openstack neutron vlan网络配置

发表于 | in . | | 访客

在 Open vSwitch 实现方式下,不同 vlan instance 的虚拟网卡都接到 br-int 上。
这一点与 linux bridge 非常不同,linux bridge 是不同 vlan 接到不同的网桥上。

在这里,收发 vlan 数据的物理网卡为 eth1,上面可以走多个 vlan,
所以物理交换机上与 eth1 相连的 port 要设置成 trunk 模式,而不是 access 模式。

控制节点

neutron.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
vim vim /etc/neutron/neutron.conf
[DEFAULT]
bind_host = 0.0.0.0
bind_port = 19696
auth_strategy = keystone
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin  ##ml2插件
service_plugins =router
dns_domain = gongsi.com
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
api_workers = 32
rpc_workers = 32
dhcp_agents_per_network=3
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
l3_ha = False
debug=true
verbose = True
log_dir = /var/log/neutron
rpc_backend = rabbit
control_exchange = neutron
auth_type=keystone
nova_url=http://controller:8774/v2
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:NEUTRON_PASSWORD@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
admin_user=neutron
admin_tenant_name=services
identity_uri=http://controller:35357
admin_password=ADMIN_PASSWORD
[matchmaker_redis]
[nova]
region_name = RegionOne
auth_url = http://controller:35357
auth_type = password
password = PASSWORD
project_domain_id = default
project_name = services
tenant_name = services
user_domain_id = default
username = nova
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
kombu_ssl_keyfile =
kombu_ssl_certfile =
kombu_ssl_ca_certs =
rabbit_host = controller
rabbit_port = 5672
rabbit_hosts=controller:5672
rabbit_use_ssl = False
rabbit_userid = guest
rabbit_password = guest
rabbit_ha_queues=True
heartbeat_timeout_threshold = 0
heartbeat_rate = 2
[oslo_policy]
[quotas]
[ssl]

ml2_conf.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
vim /etc/neutron/plugins/ml2/ml2_conf.ini
...
[ml2]
type_drivers = vlan
tenant_network_types = vlan  #普通用户可创建的网络,也可以为空
mechanism_drivers = openvswitch
extension_drivers = dns
...
[ml2_type_vlan]
##定义了label为 “provider”的vlan 网络,这里没有指定vlan id的范围,如果普通用也可以在自己的租户里创建网络,可以指定vlan id范围,如 provider:3001:4000
network_vlan_ranges = provider 
...
[securitygroup]
##防火墙驱动
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
...

openvswitch_agent.ini

1
2
3
4
5
6
7
8
9
10
11
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
...
[ovs]
##集成网桥,默认就是br-int
integration_bridge = br-int
##因为在ml2_conf.ini里定义的label是provider,所以这里也是provider,然后指明provider对应的Open vSwitch网桥为br-provider
bridge_mappings =provider:br-provider
...
[securitygroup]
##防火墙驱动
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

创建网桥,绑定物理网卡

1
2
ovs-vsctl add-br br-provider   #与配置中的Open vSwitch网桥名一致
ovs-vsctl add-port br-provider eth1   ##把网桥br-provider绑定到物理网卡eth1上,物理上该网卡eth1可以通过物理交换机与计算节点互通

拷贝在ml2_conf.ini

1
2
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
或者 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

计算节点

neutron.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
[DEFAULT]
bind_host = 0.0.0.0
auth_strategy = keystone
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins =router
allow_overlapping_ips = True
debug=true
verbose = True
log_dir = /var/log/neutron
rpc_backend = rabbit
control_exchange = neutron
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
kombu_ssl_keyfile =
kombu_ssl_certfile =
kombu_ssl_ca_certs =
rabbit_host = controller
rabbit_port = 5672
rabbit_hosts=controller:5672
rabbit_use_ssl = False
rabbit_userid = guest
rabbit_password = guest
rabbit_ha_queues=True
heartbeat_timeout_threshold = 0
heartbeat_rate = 2
[oslo_policy]
[quotas]
[ssl]

openvswitch_agent.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
extensions=qos
l2_population = False
drop_flows_on_start = False
[ovs]
integration_bridge = br-int
#因为控制节点在ml2_conf.ini里定义的label是provider,所以这里也是provider,然后指明provider对应的Open vSwitch网桥为br-provider
bridge_mappings=provider:br-provider
enable_tunneling=False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

创建网桥,绑定物理网卡

1
2
ovs-vsctl add-br br-provider   #与配置中的Open vSwitch网桥名一致
ovs-vsctl add-port br-provider eth1   ##把网桥br-provider绑定到物理网卡eth1上,物理上该网卡eth1可以通过物理交换机与计算节点互通

控制台创建网络

配置准备工作,创建 vlan100。
打开菜单 Admin -> Networks,点击 “Create Network” 按钮
Provider Network Type 选择 “VLAN”。
Physical Network 填写 “provider ”,与 ml2_conf.ini 中 network_vlan_ranges 参数值保持一致。
Segmentation ID 即 VLAN ID,设置为 100

点击 “Create Network”

点击 vlan100 链接,进入 network 配置页面,目前还没有 subnet,点击 “Create Subnet” 按钮

注意

这里省略了数据库的配置步骤

引用:Openstack vlan 网络

官网