OpenvSwitch VXLAN 隧道实验

最近在了解 openstack 网络，下面基于ubuntu虚拟机安装OpenvSwitch，测试vxlan的基本配置。

节点信息：

主机名	IP地址	OS	网卡
node1	192.168.95.11	Ubuntu 22.04	ens33
node2	192.168.95.12	Ubuntu 22.04	ens33

网卡信息：

root@node1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0f:26:b9 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.95.11/24 brd 192.168.95.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0f:26b9/64 scope link 

整体逻辑图如下：

在两个节点部署OpenvSwitch，通过vxlan隧道网络实现vm01和vm02的网络互通。

前置要求，每个节点安装OpenvSwitch

apt update -y
apt install -y openvswitch-switch

确认安装版本

root@node1:~# ovs-vsctl --version
ovs-vsctl (Open vSwitch) 2.17.9
DB Schema 8.3.0

节点1配置

创建虚拟机

创建网络地址空间ns0，模拟出VM虚拟机

ip netns add ns0

创建一对vethpair，两个接口分别为veth0和veth1

ip link add veth0 type veth peer name veth1

将veth0添加到ns0中

ip link set veth0 netns ns0

为veth0配置IP地址

ip netns exec ns0 ip addr add 10.1.1.1/24 dev veth0
ip netns exec ns0 ip link set veth0 up
ip netns exec ns0 ip a

建立vxlan隧道

创建vxlan网桥br-vxlan

ovs-vsctl add-br br-vxlan

将veth1添加到br-vxlan网桥中

ovs-vsctl add-port br-vxlan veth1
ip link set veth1 up

在br-vxlan网桥中创建本端vxlan端口vxlan1，端口类型为vxlan，配置远端IP为对端主机

ovs-vsctl add-port br-vxlan vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=192.168.95.12

查看openvswitch 网桥端口

root@node1:~# ovs-vsctl show
b3bb2f7f-6129-46d0-ab6c-806a9499e673
    Bridge br-vxlan
        Port br-vxlan
            Interface br-vxlan
                type: internal
        Port veth1
            Interface veth1
        Port vxlan1
            Interface vxlan1
                type: vxlan
                options: {remote_ip="192.168.95.12"}
    ovs_version: "2.17.9"
root@node1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:0f:26:b9 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.95.11/24 brd 192.168.95.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0f:26b9/64 scope link 
       valid_lft forever preferred_lft forever
3: veth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovs-system state UP group default qlen 1000
    link/ether 56:79:1f:8a:6d:46 brd ff:ff:ff:ff:ff:ff link-netns ns0
    inet6 fe80::5479:1fff:fe8a:6d46/64 scope link 
       valid_lft forever preferred_lft forever
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0e:b0:e1:3a:de:4c brd ff:ff:ff:ff:ff:ff
6: br-vxlan: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether be:43:d3:bd:9a:41 brd ff:ff:ff:ff:ff:ff
7: vxlan_sys_4789: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc noqueue master ovs-system state UNKNOWN group default qlen 1000
    link/ether de:3a:29:91:e1:4f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::cc1b:89ff:fe76:e7f/64 scope link 
       valid_lft forever preferred_lft forever

节点2配置

创建虚拟机

创建网络地址空间ns0，模拟出VM虚拟机

ip netns add ns0

创建一对vethpair，两个接口分别为veth0和veth1

ip link add veth0 type veth peer name veth1

将veth0添加到ns0中

ip link set veth0 netns ns0

为veth0配置IP地址

ip netns exec ns0 ip addr add 10.1.1.2/24 dev veth0
ip netns exec ns0 ip link set veth0 up
ip netns exec ns0 ip a

建立vxlan隧道

创建vxlan网桥br-vxlan

ovs-vsctl add-br br-vxlan

将veth1添加到br-vxlan网桥中

ovs-vsctl add-port br-vxlan veth1
ip link set veth1 up

在br-vxlan网桥中创建本端vxlan端口vxlan1，端口类型为vxlan，配置远端IP为对端主机

ovs-vsctl add-port br-vxlan vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=192.168.95.11

查看openvswitch 网桥端口

root@node2:~# ovs-vsctl show
ca71335f-e4a9-4b07-9183-b4993a6864d4
    Bridge br-vxlan
        Port vxlan1
            Interface vxlan1
                type: vxlan
                options: {remote_ip="192.168.95.11"}
        Port br-vxlan
            Interface br-vxlan
                type: internal
        Port veth1
            Interface veth1
    ovs_version: "2.17.9"
root@node2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:3a:b4:d8 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.95.12/24 brd 192.168.95.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe3a:b4d8/64 scope link 
       valid_lft forever preferred_lft forever
3: veth1@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovs-system state UP group default qlen 1000
    link/ether 56:79:1f:8a:6d:46 brd ff:ff:ff:ff:ff:ff link-netns ns0
    inet6 fe80::5479:1fff:fe8a:6d46/64 scope link 
       valid_lft forever preferred_lft forever
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0e:b0:e1:3a:de:4c brd ff:ff:ff:ff:ff:ff
6: br-vxlan: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether b6:7c:80:cb:6e:45 brd ff:ff:ff:ff:ff:ff
7: vxlan_sys_4789: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc noqueue master ovs-system state UNKNOWN group default qlen 1000
    link/ether de:3a:29:91:e1:4f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6c5c:7cff:fece:5a7/64 scope link 
       valid_lft forever preferred_lft forever

验证连通性

节点1连接节点2 VM

root@node1:~# ip netns exec ns0 ping 10.1.1.2 -c 4
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.543 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.737 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.640 ms
64 bytes from 10.1.1.2: icmp_seq=4 ttl=64 time=2.20 ms


--- 10.1.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3077ms
rtt min/avg/max/mdev = 0.543/1.031/2.204/0.680 ms

节点2连接节点1 VM

root@node2:~# ip netns exec ns0 ping 10.1.1.1 -c 4
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=1.21 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.642 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.557 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.589 ms


--- 10.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3027ms
rtt min/avg/max/mdev = 0.557/0.749/1.211/0.268 ms

参考：https://www.cnblogs.com/Bozh/p/4838304.html