• 前言

Floating IP 是相对于Fixed IP而言的,它一般是在VM创建后分配给VM的,可以达到的目的就是,外界可以访问通过这个Floating Ip访问这个VM,VM也可以通过这个IP访问外界。

在OpenStack中,这个Floating IP使用了namespace内的iptables建立NAT 转发机制来达到VM与外界的通讯的。这片文章主要讲述如何使用OpenStack搭建和使用Floating IP.

  • Environment Setup
  1. Ubuntu 14.04 LTS
  2. 2个网卡,分别是eth0(192.168.1.46) 和 eth1(192.168.2.46,这个interface在switch使用vlanid=100)
  3. 如果你的机器是VM,请参照http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099,去开启eth0 和eth1的promisic模式, 这一步很关键,如果没有启用,外界是无法ping通分配给VM的Floating IP的
  • Devstack Configuration
  1. 启用Nova, Neutron, Cinder, Keystone, Glance
  2. 安装OpenvSwitch,然后做如下配置
  3. # Add eth1 into br-eth1 and set eth0 and eth1 to promisc mode
    
sudo ovs-vsctl br-exists br-eth1 || sudo ovs-vsctl add-br br-eth1
    
sudo ovs-vsctl --may-exist add-port br-eth1 eth1
    
sudo ip link set dev eth1 promisc on
    
sudo ip link set dev eth0 promisc on
    
sudo ip addr flush eth1
    
sudo ip link set dev eth1 up
  • Devstack local.conf
  • #  Note: please change XX to your devstack node IP,  change VLAN_START and VLAN_END to your reserved vlan range Here
    
# 我的IP是192.168.1.46, 所在网络是192.168.1.0/24
    
[[local|localrc]]
    
# Set API endpoint host using HOST_IP
    
HOST_IP=XX
    
# Use to specify the endpoint
    
SERVICE_HOST=XX

ADMIN_PASSWORD=welcome
    
MYSQL_PASSWORD=welcome
    
RABBIT_PASSWORD=welcome
    
SERVICE_PASSWORD=welcome
    
SERVICE_TOKEN=welcome
    
disable_service h-eng
    
disable_service h-api
    
disable_service h-api-cfn
    
disable_service h-api-cw
    
disable_service tempest
    
#enable_service tempest
    
disable_service dstat
    
# Enable Neturon
    
disable_service n-net
    
enable_service q-svc
    
enable_service q-agt
    
enable_service q-dhcp
    
enable_service q-l3
    
enable_service q-meta
    
enable_service neutron

# stack.sh will freshen each repo on each run if RECLONE
    
# is set to yes
    
RECLONE=True

# Setting OFFLINE=True to enable stack.sh to run multiple
    
# times without an Internet connection
    
OFFLINE=False

# Set FLAT_INTERFACE to the Ethernet interface that connects
    
# the host to your local network
    
FLAT_INTERFACE=eth1
    
#FLOATING_RANGE=192.168.1.0/
    
#Q_FLOATING_ALLOCATION_POOL=start=192.168.1.100,end=192.168.1.119
    
#PUBLIC_NETWORK_GATEWAY=192.168.1.30
    
PUBLIC_INTERFACE=eth0
    
PHYSICAL_NETWORK=public_eth1
    
OVS_PHYSICAL_BRIDGE=br-ex
    
#PUBLIC_BRIDGE=br-ex

FIXED_RANGE=192.168.100./
    
#FIXED_NETWORK_SIZE=
    
NETWORK_GATEWAY=192.168.100.

