服务器配置
hostname | eth0 | eth1 | type |
controller001 | 172.16.100.162 | 10.0.0.162 | controller node、network node |
compute002 | 172.16.100.2 | 10.0.0.2 | compute node |
compute003 | 172.16.100.3 | 10.0.0.3 | compute node |
eth0: 管理网络、外部网络(flat vlan)、存储网络
eth1: 数据网络(vxlan)、floating ip网络
Flat vlan架构图
单独这种架构是不需要启用l3 agent,虚拟机流量直接从它的宿主机compute node出去,避免l3单点故障的问题。
这里我们还是要启用l3 agent,因为我们使用了两种network type。
再上两张openstack wiki的dvr vxlan流量转发图
这是使用了dvr后,没有绑定floating ip的虚拟机上外网的流量走势(东西走向),最终出网是在网络节点
dvr南北走向图
绑定floating ip的虚拟机也直接从它的宿主机compute node出网,不经过网络节点
具体配置
controller001配置: [root@controller001 ~(keystone_admin)]# vim /etc/neutron/neutron.conf # 添加dvr配置选项 [default] router_distributed = True [root@controller001 ~(keystone_admin)]# vim /etc/neutron/plugin.ini # ml2配置 [ml2] type_drivers = flat,vxlan,vlan,gre tenant_network_types = vxlan,vlan # 租户网络类型 mechanism_drivers = openvswitch,l2population # 这里是用ovs [ml2_type_flat] #flat_networks = default # 用flat网络,还不如用flat vlan [ml2_type_vlan] network_vlan_ranges = default:102:130 # vlan范围 [ml2_type_gre] [ml2_type_vxlan] vni_ranges = 1:1000 # vxlan范围 vxlan_group = 239.1.1.1 # vxlan组播地址 # Example: vxlan_group = 239.1.1.1 [agent] l2_population = True # 提升性能,官方admin-guide-cloud-juno.pdf详细记录了 tunnel_types = vxlan enable_distributed_routing = True # 启用dvr [ovs] enable_tunneling = True tunnel_type = vxlan bridge_mappings = default:br-flat # vlan的ovs bridge: br-flat integration_bridge = br-int local_ip = 10.0.0.162 # vxlan的local ip [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True enable_ipset = True [root@controller001 ~(keystone_admin)]# vim /etc/neutron/l3_agent.ini # l3配置 [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True agent_mode = dvr_snat # 默认虚拟机(没绑定floating ip的情况下)流量走snat # controller001上建立的ovs bridge ovs-vsctl add-br br-flat ovs-vsctl add-port br-flat eth0 ovs-vsctl add-br br-ex ovs-vsctl add-port br-ex eth1 # ip地址永久生效 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-br-ex DEVICE="br-ex" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=10.0.0.162 NETMASK=255.255.255.0 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-eth1 DEVICE="eth1" NM_CONTROLLED="no" ONBOOT="yes" [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-br-flat DEVICE="br-flat" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=172.16.100.162 NETMASK=255.255.255.0 GATEWAY=172.16.100.254 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-eth0 DEVICE="eth0" NM_CONTROLLED="no" ONBOOT="yes"
compute002配置: [root@compute002 ~]# vim /etc/neutron/plugin.ini # compute002 ml2配置 [ml2] type_drivers = flat,vxlan,vlan,gre tenant_network_types = vxlan,vlan mechanism_drivers = openvswitch,l2population [ml2_type_flat] # flat_networks =* [ml2_type_vlan] network_vlan_ranges = default:102:130 [ml2_type_gre] [ml2_type_vxlan] vni_ranges = 1:1000 vxlan_group = 239.1.1.1 # vxlan_group = # Example: vxlan_group = 239.1.1.1 [agent] l2_population = True tunnel_types = vxlan enable_distributed_routing = True [ovs] enable_tunneling = True tunnel_type = vxlan integration_bridge = br-int bridge_mappings = default:br-flat local_ip=10.0.0.2 [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True enable_ipset = True [root@compute002 ~]# vim /etc/neutron/l3_agent.ini # compute002 l3配置 [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True agent_mode = dvr # compute002上建立的ovs bridge ovs-vsctl add-br br-flat ovs-vsctl add-port br-flat eth0 ovs-vsctl add-br br-ex ovs-vsctl add-port br-ex eth1 # ip地址永久生效 [root@compute002 network-scripts]# cat ifcfg-br-ex DEVICE="br-ex" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=10.0.0.2 NETMASK=255.255.255.0 [root@compute002 network-scripts]# cat ifcfg-eth1 DEVICE="eth1" NM_CONTROLLED="no" ONBOOT="yes" [root@compute002 network-scripts]# cat ifcfg-br-flat DEVICE="br-flat" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=172.16.100.2 NETMASK=255.255.255.0 GATEWAY=172.16.100.254 [root@compute002 network-scripts]# cat ifcfg-eth0 DEVICE="eth0" NM_CONTROLLED="no" ONBOOT="yes" # compute003跟compute002配置一样,这里就不贴配置了。
转载于:https://blog.51cto.com/iceyao/1600729