OVN Manual install & Configuration
Open vSwitch 官网
参考
OVN学习(一)
OVN实战一之GNS3操作指南及OVN入门
按照 OVN Manual install & Configuration 分别叫做 Controller 节点和 Compute 节点 ,其他一般叫做 Central 节点和 Node 或 Host 节点
Open vSwitch(OVS)是一款开源的“虚拟交换机”
Overlay协议方面它支持GRE, VXLAN, STT, Geneve四种主流Overlay数据包
2015年OVS社区宣布了一个子项目——Open Virtual Network(OVN)。它旨在为OVS提供一个控制平面,通过一个统一的网络模型为容器、虚拟机提供相同的网络服务。
OVN的功能
L2功能,叫Logical switches(逻辑交换机)
L3功能,叫Logical Router(逻辑路由器)
ACL,就像我们物理交换机可以配置ACL,OVN可以针对逻辑交换机添加ACL
NAT,SNAT、DNAT都支持
Load Balancer,支持面向内部的负载均衡和提供外部访问的负载均衡
学习 OpenStack
2 个 Hyper-V 虚拟机
Controller 节点 : Ubuntu 20.04
Management : 192.168.0.101/24 ( 网关:192.168.0.81)
Provider : 203.0.113.101 /24 ( 网关:203.0.113.1 )
Compute 节点 :Ubuntu 20.04
Management : 192.168.0.103/24 ( 网关:192.168.0.81)
Provider : 203.0.113.103 /24 ( 网关:203.0.113.1 )
本文目的只在理解 Open vSwitch ,不在配置OpenStack
Ubuntu 20.04 上学习Open vSwitch :VxLAN
简单抄录一下
apt install openvswitch-switch
apt install python3-pip
pip3 install networking-ovn==4.0.4
apt install ovn-central ovn-common ovn-host
在 Controller 节点 ( 203.0.113.101 )上
ovn-nbctl set-connection ptcp:6641:203.0.113.101
ovn-sbctl set-connection ptcp:6642:203.0.113.101
root@ubuntu2004-101:/home/dhbm# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 203.0.113.101:6641 0.0.0.0:* LISTEN 820/ovsdb-server
tcp 0 0 203.0.113.101:6642 0.0.0.0:* LISTEN 821/ovsdb-server
......
ovs-vsctl set open . external-ids:ovn-remote=tcp:203.0.113.101:6642
ovs-vsctl set open . external-ids:ovn-encap-type=geneve
ovs-vsctl set open . external-ids:ovn-encap-ip=203.0.113.101
在 Compute 节点 ( 203.0.113.103 )上
ovs-vsctl set open . external-ids:ovn-remote=tcp:203.0.113.101:6642
ovs-vsctl set open . external-ids:ovn-encap-type=geneve
ovs-vsctl set open . external-ids:ovn-encap-ip=203.0.113.103
root@ubuntu2004-103:/home/dhbm# netstat -antp |grep 6642
tcp 0 0 203.0.113.103:53342 203.0.113.101:6642 ESTABLISHED 948/ovn-controller
网络拓扑
root@ubuntu2004-101:/home/dhbm# ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:5a:a6:91 brd ff:ff:ff:ff:ff:ff
inet 203.0.113.101/24 brd 203.0.113.255 scope global eth1
root@ubuntu2004-103:/home/dhbm# ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:5a:a6:92 brd ff:ff:ff:ff:ff:ff
inet 203.0.113.103/24 brd 203.0.113.255 scope global eth1
valid_lft forever preferred_lft forever
在 Controller 节点 ( 203.0.113.101 )上
创建一个逻辑交换机,然后添加两个交换机端口,并为端口设置物理地址,分别对应 2 个节点服务器上的 eth1 网卡
在 OpenStack 中,这 2 个 eth1 网卡,充当了 Provider 角色,为每一个 instance ( 虚拟机 ) 提供Provider network 和 Self-service network 地址
1). 创建 logical switch
root@ubuntu2004-101:/home/dhbm# ovn-nbctl ls-add ls-test
2). 第一个端口 ( mac 地址 00:15:5d:5a:a6:91)
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-add ls-test lsport-101
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-set-addresses lsport-101 00:15:5d:5a:a6:91
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-set-port-security lsport-101 00:15:5d:5a:a6:91
3). 第二个 ( mac 地址 00:15:5d:5a:a6:92)
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-add ls-test lsport-103
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-set-addresses lsport-103 00:15:5d:5a:a6:92
root@ubuntu2004-101:/home/dhbm# ovn-nbctl lsp-set-port-security lsport-103 00:15:5d:5a:a6:92
查看确认
root@ubuntu2004-101:/home/dhbm# ovn-nbctl show
switch 9d86d6cb-f4d9-4969-b675-e6becddf52da (ls-test)
port lsport-103
addresses: ["00:15:5d:5a:a6:92"]
port lsport-101
addresses: ["00:15:5d:5a:a6:91"]
