![]
execute following on 2 host respectively:
1、create a br-int bridge:
```
$ ovs-vsctl --may-exist add-br br-int \
-- set Bridge br-int datapath_type=netdev \
-- br-set-external-id br-int bridge-id br-int \
-- set bridge br-int fail-mode=standalone
```
2、use virsh to create a network with bridge br-int, and create VMs using this network.
refer to https://www.linuxtechi.com/install-use-openvswitch-kvm-centos-7-rhel-7/
3、Configure the IP address of the VM interface in the VM itself:
```
$ ip addr add 192.168.1.1/24 dev eth0
$ ip link set eth0 up
```
Configure the IP address of the br-int, which is to enable host to access VM
```
$ ifconfig br-int 192.168.1.100/24 up
```
4、On host1, add a port for the VXLAN tunnel(remoute_ip shuold be 172.168.1.1 on host2):
```
ovs-vsctl add-port br-int vxlan0 \
-- set interface vxlan0 type=vxlan options:remote_ip=172.168.1.2
```
5、to ensure br-int of 2 host can access each other, do ths to clear iptable filter:
```
$ iptables -F
```
6、VM can't access other VM on other host unless change the souce addr to br-int's addr with iptables's MASQUERADE
```
iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o br-int -j MASQUERADE
```
it is no need to create another ovs bridge br-phy....
PS:the blog refer to http://docs.openvswitch.org/en/latest/howto/userspace-tunneling/
PPS:one reason for failure to make VM accesss each other cross VM is that thess 2 host is 2 KVM virtual machines which one host is clone by another, so when these 2 host create VM, these 2 VM has same MAC address !!! this will make ARP confused.the method to solve the problem is removing the NIC device of one host, and add NIC again, than it will have a difference MAC address.
PPS:It make me confused that on VM1, "ssh VM2" is usually failed or take a long time, untill I read the paper :
https://ilearnedhowto.wordpress.com/2016/09/16/how-to-create-a-overlay-network-using-open-vswitch-in-order-to-connect-lxc-containers/
since both MTU on host and VM is 1500, and vxlan work in a way encapsulating a ethernet frame send by VM as a new ethernet frame's data. so It is no superise that this "new frame" is lager than 1500 bytes, which make it to be drop. SO we need to set MTU of VM a lower value.
```
ifconfig eth0 MTU 1400
```
or set it on file /etc/sysconfig/network-scripts/ifcfg-eth0(centos) or file //etc/network/interfaces(ubuntu) to make it persistent.
2469
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
