neutron之SDN簡單測試

---

title: Neutron SDN 手動實現手冊 date: 2017-04-13 23:37 tags: Network

---

本文旨在經過本身搭建相似neutron （openvswitch + gre） 實現SDN 的環境，學習瞭解其工做原理，模擬核心原理，好比：同一租戶自定義網絡 instance 互通，手動爲instance 分配 floating ip 等相關內容。


###主機網卡配置

controller:
	     eth0:10.20.0.201 (management network) eht1:172.16.0.201 (public/external network) eht2:192.168.4.201 (private network，gre tunning) compute01: eth0:10.20.0.202 (management network) eht1:(disabled) eht2:192.168.4.202 (private network，gre tunning)

##模擬安裝網絡節點(Network1)

模擬Network 節點相關實現，好比L三、dhcp-agent實現，爲了模擬多節點網絡狀況，這裏Network同時也模擬一個計算節點，模擬M2 openvswitch 實現，上面運行instance1。

網絡接口配置

vi /etc/sysconfig/network-scripts/ifcfg-eth0
	DEVICE=eth0
	TYPE=Ethernet
	ONBOOT=yes
	NM_CONTROLLED=yes
	BOOTPROTO=static IPADDR=10.20.0.201 NETMASK=255.255.255.0 vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=172.16.0.201 NETMASK=255.255.255.0 vi /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE=eth2 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.4.201 NETMASK=255.255.255.0

重啓網絡服務

service network restart

安裝須要用到的包

yum install libvirt openvswitch python-virtinst xauth tigervnc qemu-* -y

移除默認的libvirt 網絡，方便清晰分析網絡狀況

virsh net-destroy default virsh net-autostart --disable default virsh net-undefine default

設置容許ipforwarding

vi /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

當即生效

sysctl -p

啓動openvswitch

service openvswitch start chkconfig openvswitch on

建立一個linux bridge

brctl addbr qbr01 ip link set qbr01 up

建立一個instance，並鏈接到qbr01 Bridge，網絡接口部分配置以下

<interface type='bridge'> <source bridge='qbr01'/> <target dev='tap01'/> <model type='virtio'/> <driver name='qemu'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>

能夠參考附件./gre/instance1.xml建立

cp ~/gre/ /var/tmp/
	cd /var/tmp/gre
	mv cirros-0.3.0-x86_64-disk.img instance1.img virsh define instance1.xml virsh start instance1 virsh vncdisplay instance1 vncviewer :0

啓動console 之後,登陸添加ip 地址 192.168.1.11

ip addr add 192.168.1.11/24 dev eth0 route add default gw 192.168.1.1

建立一個內部bridge br-int， 模擬 OpenStack integrated bridge

ovs-vsctl add-br br-int ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=192.168.4.202

建立一個veth peer，鏈接Linux Bridge 'qbr01' 和 OpenvSwich Bridge 'br-ini'

ip link add qvo01 type veth peer name qvb01 brctl addif qbr01 qvb01 ovs-vsctl add-port br-int qvo01 ovs-vsctl set port qvo01 tag=100 ip link set qvb01 up ip link set qvo01 up

查看如今network1上的 br-int

ovs-vsctl show

##模擬安裝計算節點(compute1)

##網絡接口配置

vi /etc/sysconfig/network-scripts/ifcfg-eth0
	DEVICE=eth0
	TYPE=Ethernet
	ONBOOT=yes
	NM_CONTROLLED=yes
	BOOTPROTO=static IPADDR=10.20.0.202 NETMASK=255.255.255.0 vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=172.16.0.202 NETMASK=255.255.255.0 vi /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE=eth2 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.4.202 NETMASK=255.255.255.0

重啓網絡服務

service network restart

安裝須要用到的包

yum install libvirt openvswitch python-virtinst xauth tigervnc qemu-*

移除libvirt 默認的網絡

virsh net-destroy default virsh net-autostart --disableu default virsh net-undefine default

設置容許ipforwarding

vi /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

當即生效

sysctl -p

啓動openvswitch

service openvswitch start chkconfig openvswitch on

建立一個linux bridge

brctl addbr qbr02 ip link set qbr02 up

建立一個vm，並鏈接到qbr02

<interface type='bridge'> <source bridge='qbr02'/> <target dev='tap02'/> <model type='virtio'/> <driver name='qemu'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>

上gre目錄到compute1 節點，能夠參考附件./gre/instance2.xml建立

cp ~/gre/ /var/tmp/
cd /var/tmp/gre
mv cirros-0.3.0-x86_64-disk.img instance2.img virsh define instance2.xml virsh start instance2 virsh vncdisplay instance2 vncviewer :0

啓動console 之後,登陸添加ip得知 192.168.1.12

ip addr add 192.168.1.12/24 dev eth0 route add default gw 192.168.1.1

建立一個內部bridge br-int， 模擬 OpenStack integrated bridge

ovs-vsctl add-br br-int ovs-vsctl add-port br-int gre0 -- set interface gre0 type=gre options:remote_ip=192.168.4.201

