Shulou(Shulou.com)06/03 Report--

Building the OpenStack platform or maintaining the OpenStack platform will use some cross-network knowledge, partly related to the configuration of the Linux operating system, and partly related to switches, routers, bridges and other network devices. Of course, the part related to the network will not be particularly in-depth, still give priority to the basic operation, after all, the OpenStack platform is still a software-centric OS-level underlying platform in essence.

When using the OpenStack platform, we frequently use these concepts in the daily maintenance process: network card interface, bridge, VLAN, VXLAN, namespaces and namespaces, GRE.

The network card, which refers to the Ethnet in the Linux system, is a physical interface that can also be simulated by virtual software.

Network card management tool ethtool

Installation:

Ubuntu:apt-get install-y ethtool

CentOS:yum install-y ethtool

Action:

Ethtool-s DEVICENAME autoneg off speed NUMBER duplex full / set the network card to turn on full duplex at a certain speed /

Ubuntu: the network card configuration file is / etc/network/interfaces

Ethtool eth0 / check the information of the online exam eth0 /

/ etc/init.d/networking restart / restart the network service /

Configure the subinterface eth3:0 of the network card eth3, and edit the configuration file of eth3 as follows

Auto eth3

Iface eth3 inet static

Address 12.7.2.2

Netmask 255.0.0.0

Auto eth3:0

Iface eth3:0 inet static

Address 12.7.2.21

Netmask 255.0.0.0

}

Ifconfig / View Nic information /

CentOS: the Nic configuration file is / etc/sysconfig/network-scripts/ifcfg- Nic name

Ethtool em1 / View the information of the network card em1 /

Service network restart / restart Network Services /

Configure the subinterface em2:0 of the network card em2, and edit the configuration file / etc/sysconfig/network-scripts/ifcfg-em2:2 as follows

DEVICE=em2:0

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.1.100

NETMASK=255.255.255.0

GATWAY=192.168.1.1

ONPARENT=yes

}

What is a bridge? When a bridge appears as a physical device, it refers to a hardware product that only has input and output ports and works at the data link layer to forward frames. It is used to link two homogeneous networks, that is, LAN using the same network protocol, and relies on cached MAC addresses to forward or discard data according to set conditions. In the OpenStack environment, the bridge refers to the virtual Ethernet interface bridging technology of the Linux kernel module, which also has the function of the switch and can have multiple ports. All the network cards added to the bridge share the IP of the bridge, which is equivalent to connecting a network cable on the port of the physical switch to solve the connection problem of the virtual machine network card. Bridging is to connect multiple ports on a machine, and messages received by one port will be assigned to other ports.

In the OpenStack virtual environment, the virtual bridge in the Linux host system will be connected to the physical network card of the host, and the network card in the host system will be added to the virtual bridge.

The bridge appears in the host system, and we choose CentOS as the host system:

1 bridge-utils, a management tool for installing bridges

Yum install-y brodge-utils

2 create the bridge br1 and add the physical network card em1 to the br1, and configure the IP of br1 to 172.21.1.3

Brctl addbr br1

Brctl addif em1

Ifconfig em1 0.0.0.0

Ifconfig br1 172.21.1.3 netmask 255.255.0.0

3 View bridge information

Brctl show br1

4 configuration file ifcf-em1 of physical Nic em1:

DEVICE= "em1"

HWADDR= "d4:ae:52:64:04:06"

# NM_CONTROLLED= "yes"

ONBOOT= "yes"

BRIDG= "br1"

5 configuration file ifcfg-br1 for virtual bridge br1:

DEVICE= "br1"

TYPE=Bridge

BOOTPROTO=static

IPADDR=172.21.1.3

NETMASK=255.255.0.0

NETWORK=172.21.0.0

GATEWAY=172.21.1.1

DNS1=61.139.2.69

ONBOOT= "yes"

After you configure the IP for the bridge, you can use this IP to remotely access the host system.

The boarding system IP connected with the bridge can be in the same network segment or in different network segments as the IP of the bridge.

In the experimental environment, we uniformly configure the IP segment of the hosting system as 192.168.1.0, the gateway address of the external switch is 192.168.1.1, and the IP of the bridge br1 in the host system is 172.21.1.3.

Our hosting system is the network card of Ubuntu,Ubuntu. Eth0 needs to be added to the network card br0 of the host system. The network card, bridge and other configurations of Ubuntu are completed in file / etc/network/interfaces:

Auto eth0 iface

Eth0 inet manual

Auto br0

Iface br0 inet static

Address 192.068.1.3

Netmask 255.255.255.0

Gateway 192.168.1.1

Bridge_ports eth0

About the bridge link between the network card of the hosting system and the host system:

When creating a boarding system, the host system CentOS can mount the network card of the hosting system to the designated bridge through the GUI tool virt-manager.