root@ubuntu2004-101:/home/dhbm# ovn-sbctl show
Chassis "cc2e2b70-3a89-4dd5-b53c-71e9116d687a"
hostname: ubuntu2004-101
Encap geneve
ip: "203.0.113.101"
options: {csum="true"}
Port_Binding lsport-101
Chassis "c5ea0556-ef1a-4d7f-a5ff-cf1cc52e4389"
hostname: ubuntu2004-101
Encap geneve
ip: "203.0.113.103"
options: {csum="true"}
Port_Binding lsport-103
这个相当于 OpenStack 中 Launch an instance
通过名称空间将全局系统资源包装在一个抽象中,使名称空间中的进程看起来拥有自己的全局资源的独立实例
详细解读Linux网络命名空间,veth, birdge与路由
以上构建的是 L2 逻辑交换机,所以,虚拟机只能处于同一个网段 10.0.0.0/24
在 Controller 节点 ( 203.0.113.101 )上模拟一个虚拟机:vm1-101,并将它的网卡 link 到上一步创建的交换机端口 lsport-101 (address 00:15:5d:5a:a6:91),分配内网地址: 10.0.0.101/24
# ip netns add vm1-101
# ovs-vsctl add-port br-int vm1-101 -- set interface vm1-101 type=internal
# ip link set vm1-101 netns vm1-101
# ip netns exec vm1-101 ip link set vm1-101 address 00:15:5d:5a:a6:91
# ip netns exec vm1-101 ip addr add 10.0.0.11/24 dev vm1-101
# ip netns exec vm1-101 ip link set vm1-101 up
# ovs-vsctl set Interface vm1-101 external_ids:iface-id=lsport-101
2, 查看虚拟机 vm1-101 地址信息
root@ubuntu2004-101:/home/dhbm# ip netns exec vm1-101 ip addr show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: vm1-101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:15:5d:5a:a6:91 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.101/24 scope global vm1-101
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe5a:a691/64 scope link
valid_lft forever preferred_lft forever
在 compute 节点 ( 203.0.113.103 )上模拟一个虚拟机:vm1-103,并将它的网卡 link 到上一步创建的交换机端口 lsport-103 (address 00:15:5d:5a:a6:92),分配内网地址: 10.0.0.101/24
# ip netns add vm1-103
# ovs-vsctl add-port br-int vm1-103 -- set interface vm1-103 type=internal
# ip link set vm1-103 netns vm1-103
# ip netns exec vm1-103 ip link set vm1-103 address 00:15:5d:5a:a6:92
# ip netns exec vm1-103 ip addr add 10.0.0.103/24 dev vm1-103
# ip netns exec vm1-103 ip link set vm1-103 up
# ovs-vsctl set Interface vm1-103 external_ids:iface-id=lsport-103
查看虚拟机 vm1-103 地址信息
root@ubuntu2004-103:/home/dhbm# ip netns exec vm1-103 ip addr show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: vm1-103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:15:5d:5a:a6:92 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.103/24 scope global vm1-103
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe5a:a692/64 scope link
valid_lft forever preferred_lft forever
这个相当于 OpenStack 中各个 instance 之间互相连通和访问
root@ubuntu2004-101:/home/dhbm# ip netns exec vm1-101 ping -c 2 10.0.103
PING 10.0.103 (10.0.0.103) 56(84) bytes of data.
64 bytes from 10.0.0.103: icmp_seq=1 ttl=64 time=1.64 ms
64 bytes from 10.0.0.103: icmp_seq=2 ttl=64 time=0.433 ms
--- 10.0.103 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.433/1.038/1.644/0.605 ms
从 vm1-103 ping vm1-101 的 IP
root@ubuntu2004-103:/home/dhbm# ip netns exec vm1-103 ping -c 2 10.0.101
PING 10.0.101 (10.0.0.101) 56(84) bytes of data.
64 bytes from 10.0.0.101: icmp_seq=1 ttl=64 time=1.56 ms
64 bytes from 10.0.0.101: icmp_seq=2 ttl=64 time=0.425 ms
--- 10.0.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.425/0.994/1.564/0.569 ms
在 Controller 节点 ( 203.0.113.101 )上
删除逻辑交换机及其端口
ovn-nbctl lsp-del lsport-101
ovn-nbctl lsp-del lsport-103
ovn-nbctl ls-del ls-test
删除模拟虚拟机
ip netns del vm1-101
ovs-vsctl --if-exists --with-iface del-port br-int vm1-101
在 compute 节点 ( 203.0.113.103 )上
删除模拟虚拟机
ip netns del vm1-103
ovs-vsctl --if-exists --with-iface del-port br-int vm1-103