Tungsten Fabric入門寶典丨首次啟動和執行指南
Tungsten Fabric入門寶典系列文章,來自技術大牛傾囊相授的實踐經驗,由TF中文社群為您編譯呈現,旨在幫助新手深入理解TF的執行、安裝、整合、除錯等全流程。如果您有相關經驗或疑問,歡迎與我們互動,並與社群極客們進一步交流。更多TF技術文章,請點選公號底部按鈕>學習>文章合集。
作者:Tatsuya Naganawa 譯者:TF編譯組
編者按:
這裡有幾個溝通的渠道,如果需要幫助,請嘗試使用它們:
官網社群:
中文官網:
微信公眾號:TF中文社群
兩年來,我在Tungsten Fabric的旅程中學到了不少知識,接下來,我會用幾篇文章來簡要介紹一下。
1為什麼要用Tungsten Fabric?
首先,讓我們來看一個重要的問題,SDN/Neutron/CNI都有很多不錯的實現案例,為什麼還要再嘗試另一個呢?據我所知,Tungsten Fabric具有兩個關鍵的差異化特徵,這使它變得如此與眾不同。
I. 與ASIC的互操作性
儘管有很多技術使Linux軟體成為生產路由器/交換機的理想選擇,但ASIC仍然是這一行業的重要組成部分。為了與它們進行互操作,SDN平臺需要使用路由協議,例如BGP或OVSDB。
許多服務提供商和雲服務商使用VRF來終結和分離每個客戶的網路連線,這使得路由器和SDN之間的連線變得很複雜。
-
通常,它們之間可以使用VLAN,但是SDN平臺上的終結點可能會成為瓶頸
-
此外,每個SDN終結點(類似於OpenStack中的網路節點)需要為每個客戶進行單獨的配置,這使配置更加複雜
藉助MP-BGP這個已經成熟實現的協議,Tungsten Fabric解決了上述問題,該協議允許路由器上的每個VRF將報文直接傳送到vRouter,這些vRouter服務於每個客戶的應用程式。此功能允許基於控制平面(而不是資料平面),對具有每個客戶獨立網路的計算節點進行水平擴充套件,並使其更加直觀。
II. 可擴充套件性
由於報文是從路由器直接傳送到vRouter的,因此不需要網路節點,這使得Tungsten Fabric在資料平面上具有更大的可擴充套件性。
另外,從控制平面的角度來看,Tungsten Fabric具有一個名為“路由目標過濾器(route target filtering)”(
)的有意思的功能。
-
此功能在MP-BGP中很常見,其他路由器也具有這個功能
-
這個功能意味著,如果vRouter沒有該路由目標(route target)的字首,那麼控制平面接收到它時會丟棄字首
在雲服務中,客戶只使用雲服務商的資料中心的有限功能,並且不同客戶使用不同的路由目標,因此vRouter和控制器不需要知道所有字首。路由目標過濾功能使這種行為成為可能,並大大減少了每個vRouter以及每個控制器(如果在它們之間使用RR的話)需要考慮的字首數量,這使得該控制平面更具可擴充套件性。
對於私有云或託管雲來說,將其與安全策略、網路策略/邏輯路由器(與AWS中的VPC peerling或transit-gateway類似)等其它功能結合在一起,這將是VPC基礎架構(類似於AWS/Azure/GCP VPC/vnet)的一個不錯的選擇,並且使其成為一個非常值得一試的有趣平臺。
2Tungsten Fabric,啟動並執行
在第一次嘗試使用Tungsten Fabric時,即使你已經熟悉其他CNI的部署,還是建議使用ansible-deployer(
),因為Tungsten Fabric使用了很多種沒有整合在Vanilla Linux中的工具。因此,建議首先嚐試可以良好執行的設定,以檢視新功能,然後再整合其它系統。
不幸的是,許多Tungsten Fabric的repos都與rawhide類似,並且在某些情況下已經失去了依賴性。
因此,我選擇了一種組合,是我認為通常都能正常工作並且足夠穩定,可以用來嘗試大多數功能。
要嘗試此操作,你需要兩臺伺服器,一臺用於K8s主伺服器,另一臺用於K8s節點。K8s主伺服器需要至少有2個vCPU、8GB記憶體和8GB磁碟空間。K8s節點伺服器需要1個vCPU、4GB記憶體和8GB磁碟空間。
-
我個人通常在AWS的ap-northeast-1區域中使用ami-3185744e(CentOS7.5, login-id: centos),t2.large的規格
-
由於在我看來,與Tungsten Fabric進行OpenStack和vCenter整合比使用Kubernetes進行整合要複雜得多,因此即使你不需要容器支援,我還是建議首先嚐試此設定
-
安裝過程,需要有網際網路連線
##all the commands are typed at k8s master nodesudo yum -y remove PyYAML python-requests sudo yum -y install git sudo easy_install pip sudo pip install PyYAML requests ansible==2.7.15 ssh-keygen cd .ssh/ cat id_rsa.pub >> authorized_keys ssh-copy-id root@(k8s node's ip) ## or manually register id_rsa.pub to authorized_keyscd git clone -b R5.1 cd contrail-ansible-deployer vi config/instances.yaml (replace contents with this)provider_config: bms: ssh_user: root ssh_public_key: /root/.ssh/id_rsa.pub ssh_private_key: /root/.ssh/id_rsa domainsuffix: local ntpserver: 0.centos.pool.ntp.orginstances: bms1: provider: bms roles: config_database: config: control: analytics: analytics_database: webui: k8s_master: kubemanager: ip: 172.31.14.47 ## k8s master's ip bms2: provider: bms roles: vrouter: k8s_node: ip: 172.31.41.236 ## k8s node's ipcontrail_configuration: CONTRAIL_CONTAINER_TAG: r5.1 KUBERNETES_CLUSTER_PROJECT: {} JVM_EXTRA_OPTS: "-Xms128m -Xmx1g"global_configuration: CONTAINER_REGISTRY: tungstenfabric ansible-playbook -e orchestrator=kubernetes -i inventory/ playbooks/configure_instances.yml - it takes about 10 minutes ansible-playbook -e orchestrator=kubernetes -i inventory/ playbooks/install_k8s.yml - it takes about 5 minutes ansible-playbook -e orchestrator=kubernetes -i inventory/ playbooks/install_contrail.yml - it takes about 20 minutes
