当前位置：网站首页>金鱼哥RHCA回忆录：CL210管理OPENSTACK网络--章节实验

金鱼哥RHCA回忆录：CL210管理OPENSTACK网络--章节实验

2022-08-01 18:02:00 【华为云】

个人简介：大家好，我是 金鱼哥，CSDN运维领域新星创作者，华为云·云享专家，阿里云社区·专家博主
个人资质：CCNA、HCNP、CSNA（网络分析师），软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL
格言：努力不一定成功，但要想成功就必须努力
支持我：可点赞、可收藏️、可留言

由于篇幅过长所以章节实验写在此文。

章节实验

创建一个VLAN提供者网络。
启动附加到提供程序网络的实例。

[[email protected] ~]$ lab networking-review setup Setting up workstation for exercise work: • Verifying project: production...............................  SUCCESS • Creating user environment file: operator1-production-rc.....  SUCCESS • Creating keypair: example-keypair...........................  SUCCESS . Creating flavor: default....................................  SUCCESS . Creating image: rhel7.......................................  SUCCESS . Creating secgroup: default..................................  SUCCESS • Creating secgroup rule: icmp................................  SUCCESS

1. 查看utilitv上的网络接口配置。

实用程序在每个VLAN中都有一个子接口，从101到104，允许测试离开OpenStack的VLAN流量。

[[email protected] ~]$ ssh [email protected][[email protected] ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000    link/ether 52:54:00:00:fa:dc brd ff:ff:ff:ff:ff:ff    inet 172.25.250.220/24 brd 172.25.250.255 scope global noprefixroute eth0       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe00:fadc/64 scope link        valid_lft forever preferred_lft forever3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000    link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff    inet 172.24.250.220/24 brd 172.24.250.255 scope global noprefixroute eth1       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe03:dc/64 scope link        valid_lft forever preferred_lft forever4: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff    inet 10.0.101.1/24 brd 10.0.101.255 scope global eth1.101       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe03:dc/64 scope link        valid_lft forever preferred_lft forever5: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff    inet 10.0.102.1/24 brd 10.0.102.255 scope global eth1.102       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe03:dc/64 scope link        valid_lft forever preferred_lft forever6: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff    inet 10.0.103.1/24 brd 10.0.103.255 scope global eth1.103       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe03:dc/64 scope link        valid_lft forever preferred_lft forever7: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether 52:54:00:03:00:dc brd ff:ff:ff:ff:ff:ff    inet 10.0.104.1/24 brd 10.0.104.255 scope global eth1.104       valid_lft forever preferred_lft forever    inet6 fe80::5054:ff:fe03:dc/64 scope link        valid_lft forever preferred_lft forever[[email protected] ~]#

2. 使用/home/student/admin-rc环境文件，创建一个名为provider1-104的VLAN提供程序网络并匹配名为subnet1-104的子网。

从前面的练习中，您知道这个网络的流量将通过br-eth3桥传输。使用下表中的选项和值。

[[email protected] ~]# grep ^network_vlan_ranges /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini network_vlan_ranges=datacentre:1:1000,vlanprovider1:101:104,vlanprovider2:101:104,storage:30:30[[email protected] ~]$ source admin-rc [[email protected] ~]$ openstack network create --share --provider-network-type vlan --provider-physical-network vlanprovider1 --provider-segment 104 provider1-104+---------------------------+--------------------------------------+| Field                     | Value                                |+---------------------------+--------------------------------------+| admin_state_up            | UP                                   || availability_zone_hints   |                                      || availability_zones        |                                      || created_at                | 2020-10-28T03:31:04Z                 || description               |                                      || dns_domain                | None                                 || id                        | 0f9dd2c1-83ef-4c46-ac9e-7d6ce28d769f || ipv4_address_scope        | None                                 || ipv6_address_scope        | None                                 || is_default                | False                                || is_vlan_transparent       | None                                 || mtu                       | 1500                                 || name                      | provider1-104                        || port_security_enabled     | True                                 || project_id                | 42eecbfbaf684f909abfe5304434fc77     || provider:network_type     | vlan                                 || provider:physical_network | vlanprovider1                        || provider:segmentation_id  | 104                                  || qos_policy_id             | None                                 || revision_number           | 3                                    || router:external           | Internal                             || segments                  | None                                 || shared                    | True                                 || status                    | ACTIVE                               || subnets                   |                                      || tags                      |                                      || updated_at                | 2020-10-28T03:31:04Z                 |+---------------------------+--------------------------------------+[[email protected] ~]$ openstack subnet create --dhcp --subnet-range=10.0.104.0/24 --allocation-pool=start=10.0.104.100,end=10.0.104.149 --network provider1-104 subnet1-104+-------------------+--------------------------------------+| Field             | Value                                |+-------------------+--------------------------------------+| allocation_pools  | 10.0.104.100-10.0.104.149            || cidr              | 10.0.104.0/24                        || created_at        | 2020-10-28T03:33:39Z                 || description       |                                      || dns_nameservers   |                                      || enable_dhcp       | True                                 || gateway_ip        | 10.0.104.1                           || host_routes       |                                      || id                | b20a1e29-1b54-4a32-8741-2c0b84c2cf50 || ip_version        | 4                                    || ipv6_address_mode | None                                 || ipv6_ra_mode      | None                                 || name              | subnet1-104                          || network_id        | 0f9dd2c1-83ef-4c46-ac9e-7d6ce28d769f || project_id        | 42eecbfbaf684f909abfe5304434fc77     || revision_number   | 0                                    || segment_id        | None                                 || service_types     |                                      || subnetpool_id     | None                                 || tags              |                                      || updated_at        | 2020-10-28T03:33:39Z                 |+-------------------+--------------------------------------+

