作者:Tatsuya Naganawa 译者:TF编译组
静态scheduler:用于svc-monitor logic选择可用的vRouter
代码语言:javascript复制diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b
index f40de26..d5c2478 100644
--- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
@@ -200,3 200,8 @@ class RandomScheduler(VRouterScheduler):
self._vnc_lib.ref_update('virtual-router', chosen_vrouter,
'virtual-machine', vm.uuid, None, 'ADD')
return chosen_vrouter
class StaticScheduler(VRouterScheduler):
"""Statically assign vRouter nodes for v1 service-chain, haproxy lb, SNAT e
def schedule(self, si, vm):
return ['bms11', 'bms12']从svc-monitor logic中解耦analytics
代码语言:javascript复制diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.
index f40de26..7fd1f0a 100644
--- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
@@ -115,6 115,8 @@ class VRouterScheduler(object):
return response_dict
def vrouters_running(self):
## implement logic to see available vRouter, without checking analytics response (possible choice is xmpp status from control node)
# get az host list
az_vrs = self._get_az_vrouter_list()如有更多问题,请与TF中文社区联系。
更具扩展性的haproxy负载均衡器和SNAT
代码语言:javascript复制diff --git a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
index 5487b2b..1bee992 100644
--- a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
@@ -92,8 92,8 @@ class OpencontrailLoadbalancerDriver(
# set interfaces and ha
props.set_interface_list(if_list)
- props.set_ha_mode('active-standby')
- scale_out = ServiceScaleOutType(max_instances=2, auto_scale=False)
props.set_ha_mode('active-active')
scale_out = ServiceScaleOutType(max_instances=10, auto_scale=False)
props.set_scale_out(scale_out)
return props
diff --git a/src/config/svc-monitor/svc_monitor/snat_agent.py b/src/config/svc-monitor/svc_monitor/snat_agent.py
index 54ea709..f5bce37 100644
--- a/src/config/svc-monitor/svc_monitor/snat_agent.py
b/src/config/svc-monitor/svc_monitor/snat_agent.py
@@ -169,7 169,7 @@ class SNATAgent(Agent):
si_obj.fq_name = project_fq_name [si_name]
si_created = True
si_prop_obj = ServiceInstanceType(
- scale_out=ServiceScaleOutType(max_instances=2,
scale_out=ServiceScaleOutType(max_instances=10,
auto_scale=True),
auto_policy=False)
@@ -181,7 181,7 @@ class SNATAgent(Agent):
right_if = ServiceInstanceInterfaceType(
virtual_network=':'.join(vn_obj.fq_name))
si_prop_obj.set_interface_list([right_if, left_if])
- si_prop_obj.set_ha_mode('active-standby')
si_prop_obj.set_ha_mode('active-active')
si_obj.set_service_instance_properties(si_prop_obj)
si_obj.set_service_template(st_obj)三个XMPP连接(以覆盖双重故障情景)
代码语言:javascript复制diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h
index 3e48812..832b476 100644
--- a/src/vnsw/agent/cmn/agent.h
b/src/vnsw/agent/cmn/agent.h
@@ -284,7 284,10 @@ extern void RouterIdDepInit(Agent *agent);
#define MULTICAST_LABEL_BLOCK_SIZE 2048
#define MIN_UNICAST_LABEL_RANGE 4098
-#define MAX_XMPP_SERVERS 2
/* to cover double failure case */
#define MAX_XMPP_SERVERS 3
#define XMPP_SERVER_PORT 5269
#define XMPP_DNS_SERVER_PORT 53
#define METADATA_IP_ADDR ntohl(inet_addr("169.254.169.254"))静态XMPP分配
contrail-controller:
代码语言:javascript复制diff --git a/src/vnsw/agent/cmn/agent.cc b/src/vnsw/agent/cmn/agent.cc
index 607f384..71d27d8 100644
--- a/src/vnsw/agent/cmn/agent.cc
b/src/vnsw/agent/cmn/agent.cc
@@ -469,7 469,7 @@ void Agent::CopyFilteredParams() {
if (new_chksum != controller_chksum_) {
controller_chksum_ = new_chksum;
controller_list_ = params_->controller_server_list();
- std::random_shuffle(controller_list_.begin(), controller_list_.end());
std::random_shuffle(controller_list_.begin(), controller_list_.end()); // commented out for static XMPP assignment
}
// Dns基于VLAN的EVPN T2互操作
代码语言:javascript复制diff --git a/src/bgp/evpn/evpn_route.cc b/src/bgp/evpn/evpn_route.cc
index 36412b2..a830b5c 100644
--- a/src/bgp/evpn/evpn_route.cc
b/src/bgp/evpn/evpn_route.cc
@@ -487,7 487,7 @@ void EvpnPrefix::BuildProtoPrefix(BgpProtoPrefix *proto_prefix,
proto_prefix->prefix.begin() esi_offset);
}
size_t tag_offset = esi_offset kEsiSize;
- put_value(&proto_prefix->prefix[tag_offset], kTagSize, tag_);
put_value(&proto_prefix->prefix[tag_offset], kTagSize, 0);
size_t mac_len_offset = tag_offset kTagSize;
proto_prefix->prefix[mac_len_offset] = 48;
size_t mac_offset = mac_len_offset 1;“enable_nova: no”是可配置的
(已实施)
代码语言:javascript复制git clone -b contrail/queens https://github.com/Juniper/contrail-kolla-ansible
