作者:张华 发表于:2015-10-01版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明( )
VIP: 10.0.1.6FIP: 192.168.101.4VM1: 10.0.1.3VM2: 10.0.1.41,安装使用devstack安装时添加 ENABLED_SERVICES+=,q-fwaas 即可。2, 配置文件a, /etc/neutron/neutron.conf[DEFAULT]service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin,neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin,neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugincore_plugin = neutron.plugins.ml2.plugin.Ml2Pluginb, /etc/neutron/neutron_lbaas.conf[service_providers]service_provider=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:defaultubuntu@joshua-devstack:~$ neutron net-list+————————————–+———+——————————————————-+| id | name | subnets |+————————————–+———+——————————————————-+| e88e2c63-e86d-4cba-a49f-0487c9153227 | public | a820b11c-f8f4-4023-8944-39e6fbb517bf 192.168.101.0/24 || fd8a17e0-eb10-45e6-a84c-9d87810ef6e0 | private | 3d013961-10fa-4705-9c3f-ae9d5c373e7a 10.0.1.0/24 |+————————————–+———+——————————————————-+3, lbaas配置neutron lb-pool-create –lb-method ROUND_ROBIN –name mypool –protocol HTTP –subnet-id private-subnetneutron lb-vip-create –name myvip –protocol-port 80 –protocol HTTP –subnet-id private-subnet mypoolneutron floatingip-create publicneutron floatingip-associate ca119ad1-501c-46e7-b064-aefbea8d356a 566ef461-c435-4b4e-9479-705e2a58b10aubuntu@joshua-devstack:~$ sudo ip netns exec qlbaas-74b31af8-c15b-469c-88e8-667598ecc12b ip addr show tap566ef461-c424: tap566ef461-c4: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:e7:1d:25 brd ff:ff:ff:ff:ff:ff inet 10.0.1.6/24 brd 10.0.1.255 scope global tap566ef461-c4 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fee7:1d25/64 scope link valid_lft forever preferred_lft foreverubuntu@joshua-devstack:~$ sudo ip netns exec qrouter-25d7d6ae-047c-4bca-bf96-664794aa84b2 ip addr show12: qr-839a5881-9e: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:59:1a:72 brd ff:ff:ff:ff:ff:ff inet 10.0.1.1/24 brd 10.0.1.255 scope global qr-839a5881-9e valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe59:1a72/64 scope link valid_lft forever preferred_lft forever13: qg-addee699-0a: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:3f:eb:1b brd ff:ff:ff:ff:ff:ff inet 192.168.101.3/24 brd 192.168.101.255 scope global qg-addee699-0a valid_lft forever preferred_lft forever inet 192.168.101.4/32 brd 192.168.101.4 scope global qg-addee699-0a valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe3f:eb1b/64 scope link valid_lft forever preferred_lft foreverubuntu@joshua-devstack:~$ ps -ef|grep haproxynobody 9438 1 0 06:36 ? 00:00:00 haproxy -f /opt/stack/data/neutron/lbaas/74b31af8-c15b-469c-88e8-667598ecc12b/conf -p /opt/stack/data/neutron/lbaas/74b31af8-c15b-469c-88e8-667598ecc12b/pidubuntu@joshua-devstack:~$ cat /opt/stack/data/neutron/lbaas/74b31af8-c15b-469c-88e8-667598ecc12b/confglobal daemon user nobody group nogroup log /dev/log local0 log /dev/log local1 notice stats socket /opt/stack/data/neutron/lbaas/74b31af8-c15b-469c-88e8-667598ecc12b/sock mode 0666 level userdefaults log global retries 3 option redispatch timeout connect 5000 timeout client 50000 timeout server 50000frontend a352b6fa-6eeb-41de-9fe6-256c1fe8e36a option tcplog bind 10.0.1.6:80 mode http default_backend 74b31af8-c15b-469c-88e8-667598ecc12b option forwardforbackend 74b31af8-c15b-469c-88e8-667598ecc12b mode http balance roundrobin option forwardfor server 05f6d6de-951c-4423-bb4d-acc7dbccec2c 10.1.1.3:80 weight 1 server beb74c1b-5fb8-4153-935d-e295892de314 10.1.1.4:80 weight 14, 发生了什么 配置一个LB实例后,会在l3-agent节点上创建一个qlbaas-XXX名空间,里面是VIP,由于没有为VIP设置路由,所以VIP的网段与虚机网段一致(这一点与opencontrail不同,opencontrail是服务实例找两个随机的计算节点上部署active与passive两个haproxy实例,如果vip network与vm network相同的话,,这两个计算节点上都会有相同的VIP,虽然是局部隔离的,主动发消息由于带了该计算节点的MAC地址所以回来的包能找到地址,但是这样从FIP主动找VIP包却是不知道该往哪个计算节点的VIP转包的)。5, 测试在两个计算节点上运行如下脚本充当WEB服务器:MYIP=$(ifconfig eth0|grep ‘inet addr’|awk -F: ‘{print $2}’| awk ‘{print $1}’)while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done然后执行:wget -O – <VIP>wget -O – <FIP>6, 在GRE模式下的MTU影响外网IP (192.168.101.1)设置在br-ex网桥上, qrouter-xxx名空间里的qg-接口上的IP(192.168.101.3)与floating IP (192.168.101.4)插在br-ex网桥上。lbaas-xxx名空间里的上的VIP(10.0.1.6)的tap设置与qrouter-xxx名空间上的qr-接口上的网关IP(10.0.1.1)插在br-int上。上面的接口在一台机器上不受mtu的影响,但另外两个虚机(10.0.1.3, 10.0.1.4)可能在另外的台机器上,和网络节点通过br-int与br-phy两个网桥相连。由于MTU的影响,虚机的MTU可设置为1400.
版权声明:本文为博主原创文章,未经博主允许不得转载。
效果只能是既费时又没有胜利,再聪慧的人也没法成学。
