ovs+namesapce模拟虚机网络使用vxlan通信
作者:互联网
1. ovs+namesapce模拟虚机网络使用vxlan通信
1.1 配置
host1
# 创建ns模拟vm,创建veth pair连接
ip netns add ns1
ip link add tap1 type veth peer name tap2
ip link set dev tap2 up
ip link set tap1 netns ns1
ip netns exec ns1 ip link set dev tap1 up
ip netns exec ns1 ip addr add 10.1.1.1/24 dev tap1
# 创建qbr,连接tap2端
brctl addbr qbr
brctl addif qbr tap2
# 创建br-int,通过veth pair连接qbr网桥
ovs-vsctl add-br br-int
ip link add qvo type veth peer name qvb
ip link set dev qvb up
ip link set dev qvo up
ip link set qbr up
brctl addif qbr qvb
ovs-vsctl add-port br-int qvo
# 创建br-tun,通过patchport连接br-int
ip link add patch-int type veth peer name patch-tun
ovs-vsctl add-br br-tun
ovs-vsctl add-port br-tun patch-int
ovs-vsctl add-port br-int patch-tun
ovs-vsctl set interface patch-int type=patch
ovs-vsctl set interface patch-tun type=patch
ovs-vsctl set interface patch-int options:peer=patch-tun
ovs-vsctl set interface patch-tun options:peer=patch-int
ip link set br-int up
ip link set br-tun up
ip link set patch-tun up
ip link set patch-int up
# 配置vxlan
ip link add vxlan1 type vxlan id 100 dstport 4789 \
remote 192.168.1.101 local 192.168.1.100 dev ens38
# ip a a 192.168.10.1/24 dev vxlan1
ip link set vxlan1 up
ovs-vsctl add-port br-tun vxlan1
# 用下面方式配置vxlan设备卡死宕机。不知道原因,也不通
# ovs-vsctl add-port br-tun vx1 -- set interface vx1 type=vxlan options:{remote_ip=192.168.1.100,df_default=true,in_key=flow,local_ip="192.168.1.101",out_key=flow}
# ovs-vsctl add-port br-tun ens38
都是NORMAL默认网桥转发,这种情况下是可以互通的。
host2 相同配置,注意修改IP配置
2. 增加明细流表(无vlan tag场景)
将br-tun默认的normal删掉之后,访问不通
ovs-ofctl del-flows br-tun table=0
host1和host2配置一样,注意ovs-ofctl的端口是否一致。
# 从本地patch-int接口过来的流量转发到2表
ovs-ofctl add-flow br-tun "in_port=2,priority=1,actions=resubmit(,2)"
# 从vxlan1接口过来的流量,在20表中学习记录,然后在转发到patch-int接口
ovs-ofctl add-flow br-tun "in_port=1,actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:2"
# 如果是单播流量走表20
ovs-ofctl add-flow br-tun "table=2,priority=0,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)"
# 如果是组播或广播流量,走表22
ovs-ofctl add-flow br-tun "table=2,priority=0,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)"
# 表20的缺省规则,走表22,如果自动学习到了其他表项,优先匹配不走表22缺省。
ovs-ofctl add-flow br-tun "table=20,priority=0 actions=resubmit(,22)"
# 表22走vxlan1接口出去。
ovs-ofctl add-flow br-tun "table=22,actions=strip_vlan,set_tunnel:0x64,output:1"
learn action的字段说明
– table=20,表示将学习到的流表放入Table 20
– NXM_OF_VLAN_TCI[0..11],记录当前数据包的VLAN_ID作为match中的VLAN_ID
– NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],记录当前数据包的源MAC地址作为match中的目的MAC地址
– load:0->NXM_OF_VLAN_TCI[],表示action中要去掉VLAN_ID
– load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],表示action中要封装隧道,隧道ID为当前隧道ID
– output:NXM_OF_IN_PORT[],表示action中的输出,输出端口为当前数据包的输入端口
标签:ovs,00,tun,ip,add,namesapce,br,vxlan 来源: https://blog.csdn.net/ledrsnet/article/details/121310450