网络类型有local,flat,vlan,vxlan。这些不同网络类型的实现借助于network driver,比如Linux Bridge和Open vSwitch。环境搭建需要多个网卡,控制节点或网络节点需要一个打通外网(集群外)的网卡。
local
local网络不支持跨节点,所有网络内的虚拟机通过bridge联通。bridge不会通过网卡对外通讯。
flat
flat网络和物理网卡一对一绑定。不存在一个物理网卡能支持多个flat网络的情况。flat可以跨节点。
每一个flat 网络都有一个dhcp服务,实际上是在网络控制节点上的一个独有的dnsmasq进程,每个进程独占一个网络namespace, 以便为某个flat网络单独服务。通过veth pair和flat bridge相连,打通两个namespace。
创建flat网络实例,openstack会根据该flat网络的设置分配一个port 包括ip和mac,并被dhcp获取,nova会给vm VIF虚拟网卡分配这个mac。获取ip的过程是这样的,dhcp进程通过虚拟网卡对监听到实例启动,vm会发广播到整个flat网络,dhcp的虚拟网卡会监听到,dhcp根据自己的host文件和mac查询到对应信息,然后分配ip子网掩码和地址租用期限。不同计算节点上的实例可以互相通信,每个节点上的bridge名称是一样的,每个flat网络绑定独占一个网卡。
vlan
一个物理网卡可以支持多个vlan。vlan可以是夸节点的,每个节点的bridge名字相同。bridge通过vlan网口eth1.100与物理网卡联通。不同vlan可以通过路由router互通,可以是物理路由器,接到交换机之外,上面配置需要打通的所有vlan的网关。也可以是虚拟路由,首先建立一个虚拟网络,可以是flat类型的,通过物理网卡联通外网,存在于单独的network namespace,由veth pair打通和vlan bridge的通信。网关配置在路由到bridge的tap上。
和路由相连的所谓的外部网络,绑定一个控制节点的网卡,以后所有对外通信都通过这个网络,网络和网络之间用veth pair打通。
通过路由和相连接的外网可以设置某个vm的floating ip,floating IP 是配置在 router 提供网关的外网 interface 上的,而非 instance 中。所以路由保存有floating ip和网内ip的映射,是一种静态NAT。floating ip方便外网直接访问内网vm。
如果没有floating ip,向外的流量,路由会把内网ip转为自己的外网ip,当流量返回时,路由会找到相应的内网ip,这就是所谓的source NAT。
路由默认网关是外网网关,所有内网虚拟机访问除了内网的流量都会走向这个默认的网关。floating IP 配置到 router 的外网 interface qg-b8b32a88-03 上。
其他的比如dhcp和flat网络差不多。
vxlan
由通道技术实现的虚拟网络。是基于三层网络协议实现的的二层协议。核心是vtep,一种虚拟网卡。基本思路,由vtep封装二层协议包打上vxlan标签,并用ip+udp封装,通过原始ip和终点ip打通通信。所以是一种基于网络之上的虚拟网络。
vxlan是一种虚拟二层网络,支持arp,不过在openstack中不需要广播,因为有代理会直接把ip mac的信息分享给虚拟机。
借助linux bridge 或 open vswitch可以实现vxlan。和vlan相比,vxlan适合更大规模的集群。其他的比如dhcp和router基本和vlan一样。
Security Group和FWaaS
这两种都是OpenStack的安全策略,都是通过iptables来实现的,前者是对特定虚拟机来设置的,后者是对整个定制网络的subnet指定的安全策略。可结合使用。
OpenStack LBaaS
OpenStack Loadbalance as a Service。方便搭建lb集群,默认HAProxy,可以选择其他。
需要一个lb server的虚拟机,这个lb server有一个VIP,是属于和集群(web server)相同网段的IP,在外围路由配置floating ip,这样集群外可通过floating ip访问lb。OpenStack界面支持lb的各种策略,第一次访问的策略,比如round robin,least connection,source ip。之后的session persistence策略比如source ip,http cookie,app cookie等。后两者是发送给客户端特定的cookie,比如srv,记录上次连接的server信息。
Open vSwitch
和Linux Bridge一样,Open vSwitch也可用来实现不同网络类型。不同的是,OVS有自己专有的网桥以及利用flow rule来隔离vlan,而不是Linux Bridge的veth1.100, eth1.101等vlan interface。
– br-int(integration),打通instance和其他虚拟网络设备
– br-ex(external),和网卡直连,打通和外网的通道
– br-tun(tunnel),只适用于基于tunnel技术的vxlan和GRE网络
注:原创。图表来源于CloudMan
Pingback: fpsouthnashua
Pingback: sugotogo
Pingback: jamesjean
Pingback: thegfxlab
Pingback: johnsonwedding
Pingback: caspigas
Pingback: eolziwf
Pingback: medicinesnorx
Pingback: hairulafiz
Pingback: booyahsmomma
Pingback: bestpricemoving
Pingback: deluxeautosales
Pingback: cikgudollah
Pingback: stevierock
Pingback: tecavuz
Pingback: seoservicesdelhi
Pingback: syndesmo
Pingback: larosaviola
Pingback: submitwebsites
Pingback: spiritartists
Pingback: alyadance
Pingback: dhinfra
Pingback: margaretowen
Pingback: ds-flow
Pingback: luxiform
Pingback: gearandrack
Pingback: croftmanor
Pingback: heuermann
Pingback: alniam
Pingback: scrompany
Pingback: myschoolinfo
Pingback: sifaligidalar
Pingback: depotwines
