OVN架构图open virtual network
安装ovs和ovn(双节点)
#yum install -y vim net-tools bash-completion git tcpdump autoconf automake libtool make python3 centos-release-openstack-victoria.noarch
#yum install -y openvswitch3.1*
#yum install -y ovn22.12*
#systemctl enable openvswitch --now
配置环境变量(双节点)
#cd /usr/share/openvswitch/scripts ovs和ovn环境变量在此处
#echo 'export PATH=$PATH:/usr/share/openvswitch/scripts:/usr/share/ovn/scripts' >> /etc/profile 将环境变量添加到系统
#source /etc/profile 刷新
启动服务(双节点)
#ovn-ctl start_northd ovn-northd Northbound db Southbound db #node1
#ovs-ctl start --system-id=random ovs-vswitchd ovsdb-server #node1和node2
#ovn-ctl start_controller ovn-controller #node1 和node2
开放端口(node1)
ovn-northd之所以能连上南向数据和北向数据库,是因为它们部署在同一台机器上,通过unix sock连接
#ovn-sbctl set-connection ptcp:6642:192.168.10.20 开放southbound db端口
#ovn-nbctl set-connection ptcp:6641:192.168.10.20 开放northbound db端口
# netstat -tnlup|grep 664
连接southbound db(双节点)
#ovs-vsctl set Open_vSwitch . external-ids:ovn-remote="tcp:192.168.10.20:6642" external-ids:ovn-encap-ip="192.168.10.20" external-ids:ovn-encap-type=geneve external-ids:system-id=node1
#node1 Southbound db #node1 ovs-controller
#ovs-vsctl set Open_vSwitch . external-ids:ovn-remote="tcp:192.168.10.20:6642" external-ids:ovn-encap-ip="192.168.10.21" external-ids:ovn-encap-type=geneve external-ids:system-id=node2
#node1 Southbound db #node2 ovs-controller
#systemctl stop firewalld #node1
#ovn-sbctl show
创建namespace(双节点)
#ip netns add ns1
#ip link add veth11 type veth peer name veth12
#ip link set veth12 netns ns1
#ip link set veth11 up
#ovs-vsctl add-port br-int veth11
#ip netns exec ns1 ip link set veth12 address 00:00:00:00:00:01(node1) ||||#ip netns exec ns1 ip link set veth12 address 00:00:00:00:00:02 (node2)
#ip netns exec ns1 ip link set veth12 up
#ip netns exec ns1 ip addr add 192.168.1.10/24 dev veth12 (node1) ||||#ip netns exec ns1 ip addr add 192.168.1.20/24 dev veth12 (node2)
创建逻辑交换机logical switch(node1)
#ovn-nbctl ls-add ls1
#ovn-nbctl lsp-add ls1 ls1-node1-ns1
#ovn-nbctl lsp-set-addresses ls1-node1-ns1 00:00:00:00:00:01
#ovn-nbctl lsp-set-port-security ls1-node1-ns1 00:00:00:00:00:01
#ovn-nbctl lsp-add ls1 ls1-node2-ns1
#ovn-nbctl lsp-set-addresses ls1-node2-ns1 00:00:00:00:00:02
#ovn-nbctl lsp-set-port-security ls1-node2-ns1 00:00:00:00:00:02
#ovn-nbctl show
veth11和ls连接(双节点)
#ovs-vsctl set interface veth11 external-ids:iface-id=ls1-node1-ns1 node1
#ovs-vsctl set interface veth11 external-ids:iface-id=ls1-node2-ns1 node2
#ip netns exec ns1 ping 192.168.1.20
创建ns2 (node2)
#ip netns add ns2
#ip link add veth21 type veth peer name veth22
#ip link set veth22 netns ns2
#ip link set veth21 up
#ip netns exec ns2 ip link set veth22 address 00:00:00:00:00:03
#ip netns exec ns2 ip link set veth22 up
#ovs-vsctl add-port br-int veth21 //veth21绑定端口
#ip netns exec ns2 ip addr add 192.168.2.30/24 dev veth22
#ip netns exec ns2 ip a
创建ls2 (node1)
#ovn-nbctl ls-add ls2
#ovn-nbctl lsp-add ls2 ls2-node2-ns2
#ovn-nbctl lsp-set-addresses ls2-node2-ns2 00:00:00:00:00:03
#ovn-nbctl lsp-set-port-security ls2-node2-ns2 00:00:00:00:00:03
#ovs-vsctl set interface veth21 external-ids:iface-id=ls2-node2-ns2 (node2)
创建lr1(node1)
#ovn-nbctl lr-add lr1
#ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:11:00 192.168.1.1/24
# ovn-nbctl lrp-add lr1 lr1-ls2 00:00:00:00:12:00 192.168.2.1/24
# ovn-nbctl show
ls1 and ls2添加连接到lr1的端口并连接(node1)
#ovn-nbctl lsp-add ls1 ls1-lr1
#ovn-nbctl lsp-set-type ls1-lr1 router
#ovn-nbctl lsp-set-addresses ls1-lr1 "00:00:00:00:11:00 192.168.1.1/24"
#ovn-nbctl lsp-add ls2 ls2-lr1
#ovn-nbctl lsp-set-type ls2-lr1 router
#ovn-nbctl lsp-set-addresses ls2-lr1 "00:00:00:00:12:00 192.168.2.1/24"
#ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1
#ovn-nbctl lsp-set-options ls2-lr1 router-port=lr1-ls2
10.
给之前的定义的ls1和ls2端口添加ip(node1)
#ovn-nbctl lsp-set-addresses ls1-node2-ns1 "00:00:00:00:00:02 192.168.1.20/24" mac之前添加过,但如果不写的话会报错
#ovn-nbctl lsp-set-addresses ls1-node1-ns1 "00:00:00:00:00:01 192.168.1.10/24"
#ovn-nbctl lsp-set-addresses ls2-node2-ns2 "00:00:00:00:00:03 192.168.2.30/24"
添加默认网关
#ip netns exec ns1 ip route add default via 192.168.1.1 dev veth12 (node1)
#ip netns exec ns2 ip route add default via 192.168.2.1 dev veth22 (node2)
#ip netns exec ns1 route -n
此时ns1(node1)和ns2(node2)可以互通了