需要注意的一點是,使用受支援的核心版本是一項相當嚴格的要求,因為Tungsten Fabric將自己的核心模組(vrouter.ko)用於其資料平面。我嘗試了CentOS7.5、7.6,Ubuntu Xenial,並發現它也執行良好(對於Ubuntu Bionic,需要進行一些修改),但如果是第一次嘗試,我建議使用特定的AMI ID,因為由於不能正常工作而進行除錯和排錯不是一件容易的事。
如果所有“劇本”(playbooks)都執行良好,可以先輸入內容,
contrail-status
它負責檢查一切是否正常。
[root@ip-172-31-14-47 contrail-ansible-deployer]# contrail-status Pod Service Original Name State Status redis contrail-external-redis running Up 5 minutes analytics alarm-gen contrail-analytics-alarm-gen running Up 2 minutes analytics api contrail-analytics-api running Up 2 minutes analytics collector contrail-analytics-collector running Up 2 minutes analytics nodemgr contrail-nodemgr running Up 2 minutes analytics query-engine contrail-analytics-query-engine running Up 2 minutes analytics snmp-collector contrail-analytics-snmp-collector running Up 2 minutes analytics topology contrail-analytics-topology running Up 2 minutes config api contrail-controller-config-api running Up 4 minutes config device-manager contrail-controller-config-devicemgr running Up 3 minutes config nodemgr contrail-nodemgr running Up 4 minutes config schema contrail-controller-config-schema running Up 4 minutes config svc-monitor contrail-controller-config-svcmonitor running Up 4 minutes config-database cassandra contrail-external-cassandra running Up 4 minutes config-database nodemgr contrail-nodemgr running Up 4 minutes config-database rabbitmq contrail-external-rabbitmq running Up 4 minutes config-database zookeeper contrail-external-zookeeper running Up 4 minutes control control contrail-controller-control-control running Up 3 minutes control dns contrail-controller-control-dns running Up 3 minutes control named contrail-controller-control-named running Up 3 minutes control nodemgr contrail-nodemgr running Up 3 minutes database cassandra contrail-external-cassandra running Up 2 minutes database kafka contrail-external-kafka running Up 2 minutes database nodemgr contrail-nodemgr running Up 2 minutes database zookeeper contrail-external-zookeeper running Up 2 minutes kubernetes kube-manager contrail-kubernetes-kube-manager running Up About a minute webui job contrail-controller-webui-job running Up 3 minutes webui web contrail-controller-webui-web running Up 3 minutes WARNING: container with original name 'contrail-external-redis' have Pod or Service empty. Pod: '' / Service: 'redis'. Please pass NODE_TYPE with pod name to container's env== Contrail control ==control: activenodemgr: activenamed: activedns: active== Contrail config-database ==nodemgr: initializing (Disk for DB is too low. )zookeeper: activerabbitmq: activecassandra: active== Contrail kubernetes ==kube-manager: active== Contrail database ==kafka: activenodemgr: initializing (Disk for DB is too low. )zookeeper: activecassandra: active== Contrail analytics ==snmp-collector: activequery-engine: activeapi: activealarm-gen: activenodemgr: activecollector: activetopology: active== Contrail webui ==web: activejob: active== Contrail config ==svc-monitor: activenodemgr: activedevice-manager: activeapi: activeschema: active[root@ip-172-31-14-47 contrail-ansible-deployer]# [root@ip-172-31-41-236 ~]# contrail-status Pod Service Original Name State Status vrouter agent contrail-vrouter-agent running Up 52 seconds vrouter nodemgr contrail-nodemgr running Up 52 seconds vrouter kernel module is PRESENT == Contrail vrouter ==nodemgr: activeagent: active[root@ip-172-31-41-236 ~]#
