Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Make your DVR playground using DevStack

458 views

Published on

Make your DVR (Distributed Virtual Router) playground using DevStack

Published in: Software
  • Be the first to comment

  • Be the first to like this

Make your DVR playground using DevStack

  1. 1. Make your DVR playground using Devstack 江骏 @ohmystack (Twitter, Instagram) @任我骏驰 (Weibo) Distributed Virtual Router
  2. 2. 不是每个人天生就是做网络的
  3. 3. 但是,离开了网络 & 存储,IaaS 又是没有意义的
  4. 4. Icehouse Juno Kilo (Count by reviews) http://stackalytics.com/?release=kilo&metric=marks
  5. 5. 应用层 表示层 会话层 传输层
 (端到端的数据交换机制) 网络层
 (Packet,路由和寻址,使端到端找到最佳路径) 数据链路层
 (Frame,连接的创建、维持、释放,保证端到端) 物理层 ✔ ✔
  6. 6. Basic networking • Ethernet • VLANs • ARP • IP • ICMP/TCP/UDP Network components • Switches • Routers • Firewalls • Load balancers
  7. 7. Tunnel technologies • Generic routing encapsulation (GRE) • Virtual extensible local area network (VXLAN) Network namespaces • Virtual routing and forwarding (VRF) • Linux network namespaces # ip netns # ip netns exec <namespace> <command>
  8. 8. 进入虚拟的世界 Linux 抽象网络设备简介 http://www.ibm.com/developerworks/cn/linux/1310_xiawc_networkdevice/index.html • bridge • VLAN device • TAP • VETH (pair)
  9. 9. Scenario1: VLAN Networking
  10. 10. OpenStack Networking - Neutron • API server • Plug-in and Agents • Messaging queue
  11. 11. OpenStack networking concepts • Tenant networks
 Flat, VLAN, GRE and VXLAN • Provider networks • Subnets • Ports • Routers • Security groups • Extensions
  12. 12. ML2 (Modular Layer 2) Tenant network types • Local • VLAN • GRE • VXLAN Mechanism • Linux bridge • Open vSwitch • L2 population • Specialized • Open source • Proprietary
 (vendor) Agents • L3 • DHCP • Metadata
  13. 13. ML2 (Modular Layer 2) ・ML2 让大家不局限于每次只能用一种 plugin ( Linux Bridge / OVS ) ・底下的实现可以不同,不管是 KVM 还是 hyper-V,只要它们共用一个 VLAN,它们就能通讯。 ・让 L3 变成了 L3 as a Service plugin
  14. 14. L2 population 为什么需要? 1. Unicast(MAC 未被习得时), multicast, broadcast traffic is flooded out tunnels to all other compute nodes 2. 有非常多的 ARP,有没有好一点的办法处理它们 3. 如果一个 node 上根本没有 VM,那么那个 node 还需不需要收到那些 broadcast。 http://assafmuller.com/2014/02/23/ml2-address-population/
  15. 15. L2 population L2 population 在宿主机通过 Proxy ARP, 提前拦下 ARP 请求,主动根据数据库回答目标主机在哪。 Without L2 pop With L2 pop http://docs.openstack.org/admin-guide-cloud/content/ml2_l2pop_scenarios.html
  16. 16. L3 Agent ・ L3 Agent 用 namespaces 提供多个独立的 virtual routers (Overlapping IPs. 用户更加自由创建 subnet) ・ L3 的功能基本上就是 SNAT、floating-ip Namespaces: qdhcp-xxx - 第⼀一次创建 VM 时添加 qrouter-xxx - 设置 gateway 时添加 * router/network 删除后,ns 需要⼿手动删除 为什么需要? 1. Flat 需要搭 bridge,VLANs 需要人工手动去配交换机、网关。 2. 所有路由都有上层的设备控制,firewall, router, NAT... 3. 这些都影响灵活和拓展性。
  17. 17. Scenario2: with Open vSwitch RouterNetwork Node External Network1 Network2 E-W Traffic E-W Traffic N-S Traffic N-S Traffic
  18. 18. L3 with HA 有三种方法: 1. “迁移法” 但耗时长(故障恢复时间长)。 
 https://review.openstack.org/#/c/110893/  2. “VRRP active/passive” 让 router 分布在多个 network node 上。
 http://assafmuller.com/2014/08/16/layer-3-high-availability/ 3. “VRRP + DVR” 至少让 floating-ip 部分能分布式,剩下的 SNAT 仍 用 VRRP。 仅采用 VRRP 方式的缺陷: ・ TCP Connection Tracking ・ …
  19. 19. Scenario3: with DVR (Distributed Virtual Router)
  20. 20. Network node cpu-node2cpu-node1 Scenario3: with DVR (Distributed Virtual Router) SNAT Router External VM with Network1 VM with Network2 E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without floating IPs) ・East/west traffic: 同个 tenant 的不同 networks。compute-node 之间直接发送,不再需 要走 network-node。 ・North/south traffic with floating IPs: 直接由 compute-node 进行路由,不再需要走 network-node。 ・North/south traffic without floating IPs: 仍旧去 network-node,走 SNAT 出去。
  21. 21. Deploy OpenStack Env • Devstack • Salt - cloudbase/salt-openstack • Docker - stackforge/kolla • Puppet • Chef • Juju • TripleO - OpenStack on OpenStack • …
  22. 22. Devstack Gate • http://ci.openstack.org/devstack-gate.html • An integration test • All changes to core OpenStack projects are “gated” on a set of tests so that it will not be merged into the main repository unless it passes all of the configured tests.
  23. 23.
  24. 24. Devstack 的一些注意点 • Proxy 问题
 local.conf 中虽然可以配 http_proxy,但不建议使⽤用,它容易导致 pip 安装时出现 md5 check 失败。
 • ⻓长时间⽤用同⼀一份 /opt/stack 下⾯面的源码,会引发⼀一些 requirements 的问题。 • 让 Dashboard 拥有 VNC Console
 从某⼀一版本对 Devstack 后,cauth 就从默认安装⾥里去除了。所以,我们得往配置上⾯面⼿手 动加上。
 • 强制从 Git 安装某些 client 包
 Devstack 安装那些主要服务时,默认会从 Git 拉下来安装;装其它那些 client 包时,就 直接从 pypi 装了。如果希望强制某些 client 包也从 Git 安装,可以这样:
 • 如何备份 /opt/stack export http_proxy=‘http://xxx.xxx.xxx.xxx:xxxx’ LIBS_FROM_GIT=python-novaclient,python-neutronclient enable_service n-cauth # cd /opt # tar cf ~/stack.tar stack --exclude='stack/data' --exclude='stack/logs' --exclude='stack/status' --exclude='stack/.wheelhouse' --exclude='*.pyc' --exclude='.venv'
  25. 25. https://gist.github.com/ohmystack/93aa8215456124fb147c 3 个 node 的 local.conf ⽂文件 net-node cpu-nodeall-in-one-node SNAT Router External VM with Network1 VM with Network E-W Traffic N-S Traffic (with floating IPs) Distributed Router Distributed Router N-S Traffic (with floating IPs) N-S Traffic (without 10.0.2.0/24

×