How to Create a vlan in OVS

How to Create a vlan in OVS

Neutron itself does not provide any network functions, it is just a shelf. Most of Neutron's networking functions are provided by Plugin, in addition to some features such as DHCP and L3-agent.

Neutron divides networks into three-layer switches:

Network: a layer-3 interface created by the switch based on the vlan;

Subnet: It is equivalent to creating a layer-3 interface address for the vswitch;

Port: it is equivalent to a physical Port of the switch, but the Port has a MAC address;

What does Neutron have?

L2

The L2 layer is implemented by a vswitch. Vswitches have the following types:

Linux bridge, which is based on the Linux kernel. It should be noted that the bridge is a switch and is a common written name of the switch.

OpenvSwitchOVS): OVS has two modes: one is used by a common virtual switch and the other is used as an OpenFlow controller in collaboration with the OpenFlow controller.

Some SDN implementations based on Overlay technology, such as Dove.

Some non-open-source commercial switches.

Currently, Neutron has implemented the L2 layer plug-in as shown in Figure 6. linuxbridge implements the Linux bridge, the openvswitch plug-in implements the openvswitch bridge, and the bigswitch plug-in implements an SDN controller, ml2 is a general plug-in. These L2 plug-ins are mainly divided into the plugin part of the database and the agent part running on the computing node. The fields written by plugin to the database are different but not many, so the code is repeated. ml2 can be understood as a public plugin ). Each plug-in basically implements four topologies, namely FLAT, VLAN, VXLAN, and GRE.

L2 layer plug-in Neutron

L2 layer plug-in Neutron

L3

The L3 layer of Neutron is implemented based on namespace ipv4 forward + iptables.

The l3-agent process needs to be started, and the DHCP-agent process needs to be started if the dhcp service is required.

L4-L7

LBaaS is implemented based on Haproxy, FWaaS is implemented based on iptables, VPNaaS implements IPSec-based VPN, MPLS-based VPN, and SSL-based VPN.

As of writing this article, only LBaaS can be used. Other FWaaS, VPNaaS, and NATaaS are still under development. However, the Security Group function is available for FWaaS. The difference is that the former can also be deployed on network nodes as an independent service to provide edge firewall features, the latter can still use iptables rules on computing nodes to control the traffic between virtual machines that come in from the virtual machines.

In this way, after the network function is configured on the CLI or horizon page of neutron, the neutron API will be called. If the plug-in is OVS, the corresponding commands such as OVS are generated and delivered to the underlying virtual network device. The underlying layer provides the corresponding network functions. If the corresponding network functions are supported, some of them will not report errors if they are not supported, for example, version H supports IPV6 forwarding ). These network functions include L2 vlan or vxlan isolation between tenants, layer-3 forwarding and NAT translation between floating IP addresses, firewall, VPN, and load balancing, the official website also provides IDS and DC interconnection, but there is no driving force to investigate.

If you can configure a network in step 3 that can access the Internet and isolate each other, it means you have a certain understanding of the underlying layer:

A network topology instance configured by neutron

In the figure above, if OVS is used as the plugin, you should note that a virtual router in it does not directly create an OVS, which is very confusing. At the underlying layer, it only creates a vlan on OVS, A layer-3 interface address is configured and a virtual port connected to the CIDR block is added. If you are interested, you can click dump at the underlying layer after successful configuration.