這應該表明大多陣列件都處於“active”狀態,除了以下的:
nodemgr: initializing (Disk for DB is too low.)
這是可以在demo設定中安全地忽略的問題。
注意:這基本上表明使用率超過50%,對於Cassandra來說這是一個很重要的問題。
如果一切正常,則可以嘗試使用此命令檢視Tungsten Fabric路由表的狀態。
pip install lxml prettytable git clone ##or curl -O ./contrail-introspect-cli/ist.py ctr status./contrail-introspect-cli/ist.py ctr nei ## similar to 'show bgp summary'./contrail-introspect-cli/ist.py ctr route summary ## similar to 'show route summary'./contrail-introspect-cli/ist.py ctr route tables ## show routing-tables./contrail-introspect-cli/ist.py ctr route show ## similar to 'show route'[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr statusmodule_id: contrail-control state: Functional description +-----------+-----------+---------------------+--------+----------------------------------+| type | name | server_addrs | status | description | +-----------+-----------+---------------------+--------+----------------------------------+| Collector | n/a | 172.31.14.47:8086 | Up | Established | | Database | Cassandra | 172.31.14.47:9041 | Up | Established Cassandra connection | | Database | RabbitMQ | 172.31.14.47:5673 | Up | RabbitMQ connection established | +-----------+-----------+---------------------+--------+----------------------------------+[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr nei +--------------------------------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+| peer | peer_address | peer_asn | encoding | peer_type | state | send_state | flap_count | flap_time | +--------------------------------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+| ip-172-31-41-236.ap- | 172.31.41.236 | 0 | XMPP | internal | Established | in sync | 0 | n/a | | northeast-1.compute.internal | | | | | | | | | +--------------------------------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr route summary +----------------------------------------------------+----------+-------+---------------+-----------------+------------------+| name | prefixes | paths | primary_paths | secondary_paths | infeasible_paths | +----------------------------------------------------+----------+-------+---------------+-----------------+------------------+| default-domain:default- | 0 | 0 | 0 | 0 | 0 | | project:__link_local__:__link_local__.inet.0 | | | | | | | default-domain:default-project:default-virtual- | 0 | 0 | 0 | 0 | 0 | | network:default-virtual-network.inet.0 | | | | | | | inet.0 | 0 | 0 | 0 | 0 | 0 | | default-domain:default-project:ip-fabric:ip- | 3 | 3 | 1 | 2 | 0 | | fabric.inet.0 | | | | | | | default-domain:k8s-default:k8s-default-pod-network | 3 | 3 | 1 | 2 | 0 | | :k8s-default-pod-network.inet.0 | | | | | | | default-domain:k8s-default:k8s-default-service- | 3 | 3 | 1 | 2 | 0 | | network:k8s-default-service-network.inet.0 | | | | | | +----------------------------------------------------+----------+-------+---------------+-----------------+------------------+[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr route tablesname: default-domain:default-project:__link_local__:__link_local__.inet.0name: default-domain:default-project:default-virtual-network:default-virtual-network.inet.0name: inet.0name: default-domain:default-project:ip-fabric:ip-fabric.inet.0name: default-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.inet.0name: default-domain:k8s-default:k8s-default-service-network:k8s-default-service-network.inet.0[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr route showbgp.ermvpn.0: 6 destinations, 6 routes (0 primary, 6 secondary, 0 infeasible)1-172.31.41.236:1-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:02:26.545449, last_modified: 2019-Apr-13 01:41:18.023211 [Local|None] age: 0:02:26.548569, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None1-172.31.41.236:2-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:01:09.096721, last_modified: 2019-Apr-13 01:42:35.471939 [Local|None] age: 0:01:09.100272, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None1-172.31.41.236:3-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:00:41.812247, last_modified: 2019-Apr-13 01:43:02.756413 [Local|None] age: 0:00:41.816037, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-172.31.41.236:1-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:02:26.544851, last_modified: 2019-Apr-13 01:41:18.023809 [Local|None] age: 0:02:26.548875, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-172.31.41.236:2-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:01:09.096567, last_modified: 2019-Apr-13 01:42:35.472093 [Local|None] age: 0:01:09.100828, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-172.31.41.236:3-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:00:41.812032, last_modified: 2019-Apr-13 01:43:02.756628 [Local|None] age: 0:00:41.816542, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: Nonebgp.evpn.0: 3 destinations, 3 routes (0 primary, 3 secondary, 0 infeasible)2-172.31.41.236:1-0-0e:92:cc:bd:aa:08,0.0.0.0, age: 0:02:26.545224, last_modified: 2019-Apr-13 01:41:18.023436 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.550028, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'mpls-o-gre', 'udp'], label: 20, AS path: None2-172.31.41.236:1-0-0e:92:cc:bd:aa:08,172.31.41.236, age: 0:02:26.545271, last_modified: 2019-Apr-13 01:41:18.023389 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.550313, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'mpls-o-gre', 'udp'], label: 20, AS path: None3-172.31.41.236:1-2-172.31.41.236, age: 0:02:26.545365, last_modified: 2019-Apr-13 01:41:18.023295 [Local|None] age: 0:02:26.550656, localpref: 100, nh: 172.31.41.236, encap: ['vxlan'], label: 2, AS path: Nonebgp.l3vpn.0: 3 destinations, 3 routes (0 primary, 3 secondary, 0 infeasible)172.31.41.236:1:172.31.41.236/32, age: 0:02:26.545019, last_modified: 2019-Apr-13 01:41:18.023641 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.550608, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp', 'native'], label: 16, AS path: None172.31.41.236:2:10.47.255.252/32, age: 0:00:41.733374, last_modified: 2019-Apr-13 01:43:02.835286 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.739187, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None172.31.41.236:3:10.96.0.10/32, age: 0:00:41.732905, last_modified: 2019-Apr-13 01:43:02.835755 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.738945, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: Nonebgp.rtarget.0: 7 destinations, 7 routes (7 primary, 0 secondary, 0 infeasible)64512:target:64512:8000001, age: 0:02:26.592101, last_modified: 2019-Apr-13 01:41:17.976559 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.598445, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:64512:8000002, age: 0:02:26.592073, last_modified: 2019-Apr-13 