openstack网络场景描述

所需积分/C币:10 2018-02-04 17:34:36 1.73MB PDF
收藏 收藏
举报

This scenario describes a legacy (basic) implementation of the OpenStack Networking service using the ML2 plug-in with Open vSwitch. The example configuration creates one flat external network and one VXLAN project (tenant) network. However, this configuration also supports VLAN external networks, V
20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch drIll Proper operation of this scenario requires Open vSwitch 2. 1 or newer. VXLAN also requires kernel 3. 13 or newer. Open Stack services -controller nodell 1. Operational SQL server with neutron database and appropriate configuration in the neutron. conf file 2. Operational message queue service with appropriate configuration in the neutron. conf file 3. Operational Open Stack Identity service with appropriate configuration in the neutron. conf file 4. Operational Open Stack Compute controller/management service with appropriate configuration to use neutron in the nova. conf 5. Neutron server service, ML2 plug-in, and any dependencies OpenStack services -network nodel 1. Operational Open Stack Identity service with appropriate configuration in the neutron. conf file 2. Open vSwitch service, ML2 plug-in, Open vSwitch agent, L3 agent, DHCP agent, metadata agent, and any dependencies OpenStack services-compute nodes 1. Operational Open Stack Identity service with appropriate configuration in the neutron. conf file 2. Operational Open Stack Compute controller/management service with appropriate configuration to use neutron in the nova. conf 3. Open vSwitch service, ML2 plug-in, Open vSwitch agent, and any dependencies Architecture l he legacy architecture provides basic virtual networking components in your environment. routing among project and external networks resides com pletely on the network node. Although more simple to deploy than other architectures, performing all functions on the network node creates a single point of failure and potential performance issues. Consider deploying dvr or l3 HA architectures in production environments to provide redundancy and increase performance General architecture Network node Compute Node Compute Node Compute node 2 X DHCP Service Instances Instances Instances Switch FIrewall FIrewall F rewall Inter [ate 2 Switch Switch Switch 10.01.21/24 Interface 3 Interface 2 tace 2 Interface 2 unnumbered) 100131/24 30.13224 100.1.X/24 Huller Intertace 3 terface 3 Intertace 3 SNAT/DNAT Unnumbered unnumbered unnumbered Interface 4 Unnumbered) Tunnel network VLAN network External network 10.C.1.0/24 (unnumbered) 203.0.113.0:24 Internet The network node contains the following network components 1.Open vSwitch agent managing virtual switches, connectivity among them, and interaction via virtual ports with other network components such as namespaces, Linux bridges, and underlying interfaces 2. DHCP agent managing the quhep namespaces The yuh cp namespaces provide DHCP services for instances using project networks 3. L3 agent managing the router names paces. The router namespaces provide routing between project and external networks http://dacs.openstack.org/networking-guide/scenariolegacyovs.html 3/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch and among project networks. They also route metadata traffic between instances and the metadata agent 4. Metadata agent handling metadata operations for instances Network node overview Network node Open vSwitch Metadata Agent pen sWiTc RouteR Integration Namespace Brldge outer Tunnel YALANG DHSP Trier [- 2 Bridge 100.121:24 LDe AgEnt br.tun DHEP VLAN Naerihseld【H Bridge Interface 3 VLANE Sumlainleyrrull or-van Interface 4 Intemet Tunnel network VLAN network External network 10.0.,0/24 203.0.113.24 Network Node Components DHCP Namespace Metadat Router Namespace Agent s- router iptables Integration Bridge Port Pat=h Patch Pat ch Port tap patch-tun int-br-vlan int-br-ex E Tunnel Bridge VLAN Bridge External Bridge br-Et br-vl Port Patch Pateh Port Patch Port tUT patch-ini phy-bs-vlan int 3 phy-br-ex)int4 Interface 2 Interfare三 Interface 4 10.0.121/24 (unnumbered Unnumbered XLANAGRE Tunnels VLANS Internet Project network Tunnel netwok VLAN network External network 192.168.1024 10.0.1.24 203.0.113.024 The compute nodes contain the following network components 1. Open vSwitch agent managing virtual switches, connectivity among them, and interaction via virtual ports with other network components such as namespaces, Linux bridges, and underlying interfaces 2. Linux bridges handling security groups. Due to limitations with Open vSwitch and iptables, the Networking service uses a Linux bridge to manage security groups for instances http://dacs.openstack.org/networking-guide/scenariolegacyovs.html 4/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch Compute Node overview Compute Node Instance Open vSwitch open vSwitch LInUX Bridge Integration Bridge br-iat Security Groups Tunnel Interface 2 VELANIGRE Bridge unnels br-tun 1D01X/24 VLAN Bridge Interlace 3 tunn.mharedl VLANS br.vla Turnel network VLAN network 0.0.1.0/24 Compute Node Components Instance Linux Bridge ntegration Bridge b br-nt etho Port tables Port Patch Patch tap qvb qvopatch-tun int- br- y an Tunnel Er iriyE VI AN Bridye br-tun br-vlan Patch Port Patch atch-int int3 phy-br-vlan Interfare 2 Interface 3 100.1M24 unnumbered) v⊥AN/GRE Tnnel VLANS Project network Tunnel network VLAN network 192.168.10/24 10.0.124 Packet flowl v Note North-south network traffic travels between an instance and external network, typically the Internet. East-west network traffic travels between instances Case 1: North-south for instances with a fixed ip address l For instances with a fixed iP address, the network node routes north-south network traffic between project and external networks External network o Network203.0.1130/24 http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 5/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch o Gateway 203.0.113 1 with MAC address EG o Floating| P range2030.113101to203.0.113200 o Project network router interface 203.0.113.101 TR Projec 0 Network192.168.1.0/24 h mac address Compute node 1 o Instance 1 192.168.1.1 1 with Mac address /7 Instance 1 resides on compute node 1 and uses a project network. The instance sends a packet to a host on the external network. The folle ng steps involve compute node 1 1. The instance 1 tap interface(1)forwards the packet to the Linux bridge qbr. The packet contains destination MAC address TG because the destination resides on another network 2. Security group rules(2)on the Linux bridge qbr handle state tracking for the packet. 3. The Linux bridge qbr forwards the packet to the open vSwitch integration bridge br-int. 4. The Open vSwitch integration bridge br-int adds the internal tag for the project network 5. For VLAN project networks 1. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch VLAN bridge br-vIan 2. The Open vSwitch VLAN bridge br-vlan replaces the internal tag with the actual VLAn tag of the project network 3. The Open vSwitch VLan bridge br-v l an forwards the packet to the network node via the VLan interface 6. For VXLAN and gre project networks The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch tunnel bridge br-tunl 2. The Open vSwitch tunnel bridge br-tun wraps the packet in a VXLAN or GRE tunnel and adds a tag to identify the project network 3. The Open vSwitch tunnel bridge br-tun forwards the packet to the network node via the tunnel interface The following steps involve the network node 1. For VLan project networks 1. The VLAN interface forwards the packet to the Open vSwitch VLAN bridge br-vlan 2. The Open vSwitch VLAN bridge br-v lan forwards the packet to the open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int replaces the actual VLAN tag of the project network with the internal tag 2. For VXLaN and gre project networks 1. The tunnel interface forwards the packet to the open vSwitch tunnel bridge br-tun 2. The Open vSwitch tunnel bridge br-tun unwraps the packet and adds the internal tag for the project network 3. The Open vSwitch tunnel bridge br-tun forwards the packet to the Open v Switch integration bridge br-int 3. The open vSwitch integration bridge br-int forwards the packet to the qr interface(3)in the router namespace router. the interface contains the project network gateway IP address TG 4. The iptables service (4)performs SNAT on the packet using the ag interface(5)as the source IP address. the ag interface contains the project network router interface IP address TR 5. The router namespace router forwards the packet to the Open vSwitch integration bridge br-int via the qg interface 6. The Open vSwitch integration bridge br- int forwards the packet to the open vSwitch external bridge br-ex 7. The open vSwitch external bridge br-ex forwards the packet to the external network via the external interface Note Return traffic follows similar steps in reverse http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 6/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch Network traffic flow-North/south Instances with a fixed iP address Compute Node 1 Instance Linur Bridge OVs Integration Bridge OVS Tunnel Bridge Pateh tera avb patchi-tun patch-int 0..Tx/2 Port 4vo Patch int-br lan OVS WLAN Bridge Patel Intertace 3 phy-br-Mlan)irt-3 unnumbered) I VXLAN/GRE ⅥLANs Network node Router Namespace ovS lunnel Bridge outer tr-tun ows Integration Bridge Patch Port Interface F-Innt palari 10.01X24 Patch pa OVS External Bridge int-br-ylan OVS WLAN Bridge Patch Port Patch ata int-br-ex Interfaces int-4 phy-br-ex phy-br-vian丿mt3 Curnurmbertal Interface 4 ILrnumbere! I'lteIINEL ppe●nene● VLAN network2 Case 2: North-south for instances with a floating IP address For instances with a floating IP address, the network node routes north-south network traffic between project and external networks · External network Network2030.1130/24 o Gateway 203.0.113 1 with MAC address EG o Floating IP range 203.0.113 101 to 203.0.113.200 o Project network router interface 203.0 113. TR Project network o Network192.168.1.0/24 o Gateway 192.168.1.1 with MAC address TG ·Com。 