本文實驗如何通過ovn的localnet類型端口將ovn網絡連接到外部網絡。也是一種l2gateway，但是相比l2gateway來說，localnet類型的端口會在vm所在的chassis上都連接到外部網絡，減少了東西向流量。

邏輯拓撲如下

image.png

執行如下命令創建邏輯拓撲

//創建 logical switch ls1 ovn-nbctl ls-add ls1//添加第一個 logical port ls1-vm1 ovn-nbctl lsp-add ls1 ls1-vm1 ovn-nbctl lsp-set-addresses ls1-vm1 00:00:00:00:00:03 ovn-nbctl lsp-set-port-security ls1-vm1 00:00:00:00:00:03//添加第二個 logical port ls1-vm2 ovn-nbctl lsp-add ls1 ls1-vm2 ovn-nbctl lsp-set-addresses ls1-vm2 00:00:00:00:00:04 ovn-nbctl lsp-set-port-security ls1-vm2 00:00:00:00:00:04//添加第三個 logical port ls1-localnet，類型為localnet，用來連接外部網絡 ovn-nbctl lsp-add ls1 ls1-localnet ovn-nbctl lsp-set-addresses ls1-localnet unknown ovn-nbctl lsp-set-type ls1-localnet localnet ovn-nbctl lsp-set-options ls1-localnet network_name=externalnetls1上添加了localnet類型的端口，同時也存在連接vm的vif類型的端口，localnet的選項 network_name 指定的 網絡名稱只能在vif所在的chassis上存在(如果chassis沒有vif，也就沒有必要創建patch端口了)。本實驗中vm1和vm2分別在master和node1節點上，所以需要在master和node1節點分別執行下面命令 //在master節點上執行 ovs-vsctl add-br br-ens8 ovs-vsctl add-port br-ens8 ens8 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=externalnet:br-ens8 ip link set dev br-ens8 up ip addr add 10.10.10.4/24 dev br-ens8//在node1節點上執行 ovs-vsctl add-br br-ens8 ovs-vsctl add-port br-ens8 ens8 ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=externalnet:br-ens8 ip link set dev br-ens8 up ip addr add 10.10.10.5/24 dev br-ens8//在master上創建vm1 namespace ip netns add vm1 ovs-vsctl add-port br-int vm1 -- set interface vm1 type=internal ip link set vm1 netns vm1 ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:03 ip netns exec vm1 ip addr add 10.10.10.2/24 dev vm1 ip netns exec vm1 ip link set vm1 up //通過iface-id=ls1-vm1和邏輯端口ls1-vm1綁定 ovs-vsctl set Interface vm1 external_ids:iface-id=ls1-vm1//在node1上創建vm2 namespace ip netns add vm2 ovs-vsctl add-port br-int vm2 -- set interface vm2 type=internal ip link set vm2 netns vm2 ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:04 ip netns exec vm2 ip addr add 10.10.10.3/24 dev vm2 ip netns exec vm2 ip link set vm2 up //通過iface-id=ls1-vm2和邏輯端口ls1-vm2綁定 ovs-vsctl set Interface vm2 external_ids:iface-id=ls1-vm2

生成的物理網絡拓撲

image.png

ping報文在vm之間，vm和外部網絡之間都可以通。

root@master:~# ip netns exec vm1 ping 10.10.10.3 PING 10.10.10.3 (10.10.10.3) 56(84) bytes of data. 64 bytes from 10.10.10.3: icmp_seq=1 ttl=64 time=2.05 ms ^C --- 10.10.10.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.048/2.048/2.048/0.000 ms root@master:~# ip netns exec vm1 ping 10.10.10.4 PING 10.10.10.4 (10.10.10.4) 56(84) bytes of data. 64 bytes from 10.10.10.4: icmp_seq=1 ttl=64 time=0.818 ms ^C --- 10.10.10.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.818/0.818/0.818/0.000 ms root@master:~# ip netns exec vm1 ping 10.10.10.5 PING 10.10.10.5 (10.10.10.5) 56(84) bytes of data. 64 bytes from 10.10.10.5: icmp_seq=1 ttl=64 time=1.04 ms ^C --- 10.10.10.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.038/1.038/1.038/0.000 msroot@node1:~# ip netns exec vm2 ping 10.10.10.2 PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=2.14 ms ^C --- 10.10.10.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.141/2.141/2.141/0.000 ms root@node1:~# ip netns exec vm2 ping 10.10.10.4 PING 10.10.10.4 (10.10.10.4) 56(84) bytes of data. 64 bytes from 10.10.10.4: icmp_seq=1 ttl=64 time=1.96 ms ^C --- 10.10.10.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.962/1.962/1.962/0.000 ms root@node1:~# ip netns exec vm2 ping 10.10.10.5 PING 10.10.10.5 (10.10.10.5) 56(84) bytes of data. 64 bytes from 10.10.10.5: icmp_seq=1 ttl=64 time=0.310 ms ^C --- 10.10.10.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.310/0.310/0.310/0.000 ms

ping報文路徑

vm1(10.10.10.2) ping vm2(10.10.10.3):vm1 -> br-int(master) -> ovn-node1-0 -> ens3(master) -> ens3(node1) -> ovn-master-0 -> br-int(node1) -> vm2 vm1(10.10.10.2) ping 10.10.10.4:vm1 -> br-int(master) -> patch -> br-ens8(master) vm1(10.10.10.2) ping 10.10.10.5:vm1 -> br-int(master) -> patch -> br-ens8(master) -> ens8(master) -> ens8(node1)vm2(10.10.10.3) ping vm1(10.10.10.2):vm2 -> br-int(node1) -> ovn-master-0 -> ens3(node1) -> ens3(master) -> ovn-node1-0 -> br-int(master) -> vm1 vm2(10.10.10.3) ping 10.10.10.4:vm2 -> br-int(node1) -> patch -> br-ens8(master) vm2(10.10.10.3) ping 10.10.10.5:vm2 -> br-int(node1) -> patch -> br-ens8(node1) -> ens8(node1) -> ens8(master)

