cloudstack usersgroup_21_nakaya_20140912

Download CloudStack usersgroup_21_nakaya_20140912

Post on 27-Nov-2014

423 views

Category:

Software

9 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

  • 1. Apache CloudStack 4.4 New features of VPC 2014/9/12 21 CloudStack in Satoru Nakaya(@giraffeforestg)____ http://giraffeforestg.blog.fc2.com/

2. / Satoru Nakaya SAN VMware Certified Advanced Professional CCA for Citrix XenServer 2 3. 3 4. 4 VPC 1) Distributed routing and network ACL with OVS plug-in 2) Region wide Guest networks and VPC 5. 5 6. 6 7. 7 CloudStack VPC 8. User VM Instance Guest Network Basic Network 8 Internet VR 9. User VM Instance Guest Network Public Network Advanced Network 9 Internet VR 10. VPC (Virtual Private Cloud) 10 VPC-VR Internet Network1 (Web) Network2 (AP) Network3 (DB) IPSEC-VPN 11. 11 Distributed routing and network ACL with OVS plug-in 12. 12 Distributed routing and network ACL with OVS plug-in OVS Open vSwitch () Distributed routing network ACL 13. 13 Network1 VPC-VR Open vSwitch Open vSwitch HOST1 HOST2 Network2 Network3 Open vSwitch HOST3 Network4 14. 14 Network1 VPC-VR Open vSwitch Open vSwitch HOST1 HOST2 Network2 Network3 Open vSwitch HOST3 Network4 15. 15 Distributed routing with OVS plug-in 16. 16 Distributed routing with OVS plug-in VPC-VR Open vSwitch Open vSwitch Open vSwitch Full mesh of GRE tunnels 17. 17 18. 18 Apache Cloudstack 4.4 HOST: XenServer 6.2 SP1 x 3 19. 19 1) 2) 3) VPC 4) VPC VPC-VR Tier ACL () 5) VM 20. 20 1) sdn.ovs.controller.default.label sdn.ovs.controller.default.label cloudstack-management 21. 21 2) Advanced Network Physical Network Isolation methodGRE 22. 22 2) Isolation methodGRE ovs 23. 23 3) VPC 24. 24 3) Connectivity Provider Ovs Service Provider VpcVirtualRouter 25. 25 3) 26. 26 3) VPC Provider Ovs Service Provider VpcVirtualRouter 27. 4) VPC 27 VPC VPC 28. 4) VPC 28 29. 4) VPC 29 (Tier) 30. 4) VPC 30 31. 5) VM 31 32. 5) VM 32 VPC-VR 33. VPC-VRVM 33 WEB SERVER DB SERVER VPC-VR 34. 34 VPC GRE tunnels [root@xen01 ~]# ovs-vsctl show Bridge "xapi1" fail_mode: standalone Port "t125-1-5" Interface "t125-1-5" type: gre options: {cloudstack-network-id="6150d7b7-24fb-4a64-9cd0-b1e77f69d0c8", key="125", remote_ip="10.0.3.7"} Port "vif3.2" Interface "vif3.2" Port "t105-1-5" Interface "t105-1-5" type: gre options: {cloudstack-network-id="b5fb008f-ce97-4001-83db-23424547cfdb", key="105", remote_ip="10.0.3.7"} Port "xapi1" Interface "xapi1" type: internal Port "vif3.3" Interface "vif3.3" Port "t105-1-2" Interface "t105-1-2" type: gre options: {cloudstack-network-id="b5fb008f-ce97-4001-83db-23424547cfdb", key="105", remote_ip="10.0.3.6"} Port "t125-1-2" Interface "t125-1-2" type: gre options: {cloudstack-network-id="6150d7b7-24fb-4a64-9cd0-b1e77f69d0c8", key="125", remote_ip="10.0.3.6"} 35. 35 36. 10.50.1.53 10.50.2.218 36 VPC-VR 10.50.2.218/24 10.50.1.53/24 10.50.2.1/24 10.50.1.1/24 37. Ping 10.50.1.53 10.50.2.218 38. Tracert 10.50.1.53 10.50.2.218 39. 