建立一個veth peer，鏈接Linux Bridge 'qbr02' 和 OpenvSwich Bridge 'br-ini'

ip link add qvo02 type veth peer name qvb02 brctl addif qbr02 qvb02 ovs-vsctl add-port br-int qvo02 ovs-vsctl set port qvo02 tag=100 ip link set qvb02 up ip link set qvo02 up

查看如今network1 上的 br-int

ovs-vsctl show

檢查是否能連通instance1，在instance2的控制檯

ping 192.168.1.11

##經過 Network Namespace 實現租戶私有網絡互訪

添加一個namespace，dhcp01用於隔離租戶網絡。

ip netns add dhcp01

爲私有網絡192.168.1.0/24 ，在命名空間dhcp01 中 建立dhcp 服務

ovs-vsctl add-port br-int tapdhcp01 -- set interface tapdhcp01 type=internal ovs-vsctl set port tapdhcp01 tag=100 ip link set tapdhcp01 netns dhcp01 ip netns exec dhcp01 ip addr add 192.168.1.2/24 dev tapdhcp01 ip netns exec dhcp01 ip link set tapdhcp01 up

檢查網絡是否連通，在namespace 訪問instance1 和 instance2

ip netns exec dhcp01 ping 192.168.1.12 ip netns exec dhcp01 ping 192.168.1.11

##經過 Network Namespace 和Iptables 實現L3 router

ovs-vsctl add-br br-ex

從新配置eth1 和 br-ex

vi /etc/sysconfig/network-scripts/ifcfg-eth1

	DEVICE=eth1
	ONBOOT=yes BOOTPROTO=none PROMISC=yes MTU=1546 ################################### DEVICE=ens160 TYPE=OVSPort DEVICETYPE=ovs OVS_BRIDGE=br-ex ONBOOT=yes #################################### vi /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex TYPE=Bridge ONBOOT=yes BOOTPROTO=none IPADDR0=172.16.0.201 PREFIX0=24 ####################################### DEVICE=br-ex ONBOOT=yes DEVICETYPE=ovs TYPE=OVSBridge BOOTPROTO=static IPADDR=192.168.2.134 NETMASK=255.255.255.0 GATEWAY=192.168.2.1 DNS1=218.2.2.2 ######################################

重啓啓動網絡服務

ovs-vsctl add-port br-ex eth1 && service network restart

檢查網絡，配置後是否連通

ping 172.16.0.201

添加一個namespace，router01 用於路由和floating ip 分配

ip netns add router01

在br-int添加一個接口，做爲私有網絡192.168.1.0/24的網關

ovs-vsctl add-port br-int qr01 -- set interface qr01 type=internal ovs-vsctl set port qr01 tag=100 ip link set qr01 netns router01 ip netns exec router01 ip addr add 192.168.1.1/24 dev qr01 ip netns exec router01 ip link set qr01 up ip netns exec router01 ip link set lo up

在br-ex中添加一個接口，用於私網192.168.1.0/24設置下一跳地址

ovs-vsctl add-port br-ex qg01 -- set interface qg01 type=internal ip link set qg01 netns router01 ip netns exec router01 ip addr add 172.16.0.100/24 dev qg01 ip netns exec router01 ip link set qg01 up ip netns exec router01 ip link set lo up

模擬分配floating ip 訪問instance1

爲instance1 192.168.1.11 分配floating ip，172.16.0.101

ip netns exec router01 ip addr add 172.16.0.101/32 dev qg01 ip netns exec router01 iptables -t nat -A OUTPUT -d 172.16.0.101/32 -j DNAT --to-destination 192.168.1.11 ip netns exec router01 iptables -t nat -A PREROUTING -d 172.16.0.101/32 -j DNAT --to-destination 192.168.1.11 ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.1.11/32 -j SNAT --to-source 172.16.0.101 ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 172.16.0.100

測試floating ip

ping 172.16.0.101

若是須要清除nat chain

iptables -t nat -F

ip netns exec router01 iptables -t nat -A OUTPUT -d 192.168.2.102/32 -j DNAT --to-destination 192.168.10.11 ip netns exec router01 iptables -t nat -A PREROUTING -d 192.168.2.102/32 -j DNAT --to-destination 192.168.10.11 ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.10.11/32 -j SNAT --to-source 192.168.2.102 ip netns exec router01 ip addr add 192.168.2.103/32 dev qg01 ip netns exec router01 iptables -t nat -A OUTPUT -d 192.168.2.103/32 -j DNAT --to-destination 192.168.10.11 ip netns exec router01 iptables -t nat -A PREROUTING -d 192.168.2.103/32 -j DNAT --to-destination 192.168.10.11 ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.10.11/32 -j SNAT --to-source 192.168.2.103 ip netns exec router01 route add default gw 192.168.2.1 ip netns exec router01 route -n