目录
[2.Linux 部署 OVS 集群(服务端)](#2.Linux 部署 OVS 集群(服务端))
[3.Linux 部署VXLAN](#3.Linux 部署VXLAN)
一、实验
1.环境
(1) 主机
表1 宿主机
|----------------|-----|--------------------|----------------|---------------------------------|
| 主机 | 架构 | 软件 | IP | 备注 |
| ovs_controller | 控制端 | | 192.168.204.63 | 1个NAT网卡 (204网段) |
| ovs_server01 | 服务端 | OpenvSwitch v2.5.1 | 192.168.204.61 | 1个NAT网卡 (204网段), 1个仅主机网卡 (88网段) |
| ovs_server02 | 服务端 | OpenvSwitch v2.5.1 | 192.168.204.62 | 1个NAT网卡 (204网段), 1个仅主机网卡 (88网段) |
表2 目标云主机
|---------------|------------|-----------------|
| 云主机 | IP | 备注 |
| cloudserver01 | 172.16.1.1 | 宿主机ovs_server01 |
| cloudserver02 | 172.16.1.2 | 宿主机ovs_server02 |
(2) 查看IP
ovs_controller
ovs_server01
ovs_server02
(3)修改hostname
bash
[root@localhost ~]# vim /etc/hostname
ovs_controller
ovs_server01
ovs_server02
(4) 修改hosts
bash
[root@localhost ~]# vim /etc/hosts
修改前:
修改后:
ovs_controller
ovs_server01
ovs_server02
2.Linux 部署 OVS 集群(服务端)
(1)查阅
bash
1)官网
https://www.openvswitch.org/download/
2)GitHub
https://github.com/openvswitch/ovs(2) 安装OVS依赖软件
bash
yum install -y openssl-devel kernel-devel
yum groupinstall -y "Development Tools"ovs_server01
ovs_server02
(2)添加用户
bash
adduser ovswitch
su - ovswitchovs_server01
ovs_server02
(3)下载并解压
选择一个稳定版
bash
wget https://www.openvswitch.org/releases/openvswitch-2.5.1.tar.gz
tar xfz openvswitch-2.5.1.tar.gzovs_server01
ovs_server02
(4) 源码包⽅式⽣成RPM包
bash
mkdir -p ~/rpmbuild/SOURCES
sed 's/openvswitch-kmod, //g' openvswitch-2.5.1/rhel/openvswitch.spec > openvswitch-2.5.1/rhel/openvswitch_no_kmod.spec
cp openvswitch-2.5.1.tar.gz rpmbuild/SOURCES
rpmbuild -bb --without=check ~/openvswitch-2.5.1/rhel/openvswitch_no_kmod.specovs_server01
ovs_server02
(5)查看并退出用户
bash
ls /home/ovswitch/rpmbuild/RPMS/x86_64/
exitovs_server01
ovs_server02
(6)RPM包安装
bash
yum localinstall -y /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.5.1-1.x86_64.rpmovs_server01
ovs_server02
(7)设置开机自启
bash
1)查看
systemctl status openvswitch.service
2)启动
systemctl start openvswitch.service
3)开机自启
systemctl enable openvswitch.service
4)再次查看
systemctl status openvswitch.serviceovs_server01
ovs_server02
(7)安装virt-manager与virsh(libvrit-client)
bash
yum install -y virt-manager libvirt-clientovs_server01
ovs_server02
(8)关闭防⽕墙
bash
systemctl stop firewalld.service
systemctl disable firewalld.service ovs_server01
ovs_server02
(9)查看
bash
ovs-vsctl showovs_server01
ovs_server02
3.Linux 部署VXLAN
(1)添加OVS
ovs_server01
bash
ovs-vsctl add-br ovs01
ovs_server02
bash
ovs-vsctl add-br ovs02
(2)添加OVS internal
ovs_server01
bash
ovs-vsctl add-port ovs01 if01 -- set interface if01 type=internal
ovs_server02
bash
ovs-vsctl add-port ovs02 if02 -- set interface if02 type=internal
(3)查看
bash
ovs-vsctl showovs_server01
ovs_server02
(4)ovs_server01创建云主机
bash
virt-manager
新建虚拟机
前进
使用镜像
修改内存
选择网络if01
强制关机
挂载镜像
修改启动项为光驱
开机选择第3个命令行
(5)ovs_server02创建云主机
bash
virt-manager
新建虚拟机
前进
使用镜像
修改内存
选择网络if01
强制关机
挂载镜像
修改启动项为光驱
开机选择第3个命令行
(7)查看云主机网卡并修改
cloudserver01
bash
sudo ifconfig
sudo ifconfig eth0 172.16.1.1 netmask 255.255.255.0
cloudserver02
bash
sudo ifconfig
sudo ifconfig eth0 172.16.1.2 netmask 255.255.255.0
(8) 测试网络
云主机1 ping 云主机2 ,目前不通
(9)部署VXLAN端⼝
ovs_server01
bash
ovs-vsctl add-port ovs01 vxlan0 -- set interface vxlan0 type=vxlan options:remote_ip=192.168.204.62 options:key=10001
ovs_server02
bash
ovs-vsctl add-port ovs02 vxlan0 -- set interface vxlan0 type=vxlan options:remote_ip=192.168.204.61 options:key=10001
(10)查看
bash
ovs-vsctl showovs_server01
ovs_server02
(11) 测试网络
云主机1 ping 云主机2 ,目前已通
(12)流量抓包(tcpdump)
ovs_server01
云主机1 ping 云主机2
观察抓取的流量(源端口一直在变化,目的端口都为4789)
(13) 流量抓包(Wireshark)
云主机1 ping 云主机2
观察抓取的流量
(14)流量分析(Wireshark)
原始数据:
VXLAN隧道封装了VNI (实现多租户隔离)
原始数据(二层包)封装在UDP,原端口随机,目的端口为4789
新IP头:
