目录
一、实验
1.环境
2. OVS 集群 使用VXLAN 流表(单租户)
3. OVS 集群 使用VXLAN 流表(多租户)
二、问题
1.如何添加VXLAN接⼝
2.virsh修改云主机MAC报错
一、实验
1.环境
(1) 主机
表1 宿主机
| 主机 | 架构 | 软件 | IP | 网卡 | 备注 |
| ovs_controller | 控制端 | karaf 0.7.3 | 192.168.204.63 | 1个NAT网卡 (204网段) | 已部署 |
| ovs_server01 | 服务端 | OpenvSwitch v2.5.1 | 192.168.204.61 | 1个NAT网卡 (204网段), 1个仅主机网卡 (88网段) | 已部署 |
| ovs_server02 | 服务端 | OpenvSwitch v2.5.1 | 192.168.204.62 | 1个NAT网卡 (204网段), 1个仅主机网卡 (88网段) | 已部署 |
表2 目标云主机
| 云主机 | IP | 备注 |
| cloudserver01 | 172.16.1.1 | 宿主机ovs_server01 |
| cloudserver02 | 172.16.1.2 | 宿主机ovs_server02 |
(2) 查看IP
ovs_controller
ovs_server01
ovs_server02
(3)查看OVS
ovs-vsctl showovs_server01
ovs_server02
(4)查看OVS流表节点
ovs_server01
ovs-ofctl show ovs01 -O OpenFlow13
ovs_server02
ovs-ofctl show ovs02 -O OpenFlow13
(5) 查看OVS流表信息
ovs_server01
ovs-ofctl dump-flows ovs01 -O OpenFlow13
ovs_server02
ovs-ofctl dump-flows ovs02 -O OpenFlow13
2. OVS 集群 使用VXLAN 流表(单租户)
(1)服务端删除云交换机端口
ovs_server01
ovs-vsctl del-port vxlan0
ovs-vsctl show
ovs_server02
ovs-vsctl del-port ovs02 vxlan0
ovs-vsctl show
(2)添加端口与VXLAN接⼝
ovs_server01
ovs-vsctl add-port ovs01 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.204.62 option:key=flow ofport_request=10 ovs-vsctl show
ovs_server02
ovs-vsctl add-port ovs02 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.204.61 option:key=flow ofport_request=10ovs-vsctl show
(3)查看接口
ovs_server01
ovs-ofctl show ovs01
ovs_server02
ovs-ofctl show ovs02
(4)查看接口列表
ovs-vsctl -- --columns=name,ofport list Interface
ovs_server01
ovs_server02
(5)添加控制端
ovs_server01
ovs-vsctl set-controller ovs01 tcp:192.168.204.63:6633
ovs_server02
ovs-vsctl set-controller ovs02 tcp:192.168.204.63:6633
(6)查看ODL
Nodes节点信息
Topology拓扑信息(VXLAN-TRUNK没有连接线)
(7)查看控制端下发的OVS默认流表
ovs_server01
ovs-ofctl dump-flows ovs01 -O OpenFlow13
ovs_server02
ovs-ofctl dump-flows ovs02 -O OpenFlow13
(8)流量抓包
ovs_server01 抓取ens33网卡,发送端口随机,接收端口都为4789
tcpdump -i ens33 | grep -i vxlan
(9)流量写入本地
ovs_server01
tcpdump -i ens33 -w vxlan-vni0.pcap
云主机01 ping 云主机02
ovs_server01 结束抓包
(10)流向分析
表3 流向分析
| 云主机cloudserver01 | 流向 | 云主机cloudserver01 |
| in_port=1,action=output:10 | → | in_port=10,action=output:1 |
| in_port=10,action=output:1 | ← | in_port=1,action=output:10 |
(11)查看下载的流量包
过滤vxlan
所有VNI 都被打上标签0
3. OVS 集群 使用VXLAN 流表(多租户)
(1)初始化流表
ovs_server01
ovs-ofctl del-flows ovs01 -O Openflow13
ovs_server02
ovs-ofctl del-flows ovs02 -O Openflow13
(2)查看流表
ovs_server01
ovs-ofctl dump-flows ovs01 -O openflow13
ovs_server02
ovs-ofctl dump-flows ovs02 -O openflow13
(3)查看MAC
ovs_server01
ovs-appctl fdb/show ovs01
ovs_server02
ovs-appctl fdb/show ovs02
(4)关闭云主机
cloudserver01
cloudserver02
(5)查看MAC
cloudserver01
cloudserver02
(6)查看云主机
virsh list --allovs_server01
ovs_server02
(7)ovs_server01 修改云主机MAC
virsh edit cloudserver01:/interface