diff --git a/ansible/post-deploy-contrail.yml b/ansible/post-deploy-contrail.yml
index e603207..c700d88 100644
--- a/ansible/post-deploy-contrail.yml
b/ansible/post-deploy-contrail.yml
@@ -63,6 63,8 @@
- ['baremetal-hosts', 'virtual-hosts']
register: command_result
failed_when: "command_result.rc == 1 and 'already exists' not in command_result.stderr"
when:
- enable_nova | bool
run_once: yes
- name: Add compute hosts to virtual-hosts Aggregate Group每个标签的安全端点统计信息作为UVE
kubernetes的多master设置
(已实施)
tc-flower卸载
代码语言:javascript复制对此感兴趣的朋友,
我尝试了两种vRouter设置,并在一个节点上键入了这些命令以绕过vRouter数据路径,来使用tc,
发现基于tc-flower的vxlan数据路径(出口)和vRouter的vxlan数据路径可以互通:)
-ingress vxlan decap无法正常运作,我仍在调查..
vRouter0: 172.31.4.175 (container, 10.0.1.251)
vRouter1: 172.31.1.214 (container, 10.0.1.250, connected to tapeth0-038fdd)
[from specific tap to known ip address, vxlan encap could be offloaded to tc]
- typed on vRouter1
ip link set vxlan7 up
ip link add vxlan7 type vxlan vni 7 dev ens5 dstport 0 external
tc filter add dev tapeth0-038fdd protocol ip parent ffff:
flower
ip_proto icmp dst_ip 10.0.1.251
action simple sdata "ttt" action tunnel_key set
src_ip 172.31.1.214
dst_ip 172.31.4.175
id 7
dst_port 4789
action mirred egress redirect dev vxlan7
[although for egress traffic vRouter1 is bypassed, it can still communicate]
[root@ip-172-31-1-214 ~]# tcpdump -nn -i ens5 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens5, link-type EN10MB (Ethernet), capture size 262144 bytes
04:55:41.566458 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7
IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 180, length 64
04:55:41.566620 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7
IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 180, length 64
04:55:42.570917 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7
IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 181, length 64
04:55:42.571056 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7
IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 181, length 64
^C
4 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@ip-172-31-1-214 ~]#
/ # ping 10.0.1.251
PING 10.0.1.251 (10.0.1.251): 56 data bytes
64 bytes from 10.0.1.251: seq=0 ttl=64 time=5.183 ms
64 bytes from 10.0.1.251: seq=1 ttl=64 time=4.587 ms
^C
--- 10.0.1.251 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.587/4.885/5.183 ms
/ #
[tap's RX is not incrementing since that is bypassed (TX increments, since ingress traffic still uses vRouter datapath)]
[root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
RX packets:3393 bytes:288094 errors:0
TX packets:3438 bytes:291340 errors:0
[root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
RX packets:3393 bytes:288094 errors:0
TX packets:3439 bytes:291438 errors:0
[root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
RX packets:3394 bytes:288136 errors:0
TX packets:3442 bytes:291676 errors:0
[root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
RX packets:3394 bytes:288136 errors:0
TX packets:3444 bytes:291872 errors:0
[root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
RX packets:3394 bytes:288136 errors:0
TX packets:3447 bytes:292166 errors:0
[root@ip-172-31-1-214 ~]#contrail-controller
diff --git a/src/vnsw/agent/pkt/flow_mgmt.cc b/src/vnsw/agent/pkt/flow_mgmt.cc
index c888a26..a1b0189 100644
--- a/src/vnsw/agent/pkt/flow_mgmt.cc
b/src/vnsw/agent/pkt/flow_mgmt.cc
@@ -511,6 511,9 @@ void FlowMgmtManager::LogFlowUnlocked(FlowEntry *flow, const std::string &op) {
FlowInfo trace;
flow->FillFlowInfo(trace);
FLOW_TRACE(Trace, op, trace);
// Add tc flower logic, based on FlowEntry *flow
}
// Extract all the FlowMgmtKey for a flowGCE上的vRouter无法到达同一子网中的其它节点
在GCE中安装vRouter时,它无法到达同一子网中的某个节点。该补丁是一个临时的解决方法。
代码语言:javascript复制diff --git a/containers/vrouter/agent/entrypoint.sh b/containers/vrouter/agent/entrypoint.sh
index f4f49f4..01e1349 100755
--- a/containers/vrouter/agent/entrypoint.sh
b/containers/vrouter/agent/entrypoint.sh
@@ -140,7 140,7 @@ if [ "$gcp" == "Google" ]; then
for intf in $intfs ; do
if [[ $phys_int_mac == "$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/mac)" ]]; then
mask=$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/subnetmask)
- vrouter_cidr=$vrouter_ip/$(mask2cidr $mask)
vrouter_cidr=$vrouter_ip/31 ### this can't be set /32, since in that setup, vrouter can't create ingress flow for some reason ..
