出口網絡服務器:
安裝openvswitch:
# systemctl disable firewalld
# setenforce 0
# yum -y install vim
# yum -y install net-tools
# yum -y install epel-release
# yum -y install centos-release-openstack-ocata.noarch
# yum -y install openvswitch
# systemctl start openvswitch
# systemctl enable openswitchvim
配置虛擬網絡:
# ovs-vsctl add-br vm_net
# ovs-vsctl add-port vm_net gre0 — set interface gre0 type=gre option:remote_ip=172.16.0.1 option:local_ip=172.16.0.3centos
配置外網橋:
# yum -y install bridge-utilsbash
配置外網橋地址:
# vim /etc/sysconfig/network-scripts/ifcfg-ex_br
DEVICE=」ex_br」
BOOTPROTO=」static」
NM_CONTROLLED=」no」
IPADDR=10.0.0.2
NETMASK=255.255.255.0
GATEWAY=10.0.0.1
DNS1=10.0.0.1
ONBOOT=」yes」
TYPE=」Bridge」
DELAY=0服務器
將eth0的配置文件/etc/sysconfig/network-scripts/ifcfg-ens33的內容修改成:
# vim /etc/sysconfig/network-scripts/ifcfg-ens33
DEVICE=」ens33″
BOOTPROTO=」static」
NM_CONTROLLED=」no」
ONBOOT=」yes」
TYPE=」Ethernet」
BRIDGE=」ex_br」網絡
# systemctl restart networkssh
kvm1配置虛擬化網絡
kvm1:
# systemctl disable firewalld
# setenforce 0
# yum -y install vim
# yum -y install net-tools
# yum -y install epel-release
# yum -y install centos-release-openstack-ocata.noarch
# yum -y install openvswitch
# systemctl start openvswitch
# yum -y install qemu-kvm
# ln -sv /usr/libexec/qemu-kvm /usr/sbin/
# modprobe kvm
# modprobe kvm_intel測試
# ovs-vsctl add-br vm_net
# ovs-vsctl add-port vm_net gre0 — set interface gre0 type=gre option:remote_ip=172.16.0.3 option:local_ip=172.16.0.1rest
啓動4臺測試的虛擬機:orm
啓動虛擬機的腳本:
# vim /etc/qemu-kvm/if-up
#!/bin/bash
#
bridgename=vm_netip
if [ -n 「$1」 ] ; then
ip link set $1 up
sleep 1
ovs-vsctl add-port $bridgename $1
[ $? -eq 0 ] && exit 0 || exit 1
else
echo 「Error: no port specified.」
fi
# vim /etc/qemu-kvm/if-down
#!/bin/bash
#
bridgename=vm_net
if [ -n 「$1」 ] ; then
ovs-vsctl del-port $bridgename $1
sleep 1
ip link set $1 down
[ $? -eq 0 ] && exit 0 || exit 1
else
echo 「Error: no port specified.」
fi
# chmod u+x /etc/qemu-kvm/if-*
# chmod +x /etc/qemu-kvm/if-*
# bash -n /etc/qemu-kvm/if-up
# bash -n /etc/qemu-kvm/if-down
準備測試虛擬機鏡像文件:
# mkdir -pv /images/cirros/ ssh
# cp cirros-0.3.5-x86_64-disk.img /images/cirros/ -av
# mv -v cirros-0.3.5-x86_64-disk.img /images/cirros/cirros-0.3.5-x86_64-disk2.img
kvm1上啓動兩臺虛擬機:
# qemu-kvm -name vm1 -m 128 -smp 1 -vnc :0 -usbdevice tablet -daemonize -balloon virtio \
-drive file=/images/cirros/cirros-0.3.5-x86_64-disk.img,media=disk,cache=writeback,if=virtio,format=qcow2 \
-net nic,macaddr=52:54:00:00:00:01,model=virtio -net tap,vhost=on,vnet_hdr=on,script=/etc/qemu-kvm/if-up,downscript=/etc/qemu-kvm/if-down
# qemu-kvm -name vm2 -m 128 -smp 1 -vnc :1 -usbdevice tablet -daemonize -balloon virtio \
-drive file=/images/cirros/cirros-0.3.5-x86_64-disk2.img,media=disk,cache=writeback,if=virtio,format=qcow2 \
-net nic,macaddr=52:54:00:00:00:02,model=virtio -net tap,vhost=on,vnet_hdr=on,script=/etc/qemu-kvm/if-up,downscript=/etc/qemu-kvm/if-down
虛擬機地址配置以下:
vm1:
ifconfig eth0 172.16.1.1/24 broadcast 172.16.1.255 up
ip route add default via 172.16.1.254
vm2:
ifconfig eth0 172.16.1.2/24 broadcast 172.16.1.255 up
配置虛擬機外網出口:
# ip link add sin0 type veth peer name rin0
# ip link add sex0 type veth peer name rex0
# ip link set sin0 up
# ip link set sex0 up
# ovs-vsctl add-port vm_net sin0
# brctl addif ex_br sex0
# ip netns add r0 # ip link set rin0 netns r0 # ip link set rex0 netns r0 # ip netns exec r0 ip link set rex0 up # ip netns exec r0 ip link set rin0 up # ip netns exec r0 ip addr add 172.16.1.254/24 dev rin0 # ip netns exec r0 ip addr add 10.0.0.150/24 dev rex0 # ip netns exec r0 sysctl -w net.ipv4.ip_forward=1 # ip netns exec r0 ifconfig rex0:0 10.0.0.151/24 # ip netns exec r0 iptables -t nat -A POSTROUTING -s 172.16.1.1/32 ! -d 172.16.1.0/24 -j SNAT –to-source=10.0.0.151 # ip netns exec r0 iptables -t nat -A PREROUTING -d 10.0.0.151 -j DNAT –to-destination=172.16.1.1