OpenvSwitch 配置 Trunk 端口实验
OpenvSwitch 配置 Trunk 端口实验
Open vSwitch(OVS)作为一款领先的软件交换机,为构建灵活、可扩展的虚拟网络架构提供了强大的支持。其中Trunk口(Trunk Port)功能就是OVS中一个非常实用的特性。
Trunk口允许在同一个物理端口上传输多个VLAN的数据流量。通过配置Trunk口,我们可以在单个物理链路上实现网络分段,将不同VLAN的流量隔离在各自的广播域中。这种方式不仅节省了物理端口资源,还为网络提供了更高的灵活性和扩展性。
通过本篇博客,将介绍在单台Ubuntu 22.04 服务器上创建2个 OVS 虚拟交换机,然后通过Trunk口将两个虚拟交换机打通。
我们将在本文中使用此拓扑:
环境信息:Ubuntu 22.04 LTS
前置要求,安装openvswitch
apt update -y
apt install -y openvswitch-switch
创建OVS虚拟交换机
创建2个虚拟交换机
root@node1:~# ovs-vsctl add-br ovsbr1
root@node1:~# ovs-vsctl add-br ovsbr2
查看虚拟交换机
root@node1:~# ovs-vsctl show
e2084c87-149e-428e-a7bd-89c644a0a9ce
Bridge ovsbr2
Port ovsbr2
Interface ovsbr2
type: internal
Bridge ovsbr1
Port ovsbr1
Interface ovsbr1
type: internal
ovs_version: "2.17.9"
创建 patch 类型端口连接两个虚拟交换机
ovs-vsctl \
-- add-port ovsbr1 patch0 -- set interface patch0 type=patch options:peer=patch1 \
-- add-port ovsbr2 patch1 -- set interface patch1 type=patch options:peer=patch0
配置互联端口为trunk模式(默认),允许vlan10和vlan20通过
ovs-vsctl set port patch0 trunks=10,20
ovs-vsctl set port patch1 trunks=10,20
查看端口配置情况
root@node1:~# ovs-vsctl show
e2084c87-149e-428e-a7bd-89c644a0a9ce
Bridge ovsbr2
Port ovsbr2
Interface ovsbr2
type: internal
Port patch1
Interface patch1
type: patch
options: {peer=patch0}
Bridge ovsbr1
Port ovsbr1
Interface ovsbr1
type: internal
Port patch0
Interface patch0
type: patch
options: {peer=patch1}
ovs_version: "2.17.9"
创建KVM网络
KVM 环境部署参考:Ubuntu 安装 KVM 虚拟化
本文使用KVM运行虚拟机,为KVM创建2个ovs网络,分别绑定到两个OVS虚拟交换机。
cat >ovsbr1-network.xml<<EOF
<network>
<name>ovsbr1-net</name>
<uuid>c654bba4-224b-46a6-b9fb-99c71087cd05</uuid>
<forward mode='bridge'/>
<bridge name='ovsbr1'/>
<virtualport type='openvswitch'/>
</network>
EOF
cat >ovsbr2-network.xml<<EOF
<network>
<name>ovsbr2-net</name>
<uuid>12bc2348-7213-4190-a90b-ec36d6052406</uuid>
<forward mode='bridge'/>
<bridge name='ovsbr2'/>
<virtualport type='openvswitch'/>
</network>
EOF
创建libvirt网络
virsh net-define ovsbr1-network.xml
virsh net-define ovsbr2-network.xml
virsh net-start ovsbr1-net
virsh net-start ovsbr2-net
virsh net-autostart ovsbr1-net
virsh net-autostart ovsbr2-net
查看创建的libvirt网络
root@node1:~# virsh net-list
Name State Autostart Persistent
-----------------------------------------------
default active yes yes
ovsbr1-net active yes yes
ovsbr2-net active yes yes
创建虚拟机
下载 cirros 镜像
wget https://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
复制镜像到镜像模板目录
mkdir -p /var/lib/libvirt/images/templates/
cp cirros-0.6.2-x86_64-disk.img /var/lib/libvirt/images/templates/
创建镜像磁盘目录,并复制镜像
mkdir -p /var/lib/libvirt/images/{cirros01,cirros02,cirros03,cirros04}
cp /var/lib/libvirt/images/templates/cirros-0.6.2-x86_64-disk.img /var/lib/libvirt/images/cirros01/
cp /var/lib/libvirt/images/templates/cirros-0.6.2-x86_64-disk.img /var/lib/libvirt/images/cirros02/
cp /var/lib/libvirt/images/templates/cirros-0.6.2-x86_64-disk.img /var/lib/libvirt/images/cirros03/
cp /var/lib/libvirt/images/templates/cirros-0.6.2-x86_64-disk.img /var/lib/libvirt/images/cirros04/
创建镜像元数据文件:
cat >/root/cirros.meta<<EOF
{
"instance-id": "10",
"local-hostname": "cirros"
}
EOF
cat >/root/cirros.user<<EOF
#!/bin/sh
echo DATASOURCE_LIST="nocloud" > /etc/cirros-init/config
EOF
基于cirros镜像,创建4个测试虚拟机,虚拟机规划如下:
| 虚拟机名称 | IP地址 | 所属交换机 | 所属vlan |
|---|---|---|---|
| cirros01 | 10.0.0.1/24 | ovsbr1 | vlan10 |
| cirros02 | 10.0.0.2/24 | ovsbr1 | vlan20 |
| cirros03 | 10.0.0.3/24 | ovsbr2 | vlan10 |
| cirros04 | 10.0.0.4/24 | ovsbr2 | vlan20 |
使用virt-install命令创建虚拟机:
# cirros01
virt-install \
--name cirros01 \
--vcpus 1 \
--memory 256 \
--disk path=/var/lib/libvirt/images/cirros01/cirros-0.6.2-x86_64-disk.img \
--os-variant cirros0.5.2 \
--import \
--autostart \
--noautoconsole \
--cloud-init user-data="/root/cirros.user",meta-data="/root/cirros.meta" \
--network network=ovsbr1-net
# cirros02
virt-install \
--name cirros02 \
--vcpus 1 \
--memory 256 \