# IMAGE_URLS accepts a comma separated list of images to pre-load into OpenStack
    
IMAGE_URLS=http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
    
[[post-config|$NOVA_CONF]]
    
[DEFAULT]
    
rpc_response_timeout=
    
service_down_time=
    
libvirt_iscsi_use_multipath = True
    
#force_config_drive = False

[libvirt]
    
iscsi_use_multipath = True

[database]
    
max_pool_size=
    
max_overflow=

[[post-config|/$Q_PLUGIN_CONF_FILE]]
    
[ml2]
    
tenant_network_types = vlan,flat
    
[ml2_type_flat]
    
flat_networks = public_eth0
    
[ml2_type_vlan]
    
network_vlan_ranges = public_eth1:VLAN_START:VLAN_END

[ovs]
    
bridge_mappings = public_eth0:br-ex,public_eth1:br-eth1
    
enable_tunneling = False
  • Setup flat and vlan network​
  1. 接下来,我要做两件事,一个是创建一个VLAN ID为100的private network,以后的虚拟机默认是从这个网络分配IP的。
  2. 然后是一个flat的public network,这个网络上是用来分配floating IP

创建private network,VLAN ID为100

stack@openstack-wangp11-:~/devstack$ neutron net-create --provider:network_type vlan  --provider:physical_network public_eth1 --provider:segmentation_id  vlan_100​

stack@openstack-wangp11-:~/devstack$ neutron net-show vlan_100

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | True                                 |

| id                        | 2426ff0d-953f-467f-a564-c4f63d926836 |

| mtu                       |                                     |

| name                      | vlan_100                             |

| port_security_enabled     | True                                 |

| provider:network_type     | vlan                                 |

| provider:physical_network | public_eth1                          |

| provider:segmentation_id  |                                   |

| router:external           | False                                |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   | fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f |

| tenant_id                 | 8cb8c084ffb84914b41d5044ecbcad4e     |

+---------------------------+--------------------------------------+

stack@openstack-wangp11-:~/devstack$ neutron subnet-create --enable-dhcp  --ip-version  --name vlan_100_subnet01 2426ff0d-953f-467f-a564-c4f63d926836  192.168.46.0/​

stack@openstack-wangp11-:~/devstack$ neutron subnet-show fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f

+-------------------+----------------------------------------------------+

| Field             | Value                                              |

+-------------------+----------------------------------------------------+

| allocation_pools  | {"start": "192.168.46.2", "end": "192.168.46.254"} |

| cidr              | 192.168.46.0/                                    |

| dns_nameservers   |                                                    |

| enable_dhcp       | True                                               |

| gateway_ip        | 192.168.46.1                                       |

| host_routes       |                                                    |

| id                | fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f               |

| ip_version        |                                                   |

| ipv6_address_mode |                                                    |

| ipv6_ra_mode      |                                                    |

| name              | vlan_100_subnet01                                  |

| network_id        | 2426ff0d-953f-467f-a564-c4f63d926836               |

| subnetpool_id     |                                                    |

| tenant_id         | 8cb8c084ffb84914b41d5044ecbcad4e                   |

+-------------------+----------------------------------------------------+

接下来,创建Floating IP所在的public network, 网络类型是flat

注意下面:192.168.1.100-192.168.1.119是网络管理员分配给我的IP pool,192.168.1.30是我们网络的router ip

# Step 1: create external flat network

$ neutron net-create --router:external  --provider:network_type flat  --provider:physical_network public_eth0  public_net

# Step : create subnet based on your reservation Here

$ neutron subnet-create  --name public_eth0_subnet01 --allocation-pool start=192.168.1.100,end=192.168.1.119 --gateway​ 192.168.1.30 --disable-dhcp --ip-version   22d01ce7-b4c4-4af2-bc3c-9c3991903b4c 192.168.1.0/

# Step : create a external router

$ neutron router-create  router1

# Step 4: connect router1 with the private subnet via 'neutron router-interface-add <router-id> <private_subnet_id>'

$ neutron router-interface-add 2da62299-6e41-4b24-a1c7-a3d6cc4db1c8 fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f

# Step 5: Set the external public network  as the router gateway 'neutron router-gateway-set <router-id> <public_subnet_id>'

$ neutron router-gateway-set   73a38db4-20f9-49ba-b855-472be1e2fd45  e0368da6-197e-4c46-bfd1-4897d61b519a

