关于Neutron上的三种Agent的作用:

  • Neutron-OVS-Agent:从OVS-Plugin上接收tunnel和tunnel flow的配置,驱动OVS来建立GRE Tunnel
  • Neutron-DHCP-Agent:为每一个配置了DHCP的网络/子网配置dnsmasq,也负责把Mac地址/IP地址 信息写入dnsmasq dhcp lease 文件
  • Neturon-L3-Agent:设置iptables/routing/NAT表

网络节点初始建立

[root@network01 ~]# ovs-vsctl show
aa2155ed-ec27-454f-bb5c-07325a5322a9
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
Port "eno16777728"
Interface "eno16777728"
Bridge br-int
fail_mode: secure
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: "2.5.0"

[root@network01 ~]# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0x98a3719566989240, duration=415.236s, table=0, n_packets=0, n_bytes=0, idle_age=415, priority=1,in_port=1 actions=resubmit(,2)
cookie=0x98a3719566989240, duration=415.236s, table=0, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=drop
cookie=0x98a3719566989240, duration=415.236s, table=2, n_packets=0, n_bytes=0, idle_age=415, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x98a3719566989240, duration=415.235s, table=2, n_packets=0, n_bytes=0, idle_age=415, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
cookie=0x98a3719566989240, duration=415.235s, table=3, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=drop
cookie=0x98a3719566989240, duration=415.235s, table=4, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=drop
cookie=0x98a3719566989240, duration=415.234s, table=6, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=drop
cookie=0x98a3719566989240, duration=415.234s, table=10, n_packets=0, n_bytes=0, idle_age=415, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0x98a3719566989240,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x98a3719566989240, duration=415.234s, table=20, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=resubmit(,22)
cookie=0x98a3719566989240, duration=415.230s, table=22, n_packets=0, n_bytes=0, idle_age=415, priority=0 actions=drop

[root@network01 ~]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x80eafad15a6e6157, duration=461.942s, table=0, n_packets=84, n_bytes=10115, idle_age=17, priority=2,in_port=1 actions=drop
cookie=0x80eafad15a6e6157, duration=462.010s, table=0, n_packets=0, n_bytes=0, idle_age=462, priority=0 actions=NORMAL
cookie=0x80eafad15a6e6157, duration=462.006s, table=23, n_packets=0, n_bytes=0, idle_age=462, priority=0 actions=drop
cookie=0x80eafad15a6e6157, duration=462.002s, table=24, n_packets=0, n_bytes=0, idle_age=462, priority=0 actions=drop

[root@network01 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x9eca13790f6a3396, duration=475.914s, table=0, n_packets=0, n_bytes=0, idle_age=475, priority=2,in_port=2 actions=drop
cookie=0x9eca13790f6a3396, duration=475.944s, table=0, n_packets=6345, n_bytes=1411407, idle_age=0, priority=0 actions=NORMAL

计算节点初始建

[root@compute01 network-scripts]# ovs-vsctl show
a621fa10-9712-4aee-9fee-b27cb993ae4d
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
ovs_version: "2.5.0"

[root@compute01 network-scripts]# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0xa05092b3bd957132, duration=85.620s, table=0, n_packets=0, n_bytes=0, idle_age=85, priority=1,in_port=1 actions=resubmit(,2)
cookie=0xa05092b3bd957132, duration=85.619s, table=0, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=drop
cookie=0xa05092b3bd957132, duration=85.619s, table=2, n_packets=0, n_bytes=0, idle_age=85, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0xa05092b3bd957132, duration=85.619s, table=2, n_packets=0, n_bytes=0, idle_age=85, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
cookie=0xa05092b3bd957132, duration=85.619s, table=3, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=drop
cookie=0xa05092b3bd957132, duration=85.619s, table=4, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=drop
cookie=0xa05092b3bd957132, duration=85.619s, table=6, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=drop
cookie=0xa05092b3bd957132, duration=85.618s, table=10, n_packets=0, n_bytes=0, idle_age=85, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xa05092b3bd957132,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0xa05092b3bd957132, duration=85.618s, table=20, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=resubmit(,22)
cookie=0xa05092b3bd957132, duration=85.612s, table=22, n_packets=0, n_bytes=0, idle_age=85, priority=0 actions=drop

