在你开始创建实例前,你必须创建一个虚拟网络以给虚拟机提供网络连接,这包括外部网络与租户网络两个部分。
如下图为一个简单网络中网络组建的总体框架,图中展示出网络流从虚拟机到外部网络的总体过程。
1、外部网络(external network)
a、在控制节点加载admin-openrc.sh,设置全局变量
$ source admin-openrc.sh
b、创建外部网络
neutron net-create ext-net --router:external \ > --provider:physical_network external --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 3ad69bec-2ee1-404d-8b0b-013f865e4474 | | mtu | 0 | | name | ext-net | | provider:network_type | flat | | provider:physical_network | external | | provider:segmentation_id | | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 2110135bcbc64695b311ccc40c4790db | +---------------------------+--------------------------------------+
c、创建子网
$ neutron subnet-create ext-net EXTERNAL_NETWORK_CIDR --name ext-subnet \ --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END \ --disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY
其中
EXTERNAL_NETWORK_CIDR 为与物理网络相关的子网
FLOATING_IP_START 分配扁平地址的首地址
FLOATING_IP_END 分配扁平地址的末地址
EXTERNAL_NETWORK_GATEWAY 与物理网络相关的网关
同时,在EXTERNAL_NETWORK_CIDR 子网中禁用DHCP,因为虚拟实例不许连接外网,并且扁平IP地址为人工配置。
例如:使用203.0.113.0/24为扁平网络,IP地址范围为203.0.113.101 – 203.0.113.200
$neutron subnet-create ext-net 203.0.113.0/24 --name ext-subnet \
> --allocation-pool start=203.0.113.101,end=203.0.113.200 \
> --disable-dhcp --gateway 203.0.113.1
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.200"} |
| cidr | 203.0.113.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 203.0.113.1 |
| host_routes | |
| id | 24a150e2-6f62-4ac7-b6e3-1c1d878e3d28 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | ext-subnet |
| network_id | 3ad69bec-2ee1-404d-8b0b-013f865e4474 |
| subnetpool_id | |
| tenant_id | 2110135bcbc64695b311ccc40c4790db |
+-------------------+----------------------------------------------------+
2、租户网络(tenant network)
租户网络提供虚拟机之间的内部连接,使租户与租户的网络之间隔离开来,demo 租户拥有的网络仅仅使其拥有的实例接通信。
a、创建demo-openrc.sh脚本
export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3
将DEMO_PASS替换为你的密码
b、在控制节点加载demo-openrc.sh,设置全局变量
$ source demo-openrc.sh
c、创建网络
$neutron net-create demo-net Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 35a61eb8-6fef-459f-8270-dca01095dc8e | | mtu | 0 | | name | demo-net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 43ec83737264462e99cede4d5f664893 | +-----------------+--------------------------------------+
d、在租户网络上创建一个子网
$ neutron subnet-create demo-net TENANT_NETWORK_CIDR \ --name demo-subnet --gateway TENANT_NETWORK_GATEWAY
TENANT_NETWORK_CIDR 为子网网段
TENANT_NETWORK_GATEWAY 为子网网关
例如,创建一个192.168.1.0/24的网络
$neutron subnet-create demo-net 192.168.1.0/24 \
> --name demo-subnet --gateway 192.168.1.1
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr | 192.168.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 0f92d89f-a153-4534-bfa7-85514fff8832 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | demo-subnet |
| network_id | 35a61eb8-6fef-459f-8270-dca01095dc8e |
| subnetpool_id | |
| tenant_id | 43ec83737264462e99cede4d5f664893 |
+-------------------+--------------------------------------------------+
3、创建虚拟路由服务
虚拟路由可以连通不同虚拟网络,下面,我们使用虚拟网络连通demo租户网络与外部网络
a、创建一个路由服务
$neutron router-create demo-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 32195341-d3c9-4aa4-ad50-e6749ba78928 | | name | demo-router | | routes | | | status | ACTIVE | | tenant_id | 43ec83737264462e99cede4d5f664893 | +-----------------------+--------------------------------------+
b、将路由器连接到demo子网
$neutron router-interface-add demo-router demo-subnet Added interface b95c699f-1450-4ed9-b4a1-006943c6168c to router demo-router.
c、设置为其网关,将路由器连接到外部网络,
$neutron router-gateway-set demo-router ext-net Set gateway for router demo-router
4、验证连通性
在你进行下一步操作之前,强烈建议首先验证网络的连通性,并解决其中遇到的任何问题。
我们在这沿用本文之前的例子,使用203.0.113.0/24为外部子网,租户路由器的网关为203.0.113.101,则若配置租户网络与外部网络正确,你应该可以在外部网络的任何主机ping通这个ip地址
$ ping -c 4 203.0.113.101 PING 203.0.113.101 (203.0.113.101) 56(84) bytes of data. 64 bytes from 203.0.113.101: icmp_req=1 ttl=64 time=0.619 ms 64 bytes from 203.0.113.101: icmp_req=2 ttl=64 time=0.189 ms 64 bytes from 203.0.113.101: icmp_req=3 ttl=64 time=0.165 ms 64 bytes from 203.0.113.101: icmp_req=4 ttl=64 time=0.216 ms --- 203.0.113.101 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.165/0.297/0.619/0.187 ms
