當neutron啓用L3 agent時,如果在配置文件中配置了external_network_bridge,從這個bridge上出去的包只能是untag的。但在DC中,極有可能被分配的是某一vlan。這種情況下,在配置文件中就要如下設置:
/etc/neutron/l3_agent.ini
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge
external_network_bridge = ""設定external網絡可以參照以下命令:
neutron net-create --shared vlan840 --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 840 --router:external=True
其他設置可以參考以下blog:
設定完成後拓補如下:
、我們可以在vlan840上直接起虛機,也可以在vlan850(內部網絡上)啓動虛機。
在網絡節點上看到:
# ovs-vsctl show
418f4819-8ad6-4fe5-a959-3605eee4852b
Bridge "br-eth1"
Port "phy-br-eth1"
Interface "phy-br-eth1"
Port "br-eth1"
Interface "br-eth1"
type: internal
Port "eth1"
Interface "eth1"
Bridge br-int
Port "tapa570fb69-fb"
tag: 5
Interface "tapa570fb69-fb"
type: internal
Port "qr-f01fed18-ad"
tag: 5
Interface "qr-f01fed18-ad"
type: internal
Port br-int
Interface br-int
type: internal
Port "tapa7b25e2f-ad"
tag: 1
Interface "tapa7b25e2f-ad"
type: internal
Port "qg-d2f9cb0b-11"
tag: 3
Interface "qg-d2f9cb0b-11"
type: internal
Port "tapa85a86f8-c1"
tag: 3
Interface "tapa85a86f8-c1"
type: internal
Port "int-br-eth1"
Interface "int-br-eth1"
ovs_version: "1.11.0"qr-XXX和qg-YYY都在br-eth1上,qg-YYY和qr-XXX之間是L3 agent通過iptables的nat轉換來實現的。