39 VPC-VR 10.50.2.218/24 10.50.1.53/24 10.50.2.1/24 10.50.1.1/24 40. VPC-VR [root@xen01 ~]# tcpdump -n -i vif3.2 tcpdump: WARNING: vif3.2: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif6.2, link-type EN10MB (Ethernet), capture size 65535 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel 40 [root@xen01 ~]# tcpdump -n -i vif3.3 tcpdump: WARNING: vif3.3: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif6.3, link-type EN10MB (Ethernet), capture size 65535 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel 41. Open vSwitch(1) [root@xen02 ~]# ovs-ofctl dump-flows xapi1 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=601.33s, table=0, n_packets=0, n_bytes=0, priority=1100,in_port=5 actions=resubmit(,1) cookie=0x0, duration=1244.934s, table=0, n_packets=19, n_bytes=2206, priority=1100,in_port=1 actions=resubmit(,1) cookie=0x0, duration=664.007s, table=0, n_packets=0, n_bytes=0, priority=1100,in_port=3 actions=resubmit(,1) cookie=0x0, duration=602.592s, table=0, n_packets=0, n_bytes=0, priority=1100,in_port=4 actions=resubmit(,1) cookie=0x0, duration=1245.463s, table=0, n_packets=23, n_bytes=2466, priority=1200,dl_dst=ff:ff:ff:ff:ff:ff actions=resubmit(,2) cookie=0x0, duration=601.34s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=5,nw_dst=224.0.0.0/24 actions=drop cookie=0x0, duration=602.602s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=4,nw_dst=224.0.0.0/24 actions=drop cookie=0x0, duration=664.017s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=3,nw_dst=224.0.0.0/24 actions=drop cookie=0x0, duration=592.617s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,in_port=2,nw_dst=10.50.1.0/24 actions=resubmit(,1) cookie=0x0, duration=1244.945s, table=0, n_packets=0, n_bytes=0, priority=1000,ip,in_port=1,nw_dst=224.0.0.0/24 actions=drop cookie=0x0, duration=1245.442s, table=0, n_packets=2, n_bytes=84, priority=0 actions=resubmit(,1) cookie=0x0, duration=592.617s, table=0, n_packets=0, n_bytes=0, priority=1100,ip,in_port=2,dl_dst=02:00:45:d3:00:02,nw_dst=10.50.0.0/16 actions=resubmit(,3) cookie=0x0, duration=601.35s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=5,dl_dst=ff:ff:ff:ff:ff:ff actions=drop cookie=0x0, duration=602.612s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=4,dl_dst=ff:ff:ff:ff:ff:ff actions=drop cookie=0x0, duration=664.028s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=3,dl_dst=ff:ff:ff:ff:ff:ff actions=drop cookie=0x0, duration=1244.961s, table=0, n_packets=0, n_bytes=0, priority=1000,in_port=1,dl_dst=ff:ff:ff:ff:ff:ff actions=drop cookie=0x0, duration=1245.452s, table=0, n_packets=0, n_bytes=0, priority=1200,ip,nw_dst=224.0.0.0/24 actions=resubmit(,2) cookie=0x0, duration=592.618s, table=1, n_packets=0, n_bytes=0, priority=1100,dl_dst=02:00:71:b4:00:01 actions=output:2 cookie=0x0, duration=592.616s, table=1, n_packets=0, n_bytes=0, priority=1100,dl_dst=02:00:14:01:00:02 actions=output:3 cookie=0x0, duration=592.617s, table=1, n_packets=0, n_bytes=0, priority=1100,dl_dst=02:00:45:d3:00:02 actions=output:1 cookie=0x0, duration=592.615s, table=1, n_packets=0, n_bytes=0, priority=1100,dl_dst=02:00:39:8e:00:01 actions=output:5 cookie=0x0, duration=592.614s, table=1, n_packets=0, n_bytes=0, priority=0 actions=resubmit(,2) 41 42. Open vSwitch(2) cookie=0x0, duration=600.994s, table=2, n_packets=4, n_bytes=468, priority=1100,in_port=5 actions=output:2 cookie=0x0, duration=600.994s, table=2, n_packets=0, n_bytes=0, priority=1100,in_port=1 