openstack中Neutron组件简解
作者:@郑琰
本文转载请注明出处!:https://www.cnblogs.com/zhengyan6/p/16204735.html
一、Neutron概述
Neutron 的设计目标是实现“网络即服务(Networking as a Service)”。为了达到这一目标,在设计上遵循了基于 SDN 实现网络虚拟化的原则,在实现上充分利用了 Linux 系统上的各种网络相关的技术。
SDN 模式服务— NeutronSDN( 软件定义网络 ), 通过使用它,网络管理员和云计算操作员可以通过程序来动态定义虚拟网络设备。Openstack 网络中的 SDN 组件就是 Quantum.但因为版权问题而改名为Neutron
概念和功能
二层交换:
Neutron支持多种虚拟交换机,一般使用Linux Bridge和Open vSwitch创建传统的VLAN网络,以及基于隧道技术的Overlay网络,如VxLAN和GRE(Linux Bridge 目前只支持 VxLAN)。
三层交换:
Neutron从Juno版开始正式加入的DVR(Distributed Virtual Router)服务,它将原本集中在网络节点的部分服务分散到了计算节点上。可以通过namespace中使用ip route或者iptables实现路由或NAT,也可以通过openflow给OpenvSwitch下发流表来实现。
负载均衡:
LBaaS 支持多种负载均衡产品和方案,不同的实现以 Plugin 的形式集成到 Neutron,通过HAProxy来实现。
防火墙:
Neutron有两种方式来保障instance和网络的安全性,分别是安全组以及防火墙功能,均可以通过iptables来实现,前者是限制进出instance的网络包,后者是进出虚拟路由器的网络包。
二、常用操作
1、网络管理
neutron net-create Create a network for a given tenant. net-delete Delete a given network. net-list List networks that belong to a given tenant. net-list-on-dhcp-agent List the networks on a DHCP agent. net-show Show information of a given network. net-update Update network information. # 查看网络列表 [root@controller ~]# neutron net-list +--------------------------------------+--------------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+--------------+------------------------------------------------------+ | 451fd2af-e1eb-4437-bf71-53b5f91c10b5 | int-gre | 948ee8fd-8700-4f17-a356-f2b8c5880396 172.25.2.0/24 | | 8a87c829-f1d2-452b-9d0d-2ff7f3c628c5 | acme-int-gre | aa96a0f8-7f32-4c4f-aadc-467ebf02bcf5 192.168.30.0/24 | | 702c5142-f227-45ad-ab02-b5773ae0a166 | net-gre | ace98613-346e-4973-9364-99ae0fb1a3ce 192.168.20.0/24 | +--------------------------------------+--------------+------------------------------------------------------+ # 创建外部网络 [root@controller ~]# neutron net-create --shared --router:external=true --provider:network_type gre net-test-gre Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2021-11-01T22:02:46 | | description | | | id | 0268d645-e55f-4d0c-ba0c-a358d5b36eaa | | ipv4_address_scope | | | ipv6_address_scope | | | is_default | False | | mtu | 1458 | | name | net-test-gre | | port_security_enabled | True | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 46 | | router:external | True | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-01T22:02:46 | +---------------------------+--------------------------------------+ # 创建内部网络 [root@controller ~]# neutron net-create --shared --provider:network_type gre int-test-gre Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2021-11-01T22:03:45 | | description | | | id | 77f5fe53-15f4-4775-a04e-86aeb355c49e | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1458 | | name | int-test-gre | | port_security_enabled | True | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 75 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-01T22:03:45 | +---------------------------+--------------------------------------+ # 查看网络详情 [root@controller ~]# neutron net-show int-test-gre +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2021-11-01T22:03:45 | | description | | | id | 77f5fe53-15f4-4775-a04e-86aeb355c49e | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1458 | | name | int-test-gre | | port_security_enabled | True | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 75 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-01T22:03:45 | +---------------------------+--------------------------------------+ # 删除网络 [root@controller ~]# neutron net-delete int-test-gre Deleted network: int-test-gre # 更新网络 [root@controller ~]# openstack network set net-test-gre --name net-test11-gre --disable --no-share [root@controller ~]# neutron net-show net-test11-gre +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | False | | availability_zone_hints | | | availability_zones | | | created_at | 2021-11-01T22:02:46 | | description | | | id | 0268d645-e55f-4d0c-ba0c-a358d5b36eaa | | ipv4_address_scope | | | ipv6_address_scope | | | is_default | False | | mtu | 1458 | | name | net-test11-gre | | port_security_enabled | True | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 46 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-01T22:06:50 | +---------------------------+--------------------------------------+
2、子网管理
