【SFC】学习 -- Service Function Chain 链路编排

雪糕是宝贝
470 阅读3分钟

image.png

开启掘金成长之旅!这是我参与「掘金日新计划 · 2 月更文挑战」的第 14 天,点击查看活动详情

配置neutron 【计算节点!!!】

安装插件

yum -y install python-networking-sfc
  • 确保安装正常

image.png

  • /etc/neutron/plugins/ml2/openvswitch_agent.ini 修改配置文件,新增sfc扩展
[agent]
extensions = sfc
  • 重启neutron-openvswitch-agent.service服务
systemctl restart neutron-openvswitch-agent.service
  • 理论上就配置完了,确保agent服务正常
openstack network agent list

image.png

  • 确保网络连通性正常

image.png

测试,创建测试网络

创建NET-SFC网络,此步骤使用openstack dashboard创建,一共创建01-04四个测试网络

image.png

image.png

image.png

  • 重复操作,创建02-04,结果如下:

image.png

测试,创建测试端口

  • 创建管理口5个
openstack port create --network vlan29-mgt pm1
openstack port create --network vlan29-mgt pm2
openstack port create --network vlan29-mgt pm3
openstack port create --network vlan29-mgt pm4
openstack port create --network vlan29-mgt pm5
  • 确保网络创建完成

image.png

  • 创建业务口8个
openstack port create --network NET-SFC01 ps0
openstack port create --network NET-SFC01 ps1
openstack port create --network NET-SFC02 ps2
openstack port create --network NET-SFC02 ps3
openstack port create --network NET-SFC03 ps4
openstack port create --network NET-SFC03 ps5
openstack port create --network NET-SFC04 ps6
openstack port create --network NET-SFC04 ps7
  • 确保网络创建完成

image.png

  • 暂时关闭相关端口安全组
openstack port set --no-security-group pm1
openstack port set --no-security-group pm2
openstack port set --no-security-group pm3
openstack port set --no-security-group pm4
openstack port set --no-security-group pm5

openstack port set --no-security-group ps0
openstack port set --no-security-group ps1
openstack port set --no-security-group ps2
openstack port set --no-security-group ps3
openstack port set --no-security-group ps4
openstack port set --no-security-group ps5
openstack port set --no-security-group ps6
openstack port set --no-security-group ps7

openstack port set --disable-port-security pm1
openstack port set --disable-port-security pm2
openstack port set --disable-port-security pm3
openstack port set --disable-port-security pm4
openstack port set --disable-port-security pm5

openstack port set --disable-port-security ps0
openstack port set --disable-port-security ps1
openstack port set --disable-port-security ps2
openstack port set --disable-port-security ps3
openstack port set --disable-port-security ps4
openstack port set --disable-port-security ps5
openstack port set --disable-port-security ps6
openstack port set --disable-port-security ps7

测试 通过相关端口创建虚机

openstack server create --image centos7.9 --flavor 2C2G50G --port pm1 --port ps0 SFC-SRC

确保虚机拉起正常

image.png

创建虚机报错

Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2143, in _do_build_and_run_instance filter_properties, request_spec) File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 2485, in _build_and_run_instance reason=msg) BuildAbortException: Build of instance 6320b5f2-edc2-4e8e-b07c-0047f7ed8f6a aborted: Failed to allocate the network(s), not rescheduling.

解决

在nova的计算节点修改 /etc/nova/nova.conf

# Determine if instance should boot or fail on VIF plugging timeout. For more  
# information, refer to the documentation. (boolean value)  
vif_plugging_is_fatal=false  
  
# Timeout for Neutron VIF plugging event message arrival. For more information,  
# refer to the documentation. (integer value)  
# Minimum value: 0  
vif_plugging_timeout=0

重启计算服务

systemctl restart openstack-nova-compute.service

image.png

测试创建端口对

openstack sfc port pair create --ingress ps1 --egress ps2 PP1
openstack sfc port pair create --ingress ps3 --egress ps4 PP2
openstack sfc port pair create --ingress ps5 --egress ps6 PP3

image.png

创建测试端口组

openstack sfc port pair group create --port-pair PP1 PPG1
openstack sfc port pair group create --port-pair PP2 PPG2
openstack sfc port pair group create --port-pair PP3 PPG3

image.png

创建SFC

openstack sfc flow classifier create --source-ip-prefix 10.0.2.0/24 --destination-ip-prefix 10.0.5.0/24 --logical-source-port ps0 --logical-destination-port ps7 SFC1

openstack sfc port chain create --flow-classifier SFC1 --port-pair-group PPG1 --port-pair-group PPG2 --port-pair-group PPG3 SFC-Chain01

对称创建SFC【有反向链】

openstack sfc flow classifier create --source-ip-prefix 10.0.2.0/24 --destination-ip-prefix 10.0.5.0/24 --logical-source-port ps0 --logical-destination-port ps7 SFC2

#创建port chain,因为网线拓扑简单,流量简单,指定为对称的
openstack sfc port chain create --chain-parameters symmetric=true  --flow-classifier SFC1 --port-pair-group PPG1 --port-pair-group PPG2 --port-pair-group PPG3 SFC-Chain01

image.png

image.png

删除配置操作

openstack sfc port chain delete SFC-Chain01
openstack sfc flow classifier delete SFC01
openstack sfc port pair group delete PPG1
openstack sfc port pair group delete PPG2
openstack sfc port pair group delete PPG3
openstack sfc port pair delete PP1
openstack sfc port pair delete PP2
openstack sfc port pair delete PP3
avatar
文章
阅读
粉丝