VLAN, the 802.1Q protocol, is used to limit the decline in bridge communication capacity caused by broadcast storms and can isolate different networks. Traditionally, we correspond virtual bridges to VLAN. There can be 4096 VLAN in a LAN.

The working mechanism of VLAN is to add a tag to each host sending packets, and each host can only receive packets of the same VLAN tag.

The port that marks the packet with tag is called the access port, and the port that forwards only the packet is called the trunk port. The interface of each host machine on the virtual bridge is the access port, and the physical network card interface on the host and the port on the switch are the trunk port.

The management tool of VLAN under Linux is vconfig.

Under the boarding system Ubuntu, install vconfig and load the 8021q module:

Apt-get install vlan

Modprobe 8021q [add this module to the configuration file / etc/modules]

The data of multiple VLAN can be forwarded through a physical network card, and each VLAN appears as a separate interface. You can assign a different IP to each VALN interface, making this IP the gateway for some VALN to access.

Create VALN 2, 3, 4 on the eth3 of the boarding system Ubuntu and assign them to each VALN IP, and then add them to the routing table of the hosting system:

Vconfig add eth3 2

Vconfig add eth3 3

Vconfig add eth3 4

Ifconfig eth3.2 192.168.2.1 netmask 255.255.255.0 up

Ifconfig eth3.3 192.168.3.1 netmask 255.255.255.0 up

Ifconfig eth3.4 192.168.4.1 netmask 255.255.255.0 up

Ip route add 192.168.1.0/24 dev eth3.2

Ip route add 192.168.2.0/24 dev eth3.3

Ip route add 192.168.3.0/24 dev eth3.4

[API vconfig rem VALN indicates deletion of a VLAN interface]

In the host CentOS, we only create a virtual bridge and the gateway of the VLAN,VALN is set in the switch, and the exchange of visits between different VLAN is done through the routing table in the switch. To restrict mutual access between different VALN, you should configure access control lists in the switch.

Using multiple network cards to connect different network segments, it is necessary to use routing tables to deal with network paths.

Open vSwitch is a virtual switch created in the host system CentOS.

Use of virtual switches:

Ovs-vsctl add-br br0/ add virtual bridge br0/

Ovs-vsctl add-port br0 eth0 / add the network card eth0 to the virtual bridge br0/

Ovs-vsctl add-port br0 vlan1 tag=1 / * * create a port vlan1/ belonging to VLAN1 on the virtual bridge br0

Ovs-vsctl add-port br0 vlan2 tag=2 / * * create a port vlan2/ belonging to VLAN2 on the virtual bridge br0

Ovs-vsctl set Interface vlan1 type=internal / set Port vlan1/

Ifconfig vlan1 192.168.1.1 netmask 255.255.255.0 / set the IP of the vlan1 port to 192.168.1.1 /

Ovs-vsctl set Interface vlan2 type=internal / set Port vlan2/

Ifconfig vlan2 192.168.2.1 netmask 255.255.255.0 / set the IP of the vlan2 port to 192.168.2.1 /

[if we configure the IP of eth0 to 0, we should configure the virtual bridge br0 with IP and gateway, and access the server through the IP of the virtual bridge]

About saving the configuration of OVS: one is to write the configuration instruction to / etc/rc.local; the other is to write the configuration to the network configuration file.

A VXLAN administrative domain can have 16 million VIN and each VIN can have 4096 VLAN. Host machines running on the same VIN can communicate.

You can create a VXLAN interface on the host system CentOS and add it to a bridge of the virtual switch, so that OVS has the function of multicast.

In Linux, namespaces provide a virtual isolation mechanism for resources, so that multiple processes do not interfere with each other. In OpenStack, we pay more attention to network namespaces. Network devices in the same namespace can access each other, while network devices in different namespaces cannot access each other. The communication between the namespace and the system is realized through VETH, and the data of the veth-in interface in the namespace will be forwarded to the veth-out port of the system space. After the veth-out and the host network card eth0 are added to the same virtual bridge, the data of the veth-in interface can communicate with the outside through the host network card eth0.

GRE, whose full name is Generic Routing Encapsulation, is a general routing encapsulation, which encapsulates the messages of some network protocols and enables the encapsulated messages to be transmitted in another network protocol. GRE is essentially a tunnel technology that supports point-to-point connection, which is encapsulated and unpacked by OVS in OpenStack. This is one of the main Overlay network technologies used today, which is proposed by Cisco and other companies.

VXLAN, a new design concept of domain management, is a function on the switch. Each management domain can hold 1600 VIN, and each VIN can accommodate 4096VLAN, which greatly expands the tenant capacity of the entire OpenStack. Colleagues also enable a tenant's VM instance to be deployed across data centers.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.