KVM on ESXi (openvswitch) VLAN使ってみる

openvswitchで接続できてしまえば、VLANは問題ないだろう。。。

過去記事と、同様にovsでtag付けしてみる。

[root@kvm2 ~]# ovs-vsctl del-port vnet0
[root@kvm2 ~]# ovs-vsctl add-port ovsbr1 vnet0 tag=70
[root@kvm2 ~]# ovs-vsctl show
[root@kvm2 ~]# ovs-vsctl show
3a8d81b3-fdba-47cc-bce1-8fc0372dec6d
    Bridge "ovsbr1"
        Port "eth1"
            Interface "eth1"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
        Port "vnet1"
            Interface "vnet1"
        Port "vnet0"
            tag: 70
            Interface "vnet0"
    ovs_version: "1.10.0"

この状態で、pingをしてみると、当然疎通できません。vm74(vnet0)がtag付き、vm76(vnet1)がtagなしなので。

vnet1側もtag 70に設定して通信。

[root@kvm2 ~]# ovs-vsctl del-port vnet1
[root@kvm2 ~]# ovs-vsctl add-port ovsbr1 vnet1 tag=70
[root@kvm2 ~]# ovs-vsctl show
3a8d81b3-fdba-47cc-bce1-8fc0372dec6d
    Bridge "ovsbr1"
        Port "vnet1"
            tag: 70
            Interface "vnet1"
        Port "eth1"
            Interface "eth1"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
        Port "vnet0"
            tag: 70
            Interface "vnet0"
    ovs_version: "1.10.0"
[root@vm74 ~]# ping 192.168.200.76
PING 192.168.200.76 (192.168.200.76) 56(84) bytes of data.
64 bytes from 192.168.200.76: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 192.168.200.76: icmp_seq=2 ttl=64 time=0.267 ms
...

うまく動作しています。

KVM2台で各vmのvlan間通信。vlan60とvlan70で下図の環境。
同一vlan idのみ通信できているので、vlanでL2を分割できています。

KVM-OVS-VLAN

■KVM1の状態

[root@kvm1 ~]# virsh list
 Id    Name                           State
----------------------------------------------------
 1     vm71                           running
 2     vm73                           running

[root@kvm1 ~]# ovs-vsctl show
d74e37a6-b456-42a3-a83a-153d8544cafb
    Bridge "ovsbr1"
        Port "vnet0"
            tag: 60
            Interface "vnet0"
        Port "eth1"
            Interface "eth1"
        Port "vnet1"
            tag: 70
            Interface "vnet1"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
    ovs_version: "1.10.0"

■KVM2の状態

[root@kvm2 ~]# virsh list
 Id    Name                           State
----------------------------------------------------
 2     vm74                           running
 3     vm76                           running

[root@kvm2 ~]# ovs-vsctl show
3a8d81b3-fdba-47cc-bce1-8fc0372dec6d
    Bridge "ovsbr1"
        Port "eth1"
            Interface "eth1"
        Port "vnet0"
            tag: 60
            Interface "vnet0"
        Port "vnet1"
            tag: 70
            Interface "vnet1"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
    ovs_version: "1.10.0"

vm74からpingの結果vm71とのみ通信できています。(vlan 60同士)

[root@vm74 ~]# ping 192.168.200.71
PING 192.168.200.71 (192.168.200.71) 56(84) bytes of data.
64 bytes from 192.168.200.71: icmp_seq=1 ttl=64 time=2.51 ms
64 bytes from 192.168.200.71: icmp_seq=2 ttl=64 time=0.410 ms

--- 192.168.200.71 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1249ms
rtt min/avg/max/mdev = 0.410/1.462/2.514/1.052 ms
[root@vm74 ~]# ping 192.168.200.73
PING 192.168.200.73 (192.168.200.73) 56(84) bytes of data.

--- 192.168.200.73 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1293ms

[root@vm74 ~]# ping 192.168.200.76
PING 192.168.200.76 (192.168.200.76) 56(84) bytes of data.

--- 192.168.200.76 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1238ms

vm76からpingの結果。vm73とのみ通信できています。(vlan 70同士)

[root@vm76 ~]# ping 192.168.200.71
PING 192.168.200.71 (192.168.200.71) 56(84) bytes of data.

--- 192.168.200.71 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 856ms

[root@vm76 ~]# ping 192.168.200.73
PING 192.168.200.73 (192.168.200.73) 56(84) bytes of data.
64 bytes from 192.168.200.73: icmp_seq=1 ttl=64 time=2.69 ms
64 bytes from 192.168.200.73: icmp_seq=2 ttl=64 time=0.529 ms

--- 192.168.200.73 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1259ms
rtt min/avg/max/mdev = 0.529/1.609/2.690/1.081 ms
[root@vm76 ~]# ping 192.168.200.74
PING 192.168.200.74 (192.168.200.74) 56(84) bytes of data.

--- 192.168.200.74 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1126ms

vm76からpingを叩いた際のeth1でのパケットダンプ。
KVM1とKVM2間のデータは、802.1Qフレームにて通信してますね。vlan70です。

[root@kvm2 ~]# tcpdump -n -e -i eth1
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:29:59.267966 52:54:00:1f:aa:a8 > 52:54:00:d4:7c:5e, ethertype 802.1Q (0x8100), length 102: vlan 70, p 0, ethertype IPv4, 192.168.200.76 > 192.168.200.73: ICMP echo request, id 6661, seq 1, length 64
16:29:59.269747 52:54:00:d4:7c:5e > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 70, p 0, ethertype ARP, Request who-has 192.168.200.76 tell 192.168.200.73, length 42
16:29:59.269980 52:54:00:1f:aa:a8 > 52:54:00:d4:7c:5e, ethertype 802.1Q (0x8100), length 46: vlan 70, p 0, ethertype ARP, Reply 192.168.200.76 is-at 52:54:00:1f:aa:a8, length 28
16:29:59.270358 52:54:00:d4:7c:5e > 52:54:00:1f:aa:a8, ethertype 802.1Q (0x8100), length 102: vlan 70, p 0, ethertype IPv4, 192.168.200.73 > 192.168.200.76: ICMP echo reply, id 6661, seq 1, length 64
16:30:00.269204 52:54:00:1f:aa:a8 > 52:54:00:d4:7c:5e, ethertype 802.1Q (0x8100), length 102: vlan 70, p 0, ethertype IPv4, 192.168.200.76 > 192.168.200.73: ICMP echo request, id 6661, seq 2, length 64
16:30:00.269737 52:54:00:d4:7c:5e > 52:54:00:1f:aa:a8, ethertype 802.1Q (0x8100), length 102: vlan 70, p 0, ethertype IPv4, 192.168.200.73 > 192.168.200.76: ICMP echo reply, id 6661, seq 2, length 64
 

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

*