Shulou(Shulou.com)06/02 Report--

1. Virtual machine north-south communication:

Environment:

External network:

Network 203.0.113.0/24

IP address allocation from 203.0.113.101 to 203.0.113.200

Project network router interface 203.0.113.101 TR

Project network

Network 192.168.1.0/24

Gateway 192.168.1.1 with MAC address TG

Compute node 1

Instance 1 192.168.1.11 with MAC address I1

Instance 1 resides on compute node 1 and uses a project network.

The instance sends a packet to a host on the external network.

Process:

The process that involves computing nodes:

Instance carries its own mac address and destination address and gateway as well as tag through the qvb-qbr-qvo on the qbr device

Security groups generated through qbr Bridge

The qbr bridge transfers traffic to the br-int

Br-int bridge connects the project network with the corresponding tag

For VLAN project networks

Br-init-- > br-vlan

Br-vlan replaces tag with real tag

Br-vlan forwards packets to the br-vlan of the network node

Related to network nodes

The packet just sent from the br-vlan of the compute node to the br-vlan of the network node through the switch.

Br-vlan forwards the packet to the br-int bridge

Br-int converts the real tag into the tag that ovs recognizes itself. Br-int is equipped with qroute interface (qr) devices, including interface gw and tag

Through the iptables rule in namespace of qroute, you can view the ip information in namespace by using qr as source nat to the qg device.

[root@cloud02 ~] #

View Iptables rules

Neutron-l3-agent-float-snat all-anywhere anywhere

SNAT all-anywhere anywhere to:10.10.255.226

SNAT all-- anywhere anywhere mark match! 0x2/0xffff ctstate DNAT to:10.10.255.226

The br-int is forwarded to the br-ex and then from the br-ex to the subinterface of the external network.

At this point, the Snat is all complete.

2. The north-south traffic of virtual machines with FloatingIP

Environment:

External network

Network 203.0.113.0/24

IP address allocation from 203.0.113.101 to 203.0.113.200

Project network router interface 203.0.113.101 TR

Project network

Network 192.168.1.0/24

Gateway 192.168.1.1 with MAC address TG

Compute node 1

Instance 1 192.168.1.11 with MAC address I1 and floating IP address 203.0.113.102 F1

Instance 1 resides on compute node 1 and uses a project network.

The instance receives a packet from a host on the external network.

Process

Through the network node:

Forwarded to br-ex through the external interface, and forwarded to br-int by br-ex

Br-ex 's qg device is transferred to qg device on qrouter.

View iptables nat rules in qruoter's namesapce

View virtual machines with an IP of "10.0.0.5"

You can see that the dnat corresponding to the flouting-ip in the router corresponds to the project ip of the virtual machine.

Transfer the package to br-int via route. Br-init is transferred to br-vlan and typed with the real tag.

From the interface to the switch.

Through the computing node

After the br-vlan of the computing node receives the packet, it sends it to br-init,br-int to convert the tag into ovs's own internal tag. Then go through qvb and qvo and follow a pair of peer to the qbr bridge to reach the tap device. As shown in the figure:

Virtual machines communicate on different networks:

Environment:

Project network 1

Network: 192.168.1.0/24

Gateway: 192.168.1.1 with MAC address TG1

Project network 2

Network: 192.168.2.0/24

Gateway: 192.168.2.1 with MAC address TG2

Compute node 1

Instance 1: 192.168.1.11 with MAC address I1

Compute node 2

Instance 2: 192.168.2.11 with MAC address I2

Instance 1 resides on compute node 1 and uses project network 1.

Instance 2 resides on compute node 2 and uses project network 2.

Both project networks reside on the same router.

Instance 1 sends a packet to instance 2.

Through the compute01:

The tap device connects the qbr bridge to the br-int bridge through qvb and qvo, thus reaching the br-int

The br-int forwards the packet to the br-vlan, and the br-vlan prints the real tag, and then sends it to the switch through the interface.

Through the network node:

Br-vlan receives the packet sent by br-vlan on compute01, and br-vlan forwards the packet to br-int. Br-int replaced tag with tag that he could recognize.

Br-int sends the packet to qrouter's qbr-1 interface. And carry their own gateway information.

The route sends the qbr-1 packet to qbr-2 through the route function.

Qbr-2 is forwarded to br-int

Br-init forwards the packet to br-vlan,br-vlan and replaces tag with the real tag

Br-vlan sends the packet to network-2 's bridge, and br-vlan sends it to compute-2 's node.

Through the compute02 node's

The compute node 2 receives a packet from the network node br-vlan.

Br-vlan=== > br-int

Br-int = = > qbr=== > tap

Summary:

1. Virtual machines on different nodes of the same network communicate with each other without going through the network node.

2. the impassable network communicates with each other through the network node

3. The virtual machines of the same network department and computing nodes communicate with each other and go directly to br-int.

Reference connection:

Https://docs.openstack.org/liberty/networking-guide/scenario-classic-ovs.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.