01:41:17.976587 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.598626, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:64512:8000003, age: 0:02:26.592051, last_modified: 2019-Apr-13 01:41:17.976609 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.598800, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:172.31.14.47:0, age: 0:05:09.194543, last_modified: 2019-Apr-13 01:38:35.374117 [Local|None] age: 0:05:09.201488, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:172.31.14.47:1, age: 0:02:26.592028, last_modified: 2019-Apr-13 01:41:17.976632 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.599168, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:172.31.14.47:4, age: 0:01:09.099898, last_modified: 2019-Apr-13 01:42:35.468762 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:01:09.107253, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None64512:target:172.31.14.47:5, age: 0:00:41.824049, last_modified: 2019-Apr-13 01:43:02.744611 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.831612, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: Nonedefault-domain:default-project:ip-fabric:ip-fabric.ermvpn.0: 3 destinations, 3 routes (3 primary, 0 secondary, 0 infeasible)0-172.31.41.236:1-0.0.0.0,255.255.255.255,0.0.0.0, age: 0:02:26.544896, last_modified: 2019-Apr-13 01:41:18.023764 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.552710, localpref: 100, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 0, AS path: None1-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:02:26.545544, last_modified: 2019-Apr-13 01:41:18.023116 [Local|None] age: 0:02:26.553571, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:02:26.544992, last_modified: 2019-Apr-13 01:41:18.023668 [Local|None] age: 0:02:26.553215, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: Nonedefault-domain:default-project:ip-fabric:ip-fabric.evpn.0: 4 destinations, 4 routes (4 primary, 0 secondary, 0 infeasible)2-0:0-0-0e:92:cc:bd:aa:08,0.0.0.0, age: 0:02:26.545298, last_modified: 2019-Apr-13 01:41:18.023362 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.553810, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'mpls-o-gre', 'udp'], label: 20, AS path: None2-0:0-0-0e:92:cc:bd:aa:08,172.31.41.236, age: 0:02:26.545318, last_modified: 2019-Apr-13 01:41:18.023342 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.554076, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'mpls-o-gre', 'udp'], label: 20, AS path: None2-172.31.41.236:1-2-ff:ff:ff:ff:ff:ff,0.0.0.0, age: 0:02:26.545486, last_modified: 2019-Apr-13 01:41:18.023174 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.554476, localpref: 100, nh: 172.31.41.236, encap: ['vxlan'], label: 2, AS path: None3-172.31.41.236:1-2-172.31.41.236, age: 0:02:26.545411, last_modified: 2019-Apr-13 01:41:18.023249 [Local|None] age: 0:02:26.554614, localpref: 100, nh: 172.31.41.236, encap: ['vxlan'], label: 2, AS path: Nonedefault-domain:default-project:ip-fabric:ip-fabric.inet.0: 3 destinations, 3 routes (1 primary, 2 secondary, 0 infeasible)10.47.255.252/32, age: 0:00:41.733312, last_modified: 2019-Apr-13 01:43:02.835348 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.742801, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None10.96.0.10/32, age: 0:00:41.732847, last_modified: 2019-Apr-13 01:43:02.835813 