修改前:
修改后:
00:00:00:00:aa:01
(8)ovs_server02修改云主机MAC
virsh edit cloudserver02:/interface
修改前:
修改后:
00:00:00:00:aa:02
(9)再次查看云主机MAC
cloudserver01已更新
cloudserver02已更新
(10)启动云主机
cloudserver01
cloudserver02
(11)修改云主机网卡
cloudserver01
cloudserver02
(12)网络测试
云主机01 ping 云主机02,目前不通
(13)构建⾃定义多租户VXLAN流表
ovs_server01
sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=0,in_port=1,actions=set_field:10001->tun_id,resubmit(,1)"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=0,actions=resubmit(,1)"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=1,tun_id=10001,dl_dst=00:00:00:00:aa:01,actions=output:1"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=1,tun_id=10001,dl_dst=00:00:00:00:aa:02,actions=output:10"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=1,tun_id=10001,arp,nw_dst=172.16.1.1,actions=output:1"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=1,tun_id=10001,arp,nw_dst=172.16.1.2,actions=output:10"sudo ovs-ofctl -O OpenFlow13 add-flow ovs01 "table=1,priority=100,actions=drop"
ovs_server02
sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=0,in_port=1,actions=set_field:10001->tun_id,resubmit(,1)"sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=0,actions=resubmit(,1)"sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=1,tun_id=10001,dl_dst=00:00:00:00:aa:02,actions=output:1"
sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=1,tun_id=10001,dl_dst=00:00:00:00:aa:01,actions=output:10"sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=1,tun_id=10001,arp,nw_dst=172.16.1.2,actions=output:1"sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=1,tun_id=10001,arp,nw_dst=172.16.1.1,actions=output:10"sudo ovs-ofctl -O OpenFlow13 add-flow ovs02 "table=1,priority=100,actions=drop"
(14) 查看流表
ovs_server01
ovs-ofctl dump-flows ovs01 -O openflow13
ovs_server02
ovs-ofctl dump-flows ovs02 -O openflow13
(15)网络测试
云主机01 ping 云主机02,目前已通
(16)流量抓包下入本地
ovs_server01
tcpdump -i ens33 -w vxlan-vni10001.pcap
云主机01 ping 云主机02
抓包结束
(17)流量分析
过滤vxlan
VNI为10001
其他LLDP的VNI为0
(18)流量抓包在线获取
tcpdump -i ens33 | grep -i vxlan
云主机01 ping 云主机02
抓包结束(1口的流量VNI为10001,其他LLDP的VNI为0)
二、问题
1.如何添加VXLAN接⼝
(1)ovs_server01 添加
key=flow表示隧道的VNI是通过流表来指定;ofport_request=10 表示端⼝号码设置为10
ovs-vsctl add-port ovs01 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.204.62 option:key=flow ofport_request=10 ovs-vsctl show
(2)ovs_server02 添加
key=flow表示隧道的VNI是通过流表来指定;ofport_request=10 表示端⼝号码设置为10
ovs-vsctl add-port ovs02 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.204.61 option:key=flow ofport_request=10ovs-vsctl show
2.virsh修改云主机MAC报错
(1)报错
错误:(domain_definition):71: attributes construct error<mac address=''00:00:00:00:aa:01'/>
---------------------^
失败的。 Try again? [y,n,i,f,?]:
(2)原因分析
配置错误,MAC地址前多了1个单引号。
(3)解决方法
修改配置。
输入重新配置
修改前:
修改后:
