Nova VlanManager

nova-vlanManager
nova compute node config


network_api_class = nova.network.api.API
security_group_api = nova

firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver

#network_manager = nova.network.manager.FlatDHCPManager

network_manager=nova.network.manager.VlanManager

network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True

my_ip = 192.168.213.93

#-flat_network_bridge = br100
#-flat_interface = eth1
#flat_injected=true

vlan_start=100
vlan_interface = eth1
public_interface = eth1
verbose = True

# vnc server
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.213.93
novncproxy_base_url = http://controller:6080/vnc_auto.html

network_api_class = nova.network.api.API

security_group_api = nova

firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver

#network_manager = nova.network.manager.FlatDHCPManager

network_manager=nova.network.manager.VlanManager

network_size = 254

allow_same_net_traffic = False

multi_host = True

send_arp_for_ha = True

share_dhcp_address = True

force_dhcp_release = True

my_ip = 192.168.213.93

#-flat_network_bridge = br100

#-flat_interface = eth1

#flat_injected=true

vlan_start=100

vlan_interface = eth1

public_interface = eth1

verbose = True

# vnc server

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = 192.168.213.93

novncproxy_base_url = http://controller:6080/vnc_auto.html

Bridge Interface.


bridge name     bridge id               STP enabled     interfaces
br101           8000.fa163e800e78       no              vlan101
                                                        vnet0
br102           8000.fa163e1bce16       no              vlan102
                                                        vnet1

bridge name bridge id STP enabled interfaces

br101 8000.fa163e800e78 no vlan101

vnet0

br102 8000.fa163e1bce16 no vlan102

vnet1

Interface ต่างๆ


eth0: inet 192.168.213.93/25 brd 192.168.213.127 scope global eth0
eth1: 
vlan101@eth1
br101: inet 172.16.0.1/24 brd 172.16.0.255 scope global br101
vnet0: 
vlan102@eth1: 
br102: inet 172.16.1.1/24 brd 172.16.1.255 scope global br102
vnet1:

eth0: inet 192.168.213.93/25 brd 192.168.213.127 scope global eth0

eth1:

vlan101@eth1

br101: inet 172.16.0.1/24 brd 172.16.0.255 scope global br101

vnet0:

vlan102@eth1:

br102: inet 172.16.1.1/24 brd 172.16.1.255 scope global br102

vnet1:

Type interface


ip -d link show vlan102
8: vlan102@eth1: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue master br102 state UP mode DEFAULT group default
link/ether fa:16:3e:1b:ce:16 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.ห1Q id 102 &lt;REORDER_HDR&gt;

ip -d link show vlan101
5: vlan101@eth1: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue master br101 state UP mode DEFAULT group default
link/ether fa:16:3e:80:0e:78 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.1Q id 101 &lt;REORDER_HDR&gt;

ip -d link show vlan102

8: vlan102@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br102 state UP mode DEFAULT group default

link/ether fa:16:3e:1b:ce:16 brd ff:ff:ff:ff:ff:ff promiscuity 1

vlan protocol 802.ห1Q id 102 <REORDER_HDR>

ip -d link show vlan101

5: vlan101@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br101 state UP mode DEFAULT group default

link/ether fa:16:3e:80:0e:78 brd ff:ff:ff:ff:ff:ff promiscuity 1

vlan protocol 802.1Q id 101 <REORDER_HDR>

ตรวจสอบ interface vlan


cat /proc/net/vlan/vlan102

cat /proc/net/vlan/vlan102

การสร้าง interface vlan แบบ manual


ip link  add link eth1  name   vlan200 type vlan id  200
ip link
ip -d link show vlan200

10: vlan200@eth1: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noop state DOWN mode DEFAULT group default
link/ether 52:54:00:25:33:26 brd ff:ff:ff:ff:ff:ff promiscuity 0
vlan protocol 802.1Q id 200 &lt;REORDER_HDR&gt;

