OVN学习(三)
部署OVN实验环境
同OVN学习(一)
网关
在L3网络基础上部署网关
添加L3网关
### Central节点
# ovn-sbctl show
Chassis "8bd09faf-5ba2-49ad-931b-11155ff3ab00"
hostname: localhost
Encap geneve
ip: "92.0.0.12"
options: {csum="true"}
Port_Binding "dmz-vm2"
Port_Binding "dmz-vm1"
Chassis "303ab2d5-3525-4550-b17f-781faa70ab4a"
hostname: localhost
Encap geneve
ip: "92.0.0.13"
options: {csum="true"}
Port_Binding "inside-vm3"
Port_Binding "inside-vm4"
### 创建逻辑路由
# ovn-nbctl lr-add edge1
#
### 创建逻辑交换机用于连接edge1和tenant1
# ovn-nbctl ls-add transit
### 连接edge1到逻辑交换机上
# ovn-nbctl lrp-add edge1 edge1-transit 02:d4:1d:8c:d9:ae 192.168.0.1/24
# ovn-nbctl lsp-add transit transit-edge1
# ovn-nbctl lsp-set-type transit-edge1 router
# ovn-nbctl lsp-set-addresses transit-edge1 02:d4:1d:8c:d9:ae
# ovn-nbctl lsp-set-options transit-edge1 router-port=edge1-transit
### 连接tenant1到逻辑交换机上
# ovn-nbctl lrp-add tenant1 tenant1-transit 02:d4:1d:8c:d9:af 192.168.0.2/24
# ovn-nbctl lsp-add transit transit-tenant1
# ovn-nbctl lsp-set-type transit-tenant1 router
# ovn-nbctl lsp-set-addresses transit-tenant1 02:d4:1d:8c:d9:af
# ovn-nbctl lsp-set-options transit-tenant1 router-port=tenant1-transit
### 添加静态路由
# ovn-nbctl lr-route-add edge1 "20.0.0.0/24" 192.168.0.2
# ovn-nbctl lr-route-add edge1 "10.0.0.0/24" 192.168.0.2
# ovn-nbctl lr-route-add tenant1 "0.0.0.0/0" 192.168.0.1
### 测试连通性
# ip netns exec vm1 ping -c 2 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=253 time=0.506 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=253 time=0.272 ms
--- 192.168.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.272/0.389/0.506/0.117 ms
网关与外网连接
### Central节点
### 创建外网逻辑交换机,并配置网关到叫交换机的连接
# ovn-nbctl ls-add outside
# ovn-nbctl lrp-add edge1 edge1-outside 02:d4:1d:8c:d9:be 192.168.200.16/24
# ovn-nbctl lsp-add outside outside-edge1
# ovn-nbctl lsp-set-type outside-edge1 router
# ovn-nbctl lsp-set-addresses outside-edge1 02:d4:1d:8c:d9:be
# ovn-nbctl lsp-set-options outside-edge1 router-port=edge1-outside
### 为外网网卡ens4创建网桥
# ovs-vsctl add-br br-ex
### 为外网网卡ens4创建网桥到网络的映射
# ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=dataNet:br-ex
### 在逻辑交换机outside上添加本地网络端口,并且本地网络的名字为dataNet
# ovn-nbctl lsp-add outside outside-localnet
# ovn-nbctl lsp-set-addresses outside-localnet unknown
# ovn-nbctl lsp-set-type outside-localnet localnet
# ovn-nbctl lsp-set-options outside-localnet network_name=dataNet
### 关联外网网卡ens4到网桥上
# ovs-vsctl add-port br-ex ens4
### 测试连通性(需要注意vm2的ip地址是不是没了,dhclient好像有些问题)
# ip netns exec vm2 ping -c 2 192.168.200.16
PING 192.168.200.16 (192.168.200.16) 56(84) bytes of data.
64 bytes from 192.168.200.16: icmp_seq=1 ttl=253 time=0.445 ms
64 bytes from 192.168.200.16: icmp_seq=2 ttl=253 time=0.407 ms
--- 192.168.200.16 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.407/0.426/0.445/0.019 ms
### 设置网桥地址
# ip addr add 192.168.200.17/24 dev br-ex
# ip link set br-ex up
### 重置下路由
# ip route
default via 192.168.200.1 dev ens4
92.0.0.0/24 dev ens3 proto kernel scope link src 92.0.0.12
169.254.0.0/16 dev ens3 scope link metric 1002
169.254.0.0/16 dev ens4 scope link metric 1003
192.168.200.0/24 dev ens4 proto kernel scope link src 192.168.200.12
192.168.200.0/24 dev br-ex proto kernel scope link src 192.168.200.17
# ip route del default via 192.168.200.1
# ip route del 192.168.200.0/24 dev ens4
设置SNAT
### Central节点
### 设置网关chassis
# ovn-nbctl lrp-set-gateway-chassis edge1-outside 8bd09faf-5ba2-49ad-931b-11155ff3ab00
### 配置SNAT规则
# ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=20.0.0.0/24 external_ip=192.168.200.16 -- add logical_router edge1 nat @nat
# ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=10.0.0.0/24 external_ip=192.168.200.16 -- add logical_router edge1 nat @nat
### 测试连通性
# ip netns exec vm2 ping -c 2 192.168.200.17
PING 192.168.200.17 (192.168.200.17) 56(84) bytes of data.
64 bytes from 192.168.200.17: icmp_seq=1 ttl=62 time=0.758 ms
64 bytes from 192.168.200.17: icmp_seq=2 ttl=62 time=0.071 ms
--- 192.168.200.17 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.071/0.414/0.758/0.344 ms
### Node节点
# ip netns exec vm4 ping -c 2 192.168.200.1
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=62 time=2.06 ms
64 bytes from 192.168.200.1: icmp_seq=2 ttl=62 time=0.992 ms
--- 192.168.200.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.992/1.528/2.064/0.536 ms