[root@compute01 network-scripts]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0xa7ca4aa5282a657d, duration=69.290s, table=0, n_packets=0, n_bytes=0, idle_age=69, priority=0 actions=NORMAL
cookie=0xa7ca4aa5282a657d, duration=69.285s, table=23, n_packets=0, n_bytes=0, idle_age=69, priority=0 actions=drop
cookie=0xa7ca4aa5282a657d, duration=69.281s, table=24, n_packets=0, n_bytes=0, idle_age=69, priority=0 actions=drop

新增计算节点后,网络节点的变化

[root@network01 ~]# ovs-vsctl show
aa2155ed-ec27-454f-bb5c-07325a5322a9
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
Port "eno16777728"
Interface "eno16777728"
Bridge br-int
fail_mode: secure
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Bridge br-tun
fail_mode: secure
Port "vxlan-01010175"
Interface "vxlan-01010175"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="1.1.1.119", out_key=flow, remote_ip="1.1.1.117"}
Port "gre-01010175"
Interface "gre-01010175"
type: gre
options: {df_default="true", in_key=flow, local_ip="1.1.1.119", out_key=flow, remote_ip="1.1.1.117"}
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: "2.5.0"

[root@network01 ~]# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0x98a3719566989240, duration=1432.934s, table=0, n_packets=0, n_bytes=0, idle_age=1432, priority=1,in_port=1 actions=resubmit(,2)
cookie=0x98a3719566989240, duration=678.011s, table=0, n_packets=0, n_bytes=0, idle_age=678, priority=1,in_port=2 actions=resubmit(,3)
cookie=0x98a3719566989240, duration=678.001s, table=0, n_packets=0, n_bytes=0, idle_age=678, priority=1,in_port=3 actions=resubmit(,4)
cookie=0x98a3719566989240, duration=1432.934s, table=0, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=drop
cookie=0x98a3719566989240, duration=1432.934s, table=2, n_packets=0, n_bytes=0, idle_age=1432, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x98a3719566989240, duration=1432.933s, table=2, n_packets=0, n_bytes=0, idle_age=1432, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
cookie=0x98a3719566989240, duration=1432.933s, table=3, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=drop
cookie=0x98a3719566989240, duration=1432.933s, table=4, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=drop
cookie=0x98a3719566989240, duration=1432.932s, table=6, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=drop
cookie=0x98a3719566989240, duration=1432.932s, table=10, n_packets=0, n_bytes=0, idle_age=1432, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0x98a3719566989240,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x98a3719566989240, duration=1432.932s, table=20, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=resubmit(,22)
cookie=0x98a3719566989240, duration=1432.928s, table=22, n_packets=0, n_bytes=0, idle_age=1432, priority=0 actions=drop
[root@network01 ~]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x80eafad15a6e6157, duration=1435.422s, table=0, n_packets=252, n_bytes=29709, idle_age=30, priority=2,in_port=1 actions=drop
cookie=0x80eafad15a6e6157, duration=1435.490s, table=0, n_packets=0, n_bytes=0, idle_age=1435, priority=0 actions=NORMAL
cookie=0x80eafad15a6e6157, duration=1435.486s, table=23, n_packets=0, n_bytes=0, idle_age=1435, priority=0 actions=drop
cookie=0x80eafad15a6e6157, duration=1435.482s, table=24, n_packets=0, n_bytes=0, idle_age=1435, priority=0 actions=drop
[root@network01 ~]# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x9eca13790f6a3396, duration=1437.921s, table=0, n_packets=0, n_bytes=0, idle_age=1437, priority=2,in_port=2 actions=drop
cookie=0x9eca13790f6a3396, duration=1437.951s, table=0, n_packets=24901, n_bytes=5525721, idle_age=0, priority=0 actions=NORMAL

