服務器配置
| hostname | eth0 | eth1 | type |
| controller001 | 172.16.100.162 | 10.0.0.162 | controller node、network node |
| compute002 | 172.16.100.2 | 10.0.0.2 | compute node |
| compute003 | 172.16.100.3 | 10.0.0.3 | compute node |
eth0: 管理網絡、外部網絡(flat vlan)、存儲網絡
eth1: 數據網絡(vxlan)、floating ip網絡
Flat vlan架構圖
單獨這種架構是不需要啓用l3 agent,虛擬機流量直接從它的宿主機compute node出去,避免l3單點故障的問題。
這裏我們還是要啓用l3 agent,因爲我們使用了兩種network type。
再上兩張openstack wiki的dvr vxlan流量轉發圖
這是使用了dvr後,沒有綁定floating ip的虛擬機上外網的流量走勢(東西走向),最終出網是在網絡節點
dvr南北走向圖
綁定floating ip的虛擬機也直接從它的宿主機compute node出網,不經過網絡節點
具體配置
controller001配置: [root@controller001 ~(keystone_admin)]# vim /etc/neutron/neutron.conf # 添加dvr配置選項 [default] router_distributed = True [root@controller001 ~(keystone_admin)]# vim /etc/neutron/plugin.ini # ml2配置 [ml2] type_drivers = flat,vxlan,vlan,gre tenant_network_types = vxlan,vlan # 租戶網絡類型 mechanism_drivers = openvswitch,l2population # 這裏是用ovs [ml2_type_flat] #flat_networks = default # 用flat網絡,還不如用flat vlan [ml2_type_vlan] network_vlan_ranges = default:102:130 # vlan範圍 [ml2_type_gre] [ml2_type_vxlan] vni_ranges = 1:1000 # vxlan範圍 vxlan_group = 239.1.1.1 # vxlan組播地址 # Example: vxlan_group = 239.1.1.1 [agent] l2_population = True # 提升性能,官方admin-guide-cloud-juno.pdf詳細記錄了 tunnel_types = vxlan enable_distributed_routing = True # 啓用dvr [ovs] enable_tunneling = True tunnel_type = vxlan bridge_mappings = default:br-flat # vlan的ovs bridge: br-flat integration_bridge = br-int local_ip = 10.0.0.162 # vxlan的local ip [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True enable_ipset = True [root@controller001 ~(keystone_admin)]# vim /etc/neutron/l3_agent.ini # l3配置 [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True agent_mode = dvr_snat # 默認虛擬機(沒綁定floating ip的情況下)流量走snat # controller001上建立的ovs bridge ovs-vsctl add-br br-flat ovs-vsctl add-port br-flat eth0 ovs-vsctl add-br br-ex ovs-vsctl add-port br-ex eth1 # ip地址永久生效 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-br-ex DEVICE="br-ex" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=10.0.0.162 NETMASK=255.255.255.0 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-eth1 DEVICE="eth1" NM_CONTROLLED="no" ONBOOT="yes" [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-br-flat DEVICE="br-flat" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=172.16.100.162 NETMASK=255.255.255.0 GATEWAY=172.16.100.254 [root@controller001 network-scripts(keystone_admin)]# cat ifcfg-eth0 DEVICE="eth0" NM_CONTROLLED="no" ONBOOT="yes"
compute002配置: [root@compute002 ~]# vim /etc/neutron/plugin.ini # compute002 ml2配置 [ml2] type_drivers = flat,vxlan,vlan,gre tenant_network_types = vxlan,vlan mechanism_drivers = openvswitch,l2population [ml2_type_flat] # flat_networks =* [ml2_type_vlan] network_vlan_ranges = default:102:130 [ml2_type_gre] [ml2_type_vxlan] vni_ranges = 1:1000 vxlan_group = 239.1.1.1 # vxlan_group = # Example: vxlan_group = 239.1.1.1 [agent] l2_population = True tunnel_types = vxlan enable_distributed_routing = True [ovs] enable_tunneling = True tunnel_type = vxlan integration_bridge = br-int bridge_mappings = default:br-flat local_ip=10.0.0.2 [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True enable_ipset = True [root@compute002 ~]# vim /etc/neutron/l3_agent.ini # compute002 l3配置 [DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver ovs_use_veth = True use_namespaces = True external_network_bridge = br-ex router_delete_namespaces = True agent_mode = dvr # compute002上建立的ovs bridge ovs-vsctl add-br br-flat ovs-vsctl add-port br-flat eth0 ovs-vsctl add-br br-ex ovs-vsctl add-port br-ex eth1 # ip地址永久生效 [root@compute002 network-scripts]# cat ifcfg-br-ex DEVICE="br-ex" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=10.0.0.2 NETMASK=255.255.255.0 [root@compute002 network-scripts]# cat ifcfg-eth1 DEVICE="eth1" NM_CONTROLLED="no" ONBOOT="yes" [root@compute002 network-scripts]# cat ifcfg-br-flat DEVICE="br-flat" BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" IPADDR=172.16.100.2 NETMASK=255.255.255.0 GATEWAY=172.16.100.254 [root@compute002 network-scripts]# cat ifcfg-eth0 DEVICE="eth0" NM_CONTROLLED="no" ONBOOT="yes" # compute003跟compute002配置一樣,這裏就不貼配置了。