Original address: Https://blogs.oracle.com/ronen/entry/diving_into_openstack_network_architecture2
Translation from: http://blog.csdn.net/halcyonbaby/article/details/41604459
In the previous article, we learned about several basic network components used by the OpenStack network and explained how the network was communicated through some simple use cases. In this article, we will explore the settings of the network through a slightly more complex (and still fairly basic) use case (two inter-network routing). The routing uses the same components as the connected internal network, using namespace to create an isolated container that allows the network packets between the subnet to relay.
Remembering what we said in the first article, this is just an example of using the OvS plugin. OpenStack has a lot of plugins in different ways, and we're just talking about one of them.
Use case #4: Routing traffic between, isolated networks
In reality, we will create different networks for different purposes. We will also need to connect these networks together. Since two networks are in different IP segments, we need router to connect them together. To analyze this setup, we create another network (NET2) and configure a 20.20.20.0/24 subnet. After this network is created, we launch a virtual machine for Oracle Linux and connect to Net2. is the network topology diagram seen from the Openstackgui:
For further exploration, we will see another namespace on the OpenStack network node, the namespace used to service the newly created network. Now we have two namespace, one for each network.
[Plain]View Plaincopy
- # IP Netns List
- Qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42dd
- qdhcp-5f833617-6179-4797-b7c0-7d420d84040c
You can view the network ID information through the Nova Net-list, or use the UI to view Web information.
[Plain]View Plaincopy
- # Nova Net-list
- +--------------------------------------+-------+------+
- | ID | Label | CIDR |
- +--------------------------------------+-------+------+
- | 5f833617-6179-4797-b7c0-7d420d84040c | Net1 | None |
- | 63B7FCF2-E921-4011-8DA9-5FC2444B42DD | Net2 | None |
- +--------------------------------------+-------+------+
Our newly created Network,net2 has its own namespace, and this namespace is separate from the Net1. In namespace, we can see two network interfaces, one local and one for the DHCP service.
[Plain]View Plaincopy
- # IP netns exec qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42dd IP addr
- 1:LO:MTU 65536 qdisc noqueue State UNKNOWN
- Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
- inet 127.0.0.1/8 Scope host Lo
- INET6:: 1/128 Scope Host
- Valid_lft Forever Preferred_lft Forever
- 19:TAP16630347-45:MTU Qdisc Noqueue State UNKNOWN
- Link/ether fa:16:3e:bd:94:42 BRD FF:FF:FF:FF:FF:FF
- inet 20.20.20.3/24 BRD 20.20.20.255 Scope Global tap16630347-45
- Inet6 FE80::F816:3EFF:FEBD:9442/64 Scope link
- Valid_lft Forever Preferred_lft Forever
Net1 and Net2 Two network is not connected, we need to create a router, through the router will be two network unicom. Openstack Neutron provides users with the ability to create router and connect two or more network connections. Router is actually just an extra namespace. Creating router using neutron can be done via GUI or command line:
[Plain]View Plaincopy
- # neutron Router-create My-router
- Created a new router:
- +-----------------------+--------------------------------------+
- | Field | Value |
- +-----------------------+--------------------------------------+
- | admin_state_up | True |
- | External_gateway_info | |
- | ID | fce64ebe-47f0-4846-b3af-9cf764f1ff11 |
- | name | My-router |
- | Status | ACTIVE |
- | tenant_id | 9796e5145ee546508939cd49ad59d51f |
- +-----------------------+--------------------------------------+
Now we connect the two Netwrok via router:
To view the ID of the subnet:
[Plain]View Plaincopy
- # neutron Subnet-list
- +--------------------------------------+------+---------------+------------------------------------------------ +
- | ID | name | CIDR | Allocation_pools |
- +--------------------------------------+------+---------------+------------------------------------------------ +
- | 2D7A0A58-0674-439A-AD23-D6471AAAE9BC | | 10.10.10.0/24 | {"Start": "10.10.10.2", "End": "10.10.10.254"} |
- | 4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890 | | 20.20.20.0/24 | {"Start": "20.20.20.2", "End": "20.20.20.254"} |
- +--------------------------------------+------+---------------+------------------------------------------------ +
Add subnet 10.10.10.0/24 to Router:
[Plain]View Plaincopy
- # neutron Router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 SUBNET=2D7A0A58-0674-439A-AD23-D6471AAAE9BC
- Added interface 0b7b0b40-f952-41dd-ad74-2c15a063243a to Router fce64ebe-47f0-4846-b3af-9cf764f1ff11.
