Using VLANs with OVS and libvirt

最新推荐文章于 2023-06-30 17:06:06 发布
最新推荐文章于 2023-06-30 17:06:06 发布
阅读量1.3k 收藏
点赞数
分类专栏: xen、kvm 虚拟化技术 libvirt

In previous posts, I’ve shown you how to use Open vSwitch (OVS) with VLANs through fake bridges, as well as how to wrap libvirt virtual network around OVS fake bridges. Both of these techniques are acceptable for configuring VLANs with OVS, but in this post I want to talk about using VLANs with OVS via a greater level oflibvirt integration. This has been talked aboutelsewhere, but I wasn’t able to make it work until libvirt 1.0.0 was released. (Update: I was able to make it work with an earlier version. Seehere.)

First, let’s recap what we know so far. If you know the port to which a particular domain (guest VM) is connected, you can configure that particular port as a VLAN trunk like this:

ovs-vsctl set port <port name> trunks=10,11,12

This configuration would pass the VLAN tags for VLANs 10, 11, and 12 all the way up to the domain, where—assuming the OS installed in the domain has VLAN support—you could configure network connectivity appropriately. (I hope to have a blog post up on this soon.)

Along the same lines, if you know the port to which a particular domain is connected, you could configure that port as a VLAN access port with a command like this:

ovs-vsctl set port <port name> tag=15

This command makes the domain a member of VLAN 15, much like the use of the switchport access vlan 15 command on a Cisco switch. (I probably don’t need to state that this isn’t theonly way—see the other OVS/VLAN related posts above for more techniques to put a domain into a particular VLAN.)

These commands work perfectly fine and are all well and good, but there’s a problem here—the VLAN informationisn’t contained in the domain configuration. Instead, it’s in OVS, attached to an ephemeral port—meaning that when the domain is shut down, the portand the associated configuration disappears. What I’m going to show you in this post is how to use VLANs with OVS in conjunction with libvirt for persistent VLAN configurations.

This document was written using Ubuntu 12.04.1 LTS and Open vSwitch 1.4.0 (installed straight from the Precise Pangolin repositories usingapt-get). Libvirt was compiled manually (see instructions here). Due to some bugs, it appears you need at least version 1.0.0 of libvirt. Although the Silicon Loons article I referenced earlier mentions an earlier version of libvirt, I was not able to make it work until the 1.0.0 release. Your mileage may vary, of course—I freely admit that I might have been doing something wrong in my earlier testing.

To make VLANs work with OVS and libvirt, two things are necessary:

  1. First, you must define a libvirt virtual network that contains the necessary portgroup definitions.
  2. Second, you must include the portgroup reference to the virtual network in the domain (guest VM) configuration.

Let’s look at each of these steps.

Creating the Virtual Network

The easiest way I’ve found to create the virtual network is to craft the network XML definition manually, then import it into libvirt usingvirsh net-define.

Here’s some sample XML code (I’ll break down the relevant parts after the code):

<network>
  <name>ovs-network</name>
  <forward mode='bridge'/>
  <bridge name='ovsbr0'/>
  <virtualport type='openvswitch'/>
  <portgroup name='vlan-01' default='yes'>
  </portgroup>
  <portgroup name='vlan-02'>
    <vlan>
      <tag id='2'/>
    </vlan>
  </portgroup>
  <portgroup name='vlan-03'>
    <vlan>
      <tag id='3'/>
    </vlan>
  </portgroup>
  <portgroup name='vlan-all'>
    <vlan trunk='yes'>
      <tag id='2'/>
      <tag id='3'/>
    </vlan>
  </portgroup>
</network>

The key takeaways from this snippet of XML are:

  1. First, note that the OVS bridge is specified as the target bridge in the <bridge name=...> element. You’ll need to edit this as necessary to make your specific OVS configuration. For example, in my configuration,ovsbr0 refers to a bridge that handles only host management traffic.
  2. Second, note the <portgroup name=...> element. This is where the “magic” happens. Note that you can have no VLAN element (as in thevlan-01 portgroup), a VLAN tag (as in the vlan-10 or vlan-20 portgroups), or a set of VLAN tags to pass as a trunk (as in the vlan-all portgroup).

Once you’ve got the network definition in the libvirt XML format, you can import that configuration withvirsh net-define <XML filename>. (Prepend this command with sudo if necessary.)

After it is imported, use virsh net-start <network name> to start the libvirt virtual network. If you make changes to the virtual network, such as adding or removing portgroups, be sure to restart the virtual network usingvirsh net-destroy <network name> followed by virsh net-start <network name>.

Now that the virtual network is defined, we can move on to creating the domain configuration.

Configuring the Domain Networking

As far as I’m aware, to include the appropriate network definitions in the domain XML configuration, you’ll have to edit the domain XML manually.