actions=output:2 cookie=0x0, duration=600.995s, table=2, n_packets=0, n_bytes=0, priority=1100,in_port=3 actions=output:2 cookie=0x0, duration=600.994s, table=2, n_packets=5, n_bytes=810, priority=1100,in_port=4 actions=output:2 cookie=0x0, duration=600.993s, table=2, n_packets=0, n_bytes=0, priority=1100,in_port=2 actions=output:3,output:5,output:1,output:4 cookie=0x0, duration=600.993s, table=2, n_packets=0, n_bytes=0, priority=0 actions=drop cookie=0x0, duration=606.83s, table=3, n_packets=0, n_bytes=0, priority=0 actions=resubmit(,4) cookie=0x0, duration=606.831s, table=3, n_packets=0, n_bytes=0, priority=1002,ip,nw_src=10.50.1.0/24 actions=resubmit(,4) cookie=0x0, duration=606.83s, table=3, n_packets=0, n_bytes=0, priority=1002,ip,nw_src=10.50.2.0/24 actions=resubmit(,4) cookie=0x0, duration=592.618s, table=4, n_packets=0, n_bytes=0, ip,nw_dst=10.50.1.53 actions=mod_dl_src:02:00:45:d3:00:02,mod_dl_dst:02:00:71:b4:00:01,resubmit(,5) cookie=0x0, duration=592.614s, table=4, n_packets=0, n_bytes=0, ip,nw_dst=10.50.2.218 actions=mod_dl_src:02:00:14:01:00:02,mod_dl_dst:02:00:39:8e:00:01,resubmit(,5) cookie=0x0, duration=592.616s, table=4, n_packets=0, n_bytes=0, ip,nw_dst=10.50.1.1 actions=mod_dl_src:02:00:45:d3:00:02,mod_dl_dst:02:00:45:d3:00:02,resubmit(,5) cookie=0x0, duration=592.615s, table=4, n_packets=0, n_bytes=0, ip,nw_dst=10.50.2.1 actions=mod_dl_src:02:00:14:01:00:02,mod_dl_dst:02:00:14:01:00:02,resubmit(,5) cookie=0x0, duration=592.614s, table=4, n_packets=0, n_bytes=0, priority=0 actions=resubmit(,1) cookie=0x0, duration=606.829s, table=5, n_packets=0, n_bytes=0, priority=0 actions=drop cookie=0x0, duration=606.831s, table=5, n_packets=0, n_bytes=0, priority=1001,ip,nw_dst=10.50.2.0/24 actions=resubmit(,1) cookie=0x0, duration=606.832s, table=5, n_packets=0, n_bytes=0, priority=1001,ip,nw_dst=10.50.1.0/24 actions=resubmit(,1) 42 43. 10.50.1.53 10.50.1.1 43 VPC-VR 10.50.2.218/24 10.50.1.53/24 10.50.2.1/24 10.50.1.1/24 44. Ping 10.50.1.53 10.50.1.1 45. 45 VPC-VR 10.50.2.218/24 10.50.1.53/24 10.50.2.1/24 10.50.1.1/24 46. VPC-VR [root@xen01 ~]# tcpdump -n -i vif3.2 tcpdump: WARNING: vif3.2: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vif3.2, link-type EN10MB (Ethernet), capture size 65535 bytes 22:02:10.978747 IP 10.50.1.53 > 10.50.1.1: ICMP echo request, id 33555, seq 7, length 64 22:02:10.978990 IP 10.50.1.1 > 10.50.1.53: ICMP echo reply, id 33555, seq 7, length 64 22:02:11.978760 IP 10.50.1.53 > 10.50.1.1: ICMP echo request, id 33555, seq 8, length 64 22:02:11.979023 IP 10.50.1.1 > 10.50.1.53: ICMP echo reply, id 33555, seq 8, length 64 22:02:12.978616 IP 10.50.1.53 > 10.50.1.1: ICMP echo request, id 33555, seq 9, length 64 22:02:12.978911 IP 10.50.1.1 > 10.50.1.53: ICMP echo reply, id 33555, seq 9, length 64 22:02:13.978617 IP 10.50.1.53 > 10.50.1.1: ICMP echo request, id 33555, seq 10, length 64 22:02:13.978863 IP 10.50.1.1 > 10.50.1.53: ICMP echo reply, id 33555, seq 10, length 64 ^C 8 packets captured 8 packets received by filter 0 packets dropped by kernel 46 47. VPC-VR [root@xen01 ~]# tcpdump -n -i eth2 ip proto gre tcpdump: WARNING: eth2: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e