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.742561, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None172.31.41.236/32, age: 0:02:26.545051, last_modified: 2019-Apr-13 01:41:18.023609 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.554985, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp', 'native'], label: 16, AS path: Nonedefault-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.ermvpn.0: 3 destinations, 3 routes (3 primary, 0 secondary, 0 infeasible)0-172.31.41.236:2-0.0.0.0,255.255.255.255,0.0.0.0, age: 0:01:09.096823, last_modified: 2019-Apr-13 01:42:35.471837 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:01:09.107020, localpref: 100, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 0, AS path: None1-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:01:09.096765, last_modified: 2019-Apr-13 01:42:35.471895 [Local|None] age: 0:01:09.107383, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:01:09.096621, last_modified: 2019-Apr-13 01:42:35.472039 [Local|None] age: 0:01:09.107473, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: Nonedefault-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.inet.0: 3 destinations, 3 routes (1 primary, 2 secondary, 0 infeasible)10.47.255.252/32, age: 0:00:41.733411, last_modified: 2019-Apr-13 01:43:02.835249 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.744526, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None10.96.0.10/32, age: 0:00:41.732872, last_modified: 2019-Apr-13 01:43:02.835788 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.744256, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None172.31.41.236/32, age: 0:02:26.544986, last_modified: 2019-Apr-13 01:41:18.023674 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.556602, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp', 'native'], label: 16, AS path: Nonedefault-domain:k8s-default:k8s-default-service-network:k8s-default-service-network.ermvpn.0: 3 destinations, 3 routes (3 primary, 0 secondary, 0 infeasible)0-172.31.41.236:3-0.0.0.0,255.255.255.255,0.0.0.0, age: 0:00:41.812457, last_modified: 2019-Apr-13 01:43:02.756203 [XMPP|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.824352, localpref: 100, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 0, AS path: None1-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:00:41.812393, last_modified: 2019-Apr-13 01:43:02.756267 [Local|None] age: 0:00:41.824504, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: None2-0:0-172.31.14.47,255.255.255.255,0.0.0.0, age: 0:00:41.812099, last_modified: 2019-Apr-13 01:43:02.756561 [Local|None] age: 0:00:41.824428, localpref: 100, nh: 172.31.14.47, encap: [], label: 0, AS path: Nonedefault-domain:k8s-default:k8s-default-service-network:k8s-default-service-network.inet.0: 3 destinations, 3 routes (1 primary, 2 secondary, 0 infeasible)10.47.255.252/32, age: 0:00:41.733337, last_modified: 2019-Apr-13 01:43:02.835323 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.745932, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None10.96.0.10/32, age: 0:00:41.732935, last_modified: 2019-Apr-13 01:43:02.835725 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:00:41.745758, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 25, AS path: None172.31.41.236/32, age: 0:02:26.544959, last_modified: 2019-Apr-13 01:41:18.023701 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:02:26.558031, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp', 'native'], label: 16, AS path: None[root@ip-172-31-14-47 contrail-ansible-deployer]#
