Shulou(Shulou.com)05/31 Report--

This article introduces you how to use network namespace to create a router, the content is very detailed, interested friends can refer to, hope to be helpful to you.

We will explore the network settings through a slightly more complex (but still quite basic) use case (routing between two networks). Routing uses the same components as connecting internal networks, using namespace to create an isolated container that allows network packets to be transferred between subnet.

Remember what we said in the first article, this is just an example of using the OVS plug-in. There are many plug-ins in openstack that use different ways, and we mentioned just one of them.

Use case # 4: Routing traffic between two isolated networks

In reality, we will create different networks for different purposes. We will also need to connect these networks. Because the two networks are in different IP segments, we need router to connect them. To analyze this setting, we create another network (net2) and configure a subnet of 20.20.20.0 Universe 24. After creating this network, we start a virtual machine for Oracle Linux and connect to net2. The following is a diagram of the network topology seen on OpenstackGUI:

To explore further, we will see another namespace on the openstack network node, which is used to provide services to the newly created network. Now we have two namespace, one for each network.

# ip netns listqdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42ddqdhcp-5f833617-6179-4797-b7c0-7d420d84040c

You can view the ID information of network through nova net-list, or use UI to view network information.

# nova net-list+--+ | ID | Label | CIDR | +-- +-+ | 5f833617-6179-4797-b7c0-7d420d84040c | net1 | None | | 63b7fcf2-e921-4011-8da9-5fc2444b42dd | net2 | None | +-+

Our newly created network,net2 has its own namespace, which is separate from net1. In namespace, we can see two network interfaces, one for local and one for DHCP services.

# ip netns exec qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42dd ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0012 scope host valid_lft forever preferred_lft forever19: tap16630347-45: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:bd:94:42 brd ff:ff: Ff:ff:ff:ff inet 20.20.20.3 ff:ff:ff:ff inet 24 brd 20.20.20.255 scope global tap16630347-45 inet6 fe80::f816:3eff:febd:9442/64 scope link valid_lft forever preferred_lft forever

The two network of net1 and net2 are not connected. We need to create a router and connect the two network through router. Openstack Neutron provides users with the ability to create router and connect two or more network. Router is really just an extra namespace. To create a router using Neutron, you can use GUI or command line operations:

# neutron router-create my-routerCreated a new router:+---+--+ | Field | Value | +- -+-+ | admin_state_up | True | | external_gateway_info | | id | fce64ebe-47f0-4846-b3af-9cf764f1ff11 | | name | | my-router | | status | ACTIVE | | tenant_id | 9796e5145ee546508939cd49ad59d51f | +-- +-- + |

Now let's connect the two netwrok via router:

Check the ID of subnet:

# neutron subnet-list+--+---+ | id | | name | cidr | allocation_pools | +-- -+ | 2d7a0a58-0674-439a-ad23-d6471aaae9bc | | 10.10.10.0.0swap 24 | {"start": "10.10.10.2" "end": "10.10.10.254"} | | 4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890 | | 20.20.20.0Accord 24 | {"start": "20.20.20.2" "end": "20.20.20.254"} | +-+-+

Add subnet 10.10.10.amp 24 to router:

# neutron router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 subnet=2d7a0a58-0674-439a-ad23-d6471aaae9bcAdded interface 0b7b0b40-f952-41dd-ad74-2c15a063243a to router fce64ebe-47f0-4846-b3af-9cf764f1ff11.

Add subnet 20.20.20.0 Compact 24 to router:

# neutron router-interface-add fce64ebe-47f0-4846-b3af-9cf764f1ff11 subnet=4a176b4e-a9b2-4bd8-a2e3-2dbe1aeaf890Added interface dc290da0-0aa4-4d96-9085-1f894cf5b160 to router fce64ebe-47f0-4846-b3af-9cf764f1ff11.

At this point, when we look at the network topology, we will find that two networks are connected by router:

We can also find two network interfaces connected to the router as the gateway of their respective subnet.

We can see the namespace created for router.

# ip netns listqrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11qdhcp-63b7fcf2-e921-4011-8da9-5fc2444b42ddqdhcp-5f833617-6179-4797-b7c0-7d420d84040c

When we go inside the namespace, we can see:

# ip netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 ip addr1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 0012 scope host valid_lft forever preferred_lft forever20: qr-0b7b0b40-f9: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:82:47:a6 brd ff: Ff:ff:ff:ff:ff inet 10.10.10.1 scope global qr-0b7b0b40-f9 inet6 fe80::f816:3eff:fe82:47a6/64 scope link valid_lft forever preferred_lft forever21 24 brd 10.10.10.255 scope global qr-0b7b0b40-f9 inet6 fe80::f816:3eff:fe82:47a6/64 scope link valid_lft forever preferred_lft forever21: qr-dc290da0-0a: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:c7:7c:9c brd ff:ff:ff:ff:ff:ff inet 20.20.20.1 24 brd 20.20.20 .255 scope global qr-dc290da0-0a inet6 fe80::f816:3eff:fec7:7c9c/64 scope link valid_lft forever preferred_lft forever

We see two network interfaces, "qr-dc290da0-0a" and "qr-0b7b0b40-f9". These two network interfaces are connected to the OVS and use the gateway IP of two network/subnet.

# ovs-vsctl show8a069c7c-ea05-4375-93e2-b9fc9e4b3ca1 Bridge "br-eth3" Port "br-eth3" Interface "br-eth3" type: internal Port "eth3" Interface "eth3" Port "phy-br-eth3" Interface "phy-br-eth3" Bridge br-ex Port br-ex Interface br-ex Type: internal Bridge br-int Port "int-br-eth3" Interface "int-br-eth3" Port "qr-dc290da0-0a" tag: 2 Interface "qr-dc290da0-0a" type: internal Port "tap26c9b807-7c" tag: 1 Interface "tap26c9b807-7c" Type: internal Port br-int Interface br-int type: internal Port "tap16630347-45" tag: 2 Interface "tap16630347-45" type: internal Port "qr-0b7b0b40-f9" tag: 1 Interface "qr-0b7b0b40-f9" type: internal ovs_version: "1.11.0"

We can see that these interfaces are connected to "br-int" and marked with the VLAN tag corresponding to the network. Here we can successfully ping router namespace through the gateway address (20.20.20.1):

We can also see that the virtual machine with the IP address 20.20.20.2 can ping the IP address 10.10.10.2:

The two subnet are connected to each other through a network interface in the namespace. In namespace, Neutron sets the system parameter net.ipv4.ip_forward to 1. The command is viewed as follows:

# ip netns exec qrouter-fce64ebe-47f0-4846-b3af-9cf764f1ff11 sysctl net.ipv4.ip_forwardnet.ipv4.ip_forward = 1

We can see that the system parameter net.ipv4.ip_forward in namespace is set, which has no effect on the outside of namespace.

When you create a router, Neutron creates a namespace called qrouter-. Subnets accesses router through the network interface on the br-int bridge of OVS. Network interfaces are set to the correct VLAN so that they can be connected to their corresponding network. In the example, the IP of the network interface qr-0b7b0b40-f9 is set to 10.10.10.1 and the VLAN label is 1, which can be connected to "net1". Allow the route to take effect by setting the system parameter net.ipv4.ip_forward to 1 in namespace.

On how to use network namespace to create a router to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.