--disk path=/var/lib/libvirt/images/cirros02/cirros-0.6.2-x86_64-disk.img \
--os-variant cirros0.5.2 \
--import \
--autostart \
--noautoconsole \
--cloud-init user-data="/root/cirros.user",meta-data="/root/cirros.meta" \
--network network=ovsbr1-net
# cirros03
virt-install \
--name cirros03 \
--vcpus 1 \
--memory 256 \
--disk path=/var/lib/libvirt/images/cirros03/cirros-0.6.2-x86_64-disk.img \
--os-variant cirros0.5.2 \
--import \
--autostart \
--noautoconsole \
--cloud-init user-data="/root/cirros.user",meta-data="/root/cirros.meta" \
--network network=ovsbr2-net
# cirros04
virt-install \
--name cirros04 \
--vcpus 1 \
--memory 256 \
--disk path=/var/lib/libvirt/images/cirros04/cirros-0.6.2-x86_64-disk.img \
--os-variant cirros0.5.2 \
--import \
--autostart \
--noautoconsole \
--cloud-init user-data="/root/cirros.user",meta-data="/root/cirros.meta" \
--network network=ovsbr2-net
说明:
--network network=: 指定虚拟机连接到哪个OVS虚拟交换机
查看创建的虚拟机
root@node1:~# virsh list
Id Name State
--------------------------
12 cirros01 running
14 cirros02 running
15 cirros03 running
16 cirros04 running
查看OVS虚拟交换机上对应连接虚拟机的端口名称
root@node1:~# virsh domiflist cirros01
Interface Type Source Model MAC
---------------------------------------------------------------
vnet10 bridge ovsbr1-net virtio 52:54:00:96:15:c7
root@node1:~# virsh domiflist cirros02
Interface Type Source Model MAC
---------------------------------------------------------------
vnet12 bridge ovsbr1-net virtio 52:54:00:1a:ac:49
root@node1:~# virsh domiflist cirros03
Interface Type Source Model MAC
---------------------------------------------------------------
vnet13 bridge ovsbr2-net virtio 52:54:00:58:02:09
root@node1:~# virsh domiflist cirros04
Interface Type Source Model MAC
---------------------------------------------------------------
vnet14 bridge ovsbr2-net virtio 52:54:00:37:b4:00
为虚拟机所连接的OVS交换机端口划分VLAN
ovs-vsctl set Port vnet10 tag=10
ovs-vsctl set Port vnet12 tag=20
ovs-vsctl set Port vnet13 tag=10
ovs-vsctl set Port vnet14 tag=20
为虚拟机手动配置静态IP地址
virsh console cirros01
sudo ip addr add 10.0.0.1/24 dev eth0
virsh console cirros02
sudo ip addr add 10.0.0.2/24 dev eth0
virsh console cirros03
sudo ip addr add 10.0.0.3/24 dev eth0
virsh console cirros04
sudo ip addr add 10.0.0.4/24 dev eth0
验证trunk网络连通性
从cirros01虚拟机ping cirros03虚拟机测试能够正常连通,但无法连通cirros04
root@node1:~# virsh console cirros01
Connected to domain 'cirros01'
Escape character is ^] (Ctrl + ])
login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root.
cirros login: cirros
Password:
$
$ ping 10.0.0.3 -c 4
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=1.41 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.480 ms
64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.549 ms
64 bytes from 10.0.0.3: icmp_seq=4 ttl=64 time=0.623 ms
--- 10.0.0.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 0.480/0.766/1.412/0.376 ms
$
$ ping 10.0.0.4 -c 4
PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
From 10.0.0.1 icmp_seq=4 Destination Host Unreachable
--- 10.0.0.4 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3085ms
pipe 4
$
从cirros02虚拟机ping cirros04虚拟机测试能够正常连通,但无法连通cirros03
root@node1:~# virsh console cirros02
Connected to domain 'cirros02'
Escape character is ^] (Ctrl + ])
login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root.
cirros login: cirros
Password:
$
$ ping 10.0.0.4 -c 4
PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=0.397 ms
64 bytes from 10.0.0.4: icmp_seq=3 ttl=64 time=0.357 ms
64 bytes from 10.0.0.4: icmp_seq=4 ttl=64 time=0.402 ms
--- 10.0.0.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.357/0.603/1.258/0.378 ms
$
$ ping 10.0.0.3 -c 4
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
From 10.0.0.2 icmp_seq=3 Destination Host Unreachable
From 10.0.0.2 icmp_seq=4 Destination Host Unreachable
--- 10.0.0.3 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3079ms
pipe 4
$