openstack--Network Advanced Linux Bridge (vii)

First, configure the Linux Bridge

Neutron uses ML2 as the core plugin by default, its configuration is/etc/neutron/neutron.conf, and the control node and compute nodes need to configure neutron.conf options in their respective core_plugin.

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/06/11/wKiom1mw8Mvyhng9AABANhxLv98157.jpg "title=" Qq20170907150829.jpg "alt=" Wkiom1mw8mvyhng9aabanhxlv98157.jpg "/>

Then you need to have ML2 use Linux-bridge mechanism DRIVER,ML2 configuration file located in/etc/neutron/plugins/ml2/ml2_conf.ini.

[ml2]# ... mechanism_drivers = linuxbridge,l2population

The Mechanism_drivers option indicates the mechanism driver that the current node can use, where it is possible to specify a variety of DRIVER,ML2 to load, and the configuration above indicates that we only use Linux-bridge driver, Both the control node and the compute node need to configure the Mechanism_drivers option in their respective ml2_conf.ini.

After the neutron service starts normally, Neutron-linuxbridge-agent is run on all nodes.

Second, the initial network status

In our experimental environment, there is only physical NIC device ethx on the current node, there are no bridge and tap, the status is as follows:

Controller:

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/A4/C2/wKioL1mw8tPxL_5RAADxx92IzWo416.jpg "title=" Upload-ueditor-image-20160825-1472134723294003663.jpg "alt=" Wkiol1mw8tpxl_5raadxx92izwo416.jpg "/>

Compute:

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/06/11/wKiom1mw82bQ-GhTAADjjGV8Qq4298.jpg "title=" Upload-ueditor-image-20160825-1472134723579023370.jpg "alt=" Wkiom1mw82bq-ghtaadjjgv8qq4298.jpg "/>

III. Network Type

Linux-bridge supports local, flat, VLAN, and Vxlan four network types and does not currently support GRE.

1. Local

The local network is characterized by no connection to any of the host's physical network cards, and no VLAN ID associated with it.

For each local NETWROK,ML2 Linux-bridge will create a bridge,instance tap device that will connect to bridge. The instance in the same local network will be connected to the same bridge so that the instance can communicate.

Because bridge is not connected to the physical NIC, instance cannot communicate with the host network, and since each local network has its own bridge,bridge, there is no communication between the two local network, Even if they reside on the same host.

is an example of the local network:

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/06/11/wKiom1mw9LDCUO2iAAFlCsACRvM140.png "title=" Upload-ueditor-image-20160827-1472302040881078569.png "alt=" Wkiom1mw9ldcuo2iaaflcsacrvm140.png "/>

1. Two local network were created, corresponding to two bridges brqxxxx and brqyyyy.
   

2. VM0 and VM1 are connected to brqxxxx through Tap0 and Tap1.

3. The VM2 is connected to the brqyyyy via Tap0 and TAP2.

4. VM0 and VM1 in the same local network, they can communicate.

5. VM2 is located in another local network, VM2 cannot communicate with VM0 and VM1 because Brqxxxx and brqyyyy are not connected.

To turn on the local feature, simply include the local in the ML2 configuration file type_drivers, such as:

Type_drivers = Local,flat,vlan,gre,vxlan

Both the normal user and the admin can create the network through the CLI or the Web GUI, but only Amdin can specify the type of the network, so you need to use Tenant_network_ Types tells ML2 what type of network is created by default when an ordinary user creates a network in their own tenant (Project), where type is local.

Tenant_network_types = Local

Tenant_network_types can specify multiple types, such as:

Tenant_network_types = VLAN, local

The function is to create a VLAN network and create a local network when no VLANs are created (such as when the VLAN ID is exhausted).

2. Flat Network

The flat network is a web without tag, requiring the host's physical NIC to connect directly to the Linux bridge, which means:
Each flat network will have a single physical network card.

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/A4/C3/wKioL1mw_hSyBcu5AAHj4Dyu0SE953.jpg "title=" Upload-ueditor-image-20160913-1473772722046096179.jpg "alt=" Wkiol1mw_hsybcu5aahj4dyu0se953.jpg "/>

The Eth1 bridge is connected to Brqxxx and provides flat network for instance.
If you need to create multiple flat network, you have to prepare multiple physical network cards, as shown in.

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/13/wKiom1mw_oOCJ1FmAAL6zyjeN4Y729.jpg "title=" Upload-ueditor-image-20160913-1473772722252093579.jpg "alt=" Wkiom1mw_oocj1fmaal6zyjen4y729.jpg "/>

Because the flat network corresponds to the physical NIC one by one, the tenant network generally does not use flat, and then it needs to indicate the correspondence between the flat network and the physical network card.

• A flat network is defined by Flat_networks in [Ml2_type_flat], and the label is "Default".

• In [Linux_bridge], physical_interface_mappings indicates that the physical NIC corresponding to default is eth1.

3. VLAN Network

VLAN Networks is a network with tag, and is the most widely used type of network in practice.

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/06/14/wKiom1mxB6SThBhUAAH-OZZ5_hQ419.jpg "title=" Upload-ueditor-image-20160927-1474962860121038827.jpg "alt=" Wkiom1mxb6sthbhuaah-ozz5_hq419.jpg "/>

1. Three instance are connected to a Linux bridge named "Brqxxxx" via a TAP device.
   

2. A eth1.100 VLAN interface,eth1.100 connected to Brqxxxx is created on the physical NIC Eth1.

3. Instance the packet sent to Eth1 via eth1.100 will be tagged with vlan100.

If you create another network vlan101,eth1, the VLAN interface eth1.101 will be created accordingly, and the new Lingux Bridge "Brqyyyy" is connected.
Each VLAN network has its own bridge, which also enables VLAN-based isolation.

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/06/14/wKiom1mxB__ySYPmAAJbrlM98N4139.jpg "title=" Upload-ueditor-image-20160927-1474962860378023547.jpg "alt=" Wkiom1mxb__ysypmaajbrlm98n4139.jpg "/>

Because the physical NIC Eth1 can walk over multiple VLANs, the port connected to eth1 on the physical switch is set to trunk mode instead of access mode.

How can a device with different VLANs communicate, then it needs router to provide data forwarding services, such as.

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/06/14/wKiom1mxDeLTiXNvAAKc6u6efuk758.jpg "title=" Upload-ueditor-image-20161011-1476183894293034284.jpg "alt=" Wkiom1mxdeltixnvaakc6u6efuk758.jpg "/>

Reference: Mainly from the "five minutes a day to play with OpenStack", the book is very good, welcome to buy!

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/06/15/wKiom1mxFMHiNeCbAACmb4CVfN4191.jpg "title=" Qrcode_for_gh_891f5ff6ec4e_258.jpg "alt=" Wkiom1mxfmhinecbaacmb4cvfn4191.jpg "/>

This article is from the "Operation and maintenance bit record" blog, please make sure to keep this source http://wzlinux.blog.51cto.com/8021085/1963447

openstack--Network Advanced Linux Bridge (vii)