openstack運維實戰系列(二十)之neutron建立網絡並指定vlan號碼
1. 背景說明linux
neutron在openstack中負責instance的網絡,如虛擬機內部網絡,虛擬機外部網絡等,和實體網絡相相似,openstack中的網絡也存在路由器router,交換機switch,網絡network,子網subnet,端口port等概念,這些功能都有neutron來完成,neutron由有個不一樣的插件plugins組成,如二層插件neutron-openvswitch-agent,三層插件neutron-l3-agent,動態地址分配neutron-dhcp-agent,元數據服務neutron-metadata-agent等。sass
此外,爲了保障租戶tenant之間的網絡隔離,neutron支持多種不一樣的網絡隔離技術,包括:Linux-bridge,Flat,vlan,gre和vxlan,對於大規模的環境來講,使用gre和vxlan比較多,linux-bridge和flat在小環境中使用,vlan則可以知足可擴展性且可以和現有的環境對接,我所在的環境中,使用vlan的網絡模式,關於neutron各類網絡模式的特色對別以下:安全
| 網絡模式 | 功能說明 | 優勢 | 缺點 |
| linux-bridge | Linux網橋,和KVM網橋相相似 | 配置簡單,易於實現,管理 | 可擴展性差 |
| flat/flat+dhcp | 和橋接相相似,扁平網絡模式 | 配置簡單,易於實現,管理 | 扁平,隨着規模擴大,性能易出現瓶頸 |
| vlan | 經過vlan號隔離網絡,劃分廣播域 | 和現有網絡對接,易於理解,可擴展性強 | vlan號只支持4096個,大規模易爆 |
| gre | 隧道封裝技術,節點之間構建gre隧道 | 較容易實現流量隔離,沒有限制 | GRE包頭添加網絡開銷 |
| vxlan | 和GRE技術相相似,隧道技術 | 沒有範圍限制,可擴展性強 | 須要增長IP包頭開銷 |
2.建立網絡,並指定VLAN號 網絡
因爲我所在環境中的opentstack雲平臺使用了vlan的網絡模式,隨着業務增加,外網IP會耗盡,此時,會向運營商申請外網IP,申請完以後,須要在openstack中擴容網絡號,或者租戶tenant本身須要內部的網絡,也能夠建立網絡(tenant無法指定vlan號碼,只有管理員才能夠),具體操做以下:app
1.建立網絡,指定vlan範圍和橋接的物理接口負載均衡
a、建立網絡,並指定網絡模式和vlan號碼,以及物理橋接網橋 [root@controller ~]# neutron net-create --provider:network_type=vlan --provider:physical_network=physnet0 --provider:segmentation_id=101 --shared public Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #網絡id號 | name | public | #網絡名字 | provider:network_type | vlan | #網絡類型爲vlan | provider:physical_network | physnet0 | #物理橋接網口 | provider:segmentation_id | 101 | #vlan的號碼 | shared | True | #全部的tenant共享 | status | ACTIVE | | subnets | | #暫時沒有加入子網,因此爲空 | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #網絡所在的tenant +---------------------------+--------------------------------------+ b、查看建立的網絡列表 [root@controller ~]# neutron net-list +--------------------------------------+---------------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------+-------------------------------------------------------+ | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | public | | #剛建立的網絡 | 99c68a93-336a-4605-aa78-343d41ca1206 | vmTest | 79cb82a1-eac1-4311-8e6d-badcabd22e44 192.168.100.0/24 | +--------------------------------------+---------------+-------------------------------------------------------+ c、查看網絡的詳細信息 [root@controller ~]# neutron net-show 0d30322d-8d87-43c3-b4e2-5a2969d3c42e +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | | name | public | | provider:network_type | vlan | | provider:physical_network | physnet0 | | provider:segmentation_id | 101 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | +---------------------------+--------------------------------------+
2.建立子網,並將子網加入到網絡內ide
a、建立子網subnet
[root@controller ~]# neutron subnet-create --name public_subnet \
--ip-version 4 \
--gateway 192.168.101.1 \
--allocation-pool start=192.168.101.10,end=192.168.101.250 \
0d30322d-8d87-43c3-b4e2-5a2969d3c42e 192.168.101.0/24
Created a new subnet:
+------------------+-------------------------------------------------------+
| Field | Value |
+------------------+-------------------------------------------------------+
| allocation_pools | {"start": "192.168.101.10", "end": "192.168.101.250"} | #地址pools起始範圍
| cidr | 192.168.101.0/24 | #網絡地址塊
| dns_nameservers | |
| enable_dhcp | True | #啓用DHCP
| gateway_ip | 192.168.101.1 | #子網所在的網關
| host_routes | |
| id | 3d715769-73ce-4984-81b2-ae1ffb284a74 | #subnet ID號
| ip_version | 4 | #IP地址版本爲ipv4
| name | public_subnet | #subnet的名字
| network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #subnet所在的network
| tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #subnet所在tenant
+------------------+-------------------------------------------------------+
b、查看subnet的列表
[root@controller ~]# neutron subnet-list
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
| 3d715769-73ce-4984-81b2-ae1ffb284a74 | public_subnet | 192.168.101.0/24 | {"start": "192.168.101.10", "end": "192.168.101.250"} | #建立成功
