ovn gateway出网方案,以及fip (简化出网架构)

头像
manshu
    阅读 7 分钟
    1

    环境

    集群

    节点 ip 1 ip 2 组件
    master01 172.31.133.26/26 172.31.133.90/26 ovn-central(nb,sb,northd)
    node01 172.31.133.27/26 172.31.133.91/26 controller,ovs(vswtichd,db)
    node02 172.31.133.28/26 172.31.133.92/26 controller,ovs(vswtichd,ovsdb)

    ovn初始环境

    一个逻辑交换机bridge0 和一个逻辑路由器router0,交换机上挂了容器化的虚机vm0 172.66.1.12

    网络配置

    # add the router
ovn-nbctl lr-add router0

# create router port for the connection to 'bridge0'
ovn-nbctl lrp-add router0 router1-bridge0 04:ac:10:ff:34:00 172.66.1.10/24

# create the 'bridge0' switch port for connection to 'router0'
ovn-nbctl lsp-add bridge0 bridge0-router0
ovn-nbctl lsp-set-type bridge0-router0 router
ovn-nbctl lsp-set-addresses bridge0-router0 04:ac:10:ff:34:00
ovn-nbctl lsp-set-options bridge0-router0 router-port=router0-bridge0
    ovn-nbctl show
    router dfecb747-b655-42d8-a63b-54aad5123ab6 (router0)
    port router0-bridge0
        mac: "04:ac:10:ff:34:00"
        networks: ["172.66.1.10/24"]
switch b60a46af-de3a-44c2-ac88-4426fa004140 (bridge0)
    port bridge0-vm0
        addresses: ["dynamic"]
    port bridge0-router0
        type: router
        router-port: router0-bridge0
    ovs-sbctl show
    Chassis "aa8648e9-e367-4992-9d87-e96b99993ccc"
    hostname: "node01"
    Encap geneve
        ip: "172.31.133.27"
        options: {csum="true"}
Chassis "76dc7a18-0b4e-4a25-84c8-5fce4578cf78"
    hostname: "node02"
    Encap geneve
        ip: "172.31.133.28"
        options: {csum="true"}
    Port_Binding "bridge0-vm0"

    gateway

    网络拓扑图

    ![图片描述][1]

    文本流程图

             __________
        | enp6s0f1 |  Physical Network
         ----------
             |
         ____|_____
        |  bridge  |  br-ex
         ----------
             | mapping
         ____|____
        |  switch |   outside
         ---------
             |
         ____|____
        |  router |   router0 port 'router0-outside': 172.31.133.95/26
         ---------            port 'router0-bridge0': 172.66.1.10/24
             |
         ____|____
        |  switch |   bridge0 172.66.1.0/24
         ---------
         /       \
 _______/_       _\_______
|  vm0    |     |   vm1   |
 ---------       ---------
172.66.1.12      172.66.1.13

    网络配置

    STEP1

    创建交换机outside并连接路由器router0

    # create new port on router 'router0'
ovn-nbctl lrp-add router0 router0-outside 02:0a:7f:18:01:02 172.31.133.95/26
# set gateway chassis
ovn-nbctl lrp-set-gateway-chassis router0-outside 76dc7a18-0b4e-4a25-84c8-5fce4578cf78

# create new logical switch and connect it to 'router0'
ovn-nbctl ls-add outside
ovn-nbctl lsp-add outside outside-router0
ovn-nbctl lsp-set-type outside-router0 router
ovn-nbctl lsp-set-addresses outside-router0 02:0a:7f:18:01:02
ovn-nbctl lsp-set-options outside-router0 router-port=router0-outside
# ovn-nbctl lsp-set-options outside-router0  nat-addresses=router router-port=router0-outside

    STEP2

    创建ovs网桥br-ex,并关联逻辑交换机outside

    # create localnet port on 'outside'. set the network name to "phyNet"
ovn-nbctl lsp-add outside outside-localnet
ovn-nbctl lsp-set-addresses outside-localnet unknown
ovn-nbctl lsp-set-type outside-localnet localnet
ovn-nbctl lsp-set-options outside-localnet network_name=phyNet

    在node02上创建ovs网桥br-ex,然后将enp6s0f1挂到ovs网桥上

    # create a bridge , then mapping outside port
ovs-vsctl add-br br-ex
ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=phyNet:br-ex

# add nic enp6s0f1
ovs-vsctl add-port br-ex enp6s0f1

    STEP3

    通过snat实现访问外网。通过dnat_and_snat实现fip

    # snat 连外网
ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=172.66.1.0/24 external_ip=172.31.133.95 -- add logical_router router0 nat @nat
# fip
ovn-nbctl -- --id=@nat create nat type="dnat_and_snat" logical_ip=172.66.1.12 external_ip=172.31.133.96 -- add logical_router router0 nat @nat

