神刀安全网

External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN – Configured

Following bellow is set of directives allowing to switch Openstack RDO Mitaka to using flat (vlan) external network provider,what allows to work with several external networks via single L3 router. Conversion supposed to be done doesn’t depend in any way of how tenants are segregated either VLAN tagged networks or VXLAN (GRE) tunneling.

To switch to external network provider plug into Controller 2 NICs (eth2 and eth3) belong to external2 , external3 networks correspondently. Than proceed

with creating required OVS bridges and ports, followed by service network restart and updating l3_agent.ini, ml2_conf.ini, openvswitchagent.ini on Controller Node followed by `openstack-service restart neutron`

**********************************************************************************

Creating OVS bridges and OVS ports to support 2 external flat networks

(2,3) and VLAN tagged network to Compute Node (1)

*********************************************************************************

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-br-eth1

ONBOOT=yes

NM_CONTROLLED=no

DEVICE=br-eth1

DEVICETYPE=ovs

OVSBOOTPROTO=none

TYPE=OVSBridge

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-br-eth2

ONBOOT=yes

NM_CONTROLLED=no

DEVICE=br-eth2

DEVICETYPE=ovs

OVSBOOTPROTO=none

TYPE=OVSBridge

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-br-eth3

ONBOOT=yes

NM_CONTROLLED=no

DEVICE=br-eth3

DEVICETYPE=ovs

OVSBOOTPROTO=none

TYPE=OVSBridge

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-eth1

DEVICE=eth1

NAME=eth1

DEVICETYPE=ovs

TYPE=OVSPort

OVS_BRIDGE=br-eth1

ONBOOT=yes

BOOTPROTO=none

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-eth2

DEVICE=eth2

NAME=eth2

DEVICETYPE=ovs

TYPE=OVSPort

OVS_BRIDGE=br-eth2

ONBOOT=yes

BOOTPROTO=none

[root@ServerCentOS01 network-scripts(keystone_admin)]# cat ifcfg-eth3

DEVICE=eth3

NAME=eth3

DEVICETYPE=ovs

TYPE=OVSPort

OVS_BRIDGE=br-eth3

ONBOOT=yes

BOOTPROTO=none

Now run :-

# service network restart

****************************************************

Update Neutron OVS configuration files

****************************************************

Start with the following comment in l3_agent.ini :

# When external_network_bridge is set, each L3 agent can be associated # with no more than one external network. This value should be set to the UUID # of that external network. To allow L3 agent support multiple external # networks, both the external_network_bridge and gateway_external_network_id # must be left empty. 

[root@ServerCentOS01 neutron(keystone_admin)]# cat l3_agent.ini

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

agent_mode = legacy

external_network_bridge =

debug = False

[AGENT]

[root@ServerCentOS01 ml2(keystone_admin)]# cat ml2_conf.ini

[DEFAULT]

[ml2]

type_drivers = vlan,flat

tenant_network_types = vlan

mechanism_drivers =openvswitch

path_mtu = 0

[ml2_type_flat]

flat_networks = *

[ml2_type_geneve]

[ml2_type_gre]

[ml2_type_vlan]

network_vlan_ranges =physnet1:100:200,physnet2,physnet3

[ml2_type_vxlan]

[securitygroup]

enable_security_group = True

[root@ServerCentOS01 ml2(keystone_admin)]# cat openvswitch_agent.ini

[DEFAULT]

[agent]

l2_population = False

drop_flows_on_start = False

[ovs]

integration_bridge = br-int

bridge_mappings =physnet1:br-eth1,physnet2:br-eth2,physnet3:br-eth3

enable_tunneling=False

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

****************************************************

Restart Neutron services on Controller

****************************************************

# openstack-service restart neutron

****************************************************

Verification OVS configuration on Controller

*****************************************************

[root@ServerCentOS01 ml2(keystone_admin)]# ovs-vsctl show

8115e0cb-0fa7-4239-a65a-2bd57a6fbbc7

Bridge "br-eth3"                          ===============> to external3

Port "eth3"

Interface "eth3"

Port "br-eth3"

Interface "br-eth3"

type: internal

Port "phy-br-eth3"

Interface "phy-br-eth3"

type: patch

options: {peer="int-br-eth3"}

Bridge "br-eth2"                          ===============> to external2

Port "eth2"

Interface "eth2"

Port "br-eth2"

Interface "br-eth2"

type: internal

Port "phy-br-eth2"

