Networking
使用 OVN 設置 DHCP
我正在嘗試設置一個類似於此處描述的環境,其中 OVN 將為邏輯網路提供 DHCP 服務。
我有一個名為 `net0 的邏輯交換機,有兩個埠:
[root@ovn0 ~]# ovn-nbctl show [root@ovn0 ~]# ovn-nbctl show switch 0507d649-0730-4fdc-95cd-943b25e613ab (net0 port port2 addresses: ["c0:ff:ee:00:00:12 10.0.0.12"] port port1 addresses: ["c0:ff:ee:00:00:11 10.0.0.11"]這些埠綁定在兩個名為
ovn1and的機箱上ovn2:[root@ovn0 ~]# ovn-sbctl show Chassis ovn0 hostname: ovn0.virt Encap geneve ip: "192.168.122.80" options: {csum="true"} Chassis ovn1 hostname: ovn1.virt Encap geneve ip: "192.168.122.99" options: {csum="true"} Port_Binding port1 Chassis ovn2 hostname: ovn2.virt Encap geneve ip: "192.168.122.109" options: {csum="true"} Port_Binding port2On
ovn1,port1是br-int開關的一部分:[root@ovn1 ~]# ovs-vsctl list-ports br-int ovn-ovn0-0 ovn-ovn2-0 port1它有適當的
iface-id:[root@ovn1 ~]# ovs-vsctl list interface port1 |egrep -v '\[]|{}' _uuid : 63101ec6-be8c-4df7-bdab-e43f8bc4f7f9 admin_state : up external_ids : {iface-id="port1"} ifindex : 0 ingress_policing_burst: 0 ingress_policing_rate: 0 link_resets : 1 link_state : up mac : "c0:ff:ee:00:00:11" mac_in_use : "c0:ff:ee:00:00:11" mtu : 1500 name : "port1" ofport : 2 statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=3672, tx_dropped=0, tx_errors=0, tx_packets=20} status : {driver_name=openvswitch} type : internal我已經在該埠上配置了 dhcp 選項:
[root@ovn0 ~]# ovn-nbctl lsp-get-dhcpv4-options port1 29f9e321-93d1-4974-8cd7-7f65ad376f51 (10.0.0.0/24)哪個地圖:
[root@ovn0 ~]# ovn-nbctl list dhcp_options _uuid : 29f9e321-93d1-4974-8cd7-7f65ad376f51 cidr : "10.0.0.0/24" external_ids : {} options : {lease_time="3600", router="10.0.0.1", server_id="10.0.0.1"}On
ovn1,port1已添加到名為 的網路命名空間中vm1:[root@ovn1 ~]# ip netns exec vm1 ip addr 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 6: port1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether c0:ff:ee:00:00:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::2c8b:65ff:fe00:4/64 scope link valid_lft forever preferred_lft foreverMAC 地址與之前在邏輯埠數據庫中配置的 MAC 地址相匹配。
如果我在該網路命名空間中針對 port1 執行 dhcp 客戶端,它永遠不會得到回复:
[root@ovn1 ~]# ip netns exec vm1 dhclient -d port1 Internet Systems Consortium DHCP Client 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/port1/c0:ff:ee:00:00:11 Sending on LPF/port1/c0:ff:ee:00:00:11 Sending on Socket/fallback DHCPDISCOVER on port1 to 255.255.255.255 port 67 interval 7 (xid=0x75a05a70) DHCPDISCOVER on port1 to 255.255.255.255 port 67 interval 21 (xid=0x75a05a70) . . . No DHCPOFFERS received.讓 OVN 響應此埠上的 DHCP 請求還需要什麼?
更新 1
ovn-trace建議 dhcp 請求只是廣播出所有介面:[root@ovn0 ~]# ovn-trace net0 'inport=="port1" && eth.src==c0:ff:ee:00:00:11 && ip4.src==0.0.0.0 && eth.dst==ff:ff:ff:ff:ff:ff && ip4.dst==255.255.255.255 && udp.src==68 && udp.dst==67' # udp,reg14=0x2,vlan_tci=0x0000,dl_src=c0:ff:ee:00:00:11,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=68,tp_dst=67 ingress(dp="net0", inport="port1") ---------------------------------- 0. ls_in_port_sec_l2 (ovn-northd.c:4028): inport == "port1" && eth.src == {c0:ff:ee:00:00:11}, priority 50, uuid e155c87e next; 1. ls_in_port_sec_ip (ovn-northd.c:3642): inport == "port1" && eth.src == c0:ff:ee:00:00:11 && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67, priority 90, uuid 5548c089 next; 17. ls_in_l2_lkup (ovn-northd.c:5678): eth.mcast, priority 70, uuid 51b48b77 outport = "_MC_flood"; output; multicast(dp="net0", mcgroup="_MC_flood") ----------------------------------------- egress(dp="net0", inport="port1", outport="net0-gw") ---------------------------------------------------- 9. ls_out_port_sec_l2 (ovn-northd.c:4115): eth.mcast, priority 100, uuid 7db51d27 output; /* output to "net0-gw", type "" */ egress(dp="net0", inport="port1", outport="port1") -------------------------------------------------- /* omitting output because inport == outport && !flags.loopback */ egress(dp="net0", inport="port1", outport="port2") -------------------------------------------------- 9. ls_out_port_sec_l2 (ovn-northd.c:4115): eth.mcast, priority 100, uuid 7db51d27 output; /* output to "port2", type "" */
我最終想通了。我在https://blog.oddbit.com/post/2019-12-19-ovn-and-dhcp/上整理了一篇完整的文章,介紹了整個過程。
我認為我之前測試中的關鍵問題是,為了讓 OVN DHCP 服務響應,您必須在
dhcp_options條目中設置一些強制選項。這些都沒有記錄在任何地方,但是如果我們查看原始碼,我們會看到:const char *server_ip = smap_get( &op->nbsp->dhcpv4_options->options, "server_id"); const char *server_mac = smap_get( &op->nbsp->dhcpv4_options->options, "server_mac"); const char *lease_time = smap_get( &op->nbsp->dhcpv4_options->options, "lease_time"); if (!(server_ip && server_mac && lease_time)) { /* "server_id", "server_mac" and "lease_time" should be * present in the dhcp_options. */ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); VLOG_WARN_RL(&rl, "Required DHCPv4 options not defined for lport - %s", op->json_key); return false; }因此,我們必須設置
server_id、server_mac和lease_time。server_mac我在之前的測試中失去了。