Pingback: bluegoldmarketing
Pingback: tommydalton
Pingback: sitetraq
Pingback: snapitf
Pingback: sellmineralrights
Pingback: mygohotels
Pingback: tokensci
Pingback: fluteringtone
Pingback: schreibstube
Pingback: lefouineur
Pingback: gestiondenegocios
Pingback: imaginexmedia
Pingback: drachenshop
Pingback: valoriel
Pingback: eidmubarakwishes
Pingback: polofutar
Pingback: moltenmama
Pingback: edicoesabm
Pingback: mseteit
Pingback: bushkim
Pingback: stevedekay
Pingback: vastewine
Pingback: execedits
Pingback: scifiindia
Pingback: theassetedge
Pingback: wanakahomes
Pingback: sommarbutik
Pingback: jimhfl
Pingback: salluzfoods
Pingback: bionutronics
Pingback: raspberrypihacks
Pingback: lvalverde
Pingback: buckleyk
Pingback: theicecreambucket
Pingback: mathewslodge
Pingback: reneecascarina
Pingback: peruconelmundo
Pingback: thephelpsgroup
Pingback: atmosphile
Pingback: ceosoul
Pingback: communityzap
Pingback: highgearelectric
Pingback: resiliens
Pingback: gmchevydealer
Pingback: dudukner
Pingback: housebaba
Pingback: vicksfabs
Pingback: agapcanada
Pingback: infoadicciones
Pingback: ilovejay
Pingback: philippeelkaim
Pingback: cairnsparency
Pingback: postaim
Pingback: biskstudio
Pingback: cefashion
Pingback: latestime
Pingback: ebaumsnation
Pingback: sbtribalfarms
Pingback: cedizmir
Pingback: lucomania
Pingback: sinkaltim
Pingback: serioussam
Pingback: mamnbeb
Pingback: adlimeira
Pingback: ilovemage
Pingback: ecovinowines
Pingback: nuttours
Pingback: aselresorthotel
Pingback: maidsquadtx
Pingback: canseidesercool
Pingback: lwthai
Pingback: boominets
Pingback: jinteex
Pingback: saglikara
Pingback: sodmgmodels
Pingback: haydayhacktoolz
Pingback: cialisonlinegp
Pingback: giftbowtique
Pingback: chzsun
Pingback: coffeecertified
Pingback: desnichons
Pingback: seasonalshoptips
Pingback: virukshamtrust
Pingback: calimercado
Pingback: kuwaitwebinfo
Pingback: ntrfanz
Pingback: mumofthreeboys
Pingback: caltav
Pingback: valtercasini
Pingback: hetkookboek
Pingback: keralatourslane
Pingback: merrakech
Pingback: ninjapopgrip
Pingback: vanelus
Pingback: genericcialisfe
Pingback: andthegiraffe
Pingback: cranfordhairco
Pingback: imwrks
Pingback: aldarakuae
Pingback: zeneventsja
Pingback: homembt
Pingback: tidyweekender
Pingback: rightcoastranch
Pingback: classfaqs
Pingback: sikaikhabar
Pingback: portalsituspoker
Pingback: hyperkast
Pingback: greaterkakinada
Pingback: pdftoget
Pingback: lahoreview
Pingback: aragonya
Pingback: snywlt
Pingback: carasello
Pingback: lapioo
Pingback: lsdmuzic
Pingback: jiaqi100
Pingback: stephensng
Pingback: theallegromovement
Pingback: hyo-kin
Pingback: jhrollover
Pingback: frderoubaix
Pingback: eastendprints
Pingback: netformation
Pingback: gbsmelaka
Pingback: autumnimports
Pingback: vedspace
Pingback: lespitchousvoyagent
Pingback: dramaindoxxi
Pingback: viagzaibis
Pingback: spartzmedia
Pingback: fifa55hot
Pingback: myprimevideotv
Pingback: africannuaire
Pingback: proevalua
Pingback: sinjambi
Pingback: oleotek
Pingback: toptenofworld