neutron subnet-create Create a subnet for a given tenant. subnet-delete Delete a given subnet. subnet-list List subnets that belong to a given tenant. subnet-show Show information of a given subnet. subnet-update Update subnet information. # 创建外网子网 [root@controller ~]# neutron subnet-create net-gre 192.168.20.0/24 --name net-subnet01 --gateway 192.168.20.2 --allocation-pool start=192.168.20.101,end=192.168.20.240 --enable-dhcp --dns-nameserver 8.8.8.8 Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.20.101", "end": "192.168.20.240"} | | cidr | 192.168.20.0/24 | | created_at | 2021-11-02T02:12:44 | | description | | | dns_nameservers | 8.8.8.8 | | enable_dhcp | True | | gateway_ip | 192.168.20.2 | | host_routes | | | id | 0a750744-648a-4072-8e3b-453ee4123d3d | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | net-subnet01 | | network_id | 8c27039d-7652-4e70-ab16-3681ff8d128f | | subnetpool_id | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-02T02:12:44 | +-------------------+------------------------------------------------------+ # 创建内网子网 [root@controller ~]# neutron subnet-create int-gre 10.10.1.0/24 --name int-subnet01 --gateway 10.10.1.2 --allocation-pool start=10.10.1.101,end=10.10.1.240 --enable-dhcp Created a new subnet: +-------------------+------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------+ | allocation_pools | {"start": "10.10.1.101", "end": "10.10.1.240"} | | cidr | 10.10.1.0/24 | | created_at | 2021-11-07T01:54:48 | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.10.1.2 | | host_routes | | | id | 0ca0d421-d90f-4082-943b-ad24fb620821 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | int-subnet01 | | network_id | 3b264885-ea04-45f4-abb9-27d6a88aa02a | | subnetpool_id | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-07T01:54:48 | +-------------------+------------------------------------------------+ # 查看子网列表信息 [root@controller ~]# neutron subnet-list +--------------------------------------+--------------+-----------------+------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+--------------+-----------------+------------------------------------------------------+ | d6b592a6-ce17-4e52-924b-1d7c5963c4cf | int-subnet01 | 10.10.0.0/24 | {"start": "10.10.0.101", "end": "10.10.0.240"} | | 0a750744-648a-4072-8e3b-453ee4123d3d | net-subnet01 | 192.168.20.0/24 | {"start": "192.168.20.101", "end": "192.168.20.240"} | +--------------------------------------+--------------+-----------------+------------------------------------------------------+ # 查看子网详细信息 [root@controller ~]# neutron subnet-show net-subnet01 +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.20.101", "end": "192.168.20.198"} | | cidr | 192.168.20.0/24 | | created_at | 2021-11-08T23:21:38 | | description | | | dns_nameservers | 8.8.8.8 | | enable_dhcp | True | | gateway_ip | 192.168.20.2 | | host_routes | | | id | f2f78780-c255-4392-9a25-10b84221b004 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | net-subnet01 | | network_id | 74568ca5-10cb-4635-b0d9-bd8464df036b | | subnetpool_id | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-08T23:21:38 | +-------------------+------------------------------------------------------+ # 删除子网 [root@controller ~]# neutron subnet-delete int-subnet01 Deleted subnet: int-subnet01 [root@controller ~]# neutron subnet-delete net-subnet-test Deleted subnet: net-subnet-test # 修改子网 # 参数如下: positional arguments: SUBNET ID or name of subnet to update. optional arguments: -h, --help show this help message and exit --request-format {json} DEPRECATED! Only JSON request format is supported. --name NAME Name of this subnet. --gateway GATEWAY_IP Gateway IP of this subnet. --no-gateway No distribution of gateway. --allocation-pool start=IP_ADDR,end=IP_ADDR Allocation pool IP addresses for this subnet (This option can be repeated). --host-route destination=CIDR,nexthop=IP_ADDR Additional route (This option can be repeated). --dns-nameserver DNS_NAMESERVER DNS name server for this subnet (This option can be repeated). --disable-dhcp Disable DHCP for this subnet. --enable-dhcp Enable DHCP for this subnet. #案例 [root@controller ~]# neutron subnet-update net-subnet01 --name net-subnet-test --no-gateway --allocation-pool start=192.168.20.99,end=192.168.20.110 [root@controller ~]# neutron subnet-show net-subnet-test +-------------------+-----------------------------------------------------+ | Field | Value | +-------------------+-----------------------------------------------------+ | allocation_pools | {"start": "192.168.20.99", "end": "192.168.20.110"} | | cidr | 192.168.20.0/24 | | created_at | 2021-11-02T02:12:44 | | description | | | dns_nameservers | 8.8.8.8 | | enable_dhcp | True | | gateway_ip | | | host_routes | | | id | 0a750744-648a-4072-8e3b-453ee4123d3d | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | net-subnet-test | | network_id | 8c27039d-7652-4e70-ab16-3681ff8d128f | | subnetpool_id | | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-02T02:30:18 | +-------------------+-----------------------------------------------------+
3、路由管理
neutron router-create Create a router for a given tenant. router-delete Delete a given router. router-gateway-clear Remove an external network gateway from a router. router-gateway-set Set the external network gateway for a router. router-interface-add Add an internal network interface to a router. router-interface-delete Remove an internal network interface from a router. router-list List routers that belong to a given tenant. router-list-on-l3-agent List the routers on a L3 agent. router-port-list List ports that belong to a given tenant, with specified router. router-show Show information of a given router. router-update Update router information. # 创建路由 neutron router-create <router-name> [root@controller ~]# neutron router-create router Created a new router: +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | description | | | distributed | False | | external_gateway_info | | | ha | False | | id | 6936356c-878c-4470-943b-f971c14b8348 | | name | router | | routes | | | status | ACTIVE | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | +-------------------------+--------------------------------------+ # 查看路由列表 neutron router-list [root@controller ~]# neutron router-list +--------------------------------------+--------+-----------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+--------+-----------------------+-------------+-------+ | 6936356c-878c-4470-943b-f971c14b8348 | router | null | False | False | +--------------------------------------+--------+-----------------------+-------------+-------+ # 查看路由详情 neutron router-show <router> [root@controller ~]# neutron router-show router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | description | | | distributed | False | | external_gateway_info | | | ha | False | | id | 6936356c-878c-4470-943b-f971c14b8348 | | name | router | | routes | | | status | ACTIVE | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | +-------------------------+--------------------------------------+ # 删除路由 neutron router-delete <router> [root@controller ~]# neutron router-delete router Deleted router: router # 添加外部网关 neutron router-gateway-set <router> <external-network(用neutron net-list查看)> [root@controller ~]# neutron router-gateway-set router01 net-gre Set gateway for router router01 [root@controller ~]# neutron router-port-list router01 +--------------------------------------+------+-------------------+----------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+----------------------------------------------------+ | 712873bf-5971-4047-bf85-9b983652a084 | | fa:16:3e:10:4c:5f | {"subnet_id": | | | | | "d2e87691-4901-4606-bcb3-0c573ab56914", | | | | | "ip_address": "192.168.20.102"} | +--------------------------------------+------+-------------------+----------------------------------------------------+ # 删除外部网关 neutron router-gateway-clear <router> [root@controller ~]# neutron router-gateway-clear router01 Removed gateway from router router01 [root@controller ~]# neutron router-port-list router01 [空] # 添加内部接口 neutron router-interface-add <router> <inner-subnet> [root@controller ~]# neutron router-interface-add router01 int-subnet Added interface 43d0492c-2e44-448c-8e54-3a06976ccb55 to router router01. [root@controller ~]# neutron router-port-list router01 +--------------------------------------+------+-------------------+----------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+----------------------------------------------------+ | 