fi
done
fi何时与multus一起使用
(已实施)
提交后发现,vRouter可以很好地与multus-cni一起工作(它可以动态识别是直接调用还是由某些元插件调用)。
代码语言:javascript复制(install kubernetes and vRouter by ansible-deployer: container tag: master-latest, ansible-deployer: master)
git clone https://github.com/intel/multus-cni.git && cd multus-cni
cat ./images/deprecated/multus-daemonset-pre-1.16.yml | kubectl apply -f -注意:由于ansible-deployer安装了v0.3.0 CNI,因此默认情况下,桥接CNI不能正常工作。将/opt/cni/bin/bridge(和/opt/cni/bin/static)文件替换为v0.8.6模块时,它可以正常工作。
多vCenter设置
Tungsten Fabric控制器节点提供的vCenter插件数量与vCenter数量一样多。
由于每个vCenter下都有多个ESXi,因此对于某个特定vCenter的ESXi,其vRouterVM上的每个vcenter-manager,都需要使用该租户名称(而不是硬编码的“vCenter”租户)来配置。
代码语言:javascript复制contrail-vcenter-plugin:
diff --git a/src/net/juniper/contrail/vcenter/VCenterMonitor.java b/src/net/juniper/contrail/vcenter/VCenterMonitor.java
index d5c0043..294ee99 100644
--- a/src/net/juniper/contrail/vcenter/VCenterMonitor.java
b/src/net/juniper/contrail/vcenter/VCenterMonitor.java
@@ -74,7 74,7 @@ public class VCenterMonitor {
private static String _authurl = "http://10.84.24.54:35357/v2.0";
private static String _zookeeperAddrPort = "127.0.0.1:2181";
- private static String _zookeeperLatchPath = "/vcenter-plugin";
private static String _zookeeperLatchPath = "/vcenter-plugin"; // make this configurable
private static String _zookeeperId = "node-vcenter-plugin";
static volatile Mode mode = Mode.VCENTER_ONLY;
diff --git a/src/net/juniper/contrail/vcenter/VncDB.java b/src/net/juniper/contrail/vcenter/VncDB.java
index 9d004b7..a831a37 100644
--- a/src/net/juniper/contrail/vcenter/VncDB.java
b/src/net/juniper/contrail/vcenter/VncDB.java
@@ -61,8 61,8 @@ public class VncDB {
Mode mode;
public static final String VNC_ROOT_DOMAIN = "default-domain";
- public static final String VNC_VCENTER_PROJECT = "vCenter";
- public static final String VNC_VCENTER_IPAM = "vCenter-ipam";
public static final String VNC_VCENTER_PROJECT = "vCenter"; // make this configurable
public static final String VNC_VCENTER_IPAM = "vCenter-ipam"; // make this configurable
public static final String VNC_VCENTER_DEFAULT_SG = "default";
public static final String VNC_VCENTER_PLUGIN = "vcenter-plugin";
public static final String VNC_VCENTER_TEST_PROJECT = "vCenter-test";
contrail-vcenter-manager:
diff --git a/cvm/constants.py b/cvm/constants.py
index 0dcabab..4b30299 100644
--- a/cvm/constants.py
b/cvm/constants.py
@@ -31,8 31,8 @@ VM_UPDATE_FILTERS = [
'runtime.powerState',
]
VNC_ROOT_DOMAIN = 'default-domain'
-VNC_VCENTER_PROJECT = 'vCenter'
-VNC_VCENTER_IPAM = 'vCenter-ipam'
VNC_VCENTER_PROJECT = 'vCenter' ## make this configurable
VNC_VCENTER_IPAM = 'vCenter-ipam' ## make this configurable
VNC_VCENTER_IPAM_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_IPAM]
VNC_VCENTER_DEFAULT_SG = 'default'
VNC_VCENTER_DEFAULT_SG_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_DEFAULT_SG]在所有计算节点上使用相同的ECMP散列,以实现数据包模式下的对称ECMP
