Building complex virtual networks using Openvswitch and Netns

Http://www.tuicool.com/articles/mAn6ziB

Preface

Virtual network is really very complex, this time will learn the knowledge "hodgepodge", must have some basic knowledge to understand, such as IP Netns, Openvswitch later have the opportunity to write these basic

–

Openvswitch is a software that implements multi-tier virtual switches in Linux based on the Apache License 2.0. Can be programmed to achieve large-scale network automation, but also support the standard management interfaces and protocols (such as Xflow, NetFlow, Ipfix, Rspan, CLI ...) The characteristic http://openvswitch.org/features/of Openvswitch

Experimental topology

<span style= "font-family: Microsoft James Black, ' Microsoft Yahei ';" > Right click to open large Image view. </span>

Preparatory work:

shell> Yum Install QEMU-KVM
shell> Yum install iproute   # CentOS6 need to update with a specific Yum source
shell> Yum Install Openvswitch  #node3只需要安装这一个包, requires a specific Yum source
Shell> service Openvswitch start  #在各个节点启动openvswitch
node1> ovs-vsctl add-br k-br   #添加虚拟网桥 for vm1,vm2 connection

Create a router to provide DHCP via IP netns

node1> IP netns add R1   #添加一个名称空间
node1> IP link Add sin type veth peer name Rin  #创建一对虚拟网卡
node1> IP link set sin up   #开启sin
node1> IP link Set rin netns R1  #将rin添加到r1
node1> IP netns exec r1 IP link set rin up
node1> IP netns exec R1 ifconfig Rin 10.0.1.10/24 up
node1> IP netns exec r1 dnsmasq-f 10.0.1.20,10.0.1.30-o option:router,10.0.1.254
node1> ovs-vsctl add-port k-br Sin  

Turn on VM test

node1> vim/etc/ifup #创建虚拟网卡启动文件 
 #!/bin/bash 
 # 
 BRIDGE=K-BR 
  
 If [-N ' $]; then 
 IP link Set "Up 
 Ovs-vsctl add-port $bridge $ 
 [$-eq 0] && exit 0 | | Exit 1 
 Else 
 echo "Error" 
 Exit 1 
 Fi 
 
 
 node1> vim/etc/ifdown #创建虚拟网卡关闭文件 
 #!/bin/bash 
 # 
 BRIDGE=K-BR 
 
 If [-N ' $]; then 
 IP link set down 
 ovs-vsctl del-port $bridge $ 
 [$? e Q 0] && Exit 0 | | Exit 1 
 Else 
 echo "Error" 
 Exit 1 
 Fi 
 

node1> chmod +x/etc/if*   #给网卡添加执行权限
node1> wget ftp://172.16.1.1/cirros1.img   #下载cirros, I'm a real local Yum source.
node1> CP cirros1.img Cirros2.img


#启动虚拟机实例, VM1 and VM2.
node1> qemu-kvm-m 256-smp 1-name "n1-cirros1"-drive file=cirros1.img,media=disk,format=qcow2,if=virtio  Nic,macaddr=52:53:54:55:5a:01,model=virtio-net Tap,ifname=vif0.1,script=/etc/ifup,downscript=/etc/ifdown- Daemonize

node1> qemu-kvm-m 256-smp 2-name "N2-cirros2"-drive file=cirros2.img,media=disk,format=qcow2,if=virtio-net Caddr=52:53:54:55:5a:02,model=virtio-net tap,ifname=vif0.2,script=/etc/ifup,downscript=/etc/ifdown-daemonize

Test
Able to get the address normally

#node2配置步骤

node2> ovs-vsctl add-br k-br  #添加虚拟网桥
node2> scp-p 192.168.2.1:/etc/if*/etc/  #复制网卡启动文件

#启动虚拟机实例
node2> qemu-kvm-m 256-smp 1-name "N2-CIRROS1"-drive file=cirros1.img,media=disk,format=qcow2,if=virtio-net Caddr=52:53:54:55:5b:01,model=virtio-net tap,ifname=vif0.1,script=/etc/ifup,downscript=/etc/ifdown-daemonize

node2> qemu-kvm-m 256-smp 2-name "N2-cirros2"-drive file=cirros2.img,media=disk,format=qcow2,if=virtio-net Caddr=52:53:54:55:5b:02,model=virtio-net Tap,ifname=vif0.2,script=/etc/ifup,downscript=/etc/ifdown--daemonize

Since we do not have the GRE configured, n2-cirros1,2 does not get the IP address through the R1 on Node1, so we now configure the GRE between NODE1 and Node2

node1> ovs-vsctl add-port k-br gre0--set interface Gre0 Type=gre
node2> ovs-vsctl add-port k-br gre0--set interface Gre0 Type=gre

At this point, we can get the IP address.

Get address Test through GRE

Configuration of network nodes

nodenet> ovs-vsctl #添加k add-br k-br device, do not know how to see the topology map 
-br nodenet> ADD-BR k-br eth1 
 nodenet> ifconfig k-br 192.168.2.3 
 
 Create Virtualrouter sr: 
 
 nodenet> IP netns Add sr< br>nodenet> IP link Add sin1 type Veth peer name rin1 
 nodenet> IP link set sin1 up 
 nodenet> ovs-vsctl ORT k-br sin1 #将sin1加入k-BR, the SR is connected to K-BR 
 nodenet> IP link set rin1 netns sr 
 nodenet> IP netns exec sr ifconf IG rin1 10.0.1.254 
 
 Configure GRE: 
 
 #在网络节点上配置 
 nodenet> ovs-vsctl add-port k-br gre1--set interface Gre1 type= GRE options:remote_ip=192.168.2.2 
 nodenet> ovs-vsctl add-port k-br gre2--set interface Gre1 Type=gre te_ip=192.168.2.1 
 
 #在node1和node2上配置 
 node1> ovs-vsctl add-port k-br gre1--set interface Gre1 Type=gre options:remote_ip=192.168.2.3 
 node2> ovs-vsctl add-port k-br gre1--set interface Gre1 Type=gre =192.168.2.3 
 

To test whether a node is properly connected

Bridge External Network and Snat,dnat configuration

#添加k-br2
nodenet> Ovs-vsctl ADD-BR K-br2
Nodenet> ifconfig eth0 0  
nodenet> ovs-vsctl add-port k-br2 eth0
nodenet> ifconfig K-br2 172.16.1.4

#再次添加一对网卡:
nodenet> IP link Add sin2 type Veth peer name rin2
nodenet> IP link Set sin2 up
nodenet> ovs-vsctl add-port K-br2 sin2
nodenet> IP Link Set rin2 netns sr
nodenet> IP netns exec sr ifconfig rin2 172.16.1.9/24 up

#添加SNAT规则
nodenet> IP netns exec sr sysctl-w net.ipv4.ip_forward=1
nodenet> IP netns exec sr iptables-a postrouting-t nat-s 10.0.1.0/24! -D 10.0.1.0/24-j SNAT--to-source 172.16.1.9

#添加DNAT规则
nodenet> IP netns exec sr ifconfig rin2:0 172.16.1.20
nodenet> IP netns exec sr iptables-a prerouting-t nat-i rin2-d 172.16.1.20/32-j dnat--to-destination 10.0.1.23

The final Test CIRROS1 can access the extranet, and the extranet can also be accessed via 172.16.1.20 cirros1

Summary

In fact, as long as the picture, virtual network is not difficult, but the configuration is more cumbersome, this experiment to do about eight hours ...

The content of the article, we have a better view can be put forward, think I write well, you can point a wave of praise ~ (≧▽≦)/~
Author: Anyisailn qq:1449472454
Thank you: mageedu