openstack深入理解neutron

1.2.3.4.GREi.计节ii.络节5.VLANi.计节ii.络节6.VXLANi.计节i.br-intii.br-tunii.络节i.br-tunii.br-intiii.br-ex7.络间i.DHCP务ii.务8.组i.INPUTii.OUTPUTiii.FORWARDiv.逻辑v.查组规则vi.9.LBaaS负载务i.场ii.实现细节iii.问题10.FWaaS墙务i.场ii.实现细节iii.问题11.DVRi.场ii.络节iii.计节iv.v.vi.实现细节Neutron--OpenStack络实现212.i.easyOVS13.14.Neutron--OpenStack络实现3NeutronOpenStack项负责络务组软义络实现络拟资书Neutron组实现线阅读GitBook书码Github维护欢谢贡V0.9:2015-06-29对DVR细节V0.8:2015-03-24LBaaS务V0.7:2015-03-23VXLANDVR务V0.6:2014-04-04统结构图V0.5:2014-03-24对vlan规则GREanswerfileIPV0.4:2014-03-20对组实现逻辑图vlanRDOanswerIPV0.3:2014-03-10GRE对规则GREanswer*V0.2:2014-03-06图错误对GRE细节V0.1:2014-02-20结构GitHubfork仓库user/openstack_understand_Neutronclone设户Neutron--OpenStack络实现历:骤Neutron--OpenStack络实现4$gitclonegit@github.com:user/openstack_understand_Neutron.git$cdopenstack_understand_Neutron$gitconfiguser.nameUser$gitconfiguser.emailuser@email.com码仓库$#dosomechangeonthecontent$gitcommit-amFixissue#1:changehelotohello$gitpushGitHubpullrequest项仓库仓库$gitremoteaddupstream络实现5Neutron设计标实现“络务”为达这标设计“软义络”实现络拟则实现Linux统络术Linux统这Neutron实现bridge桥Linux连络设备拟设备linux传统实现桥类hub设备ovs桥类换br-intbridge-integration综桥实现络桥br-exbridge-external桥负责络桥GREGeneralRoutingEncapsulation过实现openstackL3greoriginalpkt/GRE/IP/EthernetVETH拟ethernetpair现发另两桥间qvbneutronveth,LinuxBridge-sideqvoneutronveth,OVS-sideTAP设备拟层络设备发层TUN设备拟层络设备发层iptablesLinux见实现墙软Vlan拟LanLan标签实现标为1-4094VXLANUDP协议为层传输协议Overlay实现认为为VLan术namespace实现namespace资间见Linux络术Neutron--OpenStack络实现6Neutron实络L2拟逻辑换络L2见L3IP块IPL3见络拟逻辑换这实拟拥动标idCRUD库记录态L2创户户拥络络础联络络络过换连L3组IP拟须CIDR联络IPCIDR户选组DNS间L2见须过层经过L3进进绑MACIP进寻为拟换拟拟载过访问络IP时论哪络拟实现简统构为图络统构Neutron--OpenStack络实现7启DVRJ东经过络节转发DVR则许东带FloatingIP经过络节转发计节络Neutron--OpenStack络实现8图给OpenStack络实现简构OpenStack络实现vlangrevxlan处gre为OpenStack络逻辑Network节实现DNSDHCPCompute节对拟络户拟进securitygroupGRENeutron--OpenStack络实现9GRE统构图为Compute节两拟VM1VM2别经过桥qbr-XXX连br-int桥br-int桥经过br-tun桥络GRE实现连络对络过vlan则br-eth桥br-tun桥VM1拟实际连TAP设备A见tap-XXXA则进过VETHpairA-B连桥qbr-XXXvnet0B过VETHpairC-D连br-int桥C为qvb-XXXD为qvo-XXX们縀id样拟络络连TAP设备A连桥br-int为OpenStack过iptables实现securitygroupopenvswitch应iptables规则Tap设备为qbr为辅iptables实现securitygroup时为桥详见securitygroupbr-int#ovs-vsctlshowBridgebr-intPortqvo-XXXtag:1Interfaceqvo-XXXPortpatch-tunInterfacepatch-tuntype:patchoptions:{peer=patch-int}Portbr-intInterfacebr-inttype:internalbr-int为patch-tunE为1连br-tun实现络qvo-XXXD为2带tag1说这1vlanaccess拟发该达br-int动带vlantag1带vlantag1则vlantag该发vlanaccess这vlantag实现络户创络neutronnet-create则vlantagbr-intGRE为NORMAL换规则转发两计节qbrbr-intNeutron--OpenStack络实现10计节vmtenantvlantag则们间经过br-int#ovs-ofctldump-flowsbr-intNXST_FLOWreply(xid=0x4):cookie=0x0,duration=10727.864s,table=0,n_packets=198,n_bytes=17288,idle_age=13,priority=br-tun类Bridgebr-tunPortpatch-intInterfacepatch-inttype:patchoptions:{peer=patch-tun}Portgre-1Interfacegre-1type:greoptions:{in_key=flow,local_ip=10.0.0.101,out_key=flow,remote_ip=10.0.0.100Portbr-tunInterfacebr-tuntype:internalpatch-intF为1连br-intvethpairgre-1G为2对应vmgre-1拟gre发这时经过10.0.0.101发10.0.0.10010.0.0.101发br-tun带vlantagvm转换对应gre这实现转换逻辑规则杂过张实现转发规则为#ovs-ofctldump-flowsbr-tunNXST_FLOWreply(xid=0x4):cookie=0x0,duration=10970.064s,table=0,n_packets=189,n_bytes=16232,idle_age=16,priority=cookie=0x0,duration=10906.954s,table=0,n_packets=29,n_bytes=5736,idle_age=16,priority=cookie=0x0,duration=10969.922s,table=0,n_packets=3,n_bytes=230,idle_age=10962,priority=cookie=0x0,duration=10969.777s,table=1,n_packets=26,n_bytes=5266,idle_age=16,priority=cookie=0x0,duration=10969.631s,table=1,n_packets=163,n_bytes=10966,idle_age=21,priority=cookie=0x0,duration=688.456s,table=2,n_packets=29,n_bytes=5736,idle_age=16,priority=cookie=0x0,duration=10969.488s,table=2,n_packets=0,n_bytes=0,idle_age=10969,priority=cookie=0x0,duration=10969.343s,table=3,n_packets=0,n_bytes=0,idle_age=10969,priority=cookie=0x0,duration=10969.2s,table=10,n_packets=29,n_bytes=5736,idle_age=16,priority=cookie=0x0,duration=682.603s,table=20,n_packets=26,n_bytes=5266,hard_timeout=300,idle_age=cookie=0x0,duration=10969.057s,table=20,n_packets=0,n_bytes=0,idle_age=10969,priority=cookie=0x0,duration=688.6s,table=21,n_packets=161,n_bytes=10818,idle_age=21,priority=br-tunNeutron--OpenStack络实现11计节cookie=0x0,duration=10968.912s,table=21,n_packets=2,n_bytes=148,idle_age=689,priority=03规则1patch-int扔12gre-1扔2cookie=0x0,duration=10970.064s,table=0,n_packets=189,n_bytes=16232,idle_age=16,priority=cookie=0x0,duration=10906.954s,table=0,n_packets=29,n_bytes=5736,idle_age=16,priority=cookie=0x0,duration=10969.922s,table=0,n_packets=3,n_bytes=230,idle_age=10962,priority=1处过2规则单00:00:00:00:00:00/01:00:00:00:00:00则扔2001:00:00:00:00:00/01:00:00:00:00:00则扔21cookie=0x0,duration=10969.777s,table=1,n_packets=26,n_bytes=5266,idle_age=16,priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00actions=resubmit(,20)cookie=0x0,duration=10969.631s,table=1,n_packets=163,n_bytes=10966,idle_age=21,priority=0,dl_dst=01:00:00:0