如果顯示類似資訊,則說明一切正常,你可以基於K8s yaml建立容器了。
vi first-containers.yamlapiVersion: apps/v1beta1kind: Deploymentmetadata: name: cirros-deployment labels: app: cirros-deploymentspec: replicas: 2 selector: matchLabels: app: cirros-deployment template: metadata: labels: app: cirros-deployment spec: containers: - name: cirros image: cirros ports: - containerPort: 22 kubectl create -f first-containers.yaml kubectl get pod -o wide ## check pod name and ipkubectl exec -it cirros-deployment-xxxx sh ping (another pod's ip) [root@ip-172-31-14-47 ~]# kubectl create -f first-containers.yamldeployment "cirros-deployment" created [root@ip-172-31-14-47 ~]# [root@ip-172-31-14-47 ~]# kubectl get pod -o wideNAME READY STATUS RESTARTS AGE IP NODE cirros-deployment-54b65ccf48-cr9dd 1/1 Running 0 34s 10.47.255.250 ip-172-31-41-236.ap-northeast-1.compute.internal cirros-deployment-54b65ccf48-z9dds 1/1 Running 0 34s 10.47.255.251 ip-172-31-41-236.ap-northeast-1.compute.internal [root@ip-172-31-14-47 ~]#[root@ip-172-31-14-47 ~]# kubectl exec -it cirros-deployment-54b65ccf48-cr9dd sh/ # / # / # ping 10.47.255.251PING 10.47.255.251 (10.47.255.251): 56 data bytes 64 bytes from 10.47.255.251: seq=0 ttl=63 time=0.572 ms 64 bytes from 10.47.255.251: seq=1 ttl=63 time=0.086 ms ^C --- 10.47.255.251 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.086/0.329/0.572 ms / #
太棒了!這是透過Tungsten Fabric vRouter傳輸的第一個報文。
如果執行有問題,也請不要介意。Tungten Fabric的Slack站點可以為你提供幫助。在以下的地址提交你的日誌,並嘗試尋求幫助來解決該問題。地址:
(
編者按:國內使用者請關注微信TF中文社群,中文官網:
)
再次輸入“ist.py ctr route show”,你將看到k8s-pod-network包含了來自兩個pod以及每個pod的下一跳,與K8s節點的IP相同。
./contrail-introspect-cli/ist.py ctr route show (pod ip) ## similar to 'show route (some ip)'[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr route show 10.47.255.250default-domain:default-project:ip-fabric:ip-fabric.inet.0: 5 destinations, 5 routes (1 primary, 4 secondary, 0 infeasible)10.47.255.250/32, age: 0:03:10.553628, last_modified: 2019-Apr-13 01:46:13.217388 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:03:10.556716, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 37, AS path: Nonedefault-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.inet.0: 5 destinations, 5 routes (3 primary, 2 secondary, 0 infeasible)10.47.255.250/32, age: 0:03:10.553734, last_modified: 2019-Apr-13 01:46:13.217282 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:03:10.557251, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 37, AS path: Nonedefault-domain:k8s-default:k8s-default-service-network:k8s-default-service-network.inet.0: 5 destinations, 5 routes (1 primary, 4 secondary, 0 infeasible)10.47.255.250/32, age: 0:03:10.553654, last_modified: 2019-Apr-13 01:46:13.217362 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:03:10.557453, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 37, AS path: None[root@ip-172-31-14-47 contrail-ansible-deployer]#
請注意,ip-fabric VN和k8s-default-service-network也具有該字首,因為k8s-pod-network的路由已“洩漏”到那些網路。想要具有某個特定路由表的路由,可以使用-t選項。