| 79cb82a1-eac1-4311-8e6d-badcabd22e44 | ForTest | 192.168.100.0/24 | {"start": "192.168.100.2", "end": "192.168.100.254"} |
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
c、查看subnet詳情
[root@controller ~]# neutron subnet-show 3d715769-73ce-4984-81b2-ae1ffb284a74
+------------------+-------------------------------------------------------+
| Field | Value |
+------------------+-------------------------------------------------------+
| allocation_pools | {"start": "192.168.101.10", "end": "192.168.101.250"} |
| cidr | 192.168.101.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.101.1 |
| host_routes | |
| id | 3d715769-73ce-4984-81b2-ae1ffb284a74 |
| ip_version | 4 |
| name | public_subnet |
| network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e |
| tenant_id | 842ab3268a2c47e6a4b0d8774de805ae |
+------------------+-------------------------------------------------------+
3.交換機配置vlan與雲平臺聯動性能
雲平臺中配置了網絡,使用vlan模式,此時,須要在交換機層面配置vlan信息和openstack雲平臺聯動,須要配置的信息有:vlan地址,即網絡的gateway,全部的compute接口所在的交換機接口,設置爲trunk模式,並配置容許vlan101經過(關於具體配置,能夠將需求和網絡工程師說明)。
測試
4.測試新建立的networkui
a、查看network和subnet的號碼
[root@controller ~]# neutron net-list
+--------------------------------------+---------------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------------+-------------------------------------------------------+
| 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | public | 3d715769-73ce-4984-81b2-ae1ffb284a74 192.168.101.0/24 |
+--------------------------------------+---------------+-------------------------------------------------------+
[root@controller ~]# neutron subnet-list
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
| 3d715769-73ce-4984-81b2-ae1ffb284a74 | public_subnet | 192.168.101.0/24 | {"start": "192.168.101.10", "end": "192.168.101.250"} |
+--------------------------------------+----------------+------------------+-------------------------------------------------------+
b、建立端口
[root@controller ~]# neutron port-create --name port_1 \
--fixed-ip subnet_id=3d715769-73ce-4984-81b2-ae1ffb284a74,ip_address=192.168.101.11 0d30322d-8d87-43c3-b4e2-5a2969d3c42e
Created a new port:
+-----------------------+---------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| device_id | |
| device_owner | |
| fixed_ips | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} | #端口的地址
| id | 9b860e7f-4327-4777-8f80-3a5a3c6672ad | #端口id號
| mac_address | fa:16:3e:af:73:66 | #端口對應MAC
| name | port_1 | #port名字
| network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #port所在network
| security_groups | 663468d9-73b1-4b04-8d4c-dac1bf21a94d | #所在安全組
| status | DOWN |
| tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #所在subnet
+-----------------------+---------------------------------------------------------------------------------------+
c、查看port列表
[root@controller ~]# neutron port-list |grep 192.168.101
| 9b860e7f-4327-4777-8f80-3a5a3c6672ad | port_1 | fa:16:3e:af:73:66 | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} |
| fb5f8996-c025-4fdd-80dc-7d0d117a7cd6 | | fa:16:3e:19:8f:f8 | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.10"} |
d、查看port詳情
[root@controller ~]# neutron port-show 9b860e7f-4327-4777-8f80-3a5a3c6672ad
+-----------------------+---------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} |
| id | 9b860e7f-4327-4777-8f80-3a5a3c6672ad |
| mac_address | fa:16:3e:af:73:66 |
| name | port_1 |
| network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e |
| security_groups | 663468d9-73b1-4b04-8d4c-dac1bf21a94d |
| status | DOWN |
| tenant_id | 842ab3268a2c47e6a4b0d8774de805ae |
+-----------------------+---------------------------------------------------------------------------------------+
4.將端口attach到intance中
a、執行attach操做 [root@controller ~]# nova list |grep happy | 3f694eaf-aa87-456a-99ce-90dd9f4e45ee | happy_test | SHUTOFF | - | Shutdown | | ChuangYiYuan_10_16_2_11 | [root@controller ~]# nova interface-attach 3f694eaf-aa87-456a-99ce-90dd9f4e45ee --port-id 9b860e7f-4327-4777-8f80-3a5a3c6672ad b、attach成功,虛擬機和端口成功關聯 [root@controller ~]# nova list |grep happy | 3f694eaf-aa87-456a-99ce-90dd9f4e45ee | happy_test | SHUTOFF | - | Shutdown | public=192.168.101.11 | ChuangYiYuan_10_16_2_11 |
