Hp helion openstack
Download 467.98 Kb.
|
- Navigate this page:
- 1.OpenStack Neutron
| HP Helion OpenStack 1.1
May 2014
Tomáš Kubica, Solution architect Document version 0.10 EN HP HELION OPENSTACK LAB GUIDE networking deep dive Obsah1.OpenStack Neutron 3 2.Packet walkthrough 3 2.1.Troubleshooting methodology 3 2.2.Collecting information 3 2.3.VM to VM in single network on single compute node 4 2.3.1.Traffic leaving VM 5 2.3.2.Applying Security Group 6 2.3.3.Traffic after Security Groups are applied 6 2.3.4.Entering vSwitch br-int 7 2.3.5.From br-int vSwitch to destination instance 8 2.4.VM to VM in single network on two compute nodes 9 2.4.1.Entering vSwitch br-int 9 2.4.2.Setting up tunnels and sending to underlay 9 2.4.3.OpenFlow rules in br-tun 10 2.4.4.Going out of compute node 11 2.4.5.Receiving traffic on second compute node 12 2.4.6.Entering vSwitch br-tun 12 2.4.7.OpenFlow rules in receiving br-tun 13 2.4.8.Receiving br-int vSwitch 14 2.4.9.Final step 15 2.5.North-South with Floating IP 15 2.5.1.Traffic leaving VM 16 2.5.2.Entering vSwitch br-int 16 2.5.3.OpenFlow rules in br-int 17 2.5.4.Router 18 2.5.5.Floating IP name space 21 2.5.6.Traffic leaving virtual world 21 2.6.East-West routing 22 2.6.1.Traffic leaving VM 23 2.6.2.Entering vSwitch br-int 23 2.6.3.Router 24 2.6.4.Back from router to br-int 26 2.6.5.Going out of compute node 26 2.6.6.Receiving on second compute node 28 2.6.7.OpenFlow rules in receiving br-tun vSwitch 28 2.6.8.OpenFlow rules in receiving br-int 29 2.6.9.Final step 30 2.6.10.And what about way back? 31 2.7.North-South routing with SNAT 31 2.7.1.Traffic leaving VM 32 2.7.2.Entering vSwitch br-int 33 2.7.3.Router 33 2.7.4.Back from router to br-int 35 2.7.5.Going out of compute node 35 2.7.6.Receiving in Network Node 37 2.7.7.OpenFlow rules in Network Node br-tun 38 2.7.8.OpenFlow rules Network Node br-int 38 2.7.9.SNAT namespace 39 2.7.10.Final step 41 2.8.DHCP traffic 42 2.8.1.Traffic leaving VM 43 2.8.2.Spoofing protection 44 2.8.3.Entering vSwitch br-int 44 2.8.4.Going out of Compute Node 45 2.8.5.Receiving in Network Node 46 2.8.6.OpenFlow rules in Network Node br-tun vSwitch 47 2.8.7.OpenFlow rules Network Node br-int vSwitch 48 2.8.8.DHCP server 49 3.Monitoring and troubleshooting 50 3.1.Mirroring VM traffic to centralized analyzer analyzátoru (RSPAN) 50 3.2.Flow monitoring 51 3.2.1.NetFlow 51 3.2.2.sFlow 55
1.OpenStack Neutron… 2.Packet walkthrough2.1.Troubleshooting methodology… 2.2.Collecting informationFor troubleshooting it is essential to start by collecting information regarding instances, compute nodes, MAC and IP addresses, various IDs such as tenant ID, instance ID etc. Get your project tenant ID keystone tenant-get mujprojekt +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | baa7096fe1d54571900c3758397e0939 | | name | mujprojekt | +-------------+----------------------------------+ On what physical compute nodes your instances are running and what is its local VM name (you need to run this OpenStack CLI command using admin account)? nova list --all-tenants 1 --tenant baa7096fe1d54571900c3758397e0939 --fields name,OS-EXT-SRV-ATTR:host,OS-EXT-SRV-ATTR:instance_name +--------------------------------------+------------+-------------------------------------+--------------------------------+ | ID | Name | OS-EXT-SRV-ATTR: Host | OS-EXT-SRV-ATTR: Instance Name | +--------------------------------------+------------+-------------------------------------+--------------------------------+ | eb347271-dc5a-46cf-9150-0a7defffc6d1 | instance-1 | overcloud-novacompute0-vli5de2egecg | instance-0000010d | | 70d0662f-9c69-4d0b-99e7-2dde4e0494e8 | instance-2 | overcloud-novacompute0-vli5de2egecg | instance-0000010e | | e1975422-a543-4ce4-be36-bce191816161 | instance-3 | overcloud-novacompute0-vli5de2egecg | instance-0000010f | +--------------------------------------+------------+-------------------------------------+--------------------------------+ Let’s look inside of compute node – first we need to know its IP address nova hypervisor-list +----+-----------------------------------------------+ | ID | Hypervisor hostname | +----+-----------------------------------------------+ | 1 | overcloud-novacompute0-vli5de2egecg.novalocal | | 2 | overcloud-novacompute1-c4ia2jfbd75d.novalocal | +----+-----------------------------------------------+ nova hypervisor-show overcloud-novacompute0-vli5de2egecg.novalocal | grep host_ip | host_ip | 10.0.10.14 Log into compute node. You need to have valid certificate for that, typically you can do this from your Seed VM root@hLinux:~# ssh heat-admin@10.0.10.14 Linux overcloud-novacompute0-vli5de2egecg 3.14.29-4-amd64-hlinux #hlinux1 SMP Mon Feb 9 20:32:22 UTC 2015 x86_64 The programs included with the hLinux system are free software; the exact license terms for each program are described in the individual files in /usr/share/doc/*/copyright. Last login: Mon May 4 13:31:09 2015 from 10.0.10.2 $ sudo -i root@overcloud-novacompute0-vli5de2egecg:~# Let’s see running VMs root@overcloud-novacompute0-vli5de2egecg:~# virsh list Id Name State ---------------------------------------------------- 5 instance-00000055 running 6 instance-00000056 running 74 instance-000000bd running 79 instance-000000c8 running 96 instance-000000e2 running 104 instance-000000eb running 105 instance-000000ed running 106 instance-000000ee running 107 instance-000000ef running 124 instance-00000108 running 125 instance-00000109 running 126 instance-0000010a running 127 instance-0000010b running 128 instance-0000010c running 129 instance-0000010d running 130 instance-0000010f running 131 instance-0000010e running We are especially interested in our particular VM with local name instance-0000010d. Use dumpxml to get all information, but we are specifically looking for its virtual NIC (tap interface). root@overcloud-novacompute0-vli5de2egecg:~# virsh dumpxml instance-0000010d | grep -A 7 " |