SlideShare ist ein Scribd-Unternehmen logo

Make your DVR playground using DevStack

Jiang Jun
Jiang Jun

Make your DVR (Distributed Virtual Router) playground using DevStack

Software
1 von 30
Downloaden Sie, um offline zu lesen
Make your DVR playground using Devstack 江骏 @ohmystack (Twitter, Instagram) @任我骏驰 (Weibo) Distributed Virtual Router
不是每个人天生就是做网络的
但是,离开了网络 & 存储,IaaS 又是没有意义的
Icehouse Juno Kilo (Count by reviews) http://stackalytics.com/?release=kilo&metric=marks
应用层 表示层 会话层 传输层
 (端到端的数据交换机制) 网络层
 (Packet,路由和寻址,使端到端找到最佳路径) 数据链路层
 (Frame,连接的创建、维持、释放,保证端到端) 物理层 ✔ ✔
Basic networking • Ethernet • VLANs • ARP • IP • ICMP/TCP/UDP Network components • Switches • Routers • Firewalls • Load balancers
Tunnel technologies • Generic routing encapsulation (GRE) • Virtual extensible local area network (VXLAN) Network namespaces • Virtual routing and forwarding (VRF) • Linux network namespaces # ip netns # ip netns exec <namespace> <command>
进入虚拟的世界 Linux 抽象网络设备简介 http://www.ibm.com/developerworks/cn/linux/1310_xiawc_networkdevice/index.html • bridge • VLAN device • TAP • VETH (pair)
Scenario1: VLAN Networking
OpenStack Networking - Neutron • API server • Plug-in and Agents • Messaging queue
OpenStack networking concepts • Tenant networks
 Flat, VLAN, GRE and VXLAN • Provider networks • Subnets • Ports • Routers • Security groups • Extensions
ML2 (Modular Layer 2) Tenant network types • Local • VLAN • GRE • VXLAN Mechanism • Linux bridge • Open vSwitch • L2 population • Specialized • Open source • Proprietary
 (vendor) Agents • L3 • DHCP • Metadata
ML2 (Modular Layer 2) ・ML2 让大家不局限于每次只能用一种 plugin ( Linux Bridge / OVS ) ・底下的实现可以不同,不管是 KVM 还是 hyper-V,只要它们共用一个 VLAN,它们就能通讯。 ・让 L3 变成了 L3 as a Service plugin
L2 population 为什么需要? 1. Unicast(MAC 未被习得时), multicast, broadcast traffic is flooded out tunnels to all other compute nodes 2. 有非常多的 ARP,有没有好一点的办法处理它们 3. 如果一个 node 上根本没有 VM,那么那个 node 还需不需要收到那些 broadcast。 http://assafmuller.com/2014/02/23/ml2-address-population/
L2 population L2 population 在宿主机通过 Proxy ARP, 提前拦下 ARP 请求,主动根据数据库回答目标主机在哪。 Without L2 pop With L2 pop http://docs.openstack.org/admin-guide-cloud/content/ml2_l2pop_scenarios.html
L3 Agent ・ L3 Agent 用 namespaces 提供多个独立的 virtual routers (Overlapping IPs. 用户更加自由创建 subnet) ・ L3 的功能基本上就是 SNAT、floating-ip Namespaces: qdhcp-xxx - 第⼀一次创建 VM 时添加 qrouter-xxx - 设置 gateway 时添加 * router/network 删除后,ns 需要⼿手动删除 为什么需要? 1. Flat 需要搭 bridge,VLANs 需要人工手动去配交换机、网关。 2. 所有路由都有上层的设备控制,firewall, router, NAT... 3. 这些都影响灵活和拓展性。
Scenario2: with Open vSwitch RouterNetwork Node External Network1 Network2 E-W Traffic E-W Traffic N-S Traffic N-S Traffic
L3 with HA 有三种方法: 1. “迁移法” 但耗时长(故障恢复时间长)。 
 https://review.openstack.org/#/c/110893/  2. “VRRP active/passive” 让 router 分布在多个 network node 上。
 http://assafmuller.com/2014/08/16/layer-3-high-availability/ 3. “VRRP + DVR” 至少让 floating-ip 部分能分布式,剩下的 SNAT 仍 用 VRRP。 仅采用 VRRP 方式的缺陷: ・ TCP Connection Tracking ・ …
Scenario3: with DVR (Distributed Virtual Router)
Network node cpu-node2cpu-node1 Scenario3: with DVR (Distributed Virtual Router) SNAT Router External VM with Network1 VM with Network2 E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without floating IPs) ・East/west traffic: 同个 tenant 的不同 networks。compute-node 之间直接发送,不再需 要走 network-node。 ・North/south traffic with floating IPs: 直接由 compute-node 进行路由,不再需要走 network-node。 ・North/south traffic without floating IPs: 仍旧去 network-node,走 SNAT 出去。
Deploy OpenStack Env • Devstack • Salt - cloudbase/salt-openstack • Docker - stackforge/kolla • Puppet • Chef • Juju • TripleO - OpenStack on OpenStack • …
Devstack Gate • http://ci.openstack.org/devstack-gate.html • An integration test • All changes to core OpenStack projects are “gated” on a set of tests so that it will not be merged into the main repository unless it passes all of the configured tests.
✔
Devstack 的一些注意点 • Proxy 问题
 local.conf 中虽然可以配 http_proxy,但不建议使⽤用,它容易导致 pip 安装时出现 md5 check 失败。
 • ⻓长时间⽤用同⼀一份 /opt/stack 下⾯面的源码,会引发⼀一些 requirements 的问题。 • 让 Dashboard 拥有 VNC Console
 从某⼀一版本对 Devstack 后,cauth 就从默认安装⾥里去除了。所以,我们得往配置上⾯面⼿手 动加上。
 • 强制从 Git 安装某些 client 包
 Devstack 安装那些主要服务时,默认会从 Git 拉下来安装;装其它那些 client 包时,就 直接从 pypi 装了。如果希望强制某些 client 包也从 Git 安装,可以这样:
 • 如何备份 /opt/stack export http_proxy=‘http://xxx.xxx.xxx.xxx:xxxx’ LIBS_FROM_GIT=python-novaclient,python-neutronclient enable_service n-cauth # cd /opt # tar cf ~/stack.tar stack --exclude='stack/data' --exclude='stack/logs' --exclude='stack/status' --exclude='stack/.wheelhouse' --exclude='*.pyc' --exclude='.venv'
https://gist.github.com/ohmystack/93aa8215456124fb147c 3 个 node 的 local.conf ⽂文件 net-node cpu-nodeall-in-one-node SNAT Router External VM with Network1 VM with Network E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without 10.0.2.0/24
  GateWay:
 10.0.2.2 10.0.0.0/24 10.0.1.0/24 10.0.2.2210.0.2.2110.0.2.23 参考:http://assafmuller.com/2015/04/06/multinode-dvr-devstack/
ip link ip link show up ip addr   # shows status of all physical and virtual devices ip addr show to/dev/label ... # ip addr show label 'eth*' ip route show to 10.18.5.0/24 ip route show table main ip route show to/from/table/type/dev/via/src ... ip route get to/from/... ... # Set a Route to the Locally Connected Network eth0 ip route add 192.168.1.0/24 dev eth0 # Set a default route ip route add default via 192.168.1.254 ip netns ip netns exec namespasce command brctl show ovs-vsctl show  # shows interfaces and bridges in the virtual switch ovs-vsctl add-br br-name ovs-vsctl add-port br-name interface ovs-dpctl show  # shows data path on the switch ovs-ofctl dump-flows br-tun iptables -L -n -v   # check iptables rules iptables-save tcpdump -n -i interface -w filename
DEMO