43d0492c-2e44-448c-8e54-3a06976ccb55 | | fa:16:3e:9b:cd:01 | {"subnet_id": "0ca0d421-d90f-4082-943b- | | | | | ad24fb620821", "ip_address": "10.10.1.2"} | | b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": | | | | | "d2e87691-4901-4606-bcb3-0c573ab56914", | | | | | "ip_address": "192.168.20.103"} | +--------------------------------------+------+-------------------+----------------------------------------------------+ # 删除内部接口 neutron router-interface-delete <router> subnet=<subnet> [root@controller ~]# neutron router-interface-delete router01 subnet=int-subnet Removed interface from router router01. [root@controller ~]# neutron router-port-list router01 +--------------------------------------+------+-------------------+----------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+----------------------------------------------------+ | b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": | | | | | "d2e87691-4901-4606-bcb3-0c573ab56914", | | | | | "ip_address": "192.168.20.103"} | +--------------------------------------+------+-------------------+----------------------------------------------------+ # 查看路由端口信息列表(外部网关、内部接口都添加好的情况) [root@controller ~]# neutron router-port-list router01 +--------------------------------------+------+-------------------+----------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+----------------------------------------------------+ | b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": | | | | | "d2e87691-4901-4606-bcb3-0c573ab56914", | | | | | "ip_address": "192.168.20.103"} | | c699cb6b-ce9e-41e2-ac1f-3bdad0f49ca3 | | fa:16:3e:6d:21:72 | {"subnet_id": "0ca0d421-d90f-4082-943b- | | | | | ad24fb620821", "ip_address": "10.10.1.2"} | +--------------------------------------+------+-------------------+----------------------------------------------------+
4、端口管理
neutron port-create Create a port for a given tenant. port-delete Delete a given port. port-list List ports that belong to a given tenant. port-show Show information of a given port. port-update Update port information. # 查看端口列表 [root@controller ~]# neutron port-list +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+ | 1b46a0d6-0df6-4f96-b3a3-d47aae6ed589 | | fa:16:3e:23:a2:36 | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.81"} | | 40e657a2-f196-4fc5-a815-c9dbd613bc05 | | fa:16:3e:e0:95:15 | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.101"} | | 7fa18ceb-04aa-4f7e-824e-4ed5dc0ee0ee | | fa:16:3e:90:05:f0 | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.102"} | | 7fd9c4fa-9ecc-4cc6-ba72-fe5d8afe1a3c | | fa:16:3e:f2:5f:0c | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.82"} | | ae3c993e-c48a-4a0c-9fe3-2f7a8cd0472a | | fa:16:3e:af:6c:ab | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.103"} | | c347316f-c880-4643-8eaf-8570e34aefb4 | | fa:16:3e:dd:7e:d3 | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.2"} | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+ # 查看端口详情 [root@controller ~]# neutron port-show 1b46a0d6-0df6-4f96-b3a3-d47aae6ed589 # 创建端口 [root@controller ~]# neutron port-create int-gre --name test-port Created a new port: +-----------------------+-----------------------------------------------------------------------------------+ | Field | Value | +-----------------------+-----------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | created_at | 2021-11-09T02:03:23 | | description | | | device_id | | | device_owner | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.83"} | | id | fea92586-6f36-48d6-a67d-8dd7fb21e062 | | mac_address | fa:16:3e:ce:c2:39 | | name | test-port | | network_id | b85cd3c7-a864-422c-8a11-6e034a1539bb | | port_security_enabled | True | | security_groups | 486eaa38-8e3d-4214-96bc-e6fee9b81be6 | | status | DOWN | | tenant_id | 386dbfcf77e444c7872e4e23d5829fcc | | updated_at | 2021-11-09T02:03:23 | +-----------------------+-----------------------------------------------------------------------------------+ # 删除端口 [root@controller ~]# neutron port-delete test-port Deleted port: test-port # 修改端口 [root@controller ~]# neutron port-update test-port --name test-port-8080 --security-group 54c9ccb7-7f00-4485-898f-e4bbebafa73b Updated port: test-port
分类:
OpenStack
标签:
OpenStack·
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)