金鱼哥RHCA回忆录:CL210管理OPENSTACK网络--章节实验
【摘要】 第六章 管理OPENSTACK网络--章节实验
🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质:CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥🎈支持我:可点赞👍、可收藏⭐️、可留言📝
由于篇幅过长所以章节实验写在此文。
📜章节实验
-
创建一个VLAN提供者网络。
-
启动附加到提供程序网络的实例。
[student@workstation ~]$ lab networking-review setup
Setting up workstation for exercise work:
• Verifying project: production............................... SUCCESS
• Creating user environment file: operator1-production-rc..... SUCCESS
• Creating keypair: example-keypair........................... SUCCESS
. Creating flavor: default.................................... SUCCESS
. Creating image: rhel7....................................... SUCCESS
. Creating secgroup: default.................................. SUCCESS
• Creating secgroup rule: icmp................................ SUCCESS
📑1. 查看utilitv上的网络接口配置。
实用程序在每个VLAN中都有一个子接口,从101到104,允许测试离开OpenStack的VLAN流量。
[student@workstation ~]$ ssh root@utility
[root@utility ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:00:fa:dc brd ff:ff:ff:ff:ff:ff
inet 172.25.250.220/24 brd 172.25.250.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe00:fadc/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff
inet 172.24.250.220/24 brd 172.24.250.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:dc/64 scope link
valid_lft forever preferred_lft forever
4: eth1.101@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff
inet 10.0.101.1/24 brd 10.0.101.255 scope global eth1.101
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:dc/64 scope link
valid_lft forever preferred_lft forever
5: eth1.102@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff
inet 10.0.102.1/24 brd 10.0.102.255 scope global eth1.102
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:dc/64 scope link
valid_lft forever preferred_lft forever
6: eth1.103@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff
inet 10.0.103.1/24 brd 10.0.103.255 scope global eth1.103
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:dc/64 scope link
valid_lft forever preferred_lft forever
7: eth1.104@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff
inet 10.0.104.1/24 brd 10.0.104.255 scope global eth1.104
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:dc/64 scope link
valid_lft forever preferred_lft forever
[root@utility ~]#
📑2. 使用/home/student/admin-rc环境文件,创建一个名为provider1-104的VLAN提供程序网络并匹配名为subnet1-104的子网。
从前面的练习中,您知道这个网络的流量将通过br-eth3桥传输。使用下表中的选项和值。
[root@controller0 ~]# grep ^network_vlan_ranges /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini
network_vlan_ranges=datacentre:1:1000,vlanprovider1:101:104,vlanprovider2:101:104,storage:30:30
[student@workstation ~]$ source admin-rc
[student@workstation ~]$ openstack network create --share --provider-network-type vlan --provider-physical-network vlanprovider1 --provider-segment 104 provider1-104
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-10-28T03:31:04Z |
| description | |
| dns_domain | None |
| id | 0f9dd2c1-83ef-4c46-ac9e-7d6ce28d769f |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider1-104 |
| port_security_enabled | True |
| project_id | 42eecbfbaf684f909abfe5304434fc77 |
| provider:network_type | vlan |
| provider:physical_network | vlanprovider1 |
| provider:segmentation_id | 104 |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-10-28T03:31:04Z |
+---------------------------+--------------------------------------+
[student@workstation ~]$ openstack subnet create --dhcp --subnet-range=10.0.104.0/24 --allocation-pool=start=10.0.104.100,end=10.0.104.149 --network provider1-104 subnet1-104
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.0.104.100-10.0.104.149 |
| cidr | 10.0.104.0/24 |
| created_at | 2020-10-28T03:33:39Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.104.1 |
| host_routes | |
| id | b20a1e29-1b54-4a32-8741-2c0b84c2cf50 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet1-104 |
| network_id | 0f9dd2c1-83ef-4c46-ac9e-7d6ce28d769f |
| project_id | 42eecbfbaf684f909abfe5304434fc77 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-10-28T03:33:39Z |
+-------------------+--------------------------------------+
📑3. 使用/home/student/admin-rc环境文件,创建一个名为provider2-104的VLAN提供者网络,并匹配名为subnet2-104的子网。
从前面的练习中,您知道这个网络的通信量在br-eth4桥上传输。使用下表中的选项和值。
[student@workstation ~]$ openstack network create --share --provider-network-type vlan --provider-physical-network vlanprovider2 --provider-segment 104 provider2-104
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-10-28T03:35:20Z |
| description | |
| dns_domain | None |
| id | 04593cd0-5cbd-4dd5-92a5-ad8d188161c1 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider2-104 |
| port_security_enabled | True |
| project_id | 42eecbfbaf684f909abfe5304434fc77 |
