In a flat network, everyone shares the same network segment. For example, say 2 tenants are sharing the cluster, and this segment is 10.4.128.0/20 - VM1 from tenant 1 might get assigned 10.4.128.3, VM1 from tenant 2 might get 10.4.128.4, and so on. This means that tenant 1 can see the traffic from tenant 2. Not a good thing in most cases.

In a VLAN network, tenants are separated because each is assigned to a VLAN. In OpenVSwitch plugin (or ML2 with OVS driver), OVS will in the virtual switches allocate an internal VLAN for each tenant. If you mix in a hardware plugin like the Cisco Nexus plugin, it will be asked to allocate VLANs as well. These VLANs provide separation amongst the tenants (as VLANs are designed to do). It also means that tenants can specify the same subnet and overlap in that subnet range - VM1 from tenant 1 can get assigned IP 10.4.128.3 and VM1 from tenant 2 can also get 10.4.128.3, without conflict. This makes life easier for administrators because they don't have to worry about tenants that want the same subnet and address allocations, because the VLANs keep them separate.

GRE segmenation (and VXLAN) also provides separation among tenants, and also allows overlapping subnets and IP ranges. It does this by encapsulating tenant traffic in tunnels. Say your tenant has VMs running on compute nodes A, B, and C. Neutron (along with OVS) will build a fully connected mesh of tunnels between all of these machines, and create a tunnel bridge on each of these nodes that is used to direct traffic from VMs into and out of these tunnels. If a VM on machine A wants to send packets to a VM on machine B, machine A will encapsulate the IP packets coming out of the VM using a segmentation ID that is generated for the tenant by OpenStack, and the receiving machine (B) will decapsulate the packets and route them to the destination VM using the addressing information in the ethernet frame.

GRE and VXLAN scale better than VLAN, and while VLAN based networking probably has its applications (you might be integrating with a infrastructure that is VLAN-based to begin with), I have found GRE/VXLAN based OVS setups to be easier to deploy and debug than VLAN based setups (one reason is you can use a dumb switch to connect all the physical hosts), and so my feeling is you want to start there if you have a deployment scenario that involves multiple tenants and you want to allow for overlapping network segments and IP address ranges in your tenants.

转自: https://ask.openstack.org/en/question/51388/whats-the-difference-between-flat-gre-and-vlan-neutron-network-types/

neutron 中 flat vlan gre vxlan的区别的更多相关文章

  1. 二:vlan,gre,vxlan

    管理网络:包含api网络(public给外部用,admin给管理员用-是内部ip,internal给内部用-是内部ip) 数据网络 存储网络 IDRAC网络 PXE网络 控制节点相关服务 system ...

  2. VLAN,GRE,VXLAN

    https://www.cnblogs.com/charles1ee/p/6629009.html VLAN介绍 局域网LAN(多个机器连接一个Hub或者Switch),是一个广播域 VLAN:一台S ...

  3. VLAN和VXLAN的区别

    VLAN ·概况 VLAN (Virtual Local Area Network)意为虚拟局域网,是在交换机实现过程中涉及到的概念,由802.1Q标准所定义.由于交换机是工作在链路层的网络设备,连接 ...

  4. 【openstack N版】——网络服务neutron(flat扁平网络)

    一.openstack网络服务neutron 1.1neutron介绍 neutron是openstack重要组件之一,在以前是时候没有neutron项目,早期的时候是没有neutron,早期所使用的 ...

  5. openstack之Neutron网络模式vlan,gre,vxlan详解

    第一:neutron openvswitch + vlan虚拟网络 一:基础知识 vlan基础知识 1.vlan介绍 1.1:首先说下lan,LAN 表示 Local Area Network,本地局 ...

  6. Neutron 理解 (3): Open vSwitch + GRE/VxLAN 组网 [Netruon Open vSwitch + GRE/VxLAN Virutal Network]

    学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  7. 理解 neutron(15):Neutron Linux Bridge + VLAN/VXLAN 虚拟网络

    学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  8. [转载]OpenStack OVS GRE/VXLAN网络

      学习或者使用OpenStack普遍有这样的现象:50%的时间花费在了网络部分:30%的时间花费在了存储方面:20%的时间花费在了计算方面.OpenStack网络是不得不逾越的鸿沟,接下来我们一起尝 ...

  9. openstack中使用linux_bridge实现vxlan网络

    openstack环境: 1 版本:ocata 2 系统:ubuntu16.04.2 3 控制节点 1个 + 计算节点 1个 4 控制节点网卡为ens33,ip = 172.171.5.200 ens ...

随机推荐

  1. 每天一个linux命令(22):chgrp命令

    在 lunix系统里,文件或目录的权限的掌控以拥有者及所诉群组来管理.可以使用chgrp指令取变更文件与目录所属群组,这种方式采用群组名称或群组识别 码都可以.Chgrp命令就是change grou ...

  2. 总结css之内联图片的优缺点

    会不会有这样一种感觉?IT技术开发知识面很广也很深,总会有你不懂得问题出现.一个接着一个新的问题,一个接着一个新的挑战. 今天,解读[内联图片],什么是内联图片,使用内联图片的优缺点是什么?这个问题是 ...

  3. Xcode 6以上版本如何创建一个空的工程(Empty Application)

    Xcode 6 正式版里面没有Empty Application这个模板,这对于习惯了纯代码编写UI界面的程序员来说很不习惯. 有高手给出了一个解决方法是,把Xcode 6 beta版里面的模板复制过 ...

  4. Bzoj1115 石子游戏Kam

    这是道权限题,差评. 题目说明引自ZYF-ZYF Description 有N堆石子,除了第一堆外,每堆石子个数都不少于前一堆的石子个数.两人轮流操作每次操作可以从一堆石子中移走任意多石子,但是要保证 ...

  5. 中间件、MetaQ入门学习

    目录 . 中间件技术 . MetaQ中间件 . MetaQ编程实践 1. 中间件技术 0x1: 中间件简介 中间件(Middleware)是提供系统软件和应用软件之间连接的软件,以便于软件各部件之间的 ...

  6. UVA 1398 Meteor

    传送门 Solution: 记一颗流星在视野内的时间段为(L, R), 为了使所有(L, R)都取整数,首先将坐标放大. 放大倍数可取为 LCM(1, 2, ..., 10)= 2520 接着计算:从 ...

  7. Appserv环境下搭建的PHP环境升级PHP版本(支持微信端口以及thinkphp)

      Appserv 2.5.10 升级PHP from version 5.2 to 5.3 最近,在使用Appserv 2.5.10 中的PHP开发微信时,遇到下面错误 Fatal error  C ...

  8. win10系统安装.net35的命令行方式

    有些程序在windows系统中需要安装.net35才能运行,下载太慢了,可以直接在docs窗口直接安装,命令行如下:Dism /online /enable-feature /featurename: ...

  9. C#里List.Sort的用法

    using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace List ...

  10. ExecutorService的十个使用技巧

    ExecutorService] (https://docs.oracle.com/javase/8/docs/api/java/util/concurrent /ExecutorService.ht ...