Here’s the relevant snippet of domain XML configuration:

<interface type='network'>
  <mac address='11:22:33:44:55:66'/>
  <source network='ovs-network' portgroup='vlan-02'/>
</interface>

You’ll likely have more configuration entries in your domain configuration, but the important one is the<source network=...> element, where you’ll specify both the name of the network you createdas well as the name of the portgroup to which this domain should be attached.

With this configuration in place, when you start the domain, it will pass the necessary parameters to OVS to apply the desired VLAN configuration automatically. In other words, once you define the desired configuration in the domain XML, it’s maintained persistently inside the domain XML (instead of on the ephemeral port in OVS), re-applied anytime the domain is started.

Verifying the Configuration

Once the appropriate configuration is in place, you can see the OVS configuration created by libvirt when a domain is started by simply usingovs-vsctl show or—for more detailed information—ovs-vsctl list port <port name>. Of particular interest when usingovs-vsctl list port <port name> are the tag and/or trunks values; these are where VLAN configurations are applied.

Summary

In this post, I’ve shown you how to create libvirt virtual networks that integrate with OVS to provide persistent VLAN configurations for domains connected to an OVS bridge. The key benefit that arises from this configuration is that you longer need to know to which OVS port a given domain is connected. Because the VLAN configuration is storedwith the domain and applied to OVS automatically when the domain is started, you can be assured that a domain will always be attached to the correct VLAN when it starts.

As usual, I encourage your feedback on this article. If you have questions, thoughts, corrections, or clarifications, you are invited to speak up in the comments below.