Interface "phy-br-eth2"

type: patch

options: {peer="int-br-eth2"}

Bridge "br-eth1"                         ===> VM/Data VLAN tagged to Compute

Port "br-eth1"

Interface "br-eth1"

type: internal

Port "phy-br-eth1"

Interface "phy-br-eth1"

type: patch

options: {peer="int-br-eth1"}

Port "eth1"

Interface "eth1"

Bridge br-ex

Port "eth0"

Interface "eth0"

Port br-ex

Interface br-ex

type: internal

Bridge br-int

fail_mode: secure

Port "qr-fa3ffad8-ad"

tag: 3

Interface "qr-fa3ffad8-ad"

type: internal

Port "qr-ae3b969f-40"

tag: 2

Interface "qr-ae3b969f-40"

type: internal

Port "qr-eb286124-0c"

tag: 1

Interface "qr-eb286124-0c"

type: internal

Port "qg-8f0df92f-de"

tag: 5

Interface "qg-8f0df92f-de"

type: internal

Port "tap931c3c44-5a"

tag: 3

Interface "tap931c3c44-5a"

type: internal

Port "int-br-eth2"

Interface "int-br-eth2"

type: patch

Port "tapd850dca6-58"

tag: 1

Interface "tapd850dca6-58"

type: internal

Port "int-br-eth3"

Interface "int-br-eth3"

type: patch

Port "tap2901cdcb-0b"

tag: 2

Interface "tap2901cdcb-0b"

type: internal

Port br-int

Interface br-int

type: internal

Port "qg-ae424f05-3b"

tag: 4

Interface "qg-ae424f05-3b"

type: internal

Port "int-br-eth1"

Interface "int-br-eth1"

type: patch

ovs_version: "2.4.0"

External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN - Configured

*****************************

Controller restart

*****************************

[root@ServerCentOS01 ~(keystone_admin)]# neutron net-create external2 –router:external  –provider:network_type=flat  –provider:physical_network=physnet2

Created a new network:

+—————————+————————————–+

| Field                     | Value                                |

+—————————+————————————–+

| admin_state_up            | True                                 |

| availability_zone_hints   |                                      |

| availability_zones        |                                      |

| created_at                | 2016-03-25T09:20:11                  |

| description               |                                      |

| id                        | e1ff73a0-bec8-4e6b-82fe-b7cd0e7b914c |

| ipv4_address_scope        |                                      |

| ipv6_address_scope        |                                      |

| is_default                | False                                |

| mtu                       | 1500                                 |

| name                      | external2                            |

| provider:network_type     | flat                                 |

| provider:physical_network | physnet2                             |

| provider:segmentation_id  |                                      |

| router:external           | True                                 |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tags                      |                                      |

| tenant_id                 | 9a43b79d7ba946d183e87807a6607570     |

| updated_at                | 2016-03-25T09:20:11                  |

+—————————+————————————–+

[root@ServerCentOS01 ~(keystone_admin)]# neutron net-create external3 –router:external  –provider:network_type=flat   –provider:physical_network=physnet3

Created a new network:

+—————————+————————————–+

| Field                     | Value                                |

+—————————+————————————–+

| admin_state_up            | True                                 |

| availability_zone_hints   |                                      |

| availability_zones        |                                      |

| created_at                | 2016-03-25T09:20:35                  |

| description               |                                      |

| id                        | db5b5700-6c8f-443d-ad38-2b330e37f44a |

| ipv4_address_scope        |                                      |

| ipv6_address_scope        |                                      |

| is_default                | False                                |

| mtu                       | 1500                                 |

| name                      | external3                            |

| provider:network_type     | flat                                 |

| provider:physical_network | physnet3                             |

| provider:segmentation_id  |                                      |

| router:external           | True                                 |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tags                      |                                      |

| tenant_id                 | 9a43b79d7ba946d183e87807a6607570     |

| updated_at                | 2016-03-25T09:20:35                  |

+—————————+————————————–+

[root@ServerCentOS01 ~(keystone_admin)]# neutron subnet-create –disable-dhcp external2 10.3.0.0/24

Created a new subnet:

+——————-+——————————————–+

| Field             | Value                                      |

+——————-+——————————————–+

| allocation_pools  | {"start": "10.3.0.2", "end": "10.3.0.254"} |

| cidr              | 10.3.0.0/24                                |

| created_at        | 2016-03-25T09:21:15                        |

| description       |                                            |

| dns_nameservers   |                                            |

| enable_dhcp       | False                                      |

| gateway_ip        | 10.3.0.1                                   |

| host_routes       |                                            |

| id                | 4d653a31-435b-4516-bf1a-2ffb6689d803       |

| ip_version        | 4                                          |

| ipv6_address_mode |                                            |

| ipv6_ra_mode      |                                            |

| name              |                                            |

| network_id        | e1ff73a0-bec8-4e6b-82fe-b7cd0e7b914c       |

| subnetpool_id     |                                            |

| tenant_id         | 9a43b79d7ba946d183e87807a6607570           |

| updated_at        | 2016-03-25T09:21:15                        |

+——————-+——————————————–+

[root@ServerCentOS01 ~(keystone_admin)]# neutron subnet-create –disable-dhcp external3 10.4.0.0/24

Created a new subnet:

+——————-+——————————————–+

| Field             | Value                                      |

+——————-+——————————————–+

| allocation_pools  | {"start": "10.4.0.2", "end": "10.4.0.254"} |

| cidr              | 10.4.0.0/24                                |

| created_at        | 2016-03-25T09:22:05                        |

| description       |                                            |

| dns_nameservers   |                                            |

| enable_dhcp       | False                                      |

| gateway_ip        | 10.4.0.1                                   |

| host_routes       |                                            |

| id                | d2b331b4-4b07-4a47-8fa5-a18e4252c3c9       |

| ip_version        | 4                                          |

| ipv6_address_mode |                                            |

| ipv6_ra_mode      |                                            |

| name              |                                            |

| network_id        | db5b5700-6c8f-443d-ad38-2b330e37f44a       |

| subnetpool_id     |                                            |

| tenant_id         | 9a43b79d7ba946d183e87807a6607570           |

| updated_at        | 2016-03-25T09:22:05                        |

+——————-+——————————————–+

[root@ServerCentOS01 ~(keystone_admin)]# neutron net-list | grep external

| e1ff73a0-bec8-4e6b-82fe-b7cd0e7b914c | external2   | 4d653a31-435b-4516-bf1a-2ffb6689d803 10.3.0.0/24  |

| db5b5700-6c8f-443d-ad38-2b330e37f44a | external3   | d2b331b4-4b07-4a47-8fa5-a18e4252c3c9 10.4.0.0/24 |

[root@ServerCentOS01 ~(keystone_admin)]# neutron router-list

+—————————-+————–+—————————–+————-+——-+

| id                         | name         | external_gateway_info       | distributed | ha    |

+—————————-+————–+—————————–+————-+——-+

| 1ccaf7b9-6a4a-433c-b86a-   | RouterDSA    | null                        | False       | False |

| ef8f999605a8               |              |                             |             |       |

| 5de5dfb1-f765-4ba4-894b-   | RouterMitaka | {"network_id":              | False       | False |

| 39feab39d347               |              | "e1ff73a0-bec8-4e6b-82fe-   |             |       |

|                            |              | b7cd0e7b914c",              |             |       |

|                            |              | "enable_snat": true,        |             |       |

|                            |              | "external_fixed_ips":       |             |       |

|                            |              | [{"subnet_id":              |             |       |

|                            |              | "4d653a31-435b-4516-bf1a-   |             |       |

|                            |              | 2ffb6689d803",              |             |       |

|                            |              | "ip_address": "10.3.0.2" }]} |             |       |

| db06c4bf-cdcc-49ae-        | RouterDVS    | {"network_id": "db5b5700    | False       | False |

| a7b0-634038b062cc          |              | -6c8f-443d-                 |             |       |

|                            |              | ad38-2b330e37f44a",         |             |       |

|                            |              | "enable_snat": true,        |             |       |

|                            |              | "external_fixed_ips":       |             |       |

|                            |              | [{"subnet_id": "d2b331b4-4b |             |       |

|                            |              | 07-4a47-8fa5-a18e4252c3c9", |             |       |

|                            |              | "ip_address": "10.4.0.2"} ]} |             |       |

+—————————-+————–+—————————–+————-+——-+

When non-bridged external networking comes into play neutron-openvswitch-agent, running on Controller/Network Node, places external interfaces of corresponding neutron routers into corresponding OVS bridges,

in particular case br-eth2,br-eth3.

External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN - Configured

Run `ovs-ofctl dump-flows br-eth3` on Controller

External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN - Configured

Run `iftop -i eth3` on Controller

External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN - Configured

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » External Network Provider on RDO Mitaka Controller/Network&&Compute, ML2/OVS/VLAN – Configured

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