在dashboard管理员下创建不带子网的外部网络

此时不管在dashboard查看,还是在网络节点执行ip netns show查看,都看不到任何名称空间里有设备产生

于是我们为该网络创建子网

然后先在网络节点执行

[root@network01 ~]# ip netns show
qdhcp-7619e0d9-e11d-4005-a691-f7abdd704b37

然后再在dashboard里查看

普通用户demo创建网络,子网,及路由,

在网络节点

[root@network01 ~]# ip netns show
qrouter-f37e0927-1291-469f-bdbc-dd4011394835 #这就是demo-router
qdhcp-125e0c45-2d45-469c-929e-493d36d92be4 #这是demo-net的dhcp
qdhcp-7619e0d9-e11d-4005-a691-f7abdd704b37 #这是external的dhcp

租户demo的网络拓扑已经构建完毕demo-net----->demo-router------->external

于是我们可以新建vm连接到demo-net了

且慢,让我们先将上述的网络拓扑画出来

先画网络节点的,查看拓扑

[root@network01 ~]# ovs-vsctl show
b3d24647-b0e2-41d2-bd48-ef2c5d025601
Bridge br-tun
fail_mode: secure
Port "vxlan-01010175"
Interface "vxlan-01010175"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="1.1.1.119", out_key=flow, remote_ip="1.1.1.117"}
Port "gre-01010175"
Interface "gre-01010175"
type: gre
options: {df_default="true", in_key=flow, local_ip="1.1.1.119", out_key=flow, remote_ip="1.1.1.117"}
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "qr-eab14967-a4"
tag: 3
Interface "qr-eab14967-a4"
type: internal
Port "tap8cc4ca9f-58"
tag: 2
Interface "tap8cc4ca9f-58"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "tap8b416bf2-5f"
tag: 3
Interface "tap8b416bf2-5f"
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "qg-8879568d-88"
Interface "qg-8879568d-88"
type: internal
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port "eno16777728"
Interface "eno16777728"
ovs_version: "2.5.0"

此时的compute节点因为没有vm,所以还是跟以前一样

[root@compute01 ~]# ovs-vsctl show
00126cb0-fd70-482d-be60-a9769797d5c8
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
ovs_version: "2.5.0"

但是当我们新增一个vm后,再看compute,当然此时网络节点的网桥关系不会变化

[root@compute01 ~]# ovs-vsctl show
00126cb0-fd70-482d-be60-a9769797d5c8
Bridge br-tun
fail_mode: secure
Port "vxlan-01010177"
Interface "vxlan-01010177"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="1.1.1.117", out_key=flow, remote_ip="1.1.1.119"}
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "qvo1ea1ad64-e2" #这就是刚刚建的那台vm,连接到br-int上的接口
tag: 1
Interface "qvo1ea1ad64-e2"
ovs_version: "2.5.0"

插播Mac地址的基础知识:

  • MAC地址是以太网二层使用的一个48bit(6字节十六进制数)的地址,用来标识设备位置。MAC地址分成两部分,前24位是组织唯一标识符(OUI, Organizationally unique identifier),后24位由厂商自行分配。48bit的MAC地址一般用6字节的十六进制来表示,如XX-XX-XX-XX-XX-XX。
  • 广播地址:FF:FF:FF:FF:FF:FF
  • 组播地址:MAC组播地址的特征是头8位的最低位是1。例如01:80:C2:00:00:00是一个组播地址,表示802.1d网桥多播组。网桥就是使用这个地址,相互之间交换配置信息,运行分布式生成树算法,消除网络拓扑结构中的环路。
  • 单播地址:单播地址的特征是头8位的最低位为0。每个网卡出厂时被分配唯一一个单播地址,头24位是设备制造厂商的编号,由IEEE(电气与电子工程师协会)分配,后24位是设备厂商为网卡制定的唯一编号。例如8C-70-5A-29-3A-48 是单播地址的例子 (8C = 10001100)。

[root@network01 ~]# ovs-ofctl dump-flows br-tun
NXST_FLOW reply (xid=0x4):
cookie=0xa44d2f2745487c7e, duration=6408.572s, table=0, n_packets=201, n_bytes=23932, idle_age=1514, priority=1,in_port=1 actions=resubmit(,2)
cookie=0xa44d2f2745487c7e, duration=6398.482s, table=0, n_packets=0, n_bytes=0, idle_age=6398, priority=1,in_port=2 actions=resubmit(,3)
cookie=0xa44d2f2745487c7e, duration=6398.370s, table=0, n_packets=201, n_bytes=19348, idle_age=1514, priority=1,in_port=3 actions=resubmit(,4)
cookie=0xa44d2f2745487c7e, duration=6408.572s, table=0, n_packets=0, n_bytes=0, idle_age=6408, priority=0 actions=drop
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=2, n_packets=153, n_bytes=20092, idle_age=1514, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=2, n_packets=48, n_bytes=3840, idle_age=1806, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=3, n_packets=0, n_bytes=0, idle_age=6408, priority=0 actions=drop
cookie=0xa44d2f2745487c7e, duration=5727.725s, table=4, n_packets=0, n_bytes=0, idle_age=5727, priority=1,tun_id=0x1 actions=mod_vlan_vid:2,resubmit(,10)
cookie=0xa44d2f2745487c7e, duration=5495.568s, table=4, n_packets=201, n_bytes=19348, idle_age=1514, priority=1,tun_id=0x47 actions=mod_vlan_vid:3,resubmit(,10)
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=4, n_packets=0, n_bytes=0, idle_age=6408, priority=0 actions=drop
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=6, n_packets=0, n_bytes=0, idle_age=6408, priority=0 actions=drop
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=10, n_packets=201, n_bytes=19348, idle_age=1514, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xa44d2f2745487c7e,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0xa44d2f2745487c7e, duration=6408.571s, table=20, n_packets=0, n_bytes=0, idle_age=6408, priority=0 actions=resubmit(,22)
cookie=0xa44d2f2745487c7e, duration=5727.741s, table=22, n_packets=5, n_bytes=390, idle_age=5719, dl_vlan=2 actions=strip_vlan,set_tunnel:0x1,output:3
cookie=0xa44d2f2745487c7e, duration=5495.573s, table=22, n_packets=19, n_bytes=1606, idle_age=1806, dl_vlan=3 actions=strip_vlan,set_tunnel:0x47,output:3
cookie=0xa44d2f2745487c7e, duration=6408.565s, table=22, n_packets=16, n_bytes=1328, idle_age=5379, priority=0 actions=drop

[root@compute01 ~]# ovs-ofctl dump-flows br-tun

NXST_FLOW reply (xid=0x4):
cookie=0xaec5db959d6a6f09, duration=6700.403s, table=0, n_packets=206, n_bytes=19730, idle_age=1815, priority=1,in_port=1 actions=resubmit(,2)
cookie=0xaec5db959d6a6f09, duration=2113.576s, table=0, n_packets=154, n_bytes=20134, idle_age=1815, priority=1,in_port=2 actions=resubmit(,4)
cookie=0xaec5db959d6a6f09, duration=6700.403s, table=0, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=drop
cookie=0xaec5db959d6a6f09, duration=6700.403s, table=2, n_packets=1, n_bytes=42, idle_age=2107, priority=1,arp,dl_dst=ff:ff:ff:ff:ff:ff actions=resubmit(,21)
cookie=0xaec5db959d6a6f09, duration=6700.403s, table=2, n_packets=193, n_bytes=18204, idle_age=1815, priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=2, n_packets=12, n_bytes=1484, idle_age=2097, priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=3, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=drop
cookie=0xaec5db959d6a6f09, duration=2114.249s, table=4, n_packets=154, n_bytes=20134, idle_age=1815, priority=1,tun_id=0x47 actions=mod_vlan_vid:1,resubmit(,10)
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=4, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=drop
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=6, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=drop
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=10, n_packets=154, n_bytes=20134, idle_age=1815, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0xaec5db959d6a6f09,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0xaec5db959d6a6f09, duration=2113.575s, table=20, n_packets=1, n_bytes=42, idle_age=2102, priority=2,dl_vlan=1,dl_dst=fa:16:3e:1d:79:ea actions=strip_vlan,set_tunnel:0x47,output:2
cookie=0xaec5db959d6a6f09, duration=2113.575s, table=20, n_packets=192, n_bytes=18162, idle_age=1815, priority=2,dl_vlan=1,dl_dst=fa:16:3e:b3:b4:f7 actions=strip_vlan,set_tunnel:0x47,output:2
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=20, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=resubmit(,22)
cookie=0xaec5db959d6a6f09, duration=2113.575s, table=21, n_packets=0, n_bytes=0, idle_age=2113, priority=1,arp,dl_vlan=1,arp_tpa=172.16.45.2 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:1d:79:ea,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xfa163e1d79ea->NXM_NX_ARP_SHA[],load:0xac102d02->NXM_OF_ARP_SPA[],IN_PORT
cookie=0xaec5db959d6a6f09, duration=2113.575s, table=21, n_packets=1, n_bytes=42, idle_age=2107, priority=1,arp,dl_vlan=1,arp_tpa=172.16.45.1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:b3:b4:f7,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xfa163eb3b4f7->NXM_NX_ARP_SHA[],load:0xac102d01->NXM_OF_ARP_SPA[],IN_PORT
cookie=0xaec5db959d6a6f09, duration=6700.402s, table=21, n_packets=0, n_bytes=0, idle_age=6700, priority=0 actions=resubmit(,22)
cookie=0xaec5db959d6a6f09, duration=2113.570s, table=22, n_packets=8, n_bytes=1144, idle_age=2097, dl_vlan=1 actions=strip_vlan,set_tunnel:0x47,output:2
cookie=0xaec5db959d6a6f09, duration=6700.396s, table=22, n_packets=4, n_bytes=340, idle_age=2114, priority=0 actions=drop

命名空间查看

查看路由

[root@network01 ~]# ip netns exec qrouter-f37e0927-1291-469f-bdbc-dd4011394835 bash

[root@network01 ~]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qg-8879568d-88: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.168.31.3 netmask 255.255.255.0 broadcast 192.168.31.255
inet6 fe80::f816:3eff:fe64:f3d8 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:64:f3:d8 txqueuelen 0 (Ethernet)
RX packets 2774 bytes 245126 (239.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 7908 (7.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qr-eab14967-a4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 172.16.45.1 netmask 255.255.255.0 broadcast 172.16.45.255
inet6 fe80::f816:3eff:feb3:b4f7 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:b3:b4:f7 txqueuelen 0 (Ethernet)
RX packets 200 bytes 19306 (18.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 161 bytes 20190 (19.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@network01 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 qg-8879568d-88
172.16.45.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-eab14967-a4
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-8879568d-88

浮动ip

安全组

查看浮动ip,在网络节点

[root@network01 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-PREROUTING all -- 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
neutron-postrouting-bottom all -- 0.0.0.0/0 0.0.0.0/0

Chain neutron-l3-agent-OUTPUT (1 references)
target prot opt source destination
DNAT all -- 0.0.0.0/0 192.168.31.4 to:172.16.45.3 #=============================》外访问内

Chain neutron-l3-agent-POSTROUTING (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ! ctstate DNAT

Chain neutron-l3-agent-PREROUTING (1 references)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 169.254.169.254 tcp dpt:80 redir ports 9697
DNAT all -- 0.0.0.0/0 192.168.31.4 to:172.16.45.3

Chain neutron-l3-agent-float-snat (1 references)
target prot opt source destination
SNAT all -- 172.16.45.3 0.0.0.0/0 to:192.168.31.4#===========================》内访问外

Chain neutron-l3-agent-snat (1 references)
target prot opt source destination
neutron-l3-agent-float-snat all -- 0.0.0.0/0 0.0.0.0/0
SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:192.168.31.3
SNAT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x2/0xffff ctstate DNAT to:192.168.31.3

Chain neutron-postrouting-bottom (1 references)
target prot opt source destination
neutron-l3-agent-snat all -- 0.0.0.0/0 0.0.0.0/0 /* Perform source NAT on outgoing traffic. */

DHCP server

每一个有DHCP的网络都在Neutron节点上有一个DHCP服务,每个DHCP Server都是一个运行在一个network namespace中的dnsmasq进程。 dnsmasq是一个用在Linux上的轻型DNS和DHCP服务,具体见 http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html.

[root@network01 ~]# ps aux |grep dnsmasq |grep -v 'grep'
nobody 4049 0.0 0.0 15556 900 ? S 05:58 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/7619e0d9-e11d-4005-a691-f7abdd704b37/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/7619e0d9-e11d-4005-a691-f7abdd704b37/host --addn-hosts=/var/lib/neutron/dhcp/7619e0d9-e11d-4005-a691-f7abdd704b37/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/7619e0d9-e11d-4005-a691-f7abdd704b37/opts --dhcp-leasefile=/var/lib/neutron/dhcp/7619e0d9-e11d-4005-a691-f7abdd704b37/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap8cc4ca9f-58 --dhcp-range=set:tag0,192.168.31.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal

nobody 4617 0.0 0.0 15556 948 ? S 06:02 0:00 dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/host --addn-hosts=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/opts --dhcp-leasefile=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=tap8b416bf2-5f --dhcp-range=set:tag0,172.16.45.0,static,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=256 --conf-file= --domain=openstacklocal

在虚机的创建过程中,Neutron会把这些信息(应该是从neutron db中拿到一个可用的IP地址)写到该文件中,这样,当虚机使用Mac地址向DHCP Server查询IP地址的时候,dnsmasq会读取该文件把IP地址返回给它。

1.  -interface=tap8b416bf2-5f: 该process绑定/监听一个TAP设备,即上图的H1

2.  --dhcp-hostsfile=/var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/host

[root@network01 ~]# cat /var/lib/neutron/dhcp/125e0c45-2d45-469c-929e-493d36d92be4/host
fa:16:3e:1d:79:ea,host-172-16-45-2.openstacklocal,172.16.45.2
fa:16:3e:b3:b4:f7,host-172-16-45-1.openstacklocal,172.16.45.1
fa:16:3e:4b:72:ef,host-172-16-45-3.openstacklocal,172.16.45.3

在虚机的创建过程中,Neutron会把这些信息(应该是从neutron db中拿到一个可用的IP地址)写到该文件中,这样,当虚机使用Mac地址向DHCP Server查询IP地址的时候,dnsmasq会读取该文件把IP地址返回给它。

查看dhcp的端口

[root@network01 ~]# ip netns exec qdhcp-125e0c45-2d45-469c-929e-493d36d92be4 bash
[root@network01 ~]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1 bytes 576 (576.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 576 (576.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap8b416bf2-5f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 172.16.45.2 netmask 255.255.255.0 broadcast 172.16.45.255
inet6 fe80::f816:3eff:fe1d:79ea prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:1d:79:ea txqueuelen 0 (Ethernet)
RX packets 29 bytes 3717 (3.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1456 (1.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

可以在dhcp的名称克空间里,抓包分析

四:OVS+GRE之网络节点的更多相关文章

  1. [转载]OpenStack OVS GRE/VXLAN网络

      学习或者使用OpenStack普遍有这样的现象:50%的时间花费在了网络部分:30%的时间花费在了存储方面:20%的时间花费在了计算方面.OpenStack网络是不得不逾越的鸿沟,接下来我们一起尝 ...

  2. 探索 OpenStack 之(7):Neutron 深入探索之 Open vSwitch (OVS) + GRE 之 Neutron节点篇

    0. 测试环境 硬件环境:还是使用四节点OpenStack部署环境,参见 http://www.cnblogs.com/sammyliu/p/4190843.html OpenStack配置: ten ...

  3. OpenStack Havana 部署在Ubuntu 12.04 Server 【OVS+GRE】(二)——网络节点的安装

    序:OpenStack Havana 部署在Ubuntu 12.04 Server [OVS+GRE] 网络节点: 1.安装前更新系统 安装好ubuntu 12.04 Server 64bits后,进 ...

  4. 探索 OpenStack 之(8):Neutron 深入探索之 OVS + GRE 之 完整网络流程 篇

    前两篇博文分别研究了Compute节点和Neutron节点内部的网络架构.本文通过一些典型流程案例来分析具体网络流程过程. 0. 环境 同 学习OpenStack之(7):Neutron 深入学习之 ...

  5. OpenStack Havana 部署在Ubuntu 12.04 Server 【OVS+GRE】(三)——计算节点的安装

    序:OpenStack Havana 部署在Ubuntu 12.04 Server [OVS+GRE] 计算节点: 1.准备结点 安装好ubuntu 12.04 Server 64bits后,进入ro ...

  6. OpenStack Havana 部署在Ubuntu 12.04 Server 【OVS+GRE】(一)——控制节点的安装

      序:OpenStack Havana 部署在Ubuntu 12.04 Server [OVS+GRE] 控制节点: 1.准备Ubuntu 安装好Ubuntu12.04 server 64bits后 ...

  7. OpenStack OVS GRE/VXLAN

    https://www.jianshu.com/p/0b52de73a4b3 OpenStack OVS GRE/VXLAN网络 学习或者使用OpenStack普遍有这样的现象:50%的时间花费在了网 ...

  8. 三:OVS+GRE之完整网络流程

    知识点一:linux网桥提供安全组 知识点二:每新建一个网络,在网络节点都会新建一个namespace,只要为该网络建立子网,那么该namespace里就新增dhcp来为该子网分配ip,也可以为该网络 ...

  9. Ubuntu 12.04 Server OpenStack Havana多节点(OVS+GRE)安装

    1.需求 节点角色 NICs 控制节点 eth0(10.10.10.51)eth1(192.168.100.51) 网络节点 eth0(10.10.10.52)eth1(10.20.20.52)eth ...

随机推荐

  1. Linux基础知识第七讲,用户权限以及用户操作命令

    目录 Linux基础知识第七讲,用户权限以及用户操作命令 一丶简介linux用户,用户权限,组的概念. 1.1 基本概念 1.2 组 1.3 ls命令查看权限. 二丶用户权限修改命令 1.chmod ...

  2. DSAPI多功能组件编程应用-反射相关

    [DSAPI.DLL下载地址]       在.Net中,反射技术是一种入门困难,熟用快速的东西,对于没有接触过反射技术的程序员来说的确是头疼的,看一旦自己写过了,上手就非常简单了.在本节,将部分.N ...

  3. 树莓派3B+通过路由器进SSH和VNC

    1.打开树莓派官网 www.raspberrypi.org 选择 ”Raspbian Stretch with desktop and recommended software“ 并下载 镜像包含推荐 ...

  4. Djiango初识

    加载静态文件 在一个网页中,不仅仅只有一个 html 骨架,还需要 css 样式文件, js 执行文件以及一些图片 等.因此在 DTL 中加载静态文件是一个必须要解决的问题.在 DTL 中,使用 st ...

  5. 网络最大流算法—EK算法

    前言 EK算法是求网络最大流的最基础的算法,也是比较好理解的一种算法,利用它可以解决绝大多数最大流问题. 但是受到时间复杂度的限制,这种算法常常有TLE的风险 思想 还记得我们在介绍最大流的时候提到的 ...

  6. ajax发送请求跨域 - uri java代理

    问题:ajax发送请求出现cors跨域 解决办法:可以通过java代理的方式,后台发送请求 1.get请求 public void proxyGet(String url) { try { URL r ...

  7. c或c++利用scanf无限输入并进行简单操作如比大小等

    #include <iostream> using namespace std; int main() { ; ) //scanf返回值为int类型表示成功输入的数据数量个数 { if(n ...

  8. Android 启动APP时黑屏白屏的解决方案

    在开发中,我们在启动app的时候,屏幕会出现一段时间的白屏或者黑屏,不同设备时间长短不同.很影响用户体验. 首先分析一下,产生这个现象的原因,当我们在启动一个应用时,系统会去检查是否已经存在这样一个进 ...

  9. virtual table for class

    虚函数表 说起虚函数,相信你我都可以自然而然的想到“多态”,因为多态的实现就依赖于虚函数的继承和重写(覆盖).那么,class又或者是object是如何来管理虚函数的呢?你我又会想到虚函数表. 虚函数 ...

  10. 或许,挂掉的点总是出人意料(hw其实蛮有好感的公司)

    1:问了有没有考研的打算,为什么: ` 实验室指导自己的两个学长, 他们两个都是不考研党派,当然两个学长本科都进入了不错的公司hw,xm,耳濡目染就自己也就不想去考研了: 跟一些已经工作的程序员聊天, ...