http://blog.scottlowe.org/2012/11/07/using-vlans-with-ovs-and-libvirt/
chenyulancn
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
3.6.1 Packet Tracer - Implement VLANs and Trunking
05-27
3.6.1 Packet Tracer - Implement VLANs and Trunking Cisco Packet Tracer 思科模拟器 正确答案文件 可直接上交正确答案文件 本答案版权归mewhaku所有,严禁再次转载!!! Copyright @mewhaku 2022 All Rights Reserved
configuring-vlans
04-24
是有关Vlan的讲解和详细的应用,对vlan感兴趣的朋友可以看看,有助于更好的提高技术水平。
00018 3.5_Creating_a_Tenant_and_VLANS.mp4
12-05
Application Centric Infrastructure ACI LiveLessons
2.1.4.4 Packet Tracer - Configure VLANs, VTP, and DTP.pka
06-02
2.1.4.4 Packet Tracer - Configure VLANs, VTP, and DTP.pka
P1_G26:练习1 [NETWORKS1]
05-19
施工和配置手册 内容 配置表 虚拟的 主持人 连接到 IP地址 虚拟局域网 是的 IT 1 SW1 192.168.126.15 36 不是 IT 2 SW3 192.168.126.30 36 是的 电脑服务器 SW6 192.168.126.150 36 是的 销售1 SW3 192.168.226.15 46 不是 销售2 SW4 192.168.226.30 46 是的 销售服务器 SW7 192.168.226.150 46 不是 会计1 SW1 192.168.26.15 56 是的 会计2 SW4 192.168.26.30 56 是的 计费服务器 SW6 192.168.26.150 56 云设置表 拓扑学 本地端口 远程主机 远程端口 1个 3223 10.8.0.2 5671 二 5671 10.8
Open vSwitch + libvirt 搭建vlan网络
weixin_30337157的博客
08-09 175
网络拓扑结构 创建一个限制VM流量的网络,使用的是Open vSiwitch来实现VM之间的流量隔离。 要实现的网络拓扑如下图。 配置环境   如网络拓扑图所示,我们需要两台物理主机,4台虚拟机。每台物理主机上运行两台虚拟机。 先在host1上进行配置。 创建镜像    1 qemu-img create -f qcow2 -o size=20g 镜像名字 配...
虚拟化技术 — Libvirt 异构虚拟化管理组件
烟云的计算
04-24 2462
IP 地址伪装规则,使得 VMs 可以使用 Host 的 IP 地址访问外部网络,但外部网络无法主动访问到 VMs,因为 VMs 对于外部网络而言是不可见的。随着循环次数的增加,所需要复制的 dirty pages 就会明显减少,而复制所耗费的时间就会逐渐变短,那么内存就有可能没有足够的时间发生变化。在 Tunnel 传输模式下,同一份数据需要被拷贝多次,并且所有的流量都通过一个端口,在大内存、高业务(快速增加 RAM 脏数据)的场景下,同样的网络带宽,Tunnel 传输模式迁移速率较慢。
重新审视libvirt-ovs配置vlan问题
lianliange85的专栏
09-26 1622
原文:http://blog.scottlowe.org/2012/11/12/libvirt-ovs-integration-revisited/ A few days ago, I posted an article about using VLANs with Open vSwitch (OVS) and libvirt. In that article, I stated t
libvirt中网卡配置
哲淡笔记
03-06 1827
概述 libvirt中支持为虚拟机定义网络设备,并在虚拟机启动时,自动创建相应的网络设备,可以灵活定义设备名称,驱动类型,vlan设置,启动顺序等 特性 设置vlan &lt;interface type='bridge'&gt; &lt;!--虚拟网卡在宿主机上绑定的网桥--&gt; &lt;source bridge='br-openstack'/&gt; ...
虚拟网络设备(Bridge,VLAN)
maimang1001的专栏
06-30 813
IBM网站上有一篇高质量文章。本文会参考文章部分内容,本系列介绍OpenStack使用的这些网络设备包括Bridge,VLAN,tun/tap, veth,vxlan/gre。本篇先介绍Bridge和VLAN相关,其它在下一篇中介绍OpenStack一般分为计算,存储,网络三部分。考虑构建一个灵活的可扩展的云网络环境,而物理网络架构一般是固定和难于扩展的,因此虚拟网络将更有优势。Linux平台上实现了各种不同功能的虚拟网络设备,包括。
Open vSwitch 与 Libvirt
redwingz的博客
07-03 1140
本文档介绍如何将Open vSwitch与Libvirt 0.9.11或更高版本一起使用。本文档假定你遵循文档:/intro/install/general或从发行版软件包(如.deb或.rpm)安装了Open vSwitch。Libvirt 0.9.11版本默认增加了对Open vSwitch的支持。咨询www.libvirt.org获取有关如何编译更新Libvirt的说明,如果默认情况下,L...
OpenStack Quantum + OVS + VLAN 基础安装
学习笔记
06-05 2561
Quantum 是Openstack里面负责网络的项目。不过,Quantum这个名字似乎是已经被别的公司注册了,社区还在讨论新的名字。这篇文档写的比较早,所以还是延用Quantum这个名字。 整个安装过程的实现是在Ubuntu 12.04上,12.04现在直接安装的就是Openstack的Folsom版本,所以只要保证你的机器可以运行apt-get install 命令,软件的安装是非常容易
OVS上创建了一个vlan
tycoon的专栏
08-06 1889
Neutron自身并不提供任何网络功能,它只是一个架子。Neutron的网络功能大部分是Plugin提供的,除了DHCP和L3-agent等的某些部分功能。 Neutron将网络按照三层交换机的概念分为: Network:相当于交换机根据vlan创建的一个三层接口;Subnet:相当于交换机创建了一个三层接口地址;Port:相当于交换机的一个物理端口,但是这个端口有一个MAC地址;
libvirt使用openvswitch
追寻神迹
12-25 2136
http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=INSTALL.Libvirt;hb=HEAD
openvswitch-vlan-(libvirt虚拟机) 配置实例
hwbi的专栏
10-28 3049
一: 编译安装openvwitch和libvirt 源码: 1    编译安装openvswitch:       (参考: http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/ ) apt-get update apt-get install -y git automake aut
使用OVS DPDK (by quqi99)
热门推荐
技术并艺术着
04-07 1万+
作者:张华 发表于:2016-04-07 版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明 ( http://blog.csdn.net/quqi99 ) 硬件要求 网卡得支持DPDK,见:http://dpdk.org/doc/nics CPU得支持DPDK, 测试命令:cat /proc/cpuinfo |grep pdpe1gb ...
infrared-remote-candroid studiodemo
最新发布
05-05
android studio下载
Messages with impermissible VLANs counter
06-10
Messages with impermissible VLANs counter(不允许的VLAN消息计数器)是指在VLAN网络中,由于某些原因导致消息被标记为不允许的VLAN ID而被交换机丢弃的情况,交换机会在丢弃这些消息时计数。 在VLAN网络中,每个VLAN ID都对应着一个特定的VLAN。如果一个消息被标记为不允许的VLAN ID,交换机会无法将其正确地转发到目标VLAN,因此交换机会将该消息丢弃并计数。常见导致消息被标记为不允许的VLAN ID的原因包括: 1. 配置错误:当交换机的VLAN配置出现错误时,可能会导致某些消息被标记为不允许的VLAN ID。 2. VLAN ID冲突:当不同的VLAN ID被错误地分配给了相同的VLAN时,可能会导致消息被标记为不允许的VLAN ID。 3. 非法消息:当网络中出现非法消息时,它们可能会被标记为不允许的VLAN ID并被交换机丢弃。 不允许的VLAN消息计数器可以帮助网络管理员和工程师了解VLAN网络中的错误配置和异常情况,并进行相应的故障排除和优化。在进行VLAN网络管理和维护时,需要注意这些计数器的读取和解读,以确保网络的可靠性和性能。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值