openstack运维实战系列(二十)之neutron创建网络并指定vlan号码
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openstack运维实战系列(二十)之neutron创建网络并指定vlan号码相关的知识,希望对你有一定的参考价值。
1. 背景说明
neutron在openstack中负责instance的网络,如虚拟机内部网络,虚拟机外部网络等,和实体网络相类似,openstack中的网络也存在路由器router,交换机switch,网络network,子网subnet,端口port等概念,这些功能都有neutron来完成,neutron由有个不同的插件plugins组成,如二层插件neutron-openvswitch-agent,三层插件neutron-l3-agent,动态地址分配neutron-dhcp-agent,元数据服务neutron-metadata-agent等。
此外,为了保障租户tenant之间的网络隔离,neutron支持多种不同的网络隔离技术,包括:Linux-bridge,Flat,vlan,gre和vxlan,对于大规模的环境来说,使用gre和vxlan比较多,linux-bridge和flat在小环境中使用,vlan则能够满足可扩展性且能够和现有的环境对接,我所在的环境中,使用vlan的网络模式,关于neutron各种网络模式的特点对别如下:
| 网络模式 | 功能说明 | 优点 | 缺点 |
| linux-bridge | Linux网桥,和KVM网桥相类似 | 配置简单,易于实现,管理 | 可扩展性差 |
| flat/flat+dhcp | 和桥接相类似,扁平网络模式 | 配置简单,易于实现,管理 | 扁平,随着规模扩大,性能易出现瓶颈 |
| vlan | 通过vlan号隔离网络,划分广播域 | 和现有网络对接,易于理解,可扩展性强 | vlan号只支持4096个,大规模易爆 |
| gre | 隧道封装技术,节点之间构建gre隧道 | 较容易实现流量隔离,没有限制 | GRE包头添加网络开销 |
| vxlan | 和GRE技术相类似,隧道技术 | 没有范围限制,可扩展性强 | 需要增加IP包头开销 |
2.创建网络,并指定VLAN号
由于我所在环境中的opentstack云平台使用了vlan的网络模式,随着业务增长,外网IP会耗尽,此时,会向运营商申请外网IP,申请完之后,需要在openstack中扩容网络号,或者租户tenant自己需要内部的网络,也可以创建网络(tenant没法指定vlan号码,只有管理员才可以),具体操作如下:
1.创建网络,指定vlan范围和桥接的物理接口
a、创建网络,并指定网络模式和vlan号码,以及物理桥接网桥 [[email protected] ~]# neutron net-create --provider:network_type=vlan --provider:physical_network=physnet0 --provider:segmentation_id=101 --shared public Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #网络id号 | name | public | #网络名字 | provider:network_type | vlan | #网络类型为vlan | provider:physical_network | physnet0 | #物理桥接网口 | provider:segmentation_id | 101 | #vlan的号码 | shared | True | #所有的tenant共享 | status | ACTIVE | | subnets | | #暂时没有加入子网,所以为空 | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #网络所在的tenant +---------------------------+--------------------------------------+ b、查看创建的网络列表 [[email protected] ~]# neutron net-list +--------------------------------------+---------------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------+-------------------------------------------------------+ | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | public | | #刚创建的网络 | 99c68a93-336a-4605-aa78-343d41ca1206 | vmTest | 79cb82a1-eac1-4311-8e6d-badcabd22e44 192.168.100.0/24 | +--------------------------------------+---------------+-------------------------------------------------------+ c、查看网络的详细信息 [[email protected] ~]# neutron net-show 0d30322d-8d87-43c3-b4e2-5a2969d3c42e +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | | name | public | | provider:network_type | vlan | | provider:physical_network | physnet0 | | provider:segmentation_id | 101 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | +---------------------------+--------------------------------------+
2.创建子网,并将子网加入到网络内
a、创建子网subnet [[email protected] ~]# neutron subnet-create --name public_subnet --ip-version 4 --gateway 192.168.101.1 --allocation-pool start=192.168.101.10,end=192.168.101.250 0d30322d-8d87-43c3-b4e2-5a2969d3c42e 192.168.101.0/24 Created a new subnet: +------------------+-------------------------------------------------------+ | Field | Value | +------------------+-------------------------------------------------------+ | allocation_pools | {"start": "192.168.101.10", "end": "192.168.101.250"} | #地址pools起始范围 | cidr | 192.168.101.0/24 | #网络地址块 | dns_nameservers | | | enable_dhcp | True | #启用DHCP | gateway_ip | 192.168.101.1 | #子网所在的网关 | host_routes | | | id | 3d715769-73ce-4984-81b2-ae1ffb284a74 | #subnet ID号 | ip_version | 4 | #IP地址版本为ipv4 | name | public_subnet | #subnet的名字 | network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #subnet所在的network | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #subnet所在tenant +------------------+-------------------------------------------------------+ b、查看subnet的列表 [[email protected] ~]# neutron subnet-list +--------------------------------------+----------------+------------------+-------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+----------------+------------------+-------------------------------------------------------+ | 3d715769-73ce-4984-81b2-ae1ffb284a74 | public_subnet | 192.168.101.0/24 | {"start": "192.168.101.10", "end": "192.168.101.250"} | #创建成功 | 79cb82a1-eac1-4311-8e6d-badcabd22e44 | ForTest | 192.168.100.0/24 | {"start": "192.168.100.2", "end": "192.168.100.254"} | +--------------------------------------+----------------+------------------+-------------------------------------------------------+ c、查看subnet详情 [[email protected] ~]# neutron subnet-show 3d715769-73ce-4984-81b2-ae1ffb284a74 +------------------+-------------------------------------------------------+ | Field | Value | +------------------+-------------------------------------------------------+ | allocation_pools | {"start": "192.168.101.10", "end": "192.168.101.250"} | | cidr | 192.168.101.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.101.1 | | host_routes | | | id | 3d715769-73ce-4984-81b2-ae1ffb284a74 | | ip_version | 4 | | name | public_subnet | | network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | +------------------+-------------------------------------------------------+
