一 实验目的
本文旨在通过自己搭建类似neutron (openvswitch + gre) 实现SDN 的环境,学习了解其工作原理,模拟核心原理,比如:同一租户自定义网络 instance 互通,手动为instance 分配 floating ip 等相关内容。
二 实验原理图
三 实验要求
SDN手动实现DHCP和路由功能
四 DHCP配置
在network1节点上操作
1 添加一个namespace,dhcp01用于隔离租户网络
[root@computer1 ~]# ip netns add dhcp01
2 为私有网络192.168.1.0/24 ,在命名空间dhcp01 中 创建dhcp 服务
[root@network1 ~]# ovs-vsctl add-port br-int tapdhcp01 -- set interface tapdhcp01 type=internal
[root@network1 ~]# ovs-vsctl set port tapdhcp01 tag=100
[root@network1 ~]# ip link set tapdhcp01 netns dhcp01
[root@network1 ~]# ip netns exec dhcp01 ip addr add 192.168.1.2/24 dev tapdhcp01[root@network1 ~]# ip netns exec dhcp01 ip link set tapdhcp01 up
3 查看DHCP
4 检查网络是否连通,在dhcp01 namespace 访问instance1 和 instance2
[root@network1 ~]# ip netns exec dhcp01 ping 192.168.1.12
PING 192.168.1.12 (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=5.30 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.629 ms
^C
--- 192.168.1.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1891ms
rtt min/avg/max/mdev = 0.629/2.965/5.302/2.337 ms
[root@network1 ~]# ip netns exec dhcp01 ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11) 56(84) bytes of data.
64 bytes from 192.168.1.11: icmp_seq=1 ttl=64 time=2.61 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=64 time=0.237 ms
64 bytes from 192.168.1.11: icmp_seq=3 ttl=64 time=0.205 ms
^C
--- 192.168.1.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2234ms
rtt min/avg/max/mdev = 0.205/1.018/2.612/1.127 ms
5
五 路由功能
在network1节点上操作
1 添加br-ex
[root@network1 ~]# ovs-vsctl add-br br-ex
2 重新配置eth1 和 br-ex
vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
PROMISC=yes
MTU=1546
vi /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=none
IPADDR0=172.16.0.201
PREFIX0=24
3 重新启动网络
[root@network1 ~]# ovs-vsctl add-port br-ex eth1 && service network restart
Shutting down interface br-ex: [ OK ]
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down interface eth2: [ OK ]
Shutting down interface eth3: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 10.20.0.201 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: RTNETLINK answers: Invalid argument
[ OK ]
Bringing up interface eth2: Determining if ip address 192.168.4.201 is already in use for device eth2...
[ OK ]
Bringing up interface eth3:
Determining IP information for eth3... done.
[ OK ]
Bringing up interface br-ex: device br-ex already exists; can't create bridge with the same name
[FAILED]
4 给br-ex绑定一个IP
[root@network1 ~]# ip addr add 172.16.0.201/24 dev br-ex
5 检查是否可以ping通该IP
[root@network1 ~]# ping 172.16.0.201
PING 172.16.0.201 (172.16.0.201) 56(84) bytes of data.
64 bytes from 172.16.0.201: icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from 172.16.0.201: icmp_seq=2 ttl=64 time=0.030 ms
^C
--- 172.16.0.201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1841ms
rtt min/avg/max/mdev = 0.019/0.024/0.030/0.007 ms
6 添加一个namespace,router01 用于路由和floating ip 分配
[root@network1 ~]# ip netns add router01
7 在br-int添加一个接口,作为私有网络192.168.1.0/24的网关
[root@network1 ~]# ovs-vsctl add-port br-int qr01 -- set interface qr01 type=internal
ip link set lo up[root@network1 ~]# ovs-vsctl set port qr01 tag=100
[root@network1 ~]#
[root@network1 ~]# ip link set qr01 netns router01
[root@network1 ~]# ip netns exec router01 ip addr add 192.168.1.1/24 dev qr01
[root@network1 ~]# ip netns exec router01 ip link set qr01 up
[root@network1 ~]# ip netns exec router01 ip link set lo up
8 在br-ex中添加一个接口,用于私网192.168.1.0/24设置下一跳地址
[root@network1 ~]# ovs-vsctl add-port br-ex qg01 -- set interface qg01 type=internal
[root@network1 ~]# ip link set qg01 netns router01
[root@network1 ~]# ip netns exec router01 ip addr add 172.16.0.100/24 dev qg01
[root@network1 ~]# ip netns exec router01 ip link set qg01 up
[root@network1 ~]# ip netns exec router01 ip link set lo up
9 查看router01命名空间
10 router01命名空间下测试ping,私有网和外网分别ping
[root@network1 ~]# ip netns exec router01 ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11) 56(84) bytes of data.
