概述
VM現在可以通過單個 vNIC 傳送和接收帶有 VLAN 標記的流量。此功能對於需要 VLAN 標記流量的 NFV 應用程式 (VNF) 特別有用,允許單個 vNIC 為多個客戶/服務提供服務。
例如,租戶資料網路可以使用 VLAN 隔離,而VM將看到帶有 VLAN ID 標記的流量。結果,網路資料包在注入例項之前就被標記了;他們不需要在整個網路中被標記。
要實現這一點,首先建立一個父埠並將其連線到現有規劃的trunk網路中。 這樣做會將trunk連線新增到您建立的父埠。 接下來,建立子埠。 這些子埠是將 VLAN 連線到VM的埠,從而允許連線到trunk。 在VM作業系統中,您需要建立一個子介面來標記與子埠關聯的 VLAN 的流量。
需求產生場景
1、使用者在虛機執行 K8S ,採用 VLAN 模式組網,要求 VM 埠要支援 trunk,支援多個 VLAN 網路資料在同一虛擬網路卡上傳輸。
2、需要動態的增刪虛擬機器上的網路介面。通過增刪vlan相對來說更加簡單和快捷。
環境描述
openstack version:train
| 網路名稱 | 模式 | vlan id |
|---|---|---|
| Vm_Trunk_Net_500 | vlan | 500 |
| Vm_Sub_Net_501 | vlan | 501 |
| Vm_Sub_Net_502 | vlan | 502 |
配置實現
在 neuteon server plugin 中啟用 trunk
1、kolla-ansible部署openstack的修改方式
$ vim /etc/kolla/conf/neutron.conf
service_plugins=router,trunk
# 執行讓neutron配置生效
$ kolla-ansible -i /etc/ansible/hosts -t neutron deploy
2、手工部署opensatck修改方式
$ vim ${neutron_path}/neutron.conf
[DEFAULT]
service_plugins = router,trunk
# 重啟neutron相關服務
建立VM trunk ports
# 從Vm_Trunk_Net_500網路建立一個埠作為父埠
$ openstack port create --network Vm_Trunk_Net_500 parent-trunk-port
點選檢視建立父埠詳情
$ openstack port create --network Vm_Trunk_Net_500 parent-trunk-port
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:27:33Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='10.0.1.53', subnet_id='adc1d30e-b08f-46e9-8f09-45ad06eaed12' |
| id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:7f:ca:16 |
| name | parent-trunk-port |
| network_id | 96485d8a-0600-44b1-a535-c813fe9a7a86 |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:27:33Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# 建立一個trunk connection,關聯父埠(parent-trunk-port),trunk名字為parent-trunk
$ openstack network trunk create --parent-port parent-trunk-port parent-trunk
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| admin_state_up | UP |
| created_at | 2022-02-28T00:28:53Z |
| description | |
| id | 5e579416-218e-4fca-8743-bee2654f3d4a |
| name | parent-trunk |
| port_id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| revision_number | 0 |
| status | DOWN |
| sub_ports | |
| tags | [] |
| tenant_id | a3f435fc08854b828b3346aa1581d39f |
| updated_at | 2022-02-28T00:28:53Z |
+-----------------+--------------------------------------+
# 檢視建立好的trunk口(最後會把trunk口掛給VM作為port)
$ openstack network trunk list
+--------------------------------------+--------------+--------------------------------------+-------------+
| ID | Name | Parent Port | Description |
+--------------------------------------+--------------+--------------------------------------+-------------+
| 5e579416-218e-4fca-8743-bee2654f3d4a | parent-trunk | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 | |
+--------------------------------------+--------------+--------------------------------------+-------------+
# 建立兩個 subports,作為trunk 的子介面,也就是實際放通的vlan
$ openstack port create --network Vm_Sub_Net_501 subport-trunk-port-vlan501
$ openstack port create --network Vm_Sub_Net_502 subport-trunk-port-vlan502
點選檢視建立subports詳情
$ openstack port create --network Vm_Sub_Net_501 subport-trunk-port-vlan501
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:35:26Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.168.2.189', subnet_id='f1931d63-c58b-4a5e-a627-b0c3e0cfe108' |
| id | ccb00cc7-8ef5-4c98-9778-c86c11a9da2d |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:2e:76:25 |
| name | subport-trunk-port-vlan501 |
| network_id | 8fc28fb7-d24c-4dc5-97f1-bcdb7116323d |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:35:26Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack port create --network Vm_Sub_Net_502 subport-trunk-port-vlan502
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | |
| binding_profile | |
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-02-28T00:35:51Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | None |
| dns_domain | None |
| dns_name | None |
| extra_dhcp_opts | |
| fixed_ips | ip_address='192.168.2.157', subnet_id='c1a6e47d-babe-4cd8-b953-07e7773015ef' |
| id | 04b64548-4499-4997-a8eb-340c47fe6e03 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='a3f435fc08854b828b3346aa1581d39f', project.name='admin', region_name='RegionOne', zone= |
| mac_address | fa:16:3e:b8:64:de |
| name | subport-trunk-port-vlan502 |
| network_id | 0c590e19-9aca-4cb6-ae70-0e7124160a39 |
| port_security_enabled | False |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 1 |
| security_group_ids | |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-02-28T00:35:51Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# 把subport關聯到trunk(parent-trunk)
# subport-trunk-port-vlan501 = ccb00cc7-8ef5-4c98-9778-c86c11a9da2d
# subport-trunk-port-vlan502 = 04b64548-4499-4997-a8eb-340c47fe6e03
# port=subport-id,segmentation-type=網路模式,segmentation-id=subport-vlan-id
$ openstack network trunk set --subport port=ccb00cc7-8ef5-4c98-9778-c86c11a9da2d,segmentation-type=vlan,segmentation-id=501 parent-trunk
$ openstack network trunk set --subport port=04b64548-4499-4997-a8eb-340c47fe6e03,segmentation-type=vlan,segmentation-id=502 parent-trunk
# 檢視trunk口的資訊,看看是否把subport關聯到trunk口成功, sub_ports欄位有你關聯的子介面即為成功。
$ openstack network trunk show parent-trunk
+-----------------+-------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| created_at | 2022-02-28T00:28:53Z |
| description | |
| id | 5e579416-218e-4fca-8743-bee2654f3d4a |
| name | parent-trunk |
| port_id | 1f7835f4-fe89-46fc-ba8c-7ce93d9a5bb2 |
| project_id | a3f435fc08854b828b3346aa1581d39f |
| revision_number | 2 |
| status | DOWN |
| sub_ports | port_id='ccb00cc7-8ef5-4c98-9778-c86c11a9da2d', segmentation_id='501', segmentation_type='vlan' |
| | port_id='04b64548-4499-4997-a8eb-340c47fe6e03', segmentation_id='502', segmentation_type='vlan' |
| tags | [] |
| tenant_id | a3f435fc08854b828b3346aa1581d39f |
| updated_at | 2022-02-28T00:41:11Z |
+-----------------+-------------------------------------------------------------------------------------------------+
把trunk口掛給虛擬機器使用。
# nova interface-attach ${vm-id} --port-id ${trunk-port-id}
$ nova interface-attach 072beefc-ff79-4baa-bb8c-6e7f754399c2 --port-id 5e579416-218e-4fca-8743-bee2654f3d4a
# 接下來可分別在centos虛擬機器,建立兩個子介面,vlan分別為501,502。
# 可採用tcpdump -i ${interface} -nne icmp 抓虛擬機器所在宿主機物理口的流量,看看是否打上相應的tag出去。