ute node1 o Instance 1192. 168.1.11 with MAC address /1 and floating IP address 203.0.113.102 F1 Instance 1 resides on compute node 1 and uses a project network The instance receives a packet from a host on the external network The following steps involve the network node 1. The external interface forwards the packet to the open vSwitch external bridge br-ex 2. The Open vSwitch external bridge br-cx forwards the packet to the open vSwitch integration bridge br-int 3. The open vSwitch integration bridge forwards the packet to the qg interface(1)in the router namespace grouter. the cg interface contains the instance 1 floating IP address F1. 4. The iptables service(2)performs DNAT on the packet using the qr interface (3)as the source IP address. The qr interface contains http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 7/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch the project network router interface IP address TR7 5. The router namespace router forwards the packet to the Open vSwitch integration bridge br-int 6. The Open vSwitch integration bridge br-int adds the internal tag for the project network 7. For VLAN project networks: 1. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch VLaN bridge br-vlan 2. The Open vSwitch VLAN bridge br-v lan replaces the internal tag with the actual VLAN tag of the project network 3. the open vSwitch VLan bridge br-v lan forwards the packet to the compute node via the vlan interface. 8. For VXLAN and Gre project networks The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch tunnel bridge br-tun The Open vSwitch tunnel bridge br- tun wraps the packet in a VXLAN or GrE tunnel and adds a tag to identify the project etwork 3. The Open vSwitch tunnel bridge hr-t un forwards the packet to the compute node via the tunnel interface The following steps involve compute node 1 1. For VLAN project networks The VLAn interface forwards the packet to the Open vSwitch VLAN bridge br-vlan. 2. the Open vSwitch VLAN bridge br-vlan forwards the packet to the open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int replaces the actual vLan tag the project network with the internal tag 2. For VXLAN and GRE project networks 1. The tunnel interface forwards the packet to the open vSwitch tunnel bridge br-tun 2. The Open vSwitch tunnel bridge hr-t un unwraps the packet and adds the internal tag for the project network 3. The Open vSwitch tunnel bridge hr-t un forwards the packet to the Open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int forwards the packet to the Linux bridge ybr 4. Security group rules (4)on the Linux bridge qbr handle firewalling and state tracking for the packet 5. The Linux bridge qbr forwards the packet to the tap interface(5)on instance 1 y Note Return traffic follows similar steps in reverse http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 8/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch Network traffic flow- North/south Instances with a floating IP address Network node Router Namespace oVS Tunnel Bridge grouter br-tum oV5 Integration Bridge Patch Part Interface 2 patch-int 10,D.1.x/24 Pat patch-tun POT Patch ovs External Bridge int bray an OVS VI AN Bridge br -E ParL b -vlan Patch Patch Patch I nterface 3 int- br-ex Int-4 phy-br-ek hy-br-Mlanint-3 unnumbered Interface 4 nternet VXLANVGRE MLANS Compute Node 1 Insta Linuκ Bridge oVs Integration Bridge OvS Tunnel Bridge tun Port Patch ntarface 2 tap qub patch-tun patch-Int 10,0.1X/24 Port qva Patch int braman OVS VLAN Bridge bran Patc Interface 3 phy-br-v an丿nt3 Project netw.。rk Tunne network VLAN network External network 192.168.1024 10.0.1.024 203.0.1130/24 Case 3: East-west for instances on different networks For instances with a fixed or floating IP address, the network node routes east-west network traffic among project networks using the same project router. ● Project network1 o Network:192.168.1.0/24 o Gateway: 192 168.1. 1 with MAC address TG1 Project network 2 o Network:192.1682.0/24 o Gateway: 192. 168. 2. 1 with MAC address TG2 Compute node 1 o Instance 1: 192. 