Empfohlen

[Python - Deep Learning] Data generator
[Python - Deep Learning] Data generator[Python - Deep Learning] Data generator
[Python - Deep Learning] Data generatorSean Yu
 
OpenStack DevStack Tutorial
OpenStack DevStack TutorialOpenStack DevStack Tutorial
OpenStack DevStack TutorialSaju Madhavan
 
Install dev stack
Install dev stackInstall dev stack
Install dev stackBasim Aly (JNCIP-SP, JNCIP-ENT)
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialSaju Madhavan
 
第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVR第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVRToru Makabe
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development StationBasim Aly (JNCIP-SP, JNCIP-ENT)
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
Devstack lab guide
Devstack lab guideDevstack lab guide
Devstack lab guideopenstackcisco
 

Empfohlen

[Python - Deep Learning] Data generator
[Python - Deep Learning] Data generator[Python - Deep Learning] Data generator
[Python - Deep Learning] Data generatorSean Yu
 
OpenStack DevStack Tutorial
OpenStack DevStack TutorialOpenStack DevStack Tutorial
OpenStack DevStack TutorialSaju Madhavan
 
Install dev stack
Install dev stackInstall dev stack
Install dev stackBasim Aly (JNCIP-SP, JNCIP-ENT)
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialSaju Madhavan
 
