0. 要求:
使用light weight tunnel 功能, 实现单个bridge和单个vxlan设备使不同虚拟网络互通
####1. 基本概念:
1). vlan_filtering
Previously, if we wanted to use distinct subnets with guests on a virtualization server, we need to create multiple VLANs and bridges. Something like: Now, with the VLAN filtering feature, we only need one bridge interface and no VLAN interfaces.
2). LWT
A traditional vxlan netdev ▪ Deployed with one netdev per vni ▪ Each vxlan netdev maintains forwarding database (fdb) for its vni • Fdb entries hashed by mac Recent kernels support ability to deploy a single vxlan netdev for all VNI’s ▪ Such a mode is called collect_metadata or LWT mode ▪ A single forwarding database (fdb) for all VNI’s ▪ Fdb entries are hashed by <mac, VNI>
3. 网络配置
网络简单示意图: 目标:主机1和主机2都包含两个虚拟网络vlan1和vlan2,连接到同一个bridge,VID分别为 2和3, 实现两个主机内的同一虚拟网络ns之间通过vxlan通信。
1)基本设置 生成两个命名空间,模拟两个虚拟网络,连接到bridge
ip netns add ns2
ip netns add ns3
ip link add tap1_0 type veth peer name tap1_1
ip link set tap1_1 netns ns2
brctl addif br1 tap1_0
ip netns exec ns2 ip addr add local 100.0.1.2/24 dev tap1_1
ip link set tap1_0 up
ip netns exec ns2 ip link set tap1_1 up
ip link add tap2_0 type veth peer name tap2_1
ip link set tap2_1 netns ns3
brctl addif br1 tap2_0
ip netns exec ns3 ip addr add local 100.0.2.1/24 dev tap2_1
ip link set tap2_0 up
ip netns exec ns3 ip link set tap2_1 up
2)开启vlan filtering ,vlan vid设置
ip link set br1 type bridge vlan_filtering 1
bridge vlan add dev tap1_0 vid 2 pvid untagged master
bridge vlan add dev tap2_0 vid 3 pvid untagged master
bridge vlan add vid 2 dev vxlan0
bridge vlan add vid 3 dev vxlan0
3) VID映射设置
bridge vlan add dev vxlan0 vid 2 tunnel_info id 2
bridge vlan add dev vxlan0 vid 3 tunnel_info id 3
4) 结果 实现基本的互通
数据抓包分析
问题: vxlan没有实现vni的转换,两个虚网都使用vni 100。
vlan_tunnel on or vlan_tunnel off Controls whether vlan to tunnel mapping is enabled on the port. By default this flag is off.
bridge link set dev vxlan0 vlan_tunnel on
内核不支持。 系统更新到18.04,将iproute模块升级到4.15.0
问题:VID映射添加不了
原因一:在初始时添加vxlan设备时指定了VID
添加vxlan设备时需要格外注意(采用组播简单验证)。
ip link add vxlan0 type vxlan dstport 4789 external group \
239.1.1.1 local 192.168.1.4 dev eth0
相应修改后还是没有生成vlan id–>vxlan id的映射关系。LWT模式没有生效。 原因二:TODO
参考资料
https://developers.redhat.com/blog/2017/09/14/vlan-filter-support-on-bridge/ https://www.mail-archive.com/netdev@vger.kernel.org/msg149091.html https://www.systutorials.com/docs/linux/man/8-ip-link/ https://patchwork.ozlabs.org/cover/830914/ http://man7.org/linux/man-pages/man8/bridge.8.html https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/