使用openvswitch 和dnsmasq来实现虚拟机网络隔离

openvswicth : 开源的网络虚拟化软件,可以划分vlan隔离虚拟机,做流量控制

dnsmasq:小心的dns,dhcp服务器

安装openvswicth

wget  http://openvswitch.org/releases/openvswitch-2.5.0.tar.gz

编译成rpm包安装  

yum install rpm-build
mkdir -p ~/rpmbuild/SOURCES
tar xf openvswitch-2.5.0.tar.gz
sed 's/openvswitch-kmod, //g' openvswitch-2.5.0/rhel/openvswitch.spec > openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec
rpmbuild -bb --without check ~/openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec
yum localinstall ~/rpmbuild/RPMS/x86_64/openvswitch-2.5.0-1.x86_64.rpm
systemctl start openvswitch  开启服务
systemctl enable openvswitch

配置桥(交换机)

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=ovs-br0
BOOTPROTO=none
HOTPLUG=no
/etc/sysconfig/network-scripts/ifcfg-ovs-br0                  
DEVICE=ovs-br0
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.100.250
NETMASK=255.255.255.0
HOTPLUG=no

重启网络

systemctl restart network 

ifconfig ovs-br0 #查看网络是否配置成功

ovs-vsctl show  #查看桥

将桥与kvm关联

cd  /etc/libvirt/qemu/networks
vim ovsnet.xml
<network>
  <name>ovs-br0</name>
  <forward mode='bridge'/>
  <bridge name='ovs-br0'/>
  <virtualport type='openvswitch'/>
</network>
virsh define ovsnet.xml  
virsh start ovs-br0
virsh autostart ovs-br0

virsh net-list 可以查看桥是否和kvm关联

然后使用virt-manager工具安装一台linux虚拟机dncpserver,搭建dnsmasq服务

添加两块网口,使用ovs-br0做桥

编辑配置文件,将两块网卡分配到不同vlan

virsh edit  dhcpserver

搜索openvswitch 然后添加 vlan ,第一张网卡 tag=1  第二张网卡 tag=2

<interface type='bridge'>
    <source bridge='ovs-br0'/>
    <virtualport type='openvswitch'/>
    <vlan>                                  
      <tag id="1"/>   
    </vlan>
    <model type='virtio'/>
  </interface>
 <interface type='bridge'>
    <source bridge='ovs-br0'/>
    <virtualport type='openvswitch'/>
    <vlan>                                  
      <tag id="2"/>   
    </vlan>
    <model type='virtio'/>
  </interface>

进入虚拟机,重启网络,配置两个不同网络的ip地址

临时生效,若长期生效则需要修改配置文件

ipaddr eth0 192.168.100.1

ipaddr eth1 192.168.200.1

然后搭建dhcp服务

yum install dnsmasq

编辑配置文件

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
echo > /etc/dnsmasq.conf

vim /etc/dnsmasq.conf
dhcp-range=eth0,192.168.100.100,192.168.100.199,4h
dhcp-range=eth1,192.168.200.100,192.168.200.199,4h
interface=eth1
interface=eth2

启动服务
systemctl  start dnsmasq
systemctl enable dnsmasq

然后安装两台测试虚拟机

一台将网卡分倒tag1,一台将网卡分倒tag2

然后测试能否拿到IP  

 

posted @ 2016-09-26 11:55  不会游泳的鱼pdj  阅读(1045)  评论(0编辑  收藏  举报