Skip to main content

How to devStack on single machine with Overlay VxLAN Tunnels part2

Devstack Basic Operations from Horizon, launch your first instance follow the steps from the screen shot's below












































































































































































































VXLAN stands for Virtual eXtensible Local Area Network, and is a means to solve the scaling challenges of VLAN networks in a multitenant environment.VXLAN is an overlay network which transports an L2 network over existing L3 network. For more information on VXLAN, please see RFC 7348:
Encapsulation Overview
Layer 2 Overlay scheme over Layer 3
network
Designed for VM-to-VM communication
in mind
VXLAN should be transparent to end
hosts
Provide L2 segmentation ability > 4096
VLANs
24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments

Encapsulation Overview
Layer 2 Overlay scheme over Layer 3
network
Designed for VM-to-VM communication
in mind
VXLAN should be transparent to end
hosts
Provide L2 segmentation ability > 4096
VLANs
24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments
  •      Layer 2 Overlay scheme over Layer 3 network
  •       Designed for VM-to-VM communication in mind
  •        VXLAN should be transparent to end hosts
  •        Provide L2 segmentation ability > 4096 VLANs
  •       24 bit VXLAN Network Identifier (VNI)
  •       16M VXLAN segments 


Forwarding Overview
  • Data-Plane based learning and forwarding
  • VXLAN relies on Data-Plane learning of associated host MAC addresses to VTEP IP’s through source learning
  • Similar to Layer 2 with flood and learn


VxLAN Tunnels configuration and verification 
Encapsulation Overview
Layer 2 Overlay scheme over Layer 3
network
Designed for VM-to-VM communication
in mind
VXLAN should be transparent to end
hosts
Provide L2 segmentation ability > 4096
VLANs
24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments
Encapsulation Overview
Layer 2 Overlay scheme over Layer 3
network
Designed for VM-to-VM communication
in mind
VXLAN should be transparent to end
hosts
Provide L2 segmentation ability > 4096
VLANs
24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments
Encapsulation Overview
Layer 2 Overlay scheme over Layer 3
network
Designed for VM-to-VM communication
in mind
VXLAN should be transparent to end
hosts
Provide L2 segmentation ability > 4096
VLANs
24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments

Make sure there is IP reachability between the two hypervisors that you want to tunnel the traffic i.e hypervisor 192.168.10.1 can reach hypervisor 172.0.16.50 and the vlan(s) you want to extend reachability are present on both hypervisors
Work Flow 
run a ping test from 192.168.10.1 to verify if you can reach 172.0.16.50 and vise versa   
weed@cloud2 ~(neutron)$ping -c 1 172.0.16.50
PING 172.0.16.50 (172.0.16.50) 56(84) bytes of data.
64 bytes from 172.0.16.50: icmp_seq=1 ttl=63 time=23.4 ms
--- 172.0.16.50 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 23.467/23.467/23.467/0.000 ms

 root@east01:~# ping -c 1 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_req=1 ttl=63 time=72.2 ms
--- 192.168.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 72.268/72.268/72.268/0.000 ms

weed@cloud2 ~(neutron)$sudo ovs-vsctl show
f5cee918-86f4-4b83-9454-8b54046ba577
    Bridge "br-eth0"
        Port "eth0"
            Interface "eth0"
        Port "phy-br-eth0"
            Interface "phy-br-eth0"
                type: patch
                options: {peer="int-br-eth0"}
        Port "br-eth0"
            Interface "br-eth0"
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-int
        fail_mode: secure
        Port "qvof4d277a3-f0"
            tag: 3
            Interface "qvof4d277a3-f0"
        Port "tap20e4a35f-2c"
            tag: 1
            Interface "tap20e4a35f-2c"
                type: internal
        Port "qr-36be3660-8d"
            tag: 2
            Interface "qr-36be3660-8d"
                type: internal
        Port "tapb4053e4d-98"
            tag: 2
            Interface "tapb4053e4d-98"
                type: internal
        Port "int-br-eth0"
            Interface "int-br-eth0"
                type: patch
                options: {peer="phy-br-eth0"}
        Port "qg-b9716926-05"
            tag: 4
            Interface "qg-b9716926-05"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qr-81a8f351-40"
            tag: 3
            Interface "qr-81a8f351-40"
                type: internal
        Port "tapbc9dc5e5-c4"
            tag: 2
            Interface "tapbc9dc5e5-c4"
                type: internal
        Port "tap858b8828-54"
            tag: 3
            Interface "tap858b8828-54"
                type: internal
        Port "tape58fbfa9-a9"
            tag: 4
            Interface "tape58fbfa9-a9"
                type: internal
    ovs_version: "2.1.3"

So far no tunneling, this can be reveled from the output above. Let's work out the xvlan tunnel
  
weed@cloud2 ~(neutron)$sudo ovs-vsctl add-port br-int vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=172.0.16.50
 
weed@cloud2 ~(neutron)$sudo ovs-vsctl show
f5cee918-86f4-4b83-9454-8b54046ba577
    Bridge "br-eth0"
        Port "phy-br-eth0"
            Interface "phy-br-eth0"
                type: patch
                options: {peer="int-br-eth0"}
        Port "eth0"
            Interface "eth0"
        Port "br-eth0"
            Interface "br-eth0"
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "qvof4d277a3-f0"
            Interface "qvof4d277a3-f0"
        Port "tap20e4a35f-2c"
            tag: 1
            Interface "tap20e4a35f-2c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-36be3660-8d"
            tag: 2
            Interface "qr-36be3660-8d"
                type: internal
        Port "tapb4053e4d-98"
            tag: 2
            Interface "tapb4053e4d-98"
                type: internal
        Port "qg-b9716926-05"
            tag: 4
            Interface "qg-b9716926-05"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-81a8f351-40"
            tag: 3
            Interface "qr-81a8f351-40"
                type: internal
        Port "vxlan1"
            Interface "vxlan1"
                type: vxlan
                options: {remote_ip="172.0.16.50"}
        Port "int-br-eth0"
            Interface "int-br-eth0"
                type: patch
                options: {peer="phy-br-eth0"}
        Port "tapbc9dc5e5-c4"
            tag: 2
            Interface "tapbc9dc5e5-c4"
                type: internal
        Port "tap858b8828-54"
            tag: 3
            Interface "tap858b8828-54"
                type: internal
        Port "tape58fbfa9-a9"
            tag: 4
            Interface "tape58fbfa9-a9"
                type: internal
    ovs_version: "2.1.3"

Verify IP reachability from the remote tenant  and vise versa

root@net03wwww:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:09:7d:24 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.100/24 brd 10.0.20.255 scope global eth0
    inet6 fe80::a00:27ff:fe09:7d24/64 scope link 
       valid_lft forever preferred_lft forever


root@net03wwww:~# ping -c 1 10.0.20.58
PING 10.0.20.58 (10.0.20.58) 56(84) bytes of data.
64 bytes from 10.0.20.58: icmp_req=1 ttl=64 time=22.7 ms

--- 10.0.20.58 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 22.715/22.715/22.715/0.000 ms
 

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether fa:16:3e:13:fa:46 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.58/24 brd 10.0.20.255 scope global eth0
    inet6 fe80::f816:3eff:fe13:fa46/64 scope link 
       valid_lft forever preferred_lft forever



$ ping -c 1 10.0.20.100
PING 10.0.20.100 (10.0.20.100): 56 data bytes
64 bytes from 10.0.20.100: seq=0 ttl=64 time=12.935 ms

--- 10.0.20.100 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 12.935/12.935/12.935 ms

 Ping test from the hypervisor to the tenants (remote & local tenants)

weed@cloud2 ~(neutron)$sudo ip netns exec qrouter-cbde91df-9cc7-4d53-8724-d606fc9878eb ping -c 1 10.0.20.100 
PING 10.0.20.100 (10.0.20.100) 56(84) bytes of data.
64 bytes from 10.0.20.100: icmp_seq=1 ttl=64 time=21.5 ms

--- 10.0.20.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.557/21.557/21.557/0.000 ms

weed@cloud2 ~(neutron)$sudo ip netns list
qdhcp-e2f6f1cd-e31c-4f43-a9f9-2be84646b50b
qdhcp-0e889d08-9316-48bd-9ba3-a283392952b9
qdhcp-88c8fc49-3ad1-4388-80f4-2f870962347d
qrouter-cbde91df-9cc7-4d53-8724-d606fc9878eb

weed@cloud2 ~(neutron)$sudo ip netns exec qrouter-cbde91df-9cc7-4d53-8724-d606fc9878eb ping -c 1 10.0.20.58
PING 10.0.20.58 (10.0.20.58) 56(84) bytes of data.
64 bytes from 10.0.20.58: icmp_seq=1 ttl=64 time=2.30 ms

--- 10.0.20.58 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.303/2.303/2.303/0.000 ms
Labels:

Popular posts from this blog

How To Install the Anaconda Python Distribution on Debian 9 And Running a public notebook server

Anaconda Distribution is an open-source package manager, environment manager and distribution of Python and R programming languages. With a collection of 1,000+ open source packages with free community support. Designed for data science and machine learning workflows, you can use it whether you are on Windows, macOS or Linux. The Anaconda distribution ships with the conda command-line package management utility. You can learn more about Anaconda and conda by reading the official Anaconda Documentation . Jupyter is a browser-based interpreter that allows you to interactively work with Python and R. Anaconda provides Jupyter as well. You can think of Jupyter as a digital notebook that gives you an ability to execute commands, take notes and draw charts.It’s primarily used by Data Scientists. But I find that very useful tool if you are learning Python or R. It’s basically the same as working on a shell but much better. The Jupyter notebook web application is based on a
Read more

How to create REST API using Django REST Framework

This post begins with already working project and app's, I found that there some few requirement's that my project needed to handle and the best option for those requirement's was to use the Django's  Rest Framework. The way that I will tackle this task is more specific to the needs of the project rather than a one to one how to..., that being said you can still follow along, the approach that I'm going to use is easy to follow since I'll be providing a lot of information a log the way for better understanding of the why and how.....this code is available on Github , enough with the alerts and on with the show. Note:  If you would want to mimic the exactly settings then you will need to enable user authentication on your project you can follow this link for details .  Start with the DRF (Django Rest Framework) installation pip3 install djangorestframework For our app to use DRF, we'll have to add rest_framework into our settings.py.   nan
Read more

django react app setting up the backend

On the previous article I demonstrated how we can use the generic views along with ModelSerializer classes to rapidly develop our REST APIs. Knowledge that you will need  in your career as full stack / backend developer, however think of this article as an extension to the previous one, equipped with what we already know about REST API we will step our game up and discuss about ViewSet, ModelViewset we will dig deep into the concepts of Routers which allow us to manage our api routes in a simple and sophisticated manner as well as helping to speed up building APIs even further. There for on part II of this article i'll work you through on how React application can consume this RESTful API. There for at the end of the day we will have a full stack web app, in short we strat our development at the backend then later on we move at the frontend... so are you excited and ready to take the challange? lets do this then..... you can get source code for the bakend on github Preparat
Read more