3. 使用/home/student/admin-rc环境文件，创建一个名为provider2-104的VLAN提供者网络，并匹配名为subnet2-104的子网。

从前面的练习中，您知道这个网络的通信量在br-eth4桥上传输。使用下表中的选项和值。

[[email protected] ~]$ openstack network create --share --provider-network-type vlan --provider-physical-network vlanprovider2 --provider-segment 104 provider2-104+---------------------------+--------------------------------------+| Field                     | Value                                |+---------------------------+--------------------------------------+| admin_state_up            | UP                                   || availability_zone_hints   |                                      || availability_zones        |                                      || created_at                | 2020-10-28T03:35:20Z                 || description               |                                      || dns_domain                | None                                 || id                        | 04593cd0-5cbd-4dd5-92a5-ad8d188161c1 || ipv4_address_scope        | None                                 || ipv6_address_scope        | None                                 || is_default                | False                                || is_vlan_transparent       | None                                 || mtu                       | 1500                                 || name                      | provider2-104                        || port_security_enabled     | True                                 || project_id                | 42eecbfbaf684f909abfe5304434fc77     || provider:network_type     | vlan                                 || provider:physical_network | vlanprovider2                        || provider:segmentation_id  | 104                                  || qos_policy_id             | None                                 || revision_number           | 3                                    || router:external           | Internal                             || segments                  | None                                 || shared                    | True                                 || status                    | ACTIVE                               || subnets                   |                                      || tags                      |                                      || updated_at                | 2020-10-28T03:35:20Z                 |+---------------------------+--------------------------------------+[[email protected] ~]$ openstack subnet create --dhcp --subnet-range=10.0.104.0/24 --allocation-pool=start=10.0.104.150,end=10.0.104.199 --network provider2-104 subnet2-104+-------------------+--------------------------------------+| Field             | Value                                |+-------------------+--------------------------------------+| allocation_pools  | 10.0.104.150-10.0.104.199            || cidr              | 10.0.104.0/24                        || created_at        | 2020-10-28T03:36:24Z                 || description       |                                      || dns_nameservers   |                                      || enable_dhcp       | True                                 || gateway_ip        | 10.0.104.1                           || host_routes       |                                      || id                | ea643eff-4b09-4a9e-a4b1-fd4a3b4929a8 || ip_version        | 4                                    || ipv6_address_mode | None                                 || ipv6_ra_mode      | None                                 || name              | subnet2-104                          || network_id        | 04593cd0-5cbd-4dd5-92a5-ad8d188161c1 || project_id        | 42eecbfbaf684f909abfe5304434fc77     || revision_number   | 0                                    || segment_id        | None                                 || service_types     |                                      || subnetpool_id     | None                                 || tags              |                                      || updated_at        | 2020-10-28T03:36:24Z                 |+-------------------+--------------------------------------+

4. 启动附加到provider1-104网络的实例。将实例命名为production-server1并使用以下值。

[[email protected] ~]$ source operator1-production-rc [[email protected] ~(operator1-production)]$ openstack server create --flavor default --image rhel7 --key-name example-keypair --network provider1-104 --wait production-server1+-----------------------------+---------------------------------------------------------+| Field                       | Value +-----------------------------+---------------------------------------------------------+| OS-DCF:diskConfig           | MANUAL  | OS-EXT-AZ:availability_zone | nova | OS-EXT-STS:power_state      | Running | OS-EXT-STS:task_state       | None | OS-EXT-STS:vm_state         | active | OS-SRV-USG:launched_at      | 2020-10-28T04:52:20.000000 | OS-SRV-USG:terminated_at    | None | accessIPv4                  |  | accessIPv6                  |  | addresses                   | provider1-104=10.0.104.101

5. 启动附加到provider2-104网络的实例。将实例命名为production-server2并使用以下值。

[[email protected] ~(operator1-production)]$ openstack server create --flavor default --image rhel7 --key-name example-keypair --network provider2-104 --wait production-server2+-----------------------------+---------------------------------------------------------+| Field                       | Value +-----------------------------+---------------------------------------------------------+| OS-DCF:diskConfig           | MANUAL | OS-EXT-AZ:availability_zone | nova  | OS-EXT-STS:power_state      | Running | OS-EXT-STS:task_state       | None | OS-EXT-STS:vm_state         | active | OS-SRV-USG:launched_at      | 2020-10-28T04:55:14.000000| OS-SRV-USG:terminated_at    | None | accessIPv4                  || accessIPv6                  | | addresses                   | provider2-104=10.0.104.159

6. 在utility中，使用ping命令来测试从OpenStack外部可以访问production-server1和production-server2。

[[email protected] ~]$ ssh utility[[email protected] ~]$ ping -c3 10.0.104.101PING 10.0.104.101 (10.0.104.101) 56(84) bytes of data.64 bytes from 10.0.104.101: icmp_seq=1 ttl=64 time=0.945 ms64 bytes from 10.0.104.101: icmp_seq=2 ttl=64 time=0.494 ms64 bytes from 10.0.104.101: icmp_seq=3 ttl=64 time=0.412 ms--- 10.0.104.101 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2000msrtt min/avg/max/mdev = 0.412/0.617/0.945/0.234 ms[[email protected] ~]$ [[email protected] ~]$ ping -c3 10.0.104.159PING 10.0.104.159 (10.0.104.159) 56(84) bytes of data.64 bytes from 10.0.104.159: icmp_seq=1 ttl=64 time=0.859 ms64 bytes from 10.0.104.159: icmp_seq=2 ttl=64 time=0.569 ms64 bytes from 10.0.104.159: icmp_seq=3 ttl=64 time=0.482 ms--- 10.0.104.159 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2000msrtt min/avg/max/mdev = 0.482/0.636/0.859/0.163 ms

7. 在workstation上打开一个新的终端，然后登录到utility并启动tcpdump命令。这将验证是否使用了正确的VLAN。

[[email protected] ~]# tcpdump -nnei eth1 -vvv

8. 在production-server1中，使用ping命令测试与production-server2和实用程序的通信。

9. 在utility上，取消tcpdump并验证捕获的ICMP流量是否来自VLAN 104。

    10.0.104.101 > 10.0.104.1: ICMP echo request, id 11373, seq 3, length 6406:38:08.998562 52:54:00:03:00:dc > fa:16:3e:46:db:57, ethertype 802.1Q (0x8100), length 102: vlan 104, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 37747, offset 0, flags [none], proto ICMP (1), length 84)    10.0.104.1 > 10.0.104.101: ICMP echo reply, id 11373, seq 3, length 64

实验评分

[[email protected] ~]$ lab networking-review grade

清除实验

[[email protected] ~]$ lab networking-review cleanup

总结

软件定义网络(SDN)是一种网络模型，它允许网络管理员通过抽象几个网络层来管理网络服务。SDN解耦了处理通信量的软件(称为控制平面)和路由通信量的底层机制(称为数据平面)。
开放虚拟网络(OVN)是一个SDN网络项目，扩展了OVS，提供了第二层和第三层网络功能。它利用Geneve框架在OpenStack节点之间创建隧道。
模块化层2 (ML2)插件是一个支持使用各种技术的框架。管理员可以使用OpenStack网络可用的各种插件与Open vSwitch或任何供应商技术(如Cisco设备)进行交互。
自助服务和提供者网络可以组合使用，也可以专门用于定义实例可用的网络连接类型。提供者网络给实例一个到OpenStack外部网络的第二层连接，而租户网络需要一个OpenStack路由器将它们连接到外部网络。

RHCA认证需要经历5门的学习与考试，还是需要花不少时间去学习与备考的，好好加油，可以噶🤪。