Openstack Neutron 网络配置(OpenvSwitch)

目录:

 

启用OVS

安装openvswitch

apt install neutron-openvswitch-agent

查看neutron agent-list

root@server01:~# neutron agent-list
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host     | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+
| 2b37ee1e-a0a6-40e2-9d23-cd48aac362ea | Metadata agent     | server01 |                   | :-)   | True           | neutron-metadata-agent    |
| 582645c0-ed97-484f-9f6c-97b0dd0301d2 | Open vSwitch agent | server01 |                   | :-)   | True           | neutron-openvswitch-agent |
| 989f6ba7-87b0-4851-801a-90392b5ce90f | Open vSwitch agent | server03 |                   | :-)   | True           | neutron-openvswitch-agent |
| 98d66775-2d19-4ebe-8812-6b51fc526e11 | DHCP agent         | server01 | nova              | :-)   | True           | neutron-dhcp-agent        |
| edc3832d-4554-41ed-a16a-800e6842d583 | Open vSwitch agent | server02 |                   | :-)   | True           | neutron-openvswitch-agent |
| f58aea27-510c-4dd6-aa58-c2da53866d34 | L3 agent           | server01 | nova              | :-)   | True           | neutron-l3-agent          |
+--------------------------------------+--------------------+----------+-------------------+-------+----------------+---------------------------+

 

修改/etc/neutron/plugins/ml2/ml2_conf.ini(neutron server上配置)

ml2 - mechanism_drivers

[ml2]

type_drivers = local,flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = provider  

ml2_type_vxlan

[ml2_type_vxlan]
vni_ranges = 1:1000

 

修改/etc/neutron/plugins/ml2/openvswitch_agent.ini(所有neutron agent上配置)   

[agent]
tunnel_types = vxlan
l2_population = true
arp_responder = true

[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
int_peer_patch_port = patch-tun
tun_peer_patch_port = patch-int
local_ip = 10.10.10.1  

L3_agent dhcp_agent 配置文件的interface_driver也需要修改为OVS

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

  

重启服务

service neutron-service restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart

查看ovs

root@server03:~# ovs-vsctl show
2b432694-a32a-4b05-b5de-f942357dd5f1
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    ovs_version: "2.6.0"

 

配置DVR

通过使用 DVR,三层的转发(L3 Forwarding)和 NAT 功能都会被分布到计算节点上,这意味着计算节点也有了网络节点的功能。但是,DVR 依然不能消除集中式的 Virtual Router,这是为了节省宝贵的 IPV4 公网地址,所有依然将 SNAT 放在网络节点上提供。这样,计算和网络节点就看起来如下:

  • 网络节点:提供 南-北 SNAT,即在不使用浮动 IP 时,虚机访问外网的网络得经过网络节点。也就是说,网络节点依然必须走传统的 HA 解决方法,比如 VRRP 和 PeaceMaker。但可惜的是,Juno 版本不支持同时使用 HA 和 DVR。
  • 计算节点:提供 南-北 DNAT, 即外网访问虚机的网络流量得经过计算节点;以及 东-西 转发,即虚机之间的网络经过计算节点。因为所有计算节点的参与,这部分的网络处理负载也就自然地被均衡了。

配置步骤

1、compute节点安装l3-agent

  apt install neutron-l3-agent

2、修改Neutron.conf
  • router_distributed = True
  • This sets the default for new router creation to be DVR.
  • The admin user can convert existing routers to distributed without setting this option to True.
3、修改L3 Agent.ini (l3_agent.ini)
  • Network host (or single node deployment)
    • agent_mode = dvr_snat
    • use_namespaces = True
  • Compute host
    • agent_mode = dvr
    • use_namespaces = True
4、修改L2 Agent.ini (ml2_conf.ini)
  • ml2_conf.ini
    • ml2 section
      • append ",l2population" to mechanism_drivers
    • agent section (在newton版本中该部分配置以及分裂到linuxbridge_agent.ini或openvswitch_agent.ini中)
      • l2_population = True
      • tunnel_types = vxlan
      • enable_distributed_routing = True
5、修改ipv4_forward
root@compute2:/var/log/nova# vi /etc/sysctl.conf
root@compute2:/var/log/nova# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

 

验证:

1、创建一个DVR

2、关联Interface

3、Interface下关联Instance

4、在每个关联了Instance的Compute节点查看 ip netns list  

  会看到相同的qrouter-xxxx

posted @ 2017-05-01 20:55  Vincen_shen  阅读(2400)  评论(0)    收藏  举报