Neutron運作機制解析

一 關于ip addr和ovs-vsctl show指令 計算節點：

網絡節點：

二 計算節點和控制節點網絡内部邏輯圖

三 虛拟網絡裝置命名規則 q-quantum、v-veth、br-bridge、o-openvSwitch qvo: veth pair openvswitch side qvb: veth pair bridge side qbr: bridge qr: l3 agent managed port, router side qg: l3 agent managed port, gateway side

四 計算節點單虛拟機連接配接網絡拓撲

五 計算節點整體網絡拓撲

六 節點間通過GRE隧道通信

七 網絡節點openvswitch内部網絡拓撲

八 網絡節點openvswitch和外部網絡通信拓撲

DHCP相關端口

路由相關端口，下圖中qg和br-ex連，qr和br-ini相連

[[email protected] ~]# ip -d link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:9c:e5:56 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:42:26:7b brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 08:00:27:56:10:6c brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:35:5e:ab brd ff:ff:ff:ff:ff:ff
6: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether da:bf:58:46:7b:4f brd ff:ff:ff:ff:ff:ff
7: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 08:00:27:42:26:7b brd ff:ff:ff:ff:ff:ff
9: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 4a:f0:1c:b0:ef:45 brd ff:ff:ff:ff:ff:ff
13: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 52:54:00:a0:04:3d brd ff:ff:ff:ff:ff:ff
    bridge
14: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
    link/ether 52:54:00:a0:04:3d brd ff:ff:ff:ff:ff:ff
    tun
16: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 7a:2a:d2:c3:aa:43 brd ff:ff:ff:ff:ff:ff
           

連接配接外網

九 Neuteon的iptables機制

路由規則：目的IP是192.168.2.0/24網段，走qr端口（内網），其它IP都走qg端口（外網）

NAT規則

十 注意 啟動虛拟機後才會有tap裝置，簡單了解是虛拟機的網絡端口。 Iptables不相容openvswitch，要實作iptables，就引入了Linux Bridge，安全組政策由Linux Bridge實作。是以每一個虛拟機都有一個虛拟網橋。 Veth pair了解為一根虛拟網線。一端連到qbr，一端連到br-int.