Shulou(Shulou.com)05/31 Report--

This article shows you the environment and example analysis used in the Neutron node, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

I. the environment used in the Neutron node.

To sum up briefly:

Neutron-OVS-Agent is responsible for the Compute node:

Br-int: each virtual machine is connected to the OVS bridge through a Linux brige

Br-tun: transforming VLAN ID and Tunnel ID in Network packet

GRE tunnel: virtual GRE channel

On the Neutron node:

Br-tun/br-int: same as Compute node, and Neutron-OVS-Agent is responsible for it

Br-ex: connect a physical network card to communicate with the external network

Network namespace: Neutron-DHCP-Agent is responsible for qDHCP for tenant network DHCP services, and Neutron-L3-Agent is responsible for qRouter for inter-network routing

two。 Several typical process cases 2.1 process 1: the communication process between virtual machines in the same subnet on the same host

Because br-int is a virtual layer 2 switch, the communication between virtual machines in the same subnet on the same host only passes through the br-int bridge, not the br-tun bridge. The red line is shown in the following figure:

2.2 process 2: the communication process between virtual machines on the same subnet on different hosts

Process:

1. Packet, which starts from virtual machine 1 on the left, goes through Linux bridge to br-int and is hit with VLAN ID Tag.

two。 Arrive at br-tun, convert VLAN ID to Tunnel ID, send out from GRE Tunnel, and arrive at another compute node

3. Go through the opposite process on another compute node to the virtual machine on the right

Note: this configuration will be verified by experiments soon.

2.3 process 3: virtual machines access the public network

1. Packet leaves the virtual machine, passes through Linux bridge, arrives at br-int, and hits VLAN ID Tag.

two。 Achieve br-tun and convert VLAN ID to Tunnel ID

3. Enter the GRE channel from the physical network card

4. The network card that reaches the Neutron node from the GRE channel

5. Achieve the br-tun connected to the physical network card and convert Tunnel ID to VLAN ID

6. Reach br-int, and then reach router,router 's NAT table to convert fixed IP addresses into floatiing IP addresses, and then route to br-ex.

7. Go out to the external network from the physical network card connected to the br-ex

It is the opposite process for the external network IP to access the virtual machine.

2.4 process 4: send DHCP request on virtual machine

Process:

1. Virtual machine packet-> br-int- > br-tun- > GRE Tunnel-> eth3- > eth3- > br-tun- > br-int- > qDHCP

2. QDHCP returns its fixed IP address and returns it the same way.

For example, during the startup of a virtual machine (IP = 10.0.22.202), the request received by DHCP Server (10.0.22.201) and its reply:

Root@network:/home/s1# ip netns exec qdhcp-d24963da-5221-481e-adf5-fe033d6e0b4e tcpdumplistening on tap15865c29-9b, link-type EN10MB (Ethernet), capture size 65535 bytes / / dnsmasq listening on this TAP device

07 ttl 16 IP 56.686349 IP (tos 0x0, ttl 64, id 41569, offset 0, flags [DF], proto UDP (17), length 287)

10.0.22.202.bootpc > 10.0.22.201.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:19:65:62 (oui Unknown), length 259, xid 0xab1b9011, secs 118, Flags [none] (0x0000)

Client-IP 10.0.22.202 / / IP address of virtual machine eth0

Client-Ethernet-Address fa:16:3e:19:65:62 (oui Unknown)

Vendor-rfc1048 Extensions

Magic Cookie 0x63825363

DHCP-Message Option 53, length 1: Release

Client-ID Option 61, length 7: ether fa:16:3e:19:65:62 / / Mac address of virtual machine eth0

Server-ID Option 54, length 4: 10.0.22.201 / / DHCP Server IP address

2.5 Communication between virtual machines in different tenant

Neutron Tenant network is the communication between virtual machines in tenant. If you need to communicate between virtual machines in different tenant, you need to add Neutron routing between the two subnet.

3. Some quick conclusions about GRE/OVS/Neutron

1. GRE can isolate broadcast storms, does not need the switch to configure chunk ports, and solves the limit on the number of vlan id. Layer 3 tunnel technology can be deployed across computer rooms, but it is peer-to-peer technology, and a tunnel is needed between every two points, which is a waste of port resources at layer 4. At the same time, adding Tunnel ID to the IP header is bound to reduce the mtu value of vm. Data of the same size needs more ip packets to transmit, so the transmission efficiency is affected.

2. OVS: traffic restriction, traffic monitoring and packet analysis can be done for each vm. At the same time, OpenFlow can be introduced to separate control logic from physical switching, and sdn controller can realize layer 2 communication of vxlan across data centers, but performance may be a potential problem.

3. Advantages of Neutron:

(1) provide REST API

(2) Neutron pushes some of the functions of traditional network management to tenants, through which tenants can create their own virtual network and its subnets, create routers, etc., with the help of virtual network functions, the basic physical network can provide additional network services. For example, tenants can create their own virtual network similar to the data center network. Neutron provides a relatively perfect virtual network model and API in multi-tenant environment. Just like deploying a physical network, you need to do some basic planning and design when creating a virtual network using Neutron.

4. Possible problems of Neutron:

(1) single point failure: as the central control node of network, Neutron node can easily lead to single point failure. HA should be required in a production environment.

(2) performance degradation: network traffic goes through too many layers and latency increases.

(3) lack of scalability: when Compute nodes increase rapidly, Neutron nodes also need to be expanded.

The above is the environment and example analysis used in the Neutron node. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.