第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVR第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVRToru Makabe
 
Building Python Development Station
Building Python Development StationBuilding Python Development Station
Building Python Development StationBasim Aly (JNCIP-SP, JNCIP-ENT)
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
Devstack lab guide
Devstack lab guideDevstack lab guide
Devstack lab guideopenstackcisco
 
Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewaveTrack2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewaveOpenCity Community
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAEq3boy
 
Real time web实时信息流推送
Real time web实时信息流推送Real time web实时信息流推送
Real time web实时信息流推送yongboy
 
Real-Time Web实时信息流推送
Real-Time Web实时信息流推送Real-Time Web实时信息流推送
Real-Time Web实时信息流推送yongboy
 
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUGYingSiang Geng
 
全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版Simen Li
 
Yog Framework
Yog FrameworkYog Framework
Yog Frameworkfansekey
 
DAE 新变化介绍
DAE 新变化介绍DAE 新变化介绍
DAE 新变化介绍Tianwei Liu
 
Hacking Nginx at Taobao
Hacking Nginx at TaobaoHacking Nginx at Taobao
Hacking Nginx at TaobaoJoshua Zhu
 
Cloudstack dev/user sharing
Cloudstack dev/user sharingCloudstack dev/user sharing
Cloudstack dev/user sharinggavin_lee
 
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)涛 吴
 
DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略Will Huang
 
Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践OpenCity Community
 
Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206Fei Ji Siao
 
ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1medcl
 
TechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow IntroductionTechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow Introductionicemango
 
Exadata那点事
Exadata那点事Exadata那点事
Exadata那点事freezr
 
Node.js在淘宝的应用实践
Node.js在淘宝的应用实践Node.js在淘宝的应用实践
Node.js在淘宝的应用实践taobao.com
 
Node.js长连接开发实践
Node.js长连接开发实践Node.js长连接开发实践
Node.js长连接开发实践longhao
 
Lvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukongLvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukongMichael Zhang
 

Weitere ähnliche Inhalte

Ähnlich wie Make your DVR playground using DevStack

Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewaveTrack2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewaveOpenCity Community
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAEq3boy
 
Real time web实时信息流推送
Real time web实时信息流推送Real time web实时信息流推送
Real time web实时信息流推送yongboy
 
Real-Time Web实时信息流推送
Real-Time Web实时信息流推送Real-Time Web实时信息流推送
Real-Time Web实时信息流推送yongboy
 
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUGYingSiang Geng
 
全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版Simen Li
 
Yog Framework
Yog FrameworkYog Framework
Yog Frameworkfansekey
 
DAE 新变化介绍
DAE 新变化介绍DAE 新变化介绍
DAE 新变化介绍Tianwei Liu
 
Hacking Nginx at Taobao
Hacking Nginx at TaobaoHacking Nginx at Taobao
Hacking Nginx at TaobaoJoshua Zhu
 
Cloudstack dev/user sharing
Cloudstack dev/user sharingCloudstack dev/user sharing
Cloudstack dev/user sharinggavin_lee
 
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)涛 吴
 
DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略Will Huang
 
Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践OpenCity Community
 
Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206Fei Ji Siao
 
ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1medcl
 
TechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow IntroductionTechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow Introductionicemango
 
Exadata那点事
Exadata那点事Exadata那点事
Exadata那点事freezr
 
Node.js在淘宝的应用实践
Node.js在淘宝的应用实践Node.js在淘宝的应用实践
Node.js在淘宝的应用实践taobao.com
 
Node.js长连接开发实践
Node.js长连接开发实践Node.js长连接开发实践
Node.js长连接开发实践longhao
 
Lvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukongLvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukongMichael Zhang
 

Ähnlich wie Make your DVR playground using DevStack (20)

Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewaveTrack2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewave
 
Nodejs & NAE
Nodejs & NAENodejs & NAE
Nodejs & NAE
 
Real time web实时信息流推送
Real time web实时信息流推送Real time web实时信息流推送
Real time web实时信息流推送
 
Real-Time Web实时信息流推送
Real-Time Web实时信息流推送Real-Time Web实时信息流推送
Real-Time Web实时信息流推送
 
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
探索 ISTIO 新型 DATA PLANE 架構 AMBIENT MESH - GOLANG TAIWAN GATHERING #77 X CNTUG
 
全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版全端物聯網探索之旅 - 重點整理版
全端物聯網探索之旅 - 重點整理版
 