(已实施)
代码语言:javascript复制diff --git a/src/vnsw/agent/pkt/pkt_handler.cc b/src/vnsw/agent/pkt/pkt_handler.cc
index 28e5637..075bb17 100644
--- a/src/vnsw/agent/pkt/pkt_handler.cc
b/src/vnsw/agent/pkt/pkt_handler.cc
@@ -1304,7 1304,7 @@ std::size_t PktInfo::hash(const Agent *agent,
// We need to ensure that hash computed in Compute-1 and Compute-2 are
// different. We also want to have same hash on agent restarts. So, include
// vhost-ip also to compute hash
- boost::hash_combine(seed, agent->router_id().to_ulong());
////// boost::hash_combine(seed, agent->router_id().to_ulong());
if (family == Address::INET) {
if (ecmp_load_balance.is_source_ip_set()) {使用透明服务链时指定vlan-id
代码语言:javascript复制# diff -u config_db.py.orig config_db.py
--- config_db.py.orig 2019-08-04 10:54:22.993291899 0000
config_db.py 2019-08-04 13:05:23.665843100 0000
@@ -3059,6 3062,21 @@
service_ri1, service_ri2):
vlan = self._object_db.allocate_service_chain_vlan(vm_info['vm_uuid'],
self.name)
####
## vlan-id is embedded in service-instance name
## servicename---vm_uuid---vlanid
####
for servicename in self.service_list:
left_interface_uuid = vm_info['left']['vmi'].name.split (':')[-1]
if (servicename.find(left_interface_uuid ) > -1):
vlan = servicename.split(':')[-1].split('---')[-1]
self.add_pbf_rule(vm_info['left']['vmi'], service_ri1,
v4_address, v6_address, vlan)
self.add_pbf_rule(vm_info['right']['vmi'], service_ri2,
@@ -3911,6 3929,22 @@
vlan = self._object_db.allocate_service_chain_vlan(
vm_pt.uuid, service_chain.name)
###
# begin: added
###
for servicename in service_chain.service_list:
if (servicename.find(self.name.split(':')[-1]) > -1):
vlan = servicename.split(':')[-1].split('---')[-1]
###
# end: added
###
service_chain.add_pbf_rule(self, service_ri, v4_address,
v6_address, vlan)
#end for service_chain支持CentOS的旧内核
Juniper/contrail-packages
代码语言:javascript复制diff --git a/kernel_version.info b/kernel_version.info
index 8d38f34..d5e711b 100644
--- a/kernel_version.info
b/kernel_version.info
@@ -1,2 1,3 @@
3.10.0-862.2.3.el7.x86_64
3.10.0-1062.4.1.el7.x86_64
-3.10.0-1062.9.1.el7.x86_64
No newline at end of file
3.10.0-1062.9.1.el7.x86_64可配置的最小路由目标ID
代码语言:javascript复制diff --git a/src/config/common/cfgm_common/__init__.py b/src/config/common/cfgm_common/__init__.py
index 088b03b..dd484ab 100644
--- a/src/config/common/cfgm_common/__init__.py
b/src/config/common/cfgm_common/__init__.py
@@ -18,7 18,7 @@ DCI_VN_FQ_NAME = ['default-domain', 'default-project', 'dci-network']
DCI_IPAM_FQ_NAME = ['default-domain', 'default-project', 'default-dci-lo0-network-ipam']
OVERLAY_LOOPBACK_FQ_PREFIX = ['default-domain', 'default-project']
-_BGP_RTGT_MIN_ID_TYPE0 = 8000000
_BGP_RTGT_MIN_ID_TYPE0 = 8100000
_BGP_RTGT_MIN_ID_TYPE1_2 = 8000
SGID_MIN_ALLOC = 8000000
VNID_MIN_ALLOC = 1使用Linux 5.x内核构建vRouter失败问题
如有更多问题,请与TF中文社区联系。