[root@ip-172-31-14-47 contrail-ansible-deployer]# ./contrail-introspect-cli/ist.py ctr route show -t default-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.inet.0 10.47.255.251default-domain:k8s-default:k8s-default-pod-network:k8s-default-pod-network.inet.0: 5 destinations, 5 routes (3 primary, 2 secondary, 0 infeasible)10.47.255.251/32, age: 0:05:44.533377, last_modified: 2019-Apr-13 01:46:09.193202 [XMPP (interface)|ip-172-31-41-236.ap-northeast-1.compute.internal] age: 0:05:44.536291, localpref: 200, nh: 172.31.41.236, encap: ['gre', 'udp'], label: 32, AS path: None [root@ip-172-31-14-47 contrail-ansible-deployer]#
附錄:外部訪問
有人說Tungsten Fabric總是需要好的路由器才能實現外部訪問,我認為這裡有些誤解。
實際上這是不對的,因為從v4.1開始,Tungsten Fabric開始支援一項稱為無閘道器(gatewayless)的功能,該功能允許容器直接與外界通訊(對於帶有Calico的類似用例也很有用)。
要啟用此功能,你可以登入Tungsten Fabric WebUI(https://(k8s masters's ip):8143,admin:contrail123)並進入Configure > Networks > k8s-default-pod-network,以切換Advanced Options > IP Fabric Forwarding。
-
你還需要在該VN和default-domain:default-project:ip-fabric之間設定網路策略,因為如果沒有此策略,RPF check將丟棄該報文
如果ping一下從容器到K8s master的IP,你會發現K8s master從容器接收到一個報文,並向K8s master新增靜態路由,ping的執行效果良好。
-
請注意,如果你使用的是AWS,則需要進行K8s節點的介面設定(EC2 > Network Interfaces > Change Source/Dest Check > Disabled)
因此,它允許對基於外部訪問的網路節點進行類似的設定,該訪問基於路由器上的靜態路由。
你還可以選擇將IPv4 BGP與無閘道器(gatewayless)結合使用,因為它可以動態更新每個容器的下一跳,並將報文直接傳送到正確的vRouter,從而消除了瓶頸。
注意:此虛擬網路(virtual-network)也可以用作浮動IP(floating-ip)的來源。
1.此虛擬網路上設定“Advanced Options”>“External”( 浮動IP池將使用“default”作為名稱來建立)
2.從Kubernetes或OpenStack分配浮動IP(floating-ip)
-
對於Kubernetes,它將是外部IP的來源,並且需要將此引數指定給kube-manager: KUBERNETES_PUBLIC_FIP_POOL。例如:KUBERNETES_PUBLIC_FIP_POOL={'domain': 'default-domain', 'project': 'default', 'network': 'public-network1', 'name': 'default' }
-
對於OpenStack,horizon或cli可用於為虛擬機器分配浮動IP
3接下來的行動
這可能是你第一次接觸Tungsten Fabric,關於看完這篇文章後要怎麼做,這裡有一些建議。其實,有很多事情可以做,例如高可用性、監視,與其它編排器或路由器/交換機的整合等。
網路上有很多資源,但是你需要做好選擇,我將首先推薦Contrail軟體包和教育材料中的一些資源,即便你只會使用開源版本。
-
https://www.juniper.net/documentation/product/en_US/contrail-networking
-
Tungsten Fabric是一個功能強大的平臺,具有很多功能,例如安全策略、分析、l3dsr負載平衡器、服務鏈、BGPaaS等,其中許多功能對於解決現實世界中的問題都是非常棒的。這些連結將包含很多內容以及到其他資源的連結。
編者按:
這裡有幾個溝通的渠道,如果需要幫助,請嘗試使用它們:
官網社群:
中文官網:
微信公眾號:TF中文社群
Tungsten Fabric 架構解析
系列文章——
-
第八篇: TF支援API一覽
-
第九篇: TF如何連線到物理網路
-
第十篇: TF基於應用程式的安全策略
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/69957171/viewspace-2682846/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Tungsten Fabric入門寶典丨編排器整合
- Tungsten Fabric入門寶典丨TF元件的七種“武器”元件
- Tungsten Fabric入門寶典丨多編排器用法及配置
- Tungsten Fabric入門寶典丨關於多叢集和多資料中心
- Tungsten Fabric入門寶典丨關於安裝的那些事(下)
- Tungsten Fabric入門寶典丨關於叢集更新的那些事
- Tungsten Fabric入門寶典丨8個典型故障及排查Tips
- Tungsten Fabric入門寶典丨關於服務鏈、BGPaaS及其它
- Tungsten Fabric入門寶典丨開始第二天的工作
- Tungsten Fabric入門寶典丨說說L3VPN及EVPN整合
- Tungsten Fabric知識庫丨vRouter內部執行探秘VR
- vc入門寶典六(多執行緒) (轉)執行緒
- Tungsten Fabric解決方案指南-Gateway MXGateway
- Tungsten Fabric架構解析丨TF如何編排架構
- TF實戰丨使用Vagrant安裝Tungsten Fabric
- Tungsten Fabric與K8s整合指南丨建立隔離名稱空間K8S
- Tungsten Fabric架構解析丨TF的服務鏈架構
- Tungsten Fabric架構解析丨vRouter的部署選項架構VR
- Tungsten Fabric架構解析丨TF如何收集、分析、部署?架構
- Tungsten Fabric架構解析丨TF支援API一覽架構API
- Tungsten Fabric架構解析丨TF怎麼運作?架構
- Tungsten Fabric解決方案指南-Kubernetes整合
- Tungsten Fabric知識庫丨更多元件內部探秘元件
- vc入門寶典(十) (轉)
- vc入門寶典(九) (轉)
- Tungsten Fabric架構解析丨詳解vRouter體系結構架構VR
- Tungsten Fabric知識庫丨構建、安裝與公有云部署
- VC入門寶典三(String) (轉)
- vc入門寶典八(基本操作) (轉)
- vc入門寶典(一)(選單) (轉)
- vc入門寶典七(工具欄) (轉)
- Tungsten Fabric架構和最新技術進展丨TF成立大會演講實錄架構
- Tungsten Fabric架構解析丨TF基於應用程式的安全策略架構
- Tungsten Fabric知識庫丨測試2000個vRouter節點部署VR
- Tungsten Fabric架構解析|TF主要特點和用例架構
- Tungsten Fabric知識庫丨這裡有18個TF補丁程式,建議收藏
- 【官方重磅釋出】Google AdMob新手入門寶典Go
- containerd容器執行時快速入門使用指南AI