Vlan简介
- vlan全称虚拟局域网,可以将一个物理网络分成若干个逻辑网络,可以减少网络上的广播风暴,提升了数据的安全性
VLAN的三个好处
- 端口的分隔。即便在同一个交换机上,处于不同VLAN的端口也是不能通信的。这样一个物理的交换机可以当作多个逻辑的交换机使用。
- 网络的安全。不同VLAN不能直接通信,杜绝了广播信息的不安全性。
- 灵活的管理。更改用户所属的网络不必换端口和连线,只更改软件配置就可以了。
多节点Vlan
- 网络节点与控制节点都是同一个主机,br-ens38是vlan的物理接口。
- 如果说ServerA想访问ServerB,它的流程是ServerA->qbr-br-int(tag1)->br-ens38(vlan200)
- 在经过br-ens38的时候会把tag1的标记转换成物理vlan200后出去
- 而这个连接的交换机是用vmware来虚拟出来的,无法配置物理vlan,所以计算节点的主机是获取不到dhcp地址的。
单节点vlan
0.实验效果图
1.修改网络类型
(1)配置网络类型
代码语言:txt复制[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers=flat,vlan,vxlan,gre,local
#这里是vlan与flat
tenant_network_types=vlan,flat
mechanism_drivers=openvswitch
[ml2_type_flat]
flat_networks=external
[ml2_type_vlan]
network_vlan_ranges=physnet
(2)配置客户端网络类型
代码语言:txt复制[root@controller /]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
tenant_network_type=vlan
bridge_mappings=external:br-ex,physnet:br-phy1
(3)添加外部端口
代码语言:txt复制[root@controller /]# ifconfig ens38 up
[root@controller /]# ovs-vsctl add-br br-phy1
[root@controller /]# ovs-vsctl add-port br-phy1 ens38
(4)重启服务
代码语言:txt复制[root@controller ~]# systemctl restart neutron-server
[root@controller ~]# systemctl restart neutron-openvswitch-agent.service
2.创建网络
网络
- 创建网络名为vlan_net1,类型vlan,物理网络physnet,vlanid 200
[root@controller /]# source ~/keystonerc_admin
[root@controller /(keystone_admin)]# openstack network create vlan_net1 --project admin --provider-network-type vlan --provider-physical-network physnet --provider-segment 200
- 创建网络名为vlan_net2,类型vlan,物理网络physnet,vlanid 210
[root@controller /]# source ~/keystonerc_admin
[root@controller /(keystone_admin)]# openstack network create vlan_net2 --project admin --provider-network-type vlan --provider-physical-network physnet --provider-segment 210
子网
- 创建子网名为vlan_subnet1对应vlan_net1,子网192.168.199.0/24
[root@controller /(keystone_admin)]# openstack subnet create vlan_subnet1 --project admin --network vlan_net1 --subnet-range 192.168.199.0/24 --allocation-pool start=192.168.199.100,end=192.168.199.200
- 创建子网名为vlan_subnet1对应vlan_net1,子网172.16.199.0/24
[root@controller ~(keystone_admin)]# openstack subnet create vlan_subnet2 --project admin --network vlan_net2 --subnet-range 172.16.199.0/24 --allocation-pool start=172.16.199.100,end=172.16.199.200
3.创建云主机
ServerA
代码语言:txt复制[root@controller /(keystone_admin)]# openstack server create ServerA --image ciross --flavor web.ciross --nic net-id=72b8bec9-cb26-4702-b4c2-fb646b3dc82e --availability-zone nova
ServerB
代码语言:txt复制[root@controller /(keystone_admin)]# openstack server create ServerB --image ciross --flavor web.ciross --nic net-id=1380a45c-ee5a-4690-afd8-7ecc782c1f72 --availability-zone nova
4.创建路由
- 不同的VLAN的之间,在二层的时候是不能够进行通信的,这个时候需要用到路由
[root@controller /(keystone_admin)]# openstack router create pub_router --project admin
- 给路由添加子网接口
[root@controller /(keystone_admin)]# openstack router add subnet pub_router 176a7168-1140-4481-b3b0-24d03afb2a85
[root@controller /(keystone_admin)]# openstack router add subnet pub_router 9c260c1c-e030-46d3-9793-e541386db897
- 现在路由连接了两个不同的vlan
5.连通性测试
A-Ping-B
代码语言:txt复制# ifconfig eth0
eth0 Link encap:Ethernet HWaddr FA:16:3E:88:60:CF
inet addr:192.168.199.180 Bcast:192.168.199.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe88:60cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2836 (2.7 KiB) TX bytes:5714 (5.5 KiB)
# ping 172.16.199.105
PING 172.16.199.105 (172.16.199.105): 56 data bytes
64 bytes from 172.16.199.105: seq=0 ttl=63 time=4.051 ms
64 bytes from 172.16.199.105: seq=1 ttl=63 time=1.052 ms
64 bytes from 172.16.199.105: seq=2 ttl=63 time=3.272 ms
--- 172.16.199.105 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.052/2.791/4.051 ms
B-Ping-A
代码语言:txt复制# ifconfig eth0
eth0 Link encap:Ethernet HWaddr FA:16:3E:B5:1C:68
inet addr:172.16.199.105 Bcast:172.16.199.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:feb5:1c68/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37 errors:0 dropped:0 overruns:0 frame:0
TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3469 (3.3 KiB) TX bytes:6092 (5.9 KiB)
# ping 192.168.199.180
PING 192.168.199.180 (192.168.199.180): 56 data bytes
64 bytes from 192.168.199.180: seq=0 ttl=63 time=2.545 ms
64 bytes from 192.168.199.180: seq=1 ttl=63 time=1.038 ms
64 bytes from 192.168.199.180: seq=2 ttl=63 time=2.006 ms
--- 192.168.199.180 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.038/1.863/2.545 ms
6.连通外部网络
(1)创建外部网络
- 创建名为pub_net,flat类型共享的外部网络
[root@controller /(keystone_admin)]# openstack network create pub_net --project admin --provider-network-type flat --provider-physical-network external --share --external
- 创建子网,它的ip就是物理网络ip段
[root@controller /(keystone_admin)]# openstack subnet create pub_sub_net --project admin --allocation-pool start=192.168.150.130,end=192.168.150.190 --subnet-range 192.168.150.0/24 --network pub_net
(2)添加路由网关
代码语言:txt复制[root@controller /(keystone_admin)]# openstack router set pub_router --external-gateway pub_net
(3)申请浮动ip
- 申请的浮动ip直接绑定到ServerA的端口上
[root@controller /(keystone_admin)]# openstack floating ip create pub_net --subnet pub_sub_net --project admin --port a9bf1b11-af21-4fe2-9f17-6a25a76a2bc3
(4)访问外部网络
代码语言:txt复制# ifconfig eth0
eth0 Link encap:Ethernet HWaddr FA:16:3E:88:60:CF
inet addr:192.168.199.180 Bcast:192.168.199.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe88:60cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48 errors:0 dropped:0 overruns:0 frame:0
TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4376 (4.2 KiB) TX bytes:7198 (7.0 KiB)
# ping 192.168.150.10
PING 192.168.150.10 (192.168.150.10): 56 data bytes
64 bytes from 192.168.150.10: seq=0 ttl=63 time=2.898 ms
64 bytes from 192.168.150.10: seq=1 ttl=63 time=0.630 ms
64 bytes from 192.168.150.10: seq=2 ttl=63 time=0.556 ms
--- 192.168.150.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.556/1.361/2.898 ms