5. 總結
關於網絡的擴容,能夠經過租戶本身建立,也能夠經過管理員手動指定,對於租戶本身建立來講,自動分配vlan號碼,而管理員則能夠針對業務需求,手動定製vlan號,因爲openstack的應用場景和配置千奇百怪,不一樣的環境和場景都有所不一樣,讀者根據本身所在的環境設置。
6. 附錄
[root@controller ~]# neutron -h usage: neutron [--version] [-v] [-q] [-h] [--os-auth-strategy <auth-strategy>] [--os-auth-url <auth-url>] [--os-tenant-name <auth-tenant-name>] [--os-tenant-id <auth-tenant-id>] [--os-username <auth-username>] [--os-password <auth-password>] [--os-region-name <auth-region-name>] [--os-token <token>] [--endpoint-type <endpoint-type>] [--os-url <url>] [--os-cacert <ca-certificate>] [--insecure] Command-line interface to the Neutron APIs optional arguments: --version show program's version number and exit -v, --verbose, --debug Increase verbosity of output and show tracebacks on errors. Can be repeated. -q, --quiet Suppress output except warnings and errors -h, --help Show this help message and exit --os-auth-strategy <auth-strategy> Authentication strategy (Env: OS_AUTH_STRATEGY, default keystone). For now, any other value will disable the authentication --os-auth-url <auth-url> Authentication URL (Env: OS_AUTH_URL) --os-tenant-name <auth-tenant-name> Authentication tenant name (Env: OS_TENANT_NAME) --os-tenant-id <auth-tenant-id> Authentication tenant name (Env: OS_TENANT_ID) --os-username <auth-username> Authentication username (Env: OS_USERNAME) --os-password <auth-password> Authentication password (Env: OS_PASSWORD) --os-region-name <auth-region-name> Authentication region name (Env: OS_REGION_NAME) --os-token <token> Defaults to env[OS_TOKEN] --endpoint-type <endpoint-type> Defaults to env[OS_ENDPOINT_TYPE] or publicURL. --os-url <url> Defaults to env[OS_URL] --os-cacert <ca-certificate> Specify a CA bundle file to use in verifying a TLS (https) server certificate. Defaults to env[OS_CACERT] --insecure Explicitly allow neutronclient to perform "insecure" SSL (https) requests. The server's certificate will not be verified against any certificate authorities. This option should be used with caution. Commands for API v2.0: agent-delete Delete a given agent. #agent管理 agent-list List agents. agent-show Show information of a given agent. agent-update Update a given agent. cisco-credential-create Creates a credential. cisco-credential-delete Delete a given credential. cisco-credential-list List credentials that belong to a given tenant. cisco-credential-show Show information of a given credential. cisco-network-profile-create Creates a network profile. cisco-network-profile-delete Delete a given network profile. cisco-network-profile-list List network profiles that belong to a given tenant. cisco-network-profile-show Show information of a given network profile. cisco-network-profile-update Update network profile's information. cisco-policy-profile-list List policy profiles that belong to a given tenant. cisco-policy-profile-show Show information of a given policy profile. cisco-policy-profile-update Update policy profile's information. dhcp-agent-list-hosting-net List DHCP agents hosting a network. dhcp-agent-network-add Add a network to a DHCP agent. dhcp-agent-network-remove Remove a network from a DHCP agent. ext-list List all extensions. ext-show Show information of a given resource. firewall-create Create a firewall. #防火牆管理 firewall-delete Delete a given firewall. firewall-list List firewalls that belong to a given tenant. firewall-policy-create Create a firewall policy. firewall-policy-delete Delete a given firewall policy. firewall-policy-insert-rule Insert a rule into a given firewall policy. firewall-policy-list List firewall policies that belong to a given tenant. firewall-policy-remove-rule Remove a rule from a given firewall policy. firewall-policy-show Show