, each L3 agent can be associated # with no more than one external network. This value should be set to the UUID # of that external network. To allow L3 agent support multiple external # networks, both the external_network_bridge and gateway_external_network_id # must be left empty. 

******************************

Update l3_agent.ini file

******************************

external_network_bridge =

gateway_external_network_id =

**********************************************

/etc/neutron/plugins/ml2/openvswitch_agent.ini

**********************************************

bridge_mappings = vlan157:br-vlan,vlan172:br-vlan2

*************************************

Update Neutron Configuration

*************************************

# openstack-service restart neutron

*******************************************

Set up config persistent between reboots

*******************************************

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-eth2

DEVICE="eth2"

ONBOOT=yes

OVS_BRIDGE=br-vlan

TYPE=OVSPort

DEVICETYPE="ovs"

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-eth3

DEVICE="eth3"

ONBOOT=yes

OVS_BRIDGE=br-vlan2

TYPE=OVSPort

DEVICETYPE="ovs"

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-br-vlan

DEVICE=br-vlan

BOOTPROTO=none

ONBOOT=yes

TYPE=OVSBridge

DEVICETYPE="ovs"

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-br-vlan2

DEVICE=br-vlan2

BOOTPROTO=none

ONBOOT=yes

TYPE=OVSBridge

DEVICETYPE="ovs"

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-br-vlan.157

BOOTPROTO="none"

DEVICE="br-vlan.157"

ONBOOT="yes"

IPADDR="10.10.10.150"

PREFIX="24"

GATEWAY="10.10.10.1"

DNS1="83.221.202.254"

VLAN=yes

NOZEROCONF=yes

USERCTL=no

[root@ServerCentOS72 network-scripts(keystone_admin)]# cat ifcfg-br-vlan2.172

BOOTPROTO="none"

DEVICE="br-vlan2.172"

ONBOOT="yes"

IPADDR="10.10.50.150"

PREFIX="24"

GATEWAY="10.10.50.1"

DNS1="83.221.202.254"

VLAN=yes

NOZEROCONF=yes

***************************

Then run script

***************************

#!/bin/bash -x

chkconfig network on

systemctl stop NetworkManager

systemctl disable NetworkManager

service network restart

# openstack-service restart neutron

[root@ServerCentOS72 ~(keystone_admin)]# ip -details link show dev br-vlan.157

14: br-vlan.157@br-vlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

link/ether 4e:ad:40:2f:1c:46 brd ff:ff:ff:ff:ff:ff promiscuity 0

vlan protocol 802.1Q id 157 <REORDER_HDR> addrgenmode eui64 

[root@ServerCentOS72 ~(keystone_admin)]# ip -details link show dev br-vlan2.172

13: br-vlan2.172@br-vlan2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

link/ether 7a:4a:8a:26:8a:40 brd ff:ff:ff:ff:ff:ff promiscuity 0

vlan protocol 802.1Q id 172 <REORDER_HDR> addrgenmode eui64

**************************************************

Routing table on Controller/Network node

**************************************************

[root@ServerCentOS72 network-scripts(keystone_admin)]# ip route

default via 10.10.10.1 dev eth1

10.10.10.0/24 dev eth1  proto kernel  scope link  src 10.10.10.92

10.10.10.0/24 dev br-vlan.157  proto kernel  scope link  src 10.10.10.150

10.10.50.0/24 dev br-vlan2.172  proto kernel  scope link  src 10.10.50.150

169.254.0.0/16 dev eth0  scope link  metric 1002

169.254.0.0/16 dev eth1  scope link  metric 1003

169.254.0.0/16 dev eth2  scope link  metric 1004

169.254.0.0/16 dev eth3  scope link  metric 1005

169.254.0.0/16 dev eth4  scope link  metric 1006

169.254.0.0/16 dev br-eth4  scope link  metric 1008

169.254.0.0/16 dev br-vlan2  scope link  metric 1011

169.254.0.0/16 dev br-vlan  scope link  metric 1012

192.169.142.0/24 dev eth0  proto kernel  scope link  src 192.169.142.57

**********************************************************

ovs-vsctl show on Controller/Network node

**********************************************************

[root@ServerCentOS72 ~(keystone_admin)]# ovs-vsctl show

d273de3b-be9b-4f8a-b265-dfc2a1e1aa5c

Bridge "br-vlan2"

Port "br-vlan2"

Interface "br-vlan2"

type: internal

Port "eth3"

Interface "eth3"

Port "phy-br-vlan2"