% ip link  delete  dev vlan200

ip link add link eth1 name vlan200 type vlan id 200

ip link

ip -d link show vlan200

10: vlan200@eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default

link/ether 52:54:00:25:33:26 brd ff:ff:ff:ff:ff:ff promiscuity 0

vlan protocol 802.1Q id 200 <REORDER_HDR>

% ip link delete dev vlan200

ขั้นตอนการสร้างเพื่อทดสอบ

การสร้าง network ด้วย nova


nova network-create mypub00 --dns1 8.8.8.8 --vlan 101 --multi-host T --fixed-range-v4 172.16.0.100/24 --enable-dhcp T 
nova network-create mypub01 --dns1 8.8.8.8 --vlan 102 --multi-host T --fixed-range-v4 172.16.1.100/24 --enable-dhcp T

nova network-create mypub00 --dns1 8.8.8.8 --vlan 101 --multi-host T --fixed-range-v4 172.16.0.100/24 --enable-dhcp T

nova network-create mypub01 --dns1 8.8.8.8 --vlan 102 --multi-host T --fixed-range-v4 172.16.1.100/24 --enable-dhcp T

สร้าง vm บนแต่ละ vlan


# vlan 101
nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=73b46742-070a-4228-8ae0-d5ca07200703 --security-group default app00
nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=73b46742-070a-4228-8ae0-d5ca07200703 --security-group default app01

# vlan 102
nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=386d29e5-b986-40b3-b1c1-ee08578ad381 --security-group default app02
nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=386d29e5-b986-40b3-b1c1-ee08578ad381 --security-group default app03

# vlan 101

nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=73b46742-070a-4228-8ae0-d5ca07200703 --security-group default app00

nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=73b46742-070a-4228-8ae0-d5ca07200703 --security-group default app01

# vlan 102

nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=386d29e5-b986-40b3-b1c1-ee08578ad381 --security-group default app02

nova boot --image cirros-0.3.3-x86_64 --flavor s1.tiny --nic net-id=386d29e5-b986-40b3-b1c1-ee08578ad381 --security-group default app03

* บน swtich ที่ connect เข้ากับ HOST ต้องเป็น Trunk Port.

%nova interface-list app00
ERROR (HTTPNotImplemented): Network driver does not support this function. (HTTP 501) (Request-ID: req-6c988ac4-be47-4261-bbff-88889a30aadc)

BlogPost-NET-multi-inter-tenant-1-1024x516

ในกรณีให้ public network set เป็น vlan เข้ามา โดยไม่ใช้ floating ติดปัญหาเรื่อง routing เพราะเครื่อง vm จะชี้ default gw มาที่ interface bridge br101 , br102
แก้ปัญหาด้วยการทำ routing vlan บนแต่ละ vlan


##
ip  route add 172.16.0.0/24 dev  br101  src  172.16.0.254   table vlan101
ip route add default via 172.16.0.252 dev  br101  table vlan101
ip rule add   from 172.16.0.0/24 table vlan101
ip rule add  to 172.16.0.254  table  vlan101

##
ip  route add 172.16.1.0/24 dev  br102  src  172.16.0.254   table vlan102
ip route add default via 172.16.1.252 dev  br102  table vlan102
ip rule add   from 172.16.1.0/24 table vlan102
ip rule add  to 172.16.1.254  table  vlan102

ip route add 172.16.0.0/24 dev br101 src 172.16.0.254 table vlan101

ip route add default via 172.16.0.252 dev br101 table vlan101

ip rule add from 172.16.0.0/24 table vlan101

ip rule add to 172.16.0.254 table vlan101

ip route add 172.16.1.0/24 dev br102 src 172.16.0.254 table vlan102

ip route add default via 172.16.1.252 dev br102 table vlan102

ip rule add from 172.16.1.0/24 table vlan102

ip rule add to 172.16.1.254 table vlan102

* 172.16.0.254 ip gw on interface bridge.
* 172.16.0.252 ip gw on interface router.
กรณีทำไม่ต้องการทำ floating ip

Ref. https://www.mirantis.com/blog/vlanmanager-network-flow-analysis/