查看nbdb信息

root@master:~# ovn-nbctl show switch a6248736-46db-4533-842e-6269f7f65652 (ls1)port ls1-localnettype: localnetaddresses: ["unknown"]port ls1-vm1addresses: ["00:00:00:00:00:03"]port ls1-vm2addresses: ["00:00:00:00:00:04"]root@master:~# ovn-nbctl list logical_switch _uuid : a6248736-46db-4533-842e-6269f7f65652 acls : [] dns_records : [] external_ids : {} forwarding_groups : [] load_balancer : [] name : ls1 other_config : {} ports : [12a22e4d-6118-4584-8df6-b684db23d3fb, 35f11e54-e2f0-4bb0-b6a3-ca69e8f7d918, 4231a2b1-941b-48ec-8ce7-0d5523c503b1] qos_rules : [] root@master:~# ovn-nbctl list logical_switch_port _uuid : 35f11e54-e2f0-4bb0-b6a3-ca69e8f7d918 addresses : ["00:00:00:00:00:03"] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : ls1-vm1 options : {} parent_name : [] port_security : ["00:00:00:00:00:03"] tag : [] tag_request : [] type : "" up : true_uuid : 4231a2b1-941b-48ec-8ce7-0d5523c503b1 addresses : ["00:00:00:00:00:04"] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : ls1-vm2 options : {} parent_name : [] port_security : ["00:00:00:00:00:04"] tag : [] tag_request : [] type : "" up : true_uuid : 12a22e4d-6118-4584-8df6-b684db23d3fb addresses : [unknown] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : ls1-localnet options : {network_name=externalnet} parent_name : [] port_security : [] tag : [] tag_request : [] type : localnet up : false

查看sbdb信息

root@master:~# ovn-sbctl show Chassis node1hostname: node1Encap geneveip: "192.168.122.21"options: {csum="true"}Port_Binding ls1-vm2 Chassis masterhostname: masterEncap geneveip: "192.168.122.20"options: {csum="true"}Port_Binding ls1-vm1 root@master:~# root@master:~# ovn-sbctl list port_binding _uuid : 3ad09074-565f-4bac-856d-e1d2fcc8f577 chassis : b0261728-db55-4e0b-bfd5-b930081010fc datapath : 0f61ea54-5070-49f9-8701-06d9f1fc54d2 encap : [] external_ids : {} gateway_chassis : [] ha_chassis_group : [] logical_port : ls1-vm1 mac : ["00:00:00:00:00:03"] nat_addresses : [] options : {} parent_port : [] tag : [] tunnel_key : 1 type : "" up : true virtual_parent : []_uuid : 938e0ff5-c93b-4541-89de-51cb7bde6b10 chassis : 29a2b734-b27b-4dd9-b1ae-935292757377 datapath : 0f61ea54-5070-49f9-8701-06d9f1fc54d2 encap : [] external_ids : {} gateway_chassis : [] ha_chassis_group : [] logical_port : ls1-vm2 mac : ["00:00:00:00:00:04"] nat_addresses : [] options : {} parent_port : [] tag : [] tunnel_key : 2 type : "" up : true virtual_parent : []_uuid : 15a19e85-c21b-4202-8114-5303d5efe117 chassis : [] datapath : 0f61ea54-5070-49f9-8701-06d9f1fc54d2 encap : [] external_ids : {} gateway_chassis : [] ha_chassis_group : [] logical_port : ls1-localnet mac : [unknown] nat_addresses : [] options : {network_name=externalnet} parent_port : [] tag : [] tunnel_key : 3 type : localnet up : false virtual_parent : []

查看ovsdb信息

root@master:~# ovs-vsctl show a891c32e-dec1-4168-8e17-1516fa55341bBridge br-intfail_mode: securePort ovn-node1-0Interface ovn-node1-0type: geneveoptions: {csum="true", key=flow, remote_ip="192.168.122.21"}Port br-intInterface br-inttype: internalPort vm1Interface vm1type: internalPort patch-br-int-to-ls1-localnetInterface patch-br-int-to-ls1-localnettype: patchoptions: {peer=patch-ls1-localnet-to-br-int}Bridge br-ens8Port ens8Interface ens8Port br-ens8Interface br-ens8type: internalPort patch-ls1-localnet-to-br-intInterface patch-ls1-localnet-to-br-inttype: patchoptions: {peer=patch-br-int-to-ls1-localnet}root@node1:~# ovs-vsctl show c9da68e6-3d3f-49a3-b649-9f0345985648Bridge br-intfail_mode: securePort patch-br-int-to-ls1-localnetInterface patch-br-int-to-ls1-localnettype: patchoptions: {peer=patch-ls1-localnet-to-br-int}Port vm2Interface vm2type: internalPort br-intInterface br-inttype: internalPort ovn-master-0Interface ovn-master-0type: geneveoptions: {csum="true", key=flow, remote_ip="192.168.122.20"}Bridge br-ens8Port br-ens8Interface br-ens8type: internalPort patch-ls1-localnet-to-br-intInterface patch-ls1-localnet-to-br-inttype: patchoptions: {peer=patch-br-int-to-ls1-localnet}Port ens8Interface ens8

也可參考：ovn 通過localnet端口連接外部網絡 - 簡書?

總結

以上是生活随笔為你收集整理的ovn 通过localnet端口连接外部网络的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。