Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of openstack neutron, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

Openstack neutron

Brief introduction of network elements used on the Linux Host side

Linux mainly uses the following three device models: Bridge, TAP, VETH, and VLAN. The Bridge device is a layer 2 data exchange device based on the kernel, and its function is similar to the secondary switch in the real world. TAP device is a kind of point-to-point network device working in layer 2 protocol. Each TAP device has a corresponding Linux character device. The user program can complete the data exchange with the Linux kernel network protocol stack by reading and writing the character device, which is often used by simulators in the virtualized environment. VETH devices are peer-to-peer network devices that appear in pairs. data input from one segment is output from the other end, usually used to change the direction of the data or to connect other network devices. VLAN device is a group of devices that appear as mother-child relationship, which is part of the implementation of 802.1.Q VLAN technology in Linux, which mainly completes the processing of 802.1.Q VLAN Tag.

The source of the first half of the original text (http://panpei.net.cn/2013/12/04/openstack-neutron-mechanism-introduce/)

Borrow an architecture diagram from the original material as the beginning:

Openstack neutron

From this architecture diagram, we can clearly see that there are two physical hosts, computing nodes and network nodes, because of the centralized deployment of network nodes. As for the reason for this deployment, it is because since the E version, OpenStack has begun to separate the network function from the Nova, making it a separate Neutron component. The gaffe is that the separated version does not support network distributed deployment, so the current Grizzly and Havana versions can only use network centralized deployment solution, or there can only be one node in the cluster to deploy network functions.

Compute nodes: network of virtual machine instanc

From the picture, this network contains the processes of A, B and C. An is the virtual network card of the virtual machine test0, there is nothing to talk about. The B connected to it is worth talking about. B is a TAP device, which is usually a name that begins with tap and is mounted on the Linux Bridge qbr. So what is a TAP device? The following explanation is given in the virtual network in Linux:

TAP is a virtual network kernel driver that implements Ethernet devices and operates at the Ethernet framework level. The TAP driver provides Ethernet "tap" through which access to the Ethernet framework can communicate.

All in all, a TAP device is actually a network interface virtualized by a Linux kernel. OK, we understand the TAP device, if you still don't understand, you can check the specific definition of TAP. Then there is qbr, which, as I said before, is a Linux Bridge. It is very strange that in this architecture, we use OpenvSwitch to implement virtual switching devices. Why is there Linux Bridge? OpenStack Networking Administration Guide gives the following explanation:

Ideally, the TAP device vnet0 would be connected directly to the integration bridge, br-int. Unfortunately, this isn't possible because of how OpenStack security groups are currently implemented. OpenStack uses iptables rules on the TAP devices such as vnet0 to implement security groups, and Open vSwitch is not compatible with iptables rules that are applied directly on TAP devices that are connected to an Open vSwitch port.

That is to say, OpenvSwitch does not support the current implementation of OpenStack, because OpenStack implements the security group function by throwing iptables rules into the TAP device. There is no way, so use a compromise way, add a layer in the middle, use Linux Bridge to achieve it, so, inexplicably more than a qbr bridge. There is another device C on top of qbr, which is also a TAP device. C usually starts with qvb, and C and D on br-int are connected together to form a connection channel, which makes the communication between qbr and br-int smooth.

Compute Node: the Network of Integrated Bridge (br-int)

I just mentioned that D (this is also a TAP device) is on the br-int, and now it's br-int 's turn. Br-int is a virtual bridge virtualized by OpenvSwitch, but in fact it already acts as a virtual switch. The main duty of br-int is to connect all the VM on its computing node to the virtual switch, and then use the penetration function of br-tun to realize the function that the VM on different computing nodes is connected to the same logical virtual switch. This seems to be a bit of a mouthful, in fact, from the administrator's point of view, all the VM are connected to a virtual switch, but in fact these VM are distributed on different physical hosts. OK, go back to D, D usually starts with qvo. There is another port E on it, which always appears in the form of patch-tun, which is literally used to connect to br-tun.

Compute node: the network of the channel bridge (br-tun)

Br-tun has mentioned above that this is also a virtualized bridge of OpenvSwitch, but it is not used as a virtual switch, it exists only as a channel layer, through the device G above it communicates with the br-tun on other physical machines to form a unified communication layer. In this way, network nodes and computing nodes, computing nodes and computing nodes will form a point-to-point communication network based on GRE, and a large amount of data will be exchanged with each other through this network. In this way, the communication between the network node and the computing node is opened. The G and H in the picture depict this communication.

Network node: the network of the channel bridge (br-tun)

As mentioned earlier, there is also a br-tun on the network node, and its function is the same as the br-tun on the computing node, which exists in order to build a unified communication layer in the whole system. Therefore, the function of this part of the network is the same as that of the network on the computing node, so there is no need to say more.

Network node: the network of integrated bridge (br-int)

The br-int on the network node also acts as a switch, which is connected with br-tun through I and J. Finally, on this virtual switch, there are two other important tap devices, M and O, which are connected to N and P respectively, while N and P as tap devices belong to two namespacerouter and dhcp respectively. Yes, as the names of these two namespace indicate, they undertake the functions of router and dhcp. This router is created by l3-agent according to the needs of network management, and the router is then bound to a specific subnet to manage the routing function of that subnet. Router realizes the routing function by relying on the iptables in the namespace. Dhcp is also created by l3-agent for a specific subnet as needed. In this namespace, l3-agent starts a process of dnsmasq, which is actually in charge of the dhcp function of that subnet. Because both namespace are created for specific subnets, they often appear in pairs in existing OpenStack systems.

Network node: the network of the external bridge (br-ex)

When the data is routed out of the router, it will be transmitted to the virtual bridge br-ex through L and K, while the br-ex is actually loaded on the physical network card in hybrid mode and receives data packets on the network in real time. At this point, the VM on our computing node can communicate freely with external networks. Of course, the premise is that we have assigned float-ip to the VM.

Thank you for reading this article carefully. I hope the article "sample Analysis of openstack neutron" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.