| provider:network_type | vlan |
| provider:physical_network | vlanprovider2 |
| provider:segmentation_id | 104 |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2020-10-28T03:35:20Z |
+---------------------------+--------------------------------------+
[student@workstation ~]$ openstack subnet create --dhcp --subnet-range=10.0.104.0/24 --allocation-pool=start=10.0.104.150,end=10.0.104.199 --network provider2-104 subnet2-104
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.0.104.150-10.0.104.199 |
| cidr | 10.0.104.0/24 |
| created_at | 2020-10-28T03:36:24Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.104.1 |
| host_routes | |
| id | ea643eff-4b09-4a9e-a4b1-fd4a3b4929a8 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | subnet2-104 |
| network_id | 04593cd0-5cbd-4dd5-92a5-ad8d188161c1 |
| project_id | 42eecbfbaf684f909abfe5304434fc77 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2020-10-28T03:36:24Z |
+-------------------+--------------------------------------+
📑4. 启动附加到provider1-104网络的实例。将实例命名为production-server1并使用以下值。
[student@workstation ~]$ source operator1-production-rc
[student@workstation ~(operator1-production)]$ openstack server create --flavor default --image rhel7 --key-name example-keypair --network provider1-104 --wait production-server1
+-----------------------------+---------------------------------------------------------+
| Field | Value
+-----------------------------+---------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state | Running
| OS-EXT-STS:task_state | None
| OS-EXT-STS:vm_state | active
| OS-SRV-USG:launched_at | 2020-10-28T04:52:20.000000
| OS-SRV-USG:terminated_at | None
| accessIPv4 |
| accessIPv6 |
| addresses | provider1-104=10.0.104.101
📑5. 启动附加到provider2-104网络的实例。将实例命名为production-server2并使用以下值。
[student@workstation ~(operator1-production)]$ openstack server create --flavor default --image rhel7 --key-name example-keypair --network provider2-104 --wait production-server2
+-----------------------------+---------------------------------------------------------+
| Field | Value
+-----------------------------+---------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
| OS-EXT-AZ:availability_zone | nova
| OS-EXT-STS:power_state | Running
| OS-EXT-STS:task_state | None
| OS-EXT-STS:vm_state | active
| OS-SRV-USG:launched_at | 2020-10-28T04:55:14.000000
| OS-SRV-USG:terminated_at | None
| accessIPv4 |
| accessIPv6 |
| addresses | provider2-104=10.0.104.159
📑6. 在utility中,使用ping命令来测试从OpenStack外部可以访问production-server1和production-server2。
[student@workstation ~]$ ssh utility
[student@utility ~]$ ping -c3 10.0.104.101
PING 10.0.104.101 (10.0.104.101) 56(84) bytes of data.
64 bytes from 10.0.104.101: icmp_seq=1 ttl=64 time=0.945 ms
64 bytes from 10.0.104.101: icmp_seq=2 ttl=64 time=0.494 ms
64 bytes from 10.0.104.101: icmp_seq=3 ttl=64 time=0.412 ms
--- 10.0.104.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.412/0.617/0.945/0.234 ms
[student@utility ~]$
[student@utility ~]$ ping -c3 10.0.104.159
PING 10.0.104.159 (10.0.104.159) 56(84) bytes of data.
64 bytes from 10.0.104.159: icmp_seq=1 ttl=64 time=0.859 ms
64 bytes from 10.0.104.159: icmp_seq=2 ttl=64 time=0.569 ms
64 bytes from 10.0.104.159: icmp_seq=3 ttl=64 time=0.482 ms
--- 10.0.104.159 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.482/0.636/0.859/0.163 ms
📑7. 在workstation上打开一个新的终端,然后登录到utility并启动tcpdump命令。这将验证是否使用了正确的VLAN。
[root@utility ~]# tcpdump -nnei eth1 -vvv
📑8. 在production-server1中,使用ping命令测试与production-server2和实用程序的通信。
📑9. 在utility上,取消tcpdump并验证捕获的ICMP流量是否来自VLAN 104。
10.0.104.101 > 10.0.104.1: ICMP echo request, id 11373, seq 3, length 64
06:38:08.998562 52:54:00:03:00:dc > fa:16:3e:46:db:57, ethertype 802.1Q (0x8100), length 102: vlan 104, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 37747, offset 0, flags [none], proto ICMP (1), length 84)
10.0.104.1 > 10.0.104.101: ICMP echo reply, id 11373, seq 3, length 64
📑实验评分
[student@workstation ~]$ lab networking-review grade
📑清除实验
[student@workstation ~]$ lab networking-review cleanup
💡总结
-
软件定义网络(SDN)是一种网络模型,它允许网络管理员通过抽象几个网络层来管理网络服务。SDN解耦了处理通信量的软件(称为控制平面)和路由通信量的底层机制(称为数据平面)。
-
开放虚拟网络(OVN)是一个SDN网络项目,扩展了OVS,提供了第二层和第三层网络功能。它利用Geneve框架在OpenStack节点之间创建隧道。
-
模块化层2 (ML2)插件是一个支持使用各种技术的框架。管理员可以使用OpenStack网络可用的各种插件与Open vSwitch或任何供应商技术(如Cisco设备)进行交互。
-
自助服务和提供者网络可以组合使用,也可以专门用于定义实例可用的网络连接类型。提供者网络给实例一个到OpenStack外部网络的第二层连接,而租户网络需要一个OpenStack路由器将它们连接到外部网络。
RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。
以上就是【金鱼哥】对 第六章 管理OPENSTACK网络–章节实验 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。
💾红帽认证专栏系列:
RHCSA专栏:戏说 RHCSA 认证
RHCE专栏:戏说 RHCE 认证
此文章收录在RHCA专栏:RHCA 回忆录
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。
如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)