Interface "phy-br-vlan2"

type: patch

options: {peer="int-br-vlan2"}

Bridge br-vlan

Port phy-br-vlan

Interface phy-br-vlan

type: patch

options: {peer=int-br-vlan}

Port "eth2"

Interface "eth2"

Port br-vlan

Interface br-vlan

Bridge br-tun

fail_mode: secure

Port patch-int

Interface patch-int

type: patch

options: {peer=patch-tun}

Port br-tun

Interface br-tun

type: internal

Bridge "br-eth4"

Port "br-eth4"

Interface "br-eth4"

type: internal

Port "phy-br-eth4"

Interface "phy-br-eth4"

type: patch

options: {peer="int-br-eth4"}

Port "eth4"

Interface "eth4"

Bridge br-int

fail_mode: secure

Port "qg-7ff02c0d-aa"

tag: 5

Interface "qg-7ff02c0d-aa"

type: internal

Port "qr-54430e96-48"

tag: 3

Interface "qr-54430e96-48"

type: internal

Port "tapeb342602-42"

tag: 1

Interface "tapeb342602-42"

type: internal

Port "qr-2bcd88cf-ac"

tag: 6

Interface "qr-2bcd88cf-ac"

type: internal

Port "tap50a2aa96-9f"

tag: 2

Interface "tap50a2aa96-9f"

type: internal

Port "int-br-vlan2"

Interface "int-br-vlan2"

type: patch

options: {peer="phy-br-vlan2"}

Port "qg-697e586e-45"

tag: 1

Interface "qg-697e586e-45"

type: internal

Port "qr-8387a013-2c"

tag: 4

Interface "qr-8387a013-2c"

type: internal

Port patch-tun

Interface patch-tun

type: patch

options: {peer=patch-int}

Port "tap8b152301-98"

tag: 3

Interface "tap8b152301-98"

type: internal

Port "tapd683a55d-cf"

tag: 4

Interface "tapd683a55d-cf"

type: internal

Port "tap3a7ff50f-dc"

tag: 6

Interface "tap3a7ff50f-dc"

type: internal

Port int-br-vlan

Interface int-br-vlan

type: patch

options: {peer=phy-br-vlan}

Port br-int

Interface br-int

type: internal

Port "qg-7165a6ec-ea"

tag: 2

Interface "qg-7165a6ec-ea"

type: internal

Port "int-br-eth4"

Interface "int-br-eth4"

type: patch

options: {peer="phy-br-eth4"}

ovs_version: "2.4.0"

**********************************************************************************

Now create another VM supposed to work as "remote" client with network configuration

**********************************************************************************

[root@ip-192-169-142-25 ~]# ifconfig

eth0: flags=4163

mtu 1500

inet 192.169.142.25  netmask 255.255.255.0  broadcast 192.169.142.255

inet6 fe80::5054:ff:fe53:8d61  prefixlen 64  scopeid 0x20

ether 52:54:00:53:8d:61  txqueuelen 1000  (Ethernet)

RX packets 2306  bytes 121390 (118.5 KiB)

RX errors 0  dropped 0  overruns 0  frame 0

TX packets 22  bytes 3667 (3.5 KiB)

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ip-192-169-142-25 ~]# ip -details link show dev eth1.157

5: eth1.157@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

link/ether 52:54:00:51:c7:7b brd ff:ff:ff:ff:ff:ff promiscuity 0

vlan protocol 802.1Q id 157 <REORDER_HDR> addrgenmode eui64 

[root@ip-192-169-142-25 ~]# ip -details link show dev eth2.172

6: eth2.172@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT

link/ether 52:54:00:26:0a:b7 brd ff:ff:ff:ff:ff:ff promiscuity 0

vlan protocol 802.1Q id 172 <REORDER_HDR> addrgenmode eui64

***********************************************************************************

Verification VLAN connectivity from another VM having eth1.157 && eth2.172

***********************************************************************************

RDO Mitaka &amp;&amp; several external networks VLAN provider setup

Connection via ssh from different VM (Host) via vlan172 external network

to VF23Devs01

RDO Mitaka &amp;&amp; several external networks VLAN provider setup

Status on Controller/Network Node

# ip -details link show dev br-vlan.157

# ip -details link show dev br-vlan.172

has been run against vlan enabled OVS bridges providing connections

to external vlan tagged networks vlan157 && vlan172

RDO Mitaka &amp;&amp; several external networks VLAN provider setup

Connection via ssh from different VM (Host) via vlan157 external network  to VF23Devs03

RDO Mitaka &amp;&amp; several external networks VLAN provider setup

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » RDO Mitaka && several external networks VLAN provider setup

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址