3.交换机配置vlan与云平台联动
云平台中配置了网络,使用vlan模式,此时,需要在交换机层面配置vlan信息和openstack云平台联动,需要配置的信息有:vlan地址,即网络的gateway,所有的compute接口所在的交换机接口,设置为trunk模式,并配置允许vlan101通过(关于具体配置,可以将需求和网络工程师说明)。
4.测试新创建的network
a、查看network和subnet的号码 [[email protected] ~]# neutron net-list +--------------------------------------+---------------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------+-------------------------------------------------------+ | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | public | 3d715769-73ce-4984-81b2-ae1ffb284a74 192.168.101.0/24 | +--------------------------------------+---------------+-------------------------------------------------------+ [[email protected] ~]# neutron subnet-list +--------------------------------------+----------------+------------------+-------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+----------------+------------------+-------------------------------------------------------+ | 3d715769-73ce-4984-81b2-ae1ffb284a74 | public_subnet | 192.168.101.0/24 | {"start": "192.168.101.10", "end": "192.168.101.250"} | +--------------------------------------+----------------+------------------+-------------------------------------------------------+ b、创建端口 [[email protected] ~]# neutron port-create --name port_1 --fixed-ip subnet_id=3d715769-73ce-4984-81b2-ae1ffb284a74,ip_address=192.168.101.11 0d30322d-8d87-43c3-b4e2-5a2969d3c42e Created a new port: +-----------------------+---------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+---------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | device_id | | | device_owner | | | fixed_ips | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} | #端口的地址 | id | 9b860e7f-4327-4777-8f80-3a5a3c6672ad | #端口id号 | mac_address | fa:16:3e:af:73:66 | #端口对应MAC | name | port_1 | #port名字 | network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | #port所在network | security_groups | 663468d9-73b1-4b04-8d4c-dac1bf21a94d | #所在安全组 | status | DOWN | | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | #所在subnet +-----------------------+---------------------------------------------------------------------------------------+ c、查看port列表 [[email protected] ~]# neutron port-list |grep 192.168.101 | 9b860e7f-4327-4777-8f80-3a5a3c6672ad | port_1 | fa:16:3e:af:73:66 | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} | | fb5f8996-c025-4fdd-80dc-7d0d117a7cd6 | | fa:16:3e:19:8f:f8 | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.10"} | d、查看port详情 [[email protected] ~]# neutron port-show 9b860e7f-4327-4777-8f80-3a5a3c6672ad +-----------------------+---------------------------------------------------------------------------------------+ | Field | Value | +-----------------------+---------------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | device_id | | | device_owner | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "3d715769-73ce-4984-81b2-ae1ffb284a74", "ip_address": "192.168.101.11"} | | id | 9b860e7f-4327-4777-8f80-3a5a3c6672ad | | mac_address | fa:16:3e:af:73:66 | | name | port_1 | | network_id | 0d30322d-8d87-43c3-b4e2-5a2969d3c42e | | security_groups | 663468d9-73b1-4b04-8d4c-dac1bf21a94d | | status | DOWN | | tenant_id | 842ab3268a2c47e6a4b0d8774de805ae | +-----------------------+---------------------------------------------------------------------------------------+
4.将端口attach到intance中
a、执行attach操作 [[email protected] ~]# nova list |grep happy | 3f694eaf-aa87-456a-99ce-90dd9f4e45ee | happy_test | SHUTOFF | - | Shutdown | | ChuangYiYuan_10_16_2_11 | [[email protected] ~]# nova interface-attach 3f694eaf-aa87-456a-99ce-90dd9f4e45ee --port-id 9b860e7f-4327-4777-8f80-3a5a3c6672ad b、attach成功,虚拟机和端口成功关联 [[email protected] ~]# nova list |grep happy | 3f694eaf-aa87-456a-99ce-90dd9f4e45ee | happy_test | SHUTOFF | - | Shutdown | public=192.168.101.11 | ChuangYiYuan_10_16_2_11 |
5. 总结
关于网络的扩容,可以通过租户自己创建,也可以通过管理员手动指定,对于租户自己创建来说,自动分配vlan号码,而管理员则可以针对业务需求,手动定制vlan号,由于openstack的应用场景和配置千奇百怪,不同的环境和场景都有所不同,读者根据自己所在的环境设置。
