OVS Vxlan一对一模式VS一对多模式

麻花痒  金牌会员 | 2024-8-27 08:19:44 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 552|帖子 552|积分 1656

OVS Vxlan模式

OVS 支持 GRE、VXLAN、STT、Geneve和IPsec隧道协议,这些隧道协议就是overlay网络的底子协议,通过对物理网络做的一层封装和扩展,解决了二层网络数量不足的题目,最大限度的减少对底层物理网络拓扑的依赖性,同时也最大限度的增加了对网络的控制。针对VXLAN隧道创建vtep口分为一对一模式和一对多模式,一个一模式是指local_ip和remore_ip都是明确的ipv4地点,而一对多模式local_ip是明确的ipv4地点,remore_ip=flow代表可以到达任何其他的vtep口,但是需要在流表里指定vxlan封装的外层ip,才能发送给对端vtep

搭建环境验证


  1. // host1
  2. ip netns add ns10
  3. ip l a veth10 type veth peer name ovs-veth10
  4. ip l s veth10 netns ns10
  5. ovs-vsctl add-br br-int
  6. ovs-vsctl add-port br-int ovs-veth10
  7. ip l s ovs-veth10 up
  8. ip netns exec ns10 ip link set veth10 address fe:fe:fe:fe:fe:aa
  9. ip netns exec ns10 ip a a 1.1.1.1/24 dev veth10
  10. ip netns exec ns10 ip l s veth10 up
  11. ip netns exec ns10 arp -s 1.1.1.2 fe:fe:fe:fe:fe:bb
  13. // core: one to one mode remoteIP is a specific ip, set vid to tunnelID
  14. ovs-vsctl add-port br-int aa -- set interface aa type=vxlan options:local_ip=10.128.128.27 options:remote_ip=10.128.128.52 option:key=flow
  15. ovs-ofctl add-flow br-int 'table=0,priority=100,ip,in_port=ovs-veth10 action=set_field:0x7->tun_id,normal'
  17. // host2
  18. ip netns add ns20
  19. ip l a veth20 type veth peer name ovs-veth20
  20. ip l s veth20 netns ns20
  21. ovs-vsctl add-br br-int
  22. ovs-vsctl add-port br-int ovs-veth20
  23. ip l s ovs-veth20 up
  24. ip netns exec ns20 ip link set veth20 address fe:fe:fe:fe:fe:bb
  25. ip netns exec ns20 ip a a 1.1.1.2/24 dev veth20
  26. ip netns exec ns20 ip l s veth20 up
  27. ip netns exec ns20 arp -s 1.1.1.1 fe:fe:fe:fe:fe:aa
  30. // core: one to one mode remoteIP is a specific ip, set vid to tunnelID
  31. ovs-vsctl add-port br-int aa -- set interface aa type=vxlan options:local_ip=10.128.128.52 options:remote_ip=10.128.128.27 option:key=flow
  32. ovs-ofctl add-flow br-int 'table=0,priority=100,ip,in_port=ovs-veth20 action=set_field:0x7->tun_id,normal'
  34. // verify one to one packet
  35. // host1 ns10 ping host2 ns20
  36. ip netns exec ns10 ping 1.1.1.2
  37. PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
  38. 64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.983 ms
  39. 64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.400 ms
  40. 64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.471 ms
  41. 64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.439 ms
  43. // host1 在vxlan口抓包是未封装vxlan头部的包
  44. tcpdump -i vxlan_sys_4789 -nn -vv -e
  45. tcpdump: listening on vxlan_sys_4789, link-type EN10MB (Ethernet), capture size 262144 bytes
  46. 07:57:18.911039 fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 53553, offset 0, flags [DF], proto ICMP (1), length 84)
  47.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 10982, seq 1, length 64
  48. 07:57:18.911610 fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 29337, offset 0, flags [none], proto ICMP (1), length 84)
  49.     1.1.1.2 > 1.1.1.1: ICMP echo reply, id 10982, seq 1, length 64
  50. 07:57:19.911891 fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 53650, offset 0, flags [DF], proto ICMP (1), length 84)
  51.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 10982, seq 2, length 64
  52. 07:57:19.912243 fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 29374, offset 0, flags [none], proto ICMP (1), length 84)
  53.     1.1.1.2 > 1.1.1.1: ICMP echo reply, id 10982, seq 2, length 64
  55. // host1 物理口抓包抓到封装vxlan后的包
  56. tcpdump -i eth0 -nn -vv -e  dst 10.128.128.52
  57. tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
  58. 07:58:02.418249 00:50:56:95:b0:b2 > 00:50:56:95:59:53, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 62027, offset 0, flags [DF], proto UDP (17), length 134)
  59.     10.128.128.27.42104 > 10.128.128.52.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  60. fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 59454, offset 0, flags [DF], proto ICMP (1), length 84)
  61.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 11762, seq 1, length 64
  62. 07:58:03.419160 00:50:56:95:b0:b2 > 00:50:56:95:59:53, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 62065, offset 0, flags [DF], proto UDP (17), length 134)
