TaaS(Tap-as-Service)的使用方法

Openstack jus4fun 559 阅读

当Taas安装完成后,neutron命令下将会多出如下的tap开头的指令,使用这些指令可以快速的创建、删除流量镜像。 现以创建一个流量监控为例说明Taas的基本使用方法,这里我一共开启了四台虚拟机,ubuntu1ubuntu2部署在了compute1节点,ubuntu3ubuntu4部署在了compute2节点。假设现在需要将所有虚拟机的流量全部转发至ubuntu1上,则需要进行如下操作。:

1.查看虚拟机对应的IP地址

root@controller:~# openstack server list
+--------------------------------------+---------+--------+-----------------------------------------+--------+---------+
| ID                                   | Name    | Status | Networks                                | Image  | Flavor  |
+--------------------------------------+---------+--------+-----------------------------------------+--------+---------+
| 529bbe53-23d5-428b-9ff7-bb8193d37440 | ubuntu4 | ACTIVE | selfservice=192.168.6.8, 192.168.5.224  | ubuntu | bigdisk |
| 3bda2733-bbf3-47b4-9b64-9b77def4db9f | ubuntu3 | ACTIVE | selfservice=192.168.6.9, 192.168.5.223  | ubuntu | bigdisk |
| 297ad6b0-b685-4e87-ab16-4b08c6fbe991 | ubuntu2 | ACTIVE | selfservice=192.168.6.3, 192.168.5.222  | ubuntu | bigdisk |
| 1d55eac6-6d94-4f12-8342-5a3cacc0cc24 | ubuntu1 | ACTIVE | selfservice=192.168.6.20, 192.168.5.221 | ubuntu | bigdisk |
+--------------------------------------+---------+--------+-----------------------------------------+--------+---------+

2.查看每个网口(port)的id

root@controller:~# openstack port list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                           | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 0cb8c854-6c2d-4c97-b183-19ba7762da46 |      | fa:16:3e:7a:b8:9c | ip_address='192.168.6.20', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'  | ACTIVE |
| 265e85a7-f55b-4b9a-b5f7-a4709b21a0f1 |      | fa:16:3e:c3:4c:2c | ip_address='192.168.5.212', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | DOWN   |
| 27e3b742-03af-48f4-8e2f-4909973fda38 |      | fa:16:3e:5b:28:b8 | ip_address='192.168.5.222', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| 2b85adb0-d3e9-4548-96ac-baf7dc98e89e |      | fa:16:3e:42:2a:0f | ip_address='192.168.5.203', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| 371cd5c6-ff5d-4e5f-b211-98f158b28916 |      | fa:16:3e:11:76:51 | ip_address='192.168.5.224', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| 4b6e213b-0fc4-4d61-8f80-14e77645a7aa |      | fa:16:3e:32:89:83 | ip_address='192.168.5.211', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| 519c1922-00e4-4fc9-b43d-a76ab6c2226d |      | fa:16:3e:58:07:1f | ip_address='192.168.6.2', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'   | ACTIVE |
| 5ce64963-d771-40ce-a3dc-07fa86ed40f7 |      | fa:16:3e:60:0a:9d | ip_address='192.168.6.3', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'   | ACTIVE |
| 5dbadda1-0ea2-4dd4-8af4-28bc0c50e1b0 |      | fa:16:3e:dd:5f:21 | ip_address='192.168.5.200', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | ACTIVE |
| 7d65a315-7280-4cf7-a12d-b47eb37ffafe |      | fa:16:3e:8c:b7:50 | ip_address='192.168.5.201', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| 81f6e6ed-4ab5-401a-85be-515a1829c820 |      | fa:16:3e:63:3b:53 | ip_address='192.168.5.204', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| a20b6050-fb60-41e7-bbda-fcec28fd67a7 |      | fa:16:3e:a9:39:8f | ip_address='192.168.5.210', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| a8acb1f5-ca89-4afd-bea3-c69264037ce7 |      | fa:16:3e:ce:c5:5b | ip_address='192.168.5.202', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| aaaac005-c226-4d91-9549-2dcb5c8fc2ab |      | fa:16:3e:21:27:c8 | ip_address='192.168.6.1', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'   | ACTIVE |
| b3c44ef2-06fc-4e56-9fa3-a29be1269158 |      | fa:16:3e:5f:40:3e | ip_address='192.168.5.206', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| cc9ca8a2-b943-4e13-8b28-8587286fa229 |      | fa:16:3e:14:de:f2 | ip_address='192.168.6.9', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'   | ACTIVE |
| d47248e1-7190-4e7b-b6cb-509f7a0fa28e |      | fa:16:3e:13:0a:93 | ip_address='192.168.5.220', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| d988259a-a2a7-4d40-88b6-14b06430fbff |      | fa:16:3e:28:7b:d1 | ip_address='192.168.6.8', subnet_id='8a8f23b0-998d-4e86-ae08-2e725d263bed'   | ACTIVE |
| eab90a6e-0098-4e20-971b-2ae6a0c66e77 |      | fa:16:3e:e2:fc:13 | ip_address='192.168.5.223', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
| f1379006-5b89-46ab-9179-152b2da4a25f |      | fa:16:3e:2c:11:61 | ip_address='192.168.5.221', subnet_id='6d5e1c54-eac4-43a9-a087-7decf3fa7610' | N/A    |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+

3.创建一个Taas服务绑定至ubuntu1192.168.6.20端口上

root@controller:~# neutron tap-service-create --name testTaasService --port 0cb8c854-6c2d-4c97-b183-19ba7762da46
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new tap_service:
+-------------+--------------------------------------+
| Field       | Value                                |
+-------------+--------------------------------------+
| description |                                      |
| id          | 63747144-41b5-4bb2-97f2-6dfc3ea7e42d |
| name        | testTaasService                      |
| port_id     | 0cb8c854-6c2d-4c97-b183-19ba7762da46 |
| project_id  | f61b281cbe90409c8e60f1a070034e14     |
| status      | ACTIVE                               |
| tenant_id   | f61b281cbe90409c8e60f1a070034e14     |
+-------------+--------------------------------------+

4.创建一个ubuntu4Tap-flow并绑定到刚刚创建的服务上

root@controller:~# neutron tap-flow-create --port d988259a-a2a7-4d40-88b6-14b06430fbff --tap-service testTaasService --name ubuntu4-tap --direction both
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new tap_flow:
+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| description    |                                      |
| direction      | BOTH                                 |
| id             | e70350c1-0cf9-46c0-a9b5-7aa77b83653b |
| name           | ubuntu4-tap                          |
| project_id     | f61b281cbe90409c8e60f1a070034e14     |
| source_port    | d988259a-a2a7-4d40-88b6-14b06430fbff |
| status         | ACTIVE                               |
| tap_service_id | 63747144-41b5-4bb2-97f2-6dfc3ea7e42d |
| tenant_id      | f61b281cbe90409c8e60f1a070034e14     |
+----------------+--------------------------------------+

5.测试

这里我们先用ubuntu4去pingubuntu3内网地址,结果如下:

然后使用ubuntu2去pingubuntu4的浮动ip,结果如下:

再试试使用ubuntu2去pingubuntu3(二者均未被监控),结果如下: