容器基于OVN实现跨主机通信实验一

文档说明: 只是记录关键点

实验环境: linux debian 11
3台虚拟机
192.168.10.3 (central)
192.168.3.249 (node1)
192.168.3.250 (node2)

ovn-central 配置

#!/bin/bash
 
__DIR__=$(cd "$(dirname "$0")";pwd)
cd ${__DIR__}
set -uex
 
 
ovn-nbctl list dhcp_options | grep _uuid | awk '{print $3}' | xargs -i ovn-nbctl dhcp-options-del {}
 
 
ovn-nbctl --if-exists ls-del ls10
ovn-nbctl ls-add ls10
 
 
ipv4_num=$(ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="10.1.20.0/24" | wc -l )
 
if test $ipv4_num -ne 1
then
{
    test $ipv4_num -gt 1 && ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="10.1.20.0/24" | awk '{print $1}' | xargs -i ovn-nbctl dhcp-options-del {}
    ovn-nbctl dhcp-options-create "10.1.20.0/24"
}
fi
CIDR_IPV4_UUID=$(ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="10.1.20.0/24")
 
# https://docs.openstack.org/neutron/latest/ovn/dhcp_opts.html
#server_id– 虚拟 dhcp 服务器的 ip 地址
#server_mac– 虚拟 dhcp 服务器的 MAC 地址
#lease_time– DHCP 租约的生命周期
#router键提供有关默认网关的信息
 
ovn-nbctl dhcp-options-set-options ${CIDR_IPV4_UUID} \
  lease_time=3600 \
  router="10.1.20.1" \
  server_id="10.1.20.1" \
  server_mac=ee:ee:02:00:00:01 \
  mtu=1400 \
  dns_server="223.5.5.5"
 
ovn-nbctl dhcp-options-get-options ${CIDR_IPV4_UUID}
 
ovn-nbctl list dhcp_options
 
ovn-nbctl set logical_switch ls10 \
other_config:subnet="10.1.20.0/24" \
other_config:exclude_ips="10.1.20.244..10.1.20.254"
 
 
ovn-nbctl lsp-add ls10 ls10-port2
ovn-nbctl lsp-set-addresses ls10-port2 '00:02:00:00:00:02 10.1.20.2'
ovn-nbctl lsp-set-port-security ls10-port2  '00:02:00:00:00:02 10.1.20.2'
ovn-nbctl lsp-set-dhcpv4-options ls10-port2 $CIDR_IPV4_UUID
 
 
 
 
#添加第二个 logical port
ovn-nbctl lsp-add ls10 ls10-port3
ovn-nbctl lsp-set-addresses ls10-port3 '00:02:00:00:00:03 10.1.20.3'
ovn-nbctl lsp-set-port-security ls10-port3 '00:02:00:00:00:03 10.1.20.3'
ovn-nbctl lsp-set-dhcpv4-options ls10-port3 $CIDR_IPV4_UUID
 
#添加第三个 logical port
ovn-nbctl lsp-add ls10 ls10-port4
ovn-nbctl lsp-set-addresses ls10-port4 '00:02:00:00:00:04 10.1.20.4'
ovn-nbctl lsp-set-port-security ls10-port4 '00:02:00:00:00:04 10.1.20.4'
ovn-nbctl lsp-set-dhcpv4-options ls10-port4 $CIDR_IPV4_UUID
 
ovn-nbctl list logical_switch_port
ovn-nbctl --columns dynamic_addresses list logical_switch_port
ovn-nbctl show
 
 
 
ovn-nbctl --if-exists lr-del lr1
ovn-nbctl lr-add lr1
 
ovn-nbctl lrp-add lr1 lr1-ls10-port1   ee:ee:01:00:00:01 10.1.20.1/24
 
 
ovn-nbctl lsp-add ls10 ls10-lr1-port1
ovn-nbctl lsp-set-type ls10-lr1-port1 router
ovn-nbctl lsp-set-addresses ls10-lr1-port1 router
 
ovn-nbctl lsp-set-options ls10-lr1-port1 router-port=lr1-ls10-port1
 
 
 
 
 
ovn-nbctl lrp-add lr1 lr1-public-port1   ee:ee:01:00:00:02 100.64.0.1/24
 
 
 
ovn-nbctl  --if-exists ls-del  public
ovn-nbctl ls-add public
 
ovn-nbctl lsp-add public public-lr1-port1
ovn-nbctl lsp-set-type public-lr1-port1 router
ovn-nbctl lsp-set-addresses public-lr1-port1 router
ovn-nbctl lsp-set-options public-lr1-port1 router-port=lr1-public-port1
 
 
ovn-nbctl lsp-add public public-port2
ovn-nbctl lsp-set-addresses public-port2     '00:03:00:00:00:02 100.64.0.2'
ovn-nbctl lsp-set-port-security public-port2 '00:03:00:00:00:02 100.64.0.2'
 
ovn-nbctl lsp-add public public-port3
ovn-nbctl lsp-set-addresses public-port3     '00:03:00:00:00:03 100.64.0.3'
ovn-nbctl lsp-set-port-security public-port3 '00:03:00:00:00:03 100.64.0.3'
 
 
 
ovn-nbctl --policy=dst-ip lr-route-add lr1 "0.0.0.0/0" 100.64.0.1
 
ovn-nbctl lr-policy-add lr1 32767 "ip4.dst == 10.1.20.0/24"   allow
ovn-nbctl lr-policy-add lr1 32767 "ip4.dst == 100.64.0.0/16"  allow
 
ovn-nbctl lr-policy-add lr1 30000 "ip4.dst == 192.168.3.250" reroute 100.64.0.3
ovn-nbctl lr-policy-add lr1 30000 "ip4.dst == 192.168.3.249" reroute 100.64.0.2
 
ovn-nbctl lr-policy-add lr1 29990 "ip4.src == 10.1.20.0/24"  reroute  100.64.0.3
 
# lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP]
# https://www.ovn.org/support/dist-docs/ovn-nbctl.8.txt
# https://www.ovn.org/support/dist-docs/
 
ovn-nbctl lr-policy-list lr1
ovn-nbctl lr-route-list lr1
ovn-nbctl lr-nat-list lr1 
ovn-nbctl lr-lb-list lr1

节点 192.168.3.249

#!/bin/bash
set -uex
 
 
ovs_running_flag=$(ps -ef | grep 'ovs-vswitchd unix:/usr/local/var/run/openvswitch/db.sock' | grep -v 'grep')
 
if test -z "$ovs_running_flag"
  then
    echo 'ovs no running' && exit 1
fi
 
set -ux
# grep命令精确匹配字符串查找
 
flag=$(ip netns list | grep "\<vm1\>")
test -z "$flag"  || ip netns del vm1
 
ip netns add vm1
 
ovs-vsctl --if-exists del-port br-int vm1
ovs-vsctl --may-exist add-port br-int vm1 -- set interface vm1 type=internal -- set Interface vm1 external_ids:iface-id=ls10-port2
 
ip link set vm1 netns vm1
 
ip netns exec vm1 ip link set vm1 address 00:02:00:00:00:02
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip link set lo up
ip netns exec vm1 dhclient -v
ip netns exec vm1 ip a
 
 
 
#!/bin/bash
set -uex
 
ovs-vsctl --if-exists del-port  br-int  ovn0
ovs-vsctl add-port  br-int  ovn0  -- \
          set interface ovn0  type=internal -- \
          set interface ovn0  external_ids:iface-id=public-port2 -- \
          set interface ovn0  external_ids:ip=100.64.0.2
 
ip link set dev  ovn0 up
ip link set dev ovn0 mtu 1400
ip link set dev ovn0 address 00:03:00:00:00:02
ip addr add 100.64.0.2/24 dev ovn0
 
ip route add 10.1.20.0/24 via 100.64.0.1
ip route add 100.64.0.0/24 via 100.64.0.1

节点 192.168.3.250

#!/bin/bash
set -uex 
 
ovs_running_flag=$(ps -ef | grep 'ovs-vswitchd unix:/usr/local/var/run/openvswitch/db.sock' | grep -v 'grep')
 
if test -z "$ovs_running_flag"
  then
    echo 'ovs no running' && exit 1
fi
 
set -ux
# grep命令精确匹配字符串查找
 
flag=$(ip netns list | grep "\<vm1\>")
test -z "$flag"  || ip netns del vm1
 
ip netns add vm1
 
ovs-vsctl --if-exists del-port br-int vm1
ovs-vsctl --may-exist add-port br-int vm1 -- set interface vm1 type=internal -- set Interface vm1 external_ids:iface-id=ls10-port3
 
ip link set vm1 netns vm1
 
ip netns exec vm1 ip link set vm1 address 00:02:00:00:00:03
ip netns exec vm1 ip link set vm1 up
ip netns exec vm1 ip link set lo up
ip netns exec vm1 dhclient -v
ip netns exec vm1 ip a
 
#ip link set mtu 1450 dev br-provider
#ovs-vsctl set int br-int mtu_request=1450
 
#!/bin/bash
set -uex 
ovs-vsctl --if-exists del-port  br-int  ovn0
ovs-vsctl add-port  br-int  ovn0  -- \
          set interface ovn0  type=internal -- \
          set interface ovn0  external_ids:iface-id=public-port3 -- \
          set interface ovn0  external_ids:ip=100.64.0.3
 
ip link set dev  ovn0 up
ip addr add 100.64.0.3/24 dev ovn0
ip link set dev ovn0 mtu 1400
ip link set dev ovn0 address 00:03:00:00:00:03
 
ip route add 10.1.20.0/24 via 100.64.0.1
ip route add 100.64.0.0/24 via 100.64.0.1
 
iptables -t nat -A POSTROUTING -s 10.1.20.0/24 -o enp0s3 -j MASQUERADE

工具

ip route show
route -n
netstat -nr
 
iptables -t nat -L  -n --line-number
 
tcpdump -i any   port 6081 -v
 
ethtool 
 
tcpdump -i any   port 6081 -v -n
apt install -y conntrack
# 跟踪它看到的所有报文流
conntrack -L
 # 可显示经过源 NAT 的连接跟踪项
conntrack -L -p tcp –src-nat
tcpdump -i any   not host 192.168.10.3 and not host 192.168.3.26 -v -n

参考文档一:

  1. 单网卡加入OVS网桥

  2. OVN虚拟网络出网网关配置

  3. OVN路由器对等连接

  4. KUBE-OVN如何实现POD和主机网络连通

  5. OVN路由器对等连接

  6. ovn通过宿主机出网方案

  7. how-to-create-an-open-virtual-network-distributed-gateway-router

  8. Dynamic IP address management in Open Virtual Network (OVN): Part Two

  9. SNAT和DNAT简介

  10. ovn-gateway-practice

  11. ovn DHCP

  12. iptables四表五链

  13. ovs-docker-ovn.sh

  14. SDN网络指南

  15. Overlay-Geneve

  16. ovn 通过分布式网关端口连接外部网络

  17. ovn 通过网关虚拟路由器连接外部网络

  18. ovn 配置逻辑路由器实现三层转发

  19. ovn创建vpc 的snat 出外网

  20. how-to-create-an-open-virtual-network-distributed-gateway-router

参考文档二: ovn-central :

  1. OVN介绍及安装流程
  2. 如何配置OVN路由器
  3. 如何将OVN虚拟网络连接到外部网络
  4. 如何配置OVN负载均衡器?

参考文档三:

  1. Anycast概述
  2. 互联网网间互联方式,什么是对等互联?
  3. Underlay、Overlay、大二层介绍
  4. 未来网络白皮书——白盒交换机技术白皮书.pdf
  5. OVN-IC例子
  6. ovn-InterConnection
  7. ovn为外部主机提供dhcp服务
  8. OVN路由器对等连接
  9. An introduction to Linux virtual interfaces: Tunnels
  10. 时间敏感网络交换机 TSN switch
  11. VoIP, VoLTE, VoNR 与 IMS 的联系
  12. BFD(Bidirectional Forwarding Detection,双向转发检测)
  13. ECMP (等价路由) 多路径负载均衡和链路备份的目的
  14. 分段路由 SRv6
  15. 理解Segment Routing和SDWAN
  16. Geneve(Generic Network Virtualization Encapsulation) 通用的封装协议标准
  17. 一文总结 Linux 虚拟网络设备 eth, tap/tun, veth-pair
  18. 开源治理白皮书
  19. 生成自签名的SSL证书

官方文档:

  1. ovn-dist-docs
  2. OVS-dist-docs-2.5
  3. ovs-latest-contents
  4. ovs faq
  5. OVN-Tutorial
  6. ovn
  7. ovn-ref
  8. ovn-ipsec
  9. ovn-dist-docs
  10. ovn-interconnection
  11. Open vSwitch with KVM
  12. Using Open vSwitch with DPDK
  13. Open vSwitch with SSL
  14. Multi-tenant Inter-DC tunneling with OVN

上一篇 OVN启动 ovn-central 和 ovn-controller

下一篇容器基于OVN实现跨主机通信实验二(正在实验中)

posted @   jingjingxyk  阅读(669)  评论(0编辑  收藏  举报
相关博文:
·  OVN启动 ovn-central 和 ovn-controller
·  单网卡加入OVS网桥
·  ovs学习自用
·  实验2:Open vSwitch虚拟交换机实践
·  实验2 Open vSwitch虚拟交换机实践
阅读排行:
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· 提示词工程——AI应用必不可少的技术
点击右上角即可分享
微信分享提示
SQL AI 助手