Add subnet 20.20.20.0/24 to Router:
[Plain]View Plaincopy
- # neutron Router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 subnet=4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890
- Added interface dc290da0-0aa4-4d96-9085-1f894cf5b160 to Router fce64ebe-47f0-4846-b3af-9cf764f1ff11.
At this point, we look at the network topology and discover that two networks are router through:
We can also find two network interfaces connected to the router as the gateway of their respective subnet.
We can see the namespace created for router.
[Plain]View Plaincopy
- # IP Netns List
- Qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11
- Qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42dd
- qdhcp-5f833617-6179-4797-b7c0-7d420d84040c
We enter the namespace inside to see:
[Plain]View Plaincopy
- # IP netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 IP addr
- 1:LO:MTU 65536 qdisc noqueue State UNKNOWN
- Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
- inet 127.0.0.1/8 Scope host Lo
- INET6:: 1/128 Scope Host
- Valid_lft Forever Preferred_lft Forever
- 20:QR-0B7B0B40-F9:MTU Qdisc Noqueue State UNKNOWN
- Link/ether FA:16:3E:82:47:A6 BRD FF:FF:FF:FF:FF:FF
- inet 10.10.10.1/24 BRD 10.10.10.255 Scope Global QR-0B7B0B40-F9
- Inet6 FE80::F816:3EFF:FE82:47A6/64 Scope link
- Valid_lft Forever Preferred_lft Forever
- 21:QR-DC290DA0-0A:MTU Qdisc Noqueue State UNKNOWN
- Link/ether fa:16:3e:c7:7c:9c BRD FF:FF:FF:FF:FF:FF
- inet 20.20.20.1/24 BRD 20.20.20.255 Scope Global qr-dc290da0-0a
- Inet6 FE80::F816:3EFF:FEC7:7C9C/64 Scope link
- Valid_lft Forever Preferred_lft Forever
We see two network interfaces, "qr-dc290da0-0a" and "qr-0b7b0b40-f9." The two network interfaces are connected to the OVS using two network/subnet gateway IPs.
[Plain]View Plaincopy
- # Ovs-vsctl Show
- 8a069c7c-ea05-4375-93e2-b9fc9e4b3ca1
- Bridge "Br-eth2"
- Port "Br-eth2"
- Interface "Br-eth2"
- Type:internal
- Port "Eth2"
- Interface "Eth2"
- Port "Phy-br-eth2"
- Interface "Phy-br-eth2"
- Bridge Br-ex
- Port Br-ex
- Interface Br-ex
- Type:internal
- Bridge Br-int
- Port "Int-br-eth2"
- Interface "Int-br-eth2"
- Port "qr-dc290da0-0a"
- Tag:2
- Interface "qr-dc290da0-0a"
- Type:internal
- Port "tap26c9b807-7c"
- Tag:1
- Interface "tap26c9b807-7c"
- Type:internal
- Port Br-int
- Interface Br-int
- Type:internal
- Port "Tap16630347-45"
- Tag:2
- Interface "Tap16630347-45"
- Type:internal
- Port "Qr-0b7b0b40-f9"
- Tag:1
- Interface "Qr-0b7b0b40-f9"
- Type:internal
- Ovs_version: "1.11.0"
As we can see, these interfaces are connected to "Br-int" and the VLAN tag corresponding to the network is located. Here we can successfully ping through router namespace via the gateway address (20.20.20.1):
We can also see that the IP address is 20.20.20.2 can ping the virtual machine with IP address 10.10.10.2:
Two subnet are interconnected through the network interfaces in the namespace. In namespace, neutron sets the system parameter Net.ipv4.ip_forward to 1. Commands are viewed as follows:
[Plain]View Plaincopy
- # IP netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 sysctl net.ipv4.ip_forward
- Net.ipv4.ip_forward = 1
We can see that the system parameter Net.ipv4.ip_forward is set in namespace, this setting does not affect the outside of namespace.
Summarize
When you create a router, neutron creates a namespace called qrouter-. The subnets is connected to router via a network interface on the OvS Br-int Bridge. The network interfaces are set up with the correct VLAN so that they can be connected to their corresponding networks. In the example, the IP of the network interface QR-0B7B0B40-F9 is set to the 10.10.10.1,vlan label of 1, which can be connected to "Net1". By setting the system parameter Net.ipv4.ip_forward to 1 in namespace, the route is allowed to take effect.
This article describes how to create a router using the network namespace. In the next article, we'll explore how floating IP works with iptables. This may be more complex, but it still uses these basic networking components.
Deep understanding of the OpenStack Network Architecture (3)-----Routing