# Step 6: Create floating IP from public network 'neutron floatingip-create  <public network id>'

$ neutron floatingip-create  1452712a-acb3--a5ca-1d838eb2feb9

# Step 7: assicate the VM instance's port in private network to the newly created floating ip port

## get the port id of floating IP (in bold)

$ stack@openstack-wangp11-:~$ neutron floatingip-list

+--------------------------------------+------------------+---------------------+--------------------------------------+

| id                                   | fixed_ip_address | floating_ip_address | port_id                              |

+--------------------------------------+------------------+---------------------+--------------------------------------+

| a2316e0b-6d72-420f-8a23-f8421160d3d4 |                | 192.168.1.102       | 75353e16-5a16-452e-b420-0ada719d625c |

+--------------------------------------+------------------+---------------------+--------------------------------------+

## get the port id of private interface attached to VM instance

$ stack@openstack-wangp11-:~$ neutron port-list

+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+

| id                                   | name | mac_address       | fixed_ips                                                                            |

+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+

| 16a3e39c-48ef-4d4d-bc8a-96b27da7ff3c |      | fa::3e:c1:: | {"subnet_id": "e0368da6-197e-4c46-bfd1-4897d61b519a", "ip_address": "192.168.1.100"} |

| 616d03cd-df6a-465f-a23a-b6bf46e55f7a |      | fa::3e::2e:7f | {"subnet_id": "fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f", "ip_address": "192.168.46.4"}  |

| 713e4541-7d22--b828-94d714d94ec0 |      | fa::3e:af::7b | {"subnet_id": "fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f", "ip_address": "192.168.46.2"}  |

| 75353e16-5a16-452e-b420-0ada719d625c |      | fa::3e:::db | {"subnet_id": "fab94e2f-f7de-4bf6-8e9b-7ade0fcfad1f", "ip_address": "192.168.46.3"}


# 上面红色的port是VM在private network的interface

$ stack@openstack-wangp11-:~$ neutron floatingip-associate  a2316e0b-6d72-420f-8a23-f8421160d3d4 75353e16-5a16-452e-b420-0ada719d625c

# Now you can use '192.168.1.102' to login to the VM instance from 192.168..XX network

我在最前面提到,这个Floating IP是通过namespace内的iptables规则实现的,如何查看呢?下面是在neutron node上的一个实例,192.168.1.102是Floating IP,192.168.46.3是private IP

ip netns exec qrouter-<private-network-id> iptables -t nat -S

-A quantum-l3-agent-OUTPUT -d 192.168.1.102/ -j DNAT --to-destination 192.168.46.3

-A quantum-l3-agent-PREROUTING -d 192.168.1.102/ -j DNAT --to-destination 192.168.46.3

-A quantum-l3-agent-float-snat -s 192.168.46.3/ -j SNAT --to-source 192.168.1.102
  • 启用nameserver

现在,VM跟外界可以通过192.168.1.102进行通信了,在外界看来,VM的Ip就是192.168.1.102了,但是有一个问题,无法访问网站,也无法sudo apt-get update

必须要启用nameserver才可以访问外面的网址

# add following to /etc/resolv.conf of the VM instance to enable name service

nameserver <your name sever ip>

nameserver <your name server ip >

#and run following to enable
sudo resolvconf -u
  • 问题诊断

TODO

  • 参考文章

https://www.mirantis.com/blog/configuring-floating-ip-addresses-networking-openstack-public-private-clouds/

https://www.rdoproject.org/Networking_in_too_much_detail

https://blogs.oracle.com/ronen/entry/running_openstack_icehouse_with_zfs

Floating IP in OpenStack Neutron的更多相关文章

  1. neutron floating ip 限速

    查看浮动ip的id [root@10e131e69e14 oz]# openstack floating ip show 36.111.0.197 +---------------------+--- ...

  2. 通过 floating IP 访问 VIP - 每天5分钟玩转 OpenStack(126)

    前面我们是直接用 curl 测试 VIP,在更为真实的场景中通常会使用 floating IP 访问 VIP. 下面我们给 VIP 关联一个 floating IP,再进行测试. 访问 Project ...

  3. floating IP 原理分析 - 每天5分钟玩转 OpenStack(107)

    上一节我们通过 Web UI 创建为 cirros-vm3 分配了浮动 IP,今天将分析其工作原理. 首先查看 router 的 interface 配置: 可以看到,floating IP 已经配置 ...