Pingback: emiratesphonenumber
Pingback: synchroltd
Pingback: profmaison
Pingback: victorytelemedicine
Pingback: edcialistop
Pingback: luxpetco
Pingback: celestebarcelona
Pingback: dcrespond
Pingback: anniebowco
Pingback: surveier
Pingback: tucamiseta
Pingback: protozoaweb
Pingback: novaapk
Pingback: katalog-nasa
Pingback: surfray
Pingback: tvamazontv
Pingback: rechanma
Pingback: bitencore
Pingback: brownfont
Pingback: aegismultimedia
Pingback: mt-amazon
Pingback: dorichon
Pingback: fildupuis
Pingback: manbirsandhu
Pingback: patelshopping
Pingback: silifkeli
Pingback: pagiaphat
Pingback: holdingsahara
Pingback: raulpastor
Pingback: lakshmiprecastinn
Pingback: vndsnkr
Pingback: neilizur
Pingback: mafhum-tech
Pingback: dewapokerplay
Pingback: stargiochi
Pingback: srsearthing
Pingback: chicagonano
Pingback: chloroquinepack
Pingback: dubai-developer
Pingback: kucing-kelabu
Pingback: photonaix
Pingback: nosuvia
Pingback: intellectivetech
Pingback: celebritysweatnelly
Pingback: lysj8
Pingback: smefaculty
Pingback: ainhoaart
Pingback: tvmyprime
Pingback: ahuela
Pingback: agencemdc
Pingback: obxpubcrawl
Pingback: jetskilakehavasu
Pingback: nguyenthinhaudio
Pingback: homestorymarket
Pingback: m-nortoncomsetup
Pingback: paoaowjaisai
Pingback: uppicfree
Pingback: cassademaria
Pingback: khangsneakers
Pingback: kit963
Pingback: sockeye-camp
Pingback: viagrapoi
Pingback: capilarspain
Pingback: legitkushsuppliers
Pingback: mobilestatstracker
Pingback: fieldenergyllc
Pingback: newcarlights
Pingback: cialischeaponlinegt
Pingback: ouchaz
Pingback: redbasement
Pingback: srankhala
Pingback: asoonkhoon
Pingback: pubspaces
Pingback: ugibilisim
Pingback: antsevak
Pingback: lczbic
Pingback: jacobperlowhospice
Pingback: stanthonyshyd
Pingback: otohortumdunyasi
Pingback: mnfvtc
Pingback: smithlevi
Pingback: kit963
Pingback: odt-pbj
Pingback: sadlifebox
Pingback: federalspare
Pingback: malatyaneykursu
Pingback: vfokus
Pingback: theallegromovement
Pingback: vgrspain
Pingback: livechatklub4d
Pingback: rcnutricion
Pingback: arananeu
Pingback: blincville
Pingback: lipitormed
Pingback: cagdasck
Pingback: coprintpromo
Pingback: viagrahuupup
Pingback: cialisgrn
Pingback: purplesagedesigns
Pingback: villahomeinteriors
Pingback: sockeye-camp
Pingback: thedreamboxshop
Pingback: lindblomgd
Pingback: owendemocrats
Pingback: expologtech
Pingback: indian-superstar
Pingback: cineseriestv
Pingback: stkhaberleri
Pingback: tadalafilalt
Pingback: konanatural
Pingback: njbulk
Pingback: thecreagent
Pingback: getesionow
Pingback: nevaktar
Pingback: basignon
Pingback: doctordomson
Pingback: getvviagragets
Pingback: roundclip
Pingback: soccerprorc
Pingback: columbiagorgebnb
Pingback: lutaniccreations
Pingback: belgiansaison
Pingback: tomcatmining
Pingback: grieftheunspoken
Pingback: ticklast
Pingback: mytableq
Pingback: sfmlondon
Pingback: mysummervilleford
Pingback: blueskydigi
Pingback: mercedescsi
Pingback: greenglobestaffing
Pingback: gcclcareers
Pingback: harbenpumps
Pingback: tosseldorf