6. 附录
[[email protected] ~]# neutron -h usage: neutron [--version] [-v] [-q] [-h] [--os-auth-strategy <auth-strategy>] [--os-auth-url <auth-url>] [--os-tenant-name <auth-tenant-name>] [--os-tenant-id <auth-tenant-id>] [--os-username <auth-username>] [--os-password <auth-password>] [--os-region-name <auth-region-name>] [--os-token <token>] [--endpoint-type <endpoint-type>] [--os-url <url>] [--os-cacert <ca-certificate>] [--insecure] Command-line interface to the Neutron APIs optional arguments: --version show program‘s version number and exit -v, --verbose, --debug Increase verbosity of output and show tracebacks on errors. Can be repeated. -q, --quiet Suppress output except warnings and errors -h, --help Show this help message and exit --os-auth-strategy <auth-strategy> Authentication strategy (Env: OS_AUTH_STRATEGY, default keystone). For now, any other value will disable the authentication --os-auth-url <auth-url> Authentication URL (Env: OS_AUTH_URL) --os-tenant-name <auth-tenant-name> Authentication tenant name (Env: OS_TENANT_NAME) --os-tenant-id <auth-tenant-id> Authentication tenant name (Env: OS_TENANT_ID) --os-username <auth-username> Authentication username (Env: OS_USERNAME) --os-password <auth-password> Authentication password (Env: OS_PASSWORD) --os-region-name <auth-region-name> Authentication region name (Env: OS_REGION_NAME) --os-token <token> Defaults to env[OS_TOKEN] --endpoint-type <endpoint-type> Defaults to env[OS_ENDPOINT_TYPE] or publicURL. --os-url <url> Defaults to env[OS_URL] --os-cacert <ca-certificate> Specify a CA bundle file to use in verifying a TLS (https) server certificate. Defaults to env[OS_CACERT] --insecure Explicitly allow neutronclient to perform "insecure" SSL (https) requests. The server‘s certificate will not be verified against any certificate authorities. This option should be used with caution. Commands for API v2.0: agent-delete Delete a given agent. #agent管理 agent-list List agents. agent-show Show information of a given agent. agent-update Update a given agent. cisco-credential-create Creates a credential. cisco-credential-delete Delete a given credential. cisco-credential-list List credentials that belong to a given tenant. cisco-credential-show Show information of a given credential. cisco-network-profile-create Creates a network profile. cisco-network-profile-delete Delete a given network profile. cisco-network-profile-list List network profiles that belong to a given tenant. cisco-network-profile-show Show information of a given network profile. cisco-network-profile-update Update network profile‘s information. cisco-policy-profile-list List policy profiles that belong to a given tenant. cisco-policy-profile-show Show information of a given policy profile. cisco-policy-profile-update Update policy profile‘s information. dhcp-agent-list-hosting-net List DHCP agents hosting a network. dhcp-agent-network-add Add a network to a DHCP agent. dhcp-agent-network-remove Remove a network from a DHCP agent. ext-list List all extensions. ext-show Show information of a given resource. firewall-create Create a firewall. #防火墙管理 firewall-delete Delete a given firewall. firewall-list List firewalls that belong to a given tenant. firewall-policy-create Create a firewall policy. firewall-policy-delete Delete a given firewall policy. firewall-policy-insert-rule Insert a rule into a given firewall policy. firewall-policy-list List firewall policies that belong to a given tenant. firewall-policy-remove-rule Remove a rule from a given firewall policy. firewall-policy-show Show information of a given firewall policy. firewall-policy-update Update a given firewall policy. firewall-rule-create Create a firewall rule. firewall-rule-delete Delete a given firewall rule. firewall-rule-list List firewall rules that belong to a given tenant. firewall-rule-show Show information of a given firewall rule. firewall-rule-update Update a given firewall rule. firewall-show Show information of a given firewall. firewall-update Update a given firewall. floatingip-associate Create a mapping between a floating ip and a fixed ip. #浮动IP管理 floatingip-create Create a floating ip for a given tenant. floatingip-delete Delete a given floating ip. floatingip-disassociate Remove a mapping from a floating ip to a fixed ip. floatingip-list &以上是关于openstack运维实战系列(二十)之neutron创建网络并指定vlan号码的主要内容,如果未能解决你的问题,请参考以下文章
openstack运维实战系列(十七)之glance与ceph结合
openstack运维实战系列之neutron替换instance的IP
openstack运维实战系列(十三)之glance更改路径引发的"血案"