information of a given firewall policy. firewall-policy-update Update a given firewall policy. firewall-rule-create Create a firewall rule. firewall-rule-delete Delete a given firewall rule. firewall-rule-list List firewall rules that belong to a given tenant. firewall-rule-show Show information of a given firewall rule. firewall-rule-update Update a given firewall rule. firewall-show Show information of a given firewall. firewall-update Update a given firewall. floatingip-associate Create a mapping between a floating ip and a fixed ip. #浮動IP管理 floatingip-create Create a floating ip for a given tenant. floatingip-delete Delete a given floating ip. floatingip-disassociate Remove a mapping from a floating ip to a fixed ip. floatingip-list List floating ips that belong to a given tenant. floatingip-show Show information of a given floating ip. help print detailed help for another command ipsec-site-connection-create Create an IPsecSiteConnection. #×××站點管理 ipsec-site-connection-delete Delete a given IPsecSiteConnection. ipsec-site-connection-list List IPsecSiteConnections that belong to a given tenant. ipsec-site-connection-show Show information of a given IPsecSiteConnection. ipsec-site-connection-update Update a given IPsecSiteConnection. l3-agent-list-hosting-router List L3 agents hosting a router. l3-agent-router-add Add a router to a L3 agent. l3-agent-router-remove Remove a router from a L3 agent. lb-agent-hosting-pool Get loadbalancer agent hosting a pool. #負載均衡相關管理 lb-healthmonitor-associate Create a mapping between a health monitor and a pool. lb-healthmonitor-create Create a healthmonitor. lb-healthmonitor-delete Delete a given healthmonitor. lb-healthmonitor-disassociate Remove a mapping from a health monitor to a pool. lb-healthmonitor-list List healthmonitors that belong to a given tenant. lb-healthmonitor-show Show information of a given healthmonitor. lb-healthmonitor-update Update a given healthmonitor. lb-member-create Create a member. lb-member-delete Delete a given member. lb-member-list List members that belong to a given tenant. lb-member-show Show information of a given member. lb-member-update Update a given member. lb-pool-create Create a pool. lb-pool-delete Delete a given pool. lb-pool-list List pools that belong to a given tenant. lb-pool-list-on-agent List the pools on a loadbalancer agent. lb-pool-show Show information of a given pool. lb-pool-stats Retrieve stats for a given pool. lb-pool-update Update a given pool. lb-vip-create Create a vip. lb-vip-delete Delete a given vip. lb-vip-list List vips that belong to a given tenant. lb-vip-show Show information of a given vip. lb-vip-update Update a given vip. meter-label-create Create a metering label for a given tenant. meter-label-delete Delete a given metering label. meter-label-list List metering labels that belong to a given tenant. meter-label-rule-create Create a metering label rule for a given label. meter-label-rule-delete Delete a given metering label. meter-label-rule-list List metering labels that belong to a given label. meter-label-rule-show Show information of a given metering label rule. meter-label-show Show information of a given metering label. net-create Create a network for a given tenant. #網絡相關管理 net-delete Delete a given network. net-external-list List external networks that belong to a given tenant. net-gateway-connect Add an internal network interface to a router. net-gateway-create Create a network gateway. net-gateway-delete Delete a given network gateway. net-gateway-disconnect Remove a network from a network gateway. net-gateway-list List network gateways for a given tenant. net-gateway-show Show information of a given network gateway. net-gateway-update Update the name for a network gateway. net-list List networks that belong to a given tenant. net-list-on-dhcp-agent List the networks on a DHCP agent. net-show Show information of a given network. net-update Update