Pingback: lamaisondemma
Pingback: udecoder
Pingback: tenzingnorgaymtb
Pingback: ecrgrup
Pingback: siefertmurphy
Pingback: winstonmalta
Pingback: fargovn
Pingback: bcapalt
Pingback: talcottcenter
Pingback: jmlcomputers
Pingback: sardstudios
Pingback: sedfab
Pingback: freedomqdro
Pingback: guiacinefila
Pingback: hiteauto
Pingback: fermomia
Pingback: fredmarvin
Pingback: triplenickles
Pingback: tildesheim
Pingback: ctfohempcbd
Pingback: sinspi
Pingback: motobc
Pingback: estatesdelray
Pingback: bucumarket
Pingback: cambridgeauto
Pingback: fibuilders
Pingback: visionitgroup
Pingback: drivingmama
Pingback: transcapins
Pingback: caldreamapp
Pingback: calmission
Pingback: tuinvlangdh
Pingback: debagliano
Pingback: designinator
Pingback: comunidadmh
Pingback: leblogfm
Pingback: aptarismrm
Pingback: dmealliance
Pingback: eurorumo
Pingback: danbloom
Pingback: requeil
Pingback: einspurauto
Pingback: acukinetics
Pingback: doodadsinc
Pingback: ascarov
Pingback: vetteleader
Pingback: dapasten
Pingback: autodealsva
Pingback: hpalmyros
Pingback: alicecassidy
Pingback: thocbdc
Pingback: gestdom
Pingback: bibleclues
Pingback: hapustahl
Pingback: corkcityyoga
Pingback: techieva
Pingback: pedsbif
Pingback: postrom
Pingback: eccucourse
Pingback: laeamerica
Pingback: boekstuk
Pingback: mehrhost
Pingback: juragon
Pingback: tsilifeline
Pingback: sagerllp
Pingback: wewebla
Pingback: aviurban
Pingback: eklandia
Pingback: sisdrog
Pingback: encweddings
Pingback: motorloaf
Pingback: selectakaza
Pingback: toruseurope
Pingback: ncgrassfed
Pingback: surfmorocco
Pingback: jasonlinphoto
Pingback: aiawyoming
Pingback: segurosblog
Pingback: saunasmith
Pingback: baugeraete
Pingback: brassmedia
Pingback: actiocloud
Pingback: supracables
Pingback: simairway
Pingback: reinery
Pingback: ibmwsc
Pingback: osbornenash
Pingback: weareguthrie
Pingback: notairegranby
Pingback: blusealdoors
Pingback: granne
Pingback: qubacafe
Pingback: stephenemay
Pingback: berkleypak
Pingback: fethiyemap
Pingback: nanopose
Pingback: delmarballet
Pingback: erisfilms
Pingback: flirtwithmen
Pingback: sensepeanut
Pingback: frankboddy
Pingback: saveorpave
Pingback: peggymyer
Pingback: pariswin
Pingback: feastdesign
Pingback: onedayonefilm
Pingback: bifudo
Pingback: midtnbiz
Pingback: hollymackler
Pingback: destinydeal
Pingback: montananest
Pingback: polargy
Pingback: hostelprague
Pingback: carloscurbelo
Pingback: niubvnp
Pingback: blitzbarpdx
Pingback: radassure
Pingback: peggymayer
Pingback: joshwoodward
Pingback: sugiftofhope
Pingback: sarksofrasi
Pingback: swissneth
Pingback: chscbd
Pingback: cedartownchat
Pingback: zoppecircus
Pingback: oetopia
Pingback: toisondeoro
Pingback: palcapital
Pingback: uticajobs
Pingback: adecorar
Pingback: wilfredagroup
Pingback: painmm
Pingback: usephoenix
Pingback: oasouth
Pingback: cschneebeck
Pingback: amettis
Pingback: lumistor
Pingback: samangus
Pingback: dieselusa
Pingback: raphaelcruz
Pingback: loadiq
Pingback: hydrometry
Pingback: predaktor
Pingback: houseoftablas