    查看

    查看nat

    [root@master01 /]#  ovn-nbctl lr-nat-list router0
TYPE             EXTERNAL_IP        LOGICAL_IP            EXTERNAL_MAC         LOGICAL_PORT
dnat_and_snat    172.31.133.96      172.66.1.12
snat             172.31.133.95      172.66.1.0/24

    查看ovn网络

    [root@master01 /]#
[root@master01 /]# ovn-nbctl show
switch 463541bc-4d61-4ab4-b2de-7049d149ed13 (outside)
    port outside-router0
        type: router
        addresses: ["02:0a:7f:18:01:02"]
        router-port: router0-outside
    port outside-localnet
        type: localnet
        addresses: ["unknown"]
switch b60a46af-de3a-44c2-ac88-4426fa004140 (bridge0)
    port bridge0-vm0
        addresses: ["dynamic"]
    port bridge0-router0
        type: router
        router-port: router0-bridge0
router dfecb747-b655-42d8-a63b-54aad5123ab6 (router0)
    port router0-outside
        mac: "02:0a:7f:18:01:02"
        networks: ["172.31.133.95/26"]
        gateway chassis: [76dc7a18-0b4e-4a25-84c8-5fce4578cf78]
    port router0-bridge0
        mac: "04:ac:10:ff:34:00"
        networks: ["172.66.1.10/24"]
[root@master01 /]#
[root@master01 /]# ovn-sbctl show
Chassis "aa8648e9-e367-4992-9d87-e96b99993ccc"
    hostname: "node01"
    Encap geneve
        ip: "172.31.133.27"
        options: {csum="true"}
    Port_Binding "bridge2-vm2"
Chassis "76dc7a18-0b4e-4a25-84c8-5fce4578cf78"
    hostname: "node02"
    Encap geneve
        ip: "172.31.133.28"
        options: {csum="true"}
    Port_Binding "cr-router0-outside"
    Port_Binding "bridge0-vm0"

    查看ovs网桥(node02)

    [root@node02 ~]# ovs-vsctl show
1bd24d64-5b67-4497-b972-5789ba8d4fa7
    Bridge br-int
        fail_mode: secure
        Port patch-br-int-to-outside-localnet
            Interface patch-br-int-to-outside-localnet
                type: patch
                options: {peer=patch-outside-localnet-to-br-int}
        Port "qvm0cgmk4"
            Interface "qvm0cgmk4"
        Port "ovn-aa8648-0"
            Interface "ovn-aa8648-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="172.31.133.27"}
        Port br-int
            Interface br-int
                type: internal
        Port "ovn-1800fb-0"
            Interface "ovn-1800fb-0"
                type: geneve
                options: {csum="true", key=flow, remote_ip="172.31.133.26"}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port patch-outside-localnet-to-br-int
            Interface patch-outside-localnet-to-br-int
                type: patch
                options: {peer=patch-br-int-to-outside-localnet}
        Port "enp6s0f1"
            Interface "enp6s0f1"
    ovs_version: "2.11.2"

    clear

    ovn-nbctl lr-nat-del router0 dnat_and_snat 172.31.133.96
ovn-nbctl lr-nat-del router0 snat 172.66.1.0/24
ovn-nbctl ls-del outside
ovn-nbctl lrp-del router0-outside

# node02
ovs-vsctl del-br br-ex

    验证

    在vm0里ping node01

    注:此环境中enp6s0f1无法连通外网,不然可以在vm0中ping通外网
    [root@master01 ovn]# virtctl console vm0
[root@vm0 ~]#
[root@vm0 ~]# ping 172.31.133.91
PING 172.31.133.91 (172.31.133.91) 56(84) bytes of data.
64 bytes from 172.31.133.91: icmp_seq=1 ttl=62 time=1.38 ms
64 bytes from 172.31.133.91: icmp_seq=2 ttl=62 time=0.396 ms

--- 172.31.133.91 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.396/0.889/1.383/0.494 ms
[root@vm0 ~]#

    在master01上ping fip 172.31.133.96

    [root@master01 home]# ping 172.31.133.96
PING 172.31.133.96 (172.31.133.96) 56(84) bytes of data.
64 bytes from 172.31.133.96: icmp_seq=1 ttl=62 time=2.04 ms
64 bytes from 172.31.133.96: icmp_seq=2 ttl=62 time=0.530 ms
^C
--- 172.31.133.96 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.530/1.285/2.041/0.756 ms
[root@master01 home]#
    ovsgateway
    manshu
    65 声望9 粉丝

    clear is better than clever

    « 上一篇
    ovn gateway出网方案,以及fip
    下一篇 »
    dockerfile echo指定文件多行文本

    引用和评论

    推荐阅读
    头像
    k8s job简介和访问

    manshu阅读 2.9k

    头像
    SpringCloudGateway网关服务实现文件上传功能

    刘大猫阅读 78

    0 条评论
    得票最新