network's information. port-create Create a port for a given tenant. #端口相關管理 port-delete Delete a given port. port-list List ports that belong to a given tenant. port-show Show information of a given port. port-update Update port's information. queue-create Create a queue. queue-delete Delete a given queue. queue-list List queues that belong to a given tenant. queue-show Show information of a given queue. #quota相關管理 quota-delete Delete defined quotas of a given tenant. quota-list List quotas of all tenants who have non-default quota values. quota-show Show quotas of a given tenant quota-update Define tenant's quotas not to use defaults. router-create Create a router for a given tenant. #路由器相關管理 router-delete Delete a given router. router-gateway-clear Remove an external network gateway from a router. router-gateway-set Set the external network gateway for a router. router-interface-add Add an internal network interface to a router. router-interface-delete Remove an internal network interface from a router. router-list List routers that belong to a given tenant. router-list-on-l3-agent List the routers on a L3 agent. router-port-list List ports that belong to a given tenant, with specified router. router-show Show information of a given router. router-update Update router's information. security-group-create Create a security group. #安全組相關管理 security-group-delete Delete a given security group. security-group-list List security groups that belong to a given tenant. security-group-rule-create Create a security group rule. security-group-rule-delete Delete a given security group rule. security-group-rule-list List security group rules that belong to a given tenant. security-group-rule-show Show information of a given security group rule. security-group-show Show information of a given security group. security-group-update Update a given security group. service-provider-list List service providers. #子網相關管理 subnet-create Create a subnet for a given tenant. subnet-delete Delete a given subnet. subnet-list List subnets that belong to a given tenant. subnet-show Show information of a given subnet. subnet-update Update subnet's information. ***-ikepolicy-create Create an IKEPolicy. #×××相關的管理 ***-ikepolicy-delete Delete a given IKE Policy. ***-ikepolicy-list List IKEPolicies that belong to a tenant. ***-ikepolicy-show Show information of a given IKEPolicy. ***-ikepolicy-update Update a given IKE Policy. ***-ipsecpolicy-create Create an ipsecpolicy. ***-ipsecpolicy-delete Delete a given ipsecpolicy. ***-ipsecpolicy-list List ipsecpolicies that belongs to a given tenant connection. ***-ipsecpolicy-show Show information of a given ipsecpolicy. ***-ipsecpolicy-update Update a given ipsec policy. ***-service-create Create a ×××Service. ***-service-delete Delete a given ×××Service. ***-service-list List ×××Service configurations that belong to a given tenant. ***-service-show Show information of a given ×××Service. ***-service-update Update a given ×××Service.
相關文章
- 1. openstack運維實戰系列(十一)之neutron替換instance的IP
- 2. openstack運維實戰系列(六)之neutron配額調整
- 3. openstack運維實戰系列(十二)之nova aggregate資源分組
- 4. openstack運維實戰系列(十四)之neutron agent重啓引起「血案」
- 5. openstack運維實戰系列(十)之nova指定compute節點和IP地址
- 6. openstack運維實戰系列(十七)之glance與ceph結合
- 7. openstack運維實戰系列(十九)之cinder與ceph結合
- 8. openstack運維實戰系列(十六)之ceph存儲安裝
- 9. openstack運維實戰系列(二)之instance ERR故障處理
- 10. openstack網絡之Vlan
- 更多相關文章...
- • 網站建設指南 - 網站建設指南
- • 網絡體系的構成和類型 - TCP/IP教程
- • Java Agent入門實戰(二)-Instrumentation源碼概述
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. openstack運維實戰系列(十一)之neutron替換instance的IP
- 2. openstack運維實戰系列(六)之neutron配額調整
- 3. openstack運維實戰系列(十二)之nova aggregate資源分組
- 4. openstack運維實戰系列(十四)之neutron agent重啓引起「血案」
- 5. openstack運維實戰系列(十)之nova指定compute節點和IP地址
- 6. openstack運維實戰系列(十七)之glance與ceph結合
- 7. openstack運維實戰系列(十九)之cinder與ceph結合
- 8. openstack運維實戰系列(十六)之ceph存儲安裝
- 9. openstack運維實戰系列(二)之instance ERR故障處理
- 10. openstack網絡之Vlan