  63.     10.128.128.27.42104 > 10.128.128.52.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  64. fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 59519, offset 0, flags [DF], proto ICMP (1), length 84)
  65.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 11762, seq 2, length 64
  68. tcpdump -i eth0 -nn -vv -e  src 10.128.128.52
  69. tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
  70. 08:05:34.582869 00:50:56:95:59:53 > 00:50:56:95:b0:b2, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 18217, offset 0, flags [DF], proto UDP (17), length 134)
  71.     10.128.128.52.40479 > 10.128.128.27.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  72. fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 24861, offset 0, flags [none], proto ICMP (1), length 84)
  73.     1.1.1.2 > 1.1.1.1: ICMP echo reply, id 20116, seq 1, length 64
  74. 08:05:35.583508 00:50:56:95:59:53 > 00:50:56:95:b0:b2, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 18395, offset 0, flags [DF], proto UDP (17), length 134)
  75.     10.128.128.52.40479 > 10.128.128.27.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  76. fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 25007, offset 0, flags [none], proto ICMP (1), length 84)
  77.     1.1.1.2 > 1.1.1.1: ICMP echo reply, id 20116, seq 2, length 64
  80. // 将两个host的vxlan口删掉换成一对多模式,注意一对多模式必须制定tun_dst否则vxlan口收不到数据包
  81. (host1+host2)ovs-vsctl del-port aa
  82. (host1)ovs-vsctl add-port br-int bb -- set interface bb type=vxlan options:local_ip=10.128.128.27 options:remote_ip=flow option:key=flow
  83. (host1)ovs-ofctl add-flow br-int 'table=0,priority=200,ip,in_port=ovs-veth10 action=set_field:0x7->tun_id,set_field:10.128.128.52->tun_dst,normal'
  85. (host2)ovs-vsctl add-port br-int bb -- set interface bb type=vxlan options:local_ip=10.128.128.52 options:remote_ip=flow option:key=flow
  86. (host2)ovs-ofctl add-flow br-int 'table=0,priority=200,ip,in_port=ovs-veth20 action=set_field:0x7->tun_id,set_field:10.128.128.27->tun_dst,normal'
  90. // verify one to more packet
  91. // host1 ns10 ping host2 ns20
  92. PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
  93. 64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=1.07 ms
  94. 64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.462 ms
  95. 64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.435 ms
  96. 64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.432 ms
  98. // host1 物理口抓包抓到封装vxlan后的包
  99. tcpdump -i vxlan_sys_4789 -nn -vv -e
  100. tcpdump: listening on vxlan_sys_4789, link-type EN10MB (Ethernet), capture size 262144 bytes
  101. 08:29:06.935436 fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 37795, offset 0, flags [DF], proto ICMP (1), length 84)
  102.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 46159, seq 1, length 64
  103. 08:29:06.936214 fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 10425, offset 0, flags [none], proto ICMP (1), length 84)
  104.     1.1.1.2 > 1.1.1.1: ICMP echo reply, id 46159, seq 1, length 64
  107. // host1 物理口抓包抓到封装vxlan后的包,可以看到此时vxlan封装的外层的ip是在流表里指定的ip,外层的mac是host2物理网卡的mac
  108. tcpdump -i ens160 -nn -vv -e  dst 10.128.128.52
  109. tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
  110. 08:29:06.935475 00:50:56:95:b0:b2 > 00:50:56:95:59:53, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 5977, offset 0, flags [DF], proto UDP (17), length 134)
  111.     10.128.128.27.42104 > 10.128.128.52.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  112. fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 37795, offset 0, flags [DF], proto ICMP (1), length 84)
  113.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 46159, seq 1, length 64
  114. 08:29:07.936513 00:50:56:95:b0:b2 > 00:50:56:95:59:53, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 5979, offset 0, flags [DF], proto UDP (17), length 134)
  115.     10.128.128.27.42104 > 10.128.128.52.4789: [no cksum] VXLAN, flags [I] (0x08), vni 7
  116. fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 38013, offset 0, flags [DF], proto ICMP (1), length 84)
  117.     1.1.1.1 > 1.1.1.2: ICMP echo request, id 46159, seq 2, length 64
复制代码
总结:一对一模式集群内每两个主机都要互联,每个主机创建n-1个tunnel口,指定本地ip和对端ip,一对多模式每个主机只有1个tunnel口,指定本地ip,对端ip用flow表示,但是需要在流表里指定对端ip

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

正序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

麻花痒

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表