64 bytes from 192.168.1.11: icmp_seq=1 ttl=64 time=3.20 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=64 time=0.280 ms
64 bytes from 192.168.1.11: icmp_seq=3 ttl=64 time=0.393 ms
^C
--- 192.168.1.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2026ms
rtt min/avg/max/mdev = 0.280/1.292/3.204/1.352 ms
[root@network1 ~]# ip netns exec router01 ping 192.168.1.12
PING 192.168.1.12 (192.168.1.12) 56(84) bytes of data.
64 bytes from 192.168.1.12: icmp_seq=1 ttl=64 time=1.36 ms
64 bytes from 192.168.1.12: icmp_seq=2 ttl=64 time=0.245 ms
^C
--- 192.168.1.12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1894ms
rtt min/avg/max/mdev = 0.245/0.803/1.361/0.558 ms
[root@network1 ~]# ip netns exec router01 ping 172.16.0.202
PING 172.16.0.202 (172.16.0.202) 56(84) bytes of data.
64 bytes from 172.16.0.202: icmp_seq=1 ttl=64 time=2.40 ms
64 bytes from 172.16.0.202: icmp_seq=2 ttl=64 time=0.253 ms
64 bytes from 172.16.0.202: icmp_seq=3 ttl=64 time=0.612 ms
^C
--- 172.16.0.202 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2135ms
rtt min/avg/max/mdev = 0.253/1.088/2.400/0.939 ms
11 root命名空间ping router01命名空间中的IP
[root@network1 ~]# ping 172.16.0.100
PING 172.16.0.100 (172.16.0.100) 56(84) bytes of data.
64 bytes from 172.16.0.100: icmp_seq=1 ttl=63 time=3.00 ms
64 bytes from 172.16.0.100: icmp_seq=2 ttl=63 time=0.834 ms
^C
--- 172.16.0.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1927ms
rtt min/avg/max/mdev = 0.834/1.917/3.000/1.083 ms
12 模拟分配floating ip 访问instance1
为instance1 192.168.1.11 分配floating ip,172.16.0.101
[root@network1 ~]# ip netns exec router01 ip addr add 172.16.0.101/32 dev qg01
[root@network1 ~]# ip netns exec router01 iptables -t nat -A OUTPUT -d 172.16.0.101/32 -j DNAT --to-destination 192.168.1.11
at -A POSTROUTING -s 192.168.1.11/32 -j SNAT --to-source 172.16.0.101
ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 172.16.0.100[root@network92.168.1.11tns exec router01 iptables -t nat -A PREROUTING -d 172.16.0.101/32 -j DNAT --to-destination 1
[root@network1 ~]# ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.1.11/32 -j SNAT --to-source 172.16.0.101
[root@network1 ~]# ip netns exec router01 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 172.16.0.100
13 查看路由
[root@network1 ~]# ip netns exec router01 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 172.16.0.101 to:192.168.1.11
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.1.11 anywhere to:172.16.0.101
SNAT all -- 192.168.1.0/24 anywhere to:172.16.0.100
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 172.16.0.101 to:192.168.1.11
14 测试
[root@network1 ~]# ping 172.16.0.101
PING 172.16.0.101 (172.16.0.101) 56(84) bytes of data.
64 bytes from 172.16.0.101: icmp_seq=1 ttl=62 time=2.12 ms
64 bytes from 172.16.0.101: icmp_seq=2 ttl=62 time=2.69 ms
64 bytes from 172.16.0.101: icmp_seq=3 ttl=62 time=1.13 ms
64 bytes from 172.16.0.101: icmp_seq=4 ttl=62 time=0.740 ms
64 bytes from 172.16.0.101: icmp_seq=5 ttl=62 time=1.45 ms
2469
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
