centos ovn 搭建测试(六:DHCP)
DHCP 功能测试
参考链接:
https://blog.oddbit.com/post/2019-12-19-ovn-and-dhcp/
https://lk668.github.io/2020/09/21/2020-09-21-ovn-dhcp-for-external-host/
https://www.jianshu.com/p/bf5c754b2a9a
1)server_id – the ip address of the virtual dhcp server 2)server_mac – the MAC address of the virtual dhcp server 3)lease_time – the lifetime of DHCP leases
# 创建DHCP选项
//创建 dhcp 选项,网段为 1.1.1.0/24 ovn-nbctl dhcp-options-create 1.1.1.0/24 // 用下面的命令来获取DHCP option的uuid CIDR_UUID=$(ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="1.1.1.0/24") //查看刚创建的 dhcp 选项UUID//通过 UUID 设置此 dhcp 选项的其他参数 ovn-nbctl dhcp-options-set-options $CIDR_UUID server_id=1.1.1.1 server_mac=00:00:00:00:00:01 lease_time=3600 router=1.1.1.1
# 查看DHCP选项
[root@ovn-master ~]# ovn-nbctl list dhcp_options _uuid : 4fdee846-b3d9-47d4-bcae-8209d07f84be cidr : "1.1.1.0/24" external_ids : {} options : {lease_time="3600", router="1.1.1.1", server_id="1.1.1.1", server_mac="00:00:00:00:00:01"}
# 创建逻辑port并关联上DHCP
//设置 logical_switch_port 的 dhcp 字段,指向上面创建的 dhcp 选项 ovn-nbctl ls-add ls ovn-nbctl set logical_switch ls other_config:subnet="1.1.1.0/24" other_config:exclude_ips="1.1.1.1..1.1.1.10" ovn-nbctl lsp-add ls ls-veth1 ovn-nbctl lsp-set-dhcpv4-options ls-veth1 $CIDR_UUID
ovn-nbctl lsp-set-addresses ls-veth1 "00:00:00:11:22:33 dynamic"
# 查看逻辑port信息
[root@ovn-master ~]# ovn-nbctl list logical_switch_port _uuid : 7450afaf-3972-47f1-b6c7-5b9522d1c855 addresses : ["00:00:00:11:22:33 dynamic"] dhcpv4_options : 4fdee846-b3d9-47d4-bcae-8209d07f84be dhcpv6_options : [] dynamic_addresses : "00:00:00:11:22:33 1.1.1.11" enabled : [] external_ids : {} ha_chassis_group : [] name : "ls-veth1" options : {} parent_name : [] port_security : [] tag : [] tag_request : [] type : "" up : false
# 查看OVN配置
[root@ovn-master ~]# ovn-nbctl show switch d721282c-8ed3-450a-9364-319fd2511ed7 (ls) port ls-veth1 addresses: ["00:00:00:11:22:33 dynamic"]
# 创建命名空间测试
ip netns add ns1 ip link add veth1 type veth peer name veth2 ifconfig veth1 up ifconfig veth2 up ip link set veth2 netns ns1 ip netns exec ns1 ip link set veth2 address 00:00:00:11:22:33 ip netns exec ns1 ip link set veth2 up ovs-vsctl add-port br-int veth1 ovs-vsctl set Interface veth1 external_ids:iface-id=ls-veth1
# 命名空间使用dhclient获取IP地址
[root@ovn-master ~]# ip netns exec ns1 dhclient -v -i veth2 --no-pid Internet Systems Consortium DHCP Client 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/veth2/00:00:00:11:22:33 Sending on LPF/veth2/00:00:00:11:22:33 Sending on Socket/fallback DHCPDISCOVER on veth2 to 255.255.255.255 port 67 interval 6 (xid=0x2dfa6d8e) DHCPREQUEST on veth2 to 255.255.255.255 port 67 (xid=0x2dfa6d8e) DHCPOFFER from 1.1.1.1 DHCPACK from 1.1.1.1 (xid=0x2dfa6d8e) bound to 1.1.1.11 -- renewal in 1715 seconds.
# ovn-trace 分析
[root@ovn-master ~]# ovn-trace --detailed ls 'inport=="ls-veth1" && eth.src==00:00:00:11:22:33 && ip4.src==0.0.0.0 && ip.ttl==1 && ip4.dst==255.255.255.255 && udp.src==68 && udp.dst==67' # udp,reg14=0x1,vlan_tci=0x0000,dl_src=00:00:00:11:22:33,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=0,nw_ecn=0,nw_ttl=1,tp_src=68,tp_dst=67 ingress(dp="ls", inport="ls-veth1") ----------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:4843): inport == "ls-veth1", priority 50, uuid 22d6b189 next; 12. ls_in_dhcp_options (ovn-northd.c:5091): inport == "ls-veth1" && eth.src == 00:00:00:11:22:33 && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67, priority 100, uuid 885ada30 reg0[3] = put_dhcp_opts(offerip = 1.1.1.11, lease_time = 3600, netmask = 255.255.255.0, router = 1.1.1.1, server_id = 1.1.1.1); /* We assume that this packet is DHCPDISCOVER or DHCPREQUEST. */ next; 13. ls_in_dhcp_response (ovn-northd.c:5135): inport == "ls-veth1" && eth.src == 00:00:00:11:22:33 && ip4 && udp.src == 68 && udp.dst == 67 && reg0[3], priority 100, uuid a2b828b5 eth.dst = eth.src; eth.src = 00:00:00:00:00:01; ip4.dst = 1.1.1.11; ip4.src = 1.1.1.1; udp.src = 67; udp.dst = 68; outport = inport; flags.loopback = 1; output; egress(dp="ls", inport="ls-veth1", outport="ls-veth1") ------------------------------------------------------ 4. ls_out_acl (ovn-northd.c:4458): outport == "ls-veth1" && eth.src == 00:00:00:00:00:01 && ip4.src == 1.1.1.1 && udp && udp.src == 67 && udp.dst == 68, priority 34000, uuid ed03ee7b next; 9. ls_out_port_sec_l2 (ovn-northd.c:5503): outport == "ls-veth1", priority 50, uuid 616f3e20 output; /* output to "ls-veth1", type "" */
# 流表分析
// dhcp request cookie=0x885ada30, duration=1833.223s, table=20, n_packets=2, n_bytes=684, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21) cookie=0x10668e38, duration=1833.223s, table=20, n_packets=0, n_bytes=0, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=1.1.1.11,nw_dst=1.1.1.1,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21) // dhcp discover cookie=0x885ada30, duration=1833.223s, table=20, n_packets=2, n_bytes=684, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21) // 所有的包回复 cookie=0xa2b828b5, duration=1816.443s, table=21, n_packets=2, n_bytes=636, priority=100,udp,reg0=0x8/0x8,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,tp_src=68,tp_dst=67 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:00:00:00:00:00:01,mod_nw_dst:1.1.1.11,mod_nw_src:1.1.1.1,mod_tp_src:67,mod_tp_dst:68,move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