168.1.11 with mac address /1 ° Compute node2 o nstance 2: 192.168.2.1 with mac address 2 Instance 1 resides on compute node 1 and uses project networ Instance 2 resides on compute node 2 and uses project network 2 Both project networks reside on the same router Instance 1 sends a packet to instance 2 The following steps involve compute node 1 1. The instance 1 tap interface(1)forwards the packet to the linux bridge qbr. The packet contains destination MAC address TG1 because the destination resides on another network 2. Security group rules(2)on the Linux bridge qbr handle state tracking for the packet. 3. The Linux bridge qbr forwards the packet to the Open vSwitch integration bridge br-int http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 9/23 20157710 OpenStack Docs: Scenario: Legacy with Open vSwitch 4. The Open vSwitch integration bridge br-int adds the internal tag for project network 1 5. For VLAN project networks 1. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch VLAN bridge br-vlan 2. The Open vSwitch VLAN bridge br-vlan replaces the internal tag with the actual VLAn tag of project network 1 3. The Open vSwitch VLan bridge br-vlan forwards the packet to the network node via the vLan interface 6. For VXLAN and GRE project networks 1. The Open vSwitch integration bridge br-int forwards the packet to the open vSwitch tunnel bridge br-tun 2. The Open vSwitch tunnel bridge br-tun wraps the packet in a VXLAN or GRE tunnel and adds a tag to identify project twork 1 3. The Open vSwitch tunnel bridge br- tun forwards the packet to the network node via the tunnel interface. The following steps involve the netwark node 1. For VLAN project networks 1. The vlan interface forwards the packet to the open v Switch VLan bridge br-vlan 2. The Open vSwitch VLAN bridge br-vlan forwards the packet to the Open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int replaces the actual VLAn tag of project network 1 with the internal tag 2. For VXLAN and Gre project networks 1. The tunnel interface forwards the packet to the open vSwitch tunnel bridge br-tun 2. The Open vSwitch tunnel bridge br-tun unwraps the packet and adds the internal tag for project network 1 3. The Open vSwitch tunnel bridge br-tun forwards the packet to the open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int. forwards the packet to the qr-I interface (3 )in the router namespace crouter. The qr interface contains the project network 1 gateway IP address TG1 4. The router namespace router routes the packet to the ur-2 interface(4). The qr-2 interface contains the project network 2 teway iP address TG2 5. The router namespace router forwards the packet to the Open vSwitch integration bridge br-int 6. The Open vSwitch integration bridge br-int adds the internal tag for project network 2 7. For VLAN project networks 1. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch VLAN bridge br-vlan 2. The Open vSwitch VLAN bridge br-v lan replaces the internal tag with the actual vLan tag of project network 2. 3. The Open vSwitch VLAN bridge br-v lan forwards the packet to compute node 2 via the vLan interface 8. For VXLAN and GRe project networks The open vSwitch integration bridge br-int forwards the packet to the open vSwitch tunnel bridge br-tun 2. The Open vSwitch tunnel bridge hr-t un wraps the packet in a VXLAN or GRE tunnel and adds a tag to identify project network 2 3. The Open vSwitch tunnel bridge br-tun forwards the packet to compute node 2 via the tunnel interfa The following steps involve compute node 2 1. For VLAN proj The VLAn interface forwards the packet to the Open vSwitch VLAN bridge br-vlan. 2. The Open vSwitch VLAN bridge br-v lan forwards the packet to the Open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int replaces the actual VLAN tag of project network 2 with the internal tag 2. For VXLAN and GRe project networks 1. The tunnel interface forwards the packet to the Open vSwitch tunnel bridge br-t. n 2. The Open vSwitch tunnel bridge br-tunl unwraps the packet and adds the internal tag for project network 2 3. The Open vSwitch tunnel bridge br-tun forwards the packet to the Open vSwitch integration bridge br-int 3. The Open vSwitch integration bridge br-int forwards the packet to the Linux bridge qbr 4. Security group rules(5)on the Linux bridge qbr handle firewalling and state tracking for the packet 5. The Linux bridge qbr forwards the packet to the tap interface(6)on instance 2 Y Note Return traffic follows similar steps in reverse http://dacs.openstack.org/networking-guidelscenario_legacy_ovs.html 10/23

...展开详情
试读 23P openstack网络场景描述
立即下载 低至0.43元/次 身份认证VIP会员低至7折
    抢沙发
    一个资源只可评论一次,评论内容不能少于5个字
    关注 私信 TA的资源
    上传资源赚积分,得勋章
    最新推荐
    openstack网络场景描述 10积分/C币 立即下载
    1/23
    openstack网络场景描述第1页
    openstack网络场景描述第2页
    openstack网络场景描述第3页
    openstack网络场景描述第4页
    openstack网络场景描述第5页
    openstack网络场景描述第6页
    openstack网络场景描述第7页

    试读已结束,剩余16页未读...

    10积分/C币 立即下载 >