  4. 创建 floating IP - 每天5分钟玩转 OpenStack(106)

    先复习一下前面我们讨论的知识. 当租户网络连接到 Neutron router,通常将 router 作为默认网关.当 router 接收到 instance 的数据包,并将其转发到外网时: 1. r ...

  5. openstack中的floating ip与阿里云的公网ip

    项目组因业务需求使用openstack搭建了一个私有云,本想在vm上搭建一个ftp.源是vsftpd.所有配置都完成了,在远程登录的时候却出现了 这个问题. 初一看以为是文件夹权限的问题,可上上下下全 ...

  6. Neutron配置Floating IP

    下图是由一个虚拟机vm1,一个路由器ext-router,两个网络ext-net及demo-net组成的拓扑结构.要达到的目的很简单,即vm1不仅能使用私网IP和内部的其它虚拟机进行通信,还可以通过e ...

  7. openstack neutron 二/三层网络实现

    引用声明:https://zhangchenchen.github.io/2017/02/12/neutron-layer2-3-realization-discovry/ 一.概述 Neutron是 ...

  8. OpenStack Neutron配置虚拟机访问外网

    配置完成后的网络拓扑如下: 当前环境: X86服务器1台 Ubuntu 16.04 DevStack搭建OpenStack 网络拓扑: 外部网络:192.168.98.0/24 内部网络:10.0.0 ...

  9. openstack neutron L3 HA

    作者:Liping Mao  发表于:2014-08-20 版权声明:能够随意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明 近期Assaf Muller写了一篇关于Neutro ...

随机推荐

  1. 在JS中使用COM组件的方法

    首先创建一个COM组件,插入一个双接口Itest,在此接口上实现以下三个方法: STDMETHODIMP Ctest::test(void) //无输入输出参数 { // TODO: 在此添加实现代码 ...

  2. Codeforces758B

    B. Blown Garland time limit per test:1 second memory limit per test:256 megabytes input:standard inp ...

  3. HDU5832

    A water problem Time Limit: 5000/2500 MS (Java/Others)    Memory Limit: 65536/65536 K (Java/Others)T ...

  4. 从php到浏览器的缓存机制,不得不看!

    所有的php程序员都知道在php脚本里面执行 echo "1";访客的浏览器里面就会显示"1". 但是我们执行下面的代码的时候,并不是显示"1&quo ...

  5. 双显卡笔记本安装CUDA+theano、tensorflow环境

    原文出处:http://www.cnblogs.com/jacklu/p/6377820.html 个人知乎主页欢迎关注:https://www.zhihu.com/people/jack_lu,相信 ...

  6. java打包jar,war,ear包的作用、区别

    java的打包jar,war,ear包的作用,区别,打包方式. a) 作用与区别      i.    jar: 通常是开发时要引用通用(JAVA)类,打成包便于存放管理      ii.   war ...

  7. java线程之生产者消费者

    看了毕向东老师的生产者消费者,就照着视频参考运行了一下,感觉还好 这个值得学习的是条理特别清晰: ProducterConsumerDemo.java中,一个资源类Resources,生产者消费者都可 ...

  8. 用9种办法解决 JS 闭包经典面试题之 for 循环取 i

    2017-01-06 Tomson JavaScript 转自 https://segmentfault.com/a/1190000003818163 闭包 1.正确的说,应该是指一个闭包域,每当声明 ...

  9. Altium Designer(DXP)小技巧之模块化布局

    原创博客转载需注明地址 在我们用Altium Designer进行电路板的绘制的时候经常会遇到模块化布局的问题 就比如电源模块(电源芯片及其外围芯片)放在一起 传感器模块(传感器芯片及其外围芯片)放在 ...

  10. python爬虫利器Selenium使用详解

    简介: 用pyhon爬取动态页面时普通的urllib2无法实现,例如下面的京东首页,随着滚动条的下拉会加载新的内容,而urllib2就无法抓取这些内容,此时就需要今天的主角selenium. Sele ...