开启掘金成长之旅！这是我参与「掘金日新计划 · 2 月更文挑战」的第 17 天，点击查看活动详情

• 创建VLAN网络

SFC_VLAN_1
10.0.10.0/24
10.0.10.100,10.0.10.252


SFC_VLAN_2
10.0.11.0/24
10.0.11.100,10.0.11.252


SFC_VLAN_3
10.0.12.0/24
10.0.12.100,10.0.12.252


SFC_VLAN_4
10.0.13.0/24
10.0.13.100,10.0.13.252

交换机配置

interface range Ten-GigabitEthernet 1/0/10 to Ten-GigabitEthernet 1/0/35
port trunk permit vlan 2010 to 2013

interface Vlan-interface 2010
ip address 10.0.10.254 24


interface Vlan-interface 2011
ip address 10.0.11.254 24

interface Vlan-interface 2012
ip address 10.0.12.254 24

interface Vlan-interface 2013
ip address 10.0.13.254 24

openstack port create --network vlan29-mgt pm6
openstack port create --network vlan29-mgt pm7 
openstack port create --network vlan29-mgt pm8 
openstack port create --network vlan29-mgt pm9 
openstack port create --network vlan29-mgt pm10

openstack port create --network SFC_VLAN_1 ps8 
openstack port create --network SFC_VLAN_1 ps9 
openstack port create --network SFC_VLAN_2 ps10 
openstack port create --network SFC_VLAN_2 ps11
openstack port create --network SFC_VLAN_3 ps12
openstack port create --network SFC_VLAN_3 ps13
openstack port create --network SFC_VLAN_4 ps14
openstack port create --network SFC_VLAN_4 ps15


openstack port set --no-security-group pm6
openstack port set --no-security-group pm7
openstack port set --no-security-group pm8
openstack port set --no-security-group pm9
openstack port set --no-security-group pm10

openstack port set --no-security-group ps8
openstack port set --no-security-group ps9
openstack port set --no-security-group ps10
openstack port set --no-security-group ps11
openstack port set --no-security-group ps12
openstack port set --no-security-group ps13
openstack port set --no-security-group ps14
openstack port set --no-security-group ps15

openstack port set --disable-port-security pm6
openstack port set --disable-port-security pm7
openstack port set --disable-port-security pm8
openstack port set --disable-port-security pm9
openstack port set --disable-port-security pm10


openstack port set --disable-port-security ps8
openstack port set --disable-port-security ps9
openstack port set --disable-port-security ps10
openstack port set --disable-port-security ps11
openstack port set --disable-port-security ps12
openstack port set --disable-port-security ps13
openstack port set --disable-port-security ps14
openstack port set --disable-port-security ps15

openstack server create --image centos7.9 --flavor 2C2G50G --port pm6 --port ps8 SFC-VLAN-SRC

openstack server create --image centos7.9 --flavor 2C2G50G --port pm7 --port ps9 --port ps10 SFC-VLAN-VM1

openstack server create --image centos7.9 --flavor 2C2G50G --port pm8 --port ps11 --port ps12 SFC-VLAN-VM2

openstack server create --image centos7.9 --flavor 2C2G50G --port pm9 --port ps13 --port ps14 SFC-VLAN-VM3

openstack server create --image centos7.9 --flavor 2C2G50G --port pm10 --port ps15 SFC-VLAN-DEST

# 192.168.10.11 SRC
# 192.168.10.31 vm1
# 192.168.10.37 vm2
# 192.168.10.25 vm3
# 192.168.10.24 vm4

• 由于使用的为VLAN组网，因此虚机可以访问自己的网关

openstack sfc port pair create --ingress ps9 --egress ps10 PP4
openstack sfc port pair create --ingress ps11 --egress ps12 PP5
openstack sfc port pair create --ingress ps13 --egress ps14 PP6

• 创建接口报错，SFC不支持VLAN组网

查看networking_sfc源码，有这么一处：

@log_helpers.log_method_call  
def _get_port_detail_info(self, port_id):  
    *"""Get port detail.  
  
    @param: port_id: uuid  
    @return: (host_id, local_ip, network_type, segment_id,  
    service_insert_type): tuple  
    """  
  
*core_plugin = directory.get_plugin()  
    port_detail = core_plugin.get_port(self.admin_context, port_id)  
    host_id, local_ip, network_type, segment_id, mac_address = (  
        (None, ) * 5)  
  
    if port_detail:  
        host_id = port_detail['binding:host_id']  
        network_id = port_detail['network_id']  
        mac_address = port_detail['mac_address']  
        network_info = core_plugin.get_network(  
            self.admin_context, network_id)  
        network_type = network_info['provider:network_type']  
        segment_id = network_info['provider:segmentation_id']  
  
    if network_type != const.TYPE_VXLAN:  
        LOG.warning("Currently only support vxlan network")  
        return ((None, ) * 5)  
    elif not host_id:  
        LOG.warning("This port has not been binding")  
        return ((None, ) * 5)  
    else:  
        driver = core_plugin.type_manager.drivers.get(network_type)  
        host_endpoint = driver.obj.get_endpoint_by_host(host_id)  
        if host_endpoint:  
            local_ip = host_endpoint['ip_address']  
        else:  
            local_ip = None  
  
    return host_id, local_ip, network_type, segment_id, mac_address

目前只支持vxlan网络，否则host_id, local_ip, network_type, segment_id, mac_address设置为空，因此会引发上述异常。