Yog Framework
Yog FrameworkYog Framework
Yog Framework
 
DAE 新变化介绍
DAE 新变化介绍DAE 新变化介绍
DAE 新变化介绍
 
Hacking Nginx at Taobao
Hacking Nginx at TaobaoHacking Nginx at Taobao
Hacking Nginx at Taobao
 
Cloudstack dev/user sharing
Cloudstack dev/user sharingCloudstack dev/user sharing
Cloudstack dev/user sharing
 
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
Pegasus: Designing a Distributed Key Value System (Arch summit beijing-2016)
 
DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略DEV305 - ASP.NET 5 開發攻略
DEV305 - ASP.NET 5 開發攻略
 
Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践Track2 -何斌--openstack 在京东的应用实践
Track2 -何斌--openstack 在京东的应用实践
 
Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206Sdn 之旅 open suse_asia_summit_20151206
Sdn 之旅 open suse_asia_summit_20151206
 
ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1ElasticSearch Training#2 (advanced concepts)-ESCC#1
ElasticSearch Training#2 (advanced concepts)-ESCC#1
 
TechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow IntroductionTechCCU Workshop OpenFlow Introduction
TechCCU Workshop OpenFlow Introduction
 
Exadata那点事
Exadata那点事Exadata那点事
Exadata那点事
 
Node.js在淘宝的应用实践
Node.js在淘宝的应用实践Node.js在淘宝的应用实践
Node.js在淘宝的应用实践
 
Node.js长连接开发实践
Node.js长连接开发实践Node.js长连接开发实践
Node.js长连接开发实践
 
Lvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukongLvs在大规模网络环境下的应用pukong
Lvs在大规模网络环境下的应用pukong
 

