openstack - neutron vxlan network 생성 (기존 provider net 연장)

##########

web에서..

##########

compute->인스턴스 -> 인스턴스 전원 끔

compute->인스턴스 -> 인스턴스 제거

compute->네트워크 -> pro-subnet 체크 -> 네트워크 삭제

 

#################

controller node 설정

#################

 

# vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins = router

 

# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security

[ml2_type_vxlan]
vni_ranges = 1:1000

 

#systemctl restart neutron-server

 

#################

compute node 설정

#################

브릿지로 들어오는 트래픽을 방화벽체인으로 통과 옵션 허용(방화벽 disable이면 필요없을듯..)

#vi /etc/sysctl.conf

net.ipv4.conf.default.rp_filter=0

net.ipv4.conf.all.rp_filter=0

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

 

적용

#sysctl -p

 

# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security

 

[ml2_type_flat]
flat_networks = provider

 

vxlan id 범위 지정
[ml2_type_vxlan]
vni_ranges = 1:1000

 

# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini

local_ip는 통신가능해야함, 통신안되면 openstack network agent list에서 alive에서 xxx로 fail 뜸. (이 IP로 vxlan을 사용)

[ovs]
local_ip = 192.168.100.111
bridge_mappings = provider:br-provider

 

#systemctl restart neutron-openvswitch-agent

 

#################

network node 설정

#################

 

# vi /etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
allow_overlapping_ips = true
transport_url = rabbit://openstack:password@192.168.100.110

 

# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security

 

[ml2_type_flat]
flat_networks = provider

 

[ml2_type_vxlan]
vni_ranges = 1:1000

 

 

# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini

[agent]
tunnel_types = vxlan
l2_population = true
prevent_arp_spoofing = true

 

[ovs]
local_ip = 192.168.100.112
bridge_mappings = provider:br-provider

 

 

# vi /etc/neutron/dhcp_agent.ini

dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

 

새 파일 생성

# vi /etc/neutron/dnsmasq-neutron.conf

dhcp-option-force=26,1450

 

#systemctl restart neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent neutron-openvswitch-agent

 

//체크

#openstack network agent list 

 

 

 

내부 네트워크 생성

#################

controller node 설정

#################

# source ~/keystonerc
# openstack router create router1

# openstack network create int_net --provider-network-type vxlan

# openstack subnet create int_sub --network int_net --dns-nameserver 8.8.8.8 --subnet-range 192.168.200.0/24 --gateway 192.168.200.254

# openstack router add subnet router1 int_sub

 

외부 네트워크 생성

#################

controller node 설정

#################

# openstack network create --provider-physical-network provider --provider-network-type flat --external ext_net

# openstack subnet create ext_sub --network ext_net --subnet-range 192.168.200.0/24 --allocation-pool start=192.168.200.200,end=192.168.200.250 --gateway 192.168.200.254 --dns-nameserver 8.8.8.8 --no-dhcp

 

# openstack network list

# openstack subnet list

 

# openstack network set --external ext_net

# neutron router-gateway-set router1 ext_net

Set gateway for router router1

# openstack router show router1

 

 

인스턴스 생성

#################

controller node 설정

#################

#openstack network list

#openstack server  create --flavor m1.tiny --image cirros --security-group default --nic net-id=<net-id> cirros4

 

 

 

floating ip 설정(외부 퍼블릭 IP를 고정으로 인스턴스에 매핑 시킴) -외부에서 VM접속 가능

#################

controller node 설정

#################

# openstack floating ip create ext_net

//float ip 할당 받은 ip 적기

#openstack server add floating ip cirros4 x.x.200.100  

#openstack floating ip show x.x.200.100

#openstack server list

 

 

 

floating ip 확인