概述#
VM现在可以通过单个 vNIC 发送和接收带有 VLAN 标记的流量。此功能对于需要 VLAN 标记流量的 NFV 应用程序 (VNF) 特别有用,允许单个 vNIC 为多个客户/服务提供服务。
例如,租户数据网络可以使用 VLAN 隔离,而VM将看到带有 VLAN ID 标记的流量。结果,网络数据包在注入实例之前就被标记了;他们不需要在整个网络中被标记。
要实现这一点,首先创建一个父端口并将其连接到现有规划的trunk网络中。 这样做会将trunk连接添加到您创建的父端口。 接下来,创建子端口。 这些子端口是将 VLAN 连接到VM的端口,从而允许连接到trunk。 在VM操作系统中,您需要创建一个子接口来标记与子端口关联的 VLAN 的流量。
需求产生场景
1、用户在虚机运行 K8S ,采用 VLAN 模式组网,要求 VM 端口要支持 trunk,支持多个 VLAN 网络数据在同一虚拟网卡上传输。
2、需要动态的增删虚拟机上的网络接口。通过增删vlan相对来说更加简单和快捷。
环境描述
openstack version:train
| 网络名称 | 模式 | vlan id |
|---|---|---|
| Vm_Trunk_Net_500 | vlan | 500 |
| Vm_Sub_Net_501 | vlan | 501 |
| Vm_Sub_Net_502 | vlan | 502 |
配置实现
在 neuteon server plugin 中启用 trunk
1、kolla-ansible部署openstack的修改方式
$ vim /etc/kolla/conf/neutron.conf
service_plugins=router,trunk
# 执行让neutron配置生效
$ kolla-ansible -i /etc/ansible/hosts -t neutron deploy
2、手工部署opensatck修改方式
$ vim ${neutron_path}/neutron.conf
[DEFAULT]
service_plugins = router,trunk
# 重启neutron相关服务
创建VM trunk ports
# 从Vm_Trunk_Net_500网络创建一个端口作为父端口
$ openstack port create --network Vm_Trunk_Net_500 parent-trunk-port
点击查看创建父端口详情
$ openstack port create --network Vm_Trunk_Net_500 parent-trunk-port
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:27:33Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.0.1.53', subnet_id='adc1d30e-b08f-46e9-8f09-45ad06eaed12' |
| id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:7f:ca:16 |
| name | parent-trunk-port |
| network_id | 96485d8a-0600-44b1-a535-c813fe9a7a86 |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:27:33Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# 创建一个trunk connection,关联父端口(parent-trunk-port),trunk名字为parent-trunk
$ openstack network trunk create --parent-port parent-trunk-port parent-trunk
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | UP |
| created_at | 2022-02-28T00:28:53Z |
| description | |
| id | 5e579416-218e-4fca-8743-bee2654f3d4a |
| name | parent-trunk |
| port_id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| revision_number | 0 |
| status | DOWN |
| sub_ports | |
| tags | [] |
| tenant_id | a3f435fc08854b828b3346aa1581d39f |
| updated_at | 2022-02-28T00:28:53Z |
+-----------------+--------------------------------------+
# 查看创建好的trunk口(最后会把trunk口挂给VM作为port)
$ openstack network trunk list
+--------------------------------------+--------------+--------------------------------------+-------------+
| ID | Name | Parent Port | Description |
+--------------------------------------+--------------+--------------------------------------+-------------+
| 5e579416-218e-4fca-8743-bee2654f3d4a | parent-trunk | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 | |
+--------------------------------------+--------------+--------------------------------------+-------------+
# 创建两个 subports,作为trunk 的子接口,也就是实际放通的vlan
$ openstack port create --network Vm_Sub_Net_501 subport-trunk-port-vlan501
$ openstack port create --network Vm_Sub_Net_502 subport-trunk-port-vlan502
点击查看创建subports详情
$ openstack port create --network Vm_Sub_Net_501 subport-trunk-port-vlan501
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:35:26Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.168.2.189', subnet_id='f1931d63-c58b-4a5e-a627-b0c3e0cfe108' |
| id | ccb00cc7-8ef5-4c98-9778-c86c11a9da2d |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:2e:76:25 |
| name | subport-trunk-port-vlan501 |
| network_id | 8fc28fb7-d24c-4dc5-97f1-bcdb7116323d |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:35:26Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack port create --network Vm_Sub_Net_502 subport-trunk-port-vlan502
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:35:51Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.168.2.157', subnet_id='c1a6e47d-babe-4cd8-b953-07e7773015ef' |
| id | 04b64548-4499-4997-a8eb-340c47fe6e03 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:b8:64:de |
| name | subport-trunk-port-vlan502 |
| network_id | 0c590e19-9aca-4cb6-ae70-0e7124160a39 |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:35:51Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# 把subport关联到trunk(parent-trunk)
# subport-trunk-port-vlan501 = ccb00cc7-8ef5-4c98-9778-c86c11a9da2d
# subport-trunk-port-vlan502 = 04b64548-4499-4997-a8eb-340c47fe6e03
# port=subport-id,segmentation-type=网络模式,segmentation-id=subport-vlan-id
$ openstack network trunk set --subport port=ccb00cc7-8ef5-4c98-9778-c86c11a9da2d,segmentation-type=vlan,segmentation-id=501 parent-trunk
$ openstack network trunk set --subport port=04b64548-4499-4997-a8eb-340c47fe6e03,segmentation-type=vlan,segmentation-id=502 parent-trunk
# 查看trunk口的信息,看看是否把subport关联到trunk口成功, sub_ports字段有你关联的子接口即为成功。
$ openstack network trunk show parent-trunk
+-----------------+-------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| created_at | 2022-02-28T00:28:53Z |
| description | |
| id | 5e579416-218e-4fca-8743-bee2654f3d4a |
| name | parent-trunk |
| port_id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| revision_number | 2 |
| status | DOWN |
| sub_ports | port_id='ccb00cc7-8ef5-4c98-9778-c86c11a9da2d', segmentation_id='501', segmentation_type='vlan' |
| | port_id='04b64548-4499-4997-a8eb-340c47fe6e03', segmentation_id='502', segmentation_type='vlan' |
| tags | [] |
| tenant_id | a3f435fc08854b828b3346aa1581d39f |
| updated_at | 2022-02-28T00:41:11Z |
+-----------------+-------------------------------------------------------------------------------------------------+
把trunk口挂给虚拟机使用。
# nova interface-attach ${vm-id} --port-id ${trunk-port-id}
$ nova interface-attach 072beefc-ff79-4baa-bb8c-6e7f754399c2 --port-id 5e579416-218e-4fca-8743-bee2654f3d4a
# 接下来可分别在centos虚拟机,创建两个子接口,vlan分别为501,502。
# 可采用tcpdump -i ${interface} -nne icmp 抓虚拟机所在宿主机物理口的流量,看看是否打上相应的tag出去。