Make your DVR playground using DevStack

  • 1. Make your DVR playground using Devstack 江骏 @ohmystack (Twitter, Instagram) @任我骏驰 (Weibo) Distributed Virtual Router
  • 4. Icehouse Juno Kilo (Count by reviews) http://stackalytics.com/?release=kilo&metric=marks
  • 6. Basic networking • Ethernet • VLANs • ARP • IP • ICMP/TCP/UDP Network components • Switches • Routers • Firewalls • Load balancers
  • 7. Tunnel technologies • Generic routing encapsulation (GRE) • Virtual extensible local area network (VXLAN) Network namespaces • Virtual routing and forwarding (VRF) • Linux network namespaces # ip netns # ip netns exec <namespace> <command>
  • 10. OpenStack Networking - Neutron • API server • Plug-in and Agents • Messaging queue
  • 11. OpenStack networking concepts • Tenant networks
 Flat, VLAN, GRE and VXLAN • Provider networks • Subnets • Ports • Routers • Security groups • Extensions
  • 12. ML2 (Modular Layer 2) Tenant network types • Local • VLAN • GRE • VXLAN Mechanism • Linux bridge • Open vSwitch • L2 population • Specialized • Open source • Proprietary
 (vendor) Agents • L3 • DHCP • Metadata
  • 13. ML2 (Modular Layer 2) ・ML2 让大家不局限于每次只能用一种 plugin ( Linux Bridge / OVS ) ・底下的实现可以不同,不管是 KVM 还是 hyper-V,只要它们共用一个 VLAN,它们就能通讯。 ・让 L3 变成了 L3 as a Service plugin
  • 14. L2 population 为什么需要? 1. Unicast(MAC 未被习得时), multicast, broadcast traffic is flooded out tunnels to all other compute nodes 2. 有非常多的 ARP,有没有好一点的办法处理它们 3. 如果一个 node 上根本没有 VM,那么那个 node 还需不需要收到那些 broadcast。 http://assafmuller.com/2014/02/23/ml2-address-population/
  • 15. L2 population L2 population 在宿主机通过 Proxy ARP, 提前拦下 ARP 请求,主动根据数据库回答目标主机在哪。 Without L2 pop With L2 pop http://docs.openstack.org/admin-guide-cloud/content/ml2_l2pop_scenarios.html
  • 16. L3 Agent ・ L3 Agent 用 namespaces 提供多个独立的 virtual routers (Overlapping IPs. 用户更加自由创建 subnet) ・ L3 的功能基本上就是 SNAT、floating-ip Namespaces: qdhcp-xxx - 第⼀一次创建 VM 时添加 qrouter-xxx - 设置 gateway 时添加 * router/network 删除后,ns 需要⼿手动删除 为什么需要? 1. Flat 需要搭 bridge,VLANs 需要人工手动去配交换机、网关。 2. 所有路由都有上层的设备控制,firewall, router, NAT... 3. 这些都影响灵活和拓展性。
  • 17. Scenario2: with Open vSwitch RouterNetwork Node External Network1 Network2 E-W Traffic E-W Traffic N-S Traffic N-S Traffic
  • 18. L3 with HA 有三种方法: 1. “迁移法” 但耗时长(故障恢复时间长)。 
 https://review.openstack.org/#/c/110893/  2. “VRRP active/passive” 让 router 分布在多个 network node 上。
 http://assafmuller.com/2014/08/16/layer-3-high-availability/ 3. “VRRP + DVR” 至少让 floating-ip 部分能分布式,剩下的 SNAT 仍 用 VRRP。 仅采用 VRRP 方式的缺陷: ・ TCP Connection Tracking ・ …
  • 20. Network node cpu-node2cpu-node1 Scenario3: with DVR (Distributed Virtual Router) SNAT Router External VM with Network1 VM with Network2 E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without floating IPs) ・East/west traffic: 同个 tenant 的不同 networks。compute-node 之间直接发送,不再需 要走 network-node。 ・North/south traffic with floating IPs: 直接由 compute-node 进行路由,不再需要走 network-node。 ・North/south traffic without floating IPs: 仍旧去 network-node,走 SNAT 出去。
  • 21. Deploy OpenStack Env • Devstack • Salt - cloudbase/salt-openstack • Docker - stackforge/kolla • Puppet • Chef • Juju • TripleO - OpenStack on OpenStack • …
  • 22. Devstack Gate • http://ci.openstack.org/devstack-gate.html • An integration test • All changes to core OpenStack projects are “gated” on a set of tests so that it will not be merged into the main repository unless it passes all of the configured tests.
  • 23.
  • 24.
  • 25. Devstack 的一些注意点 • Proxy 问题
 local.conf 中虽然可以配 http_proxy,但不建议使⽤用,它容易导致 pip 安装时出现 md5 check 失败。
 • ⻓长时间⽤用同⼀一份 /opt/stack 下⾯面的源码,会引发⼀一些 requirements 的问题。 • 让 Dashboard 拥有 VNC Console
 从某⼀一版本对 Devstack 后,cauth 就从默认安装⾥里去除了。所以,我们得往配置上⾯面⼿手 动加上。
 • 强制从 Git 安装某些 client 包
 Devstack 安装那些主要服务时,默认会从 Git 拉下来安装;装其它那些 client 包时,就 直接从 pypi 装了。如果希望强制某些 client 包也从 Git 安装,可以这样:
 • 如何备份 /opt/stack export http_proxy=‘http://xxx.xxx.xxx.xxx:xxxx’ LIBS_FROM_GIT=python-novaclient,python-neutronclient enable_service n-cauth # cd /opt # tar cf ~/stack.tar stack --exclude='stack/data' --exclude='stack/logs' --exclude='stack/status' --exclude='stack/.wheelhouse' --exclude='*.pyc' --exclude='.venv'
  • 26. https://gist.github.com/ohmystack/93aa8215456124fb147c 3 个 node 的 local.conf ⽂文件 net-node cpu-nodeall-in-one-node SNAT Router External VM with Network1 VM with Network E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without 10.0.2.0/24
  • 29. ip link ip link show up ip addr   # shows status of all physical and virtual devices ip addr show to/dev/label ... # ip addr show label 'eth*' ip route show to 10.18.5.0/24 ip route show table main ip route show to/from/table/type/dev/via/src ... ip route get to/from/... ... # Set a Route to the Locally Connected Network eth0 ip route add 192.168.1.0/24 dev eth0 # Set a default route ip route add default via 192.168.1.254 ip netns ip netns exec namespasce command brctl show ovs-vsctl show  # shows interfaces and bridges in the virtual switch ovs-vsctl add-br br-name ovs-vsctl add-port br-name interface ovs-dpctl show  # shows data path on the switch ovs-ofctl dump-flows br-tun iptables -L -n -v   # check iptables rules iptables-save tcpdump -n -i interface -w filename
  • 30. DEMO
  • 31. How to config br-ex http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.install-plug-in.ovs.html http://assafmuller.com/2015/04/06/multinode-dvr-devstack/ But,
  • 32.  how? ifconfig br-ex promisc up ifconfig eth0 0.0.0.0 ifconfig eth0 promisc ifconfig br-ex 10.0.2.21 netmask 255.255.255.0 ovs-vsctl add-port br-ex eth0 # Then, re-add the default route if needed ip route add default via 10.0.2.2