openvSwitch tunnel

ovs tunnel

实验拓扑

实验拓扑搭建基础脚本

#vbox虚拟机1
ip netns add left
ip link add name veth1 type veth peer name sw1-p1
ip link set dev veth1 netns left
ip netns exec left ifconfig veth1 10.0.0.1/24 up

ovs-vsctl add-br sw1
ovs-vsctl add-port sw1 sw1-p1
ip link set sw1-p1 up

#vbox虚拟机2
ip netns add right
ip link add name veth1 type veth peer name sw2-p1
ip link set dev veth1 netns right
ip netns exec right ifconfig veth1 10.0.0.2/24 up

ovs-vsctl add-br sw2
ovs-vsctl add-port sw2 sw2-p1
ip link set sw2-p1 up

GRE TUNNEL 配置

• vbox虚拟机1

  ovs-vsctl add-port sw1 tun0 -- set Interface tun0 type=gre options:remote_ip=10.30.10.141

• vbox虚拟机2

  ovs-vsctl add-port sw2 tun0 -- set Interface tun0 type=gre options:remote_ip=10.30.10.145

查看配置

• vbox虚拟机1

  root@controller-VirtualBox:~# ovs-vsctl show
  29c5cc05-2a31-4f14-a304-3a697698f96a
      Bridge "sw1"
          Port "sw1"
              Interface "sw1"
                  type: internal
          Port "sw1-p1"
              Interface "sw1-p1"
          Port "tun0"
              Interface "tun0"
                  type: gre
                  options: {remote_ip="10.30.10.141"}
      ovs_version: "2.5.2"

• vbox虚拟机2

  root@controller-VirtualBox:~# ovs-vsctl show
  0f92aaa0-5385-48f5-a54a-644e05652f59
      Bridge "sw2"
          Port "sw2-p1"
              Interface "sw2-p1"
          Port "sw2"
              Interface "sw2"
                  type: internal
          Port "tun0"
              Interface "tun0"
                  type: gre
                  options: {remote_ip="10.30.10.145"}
      ovs_version: "2.5.2"
  root@controller-VirtualBox

连通性测试,在vbox虚拟机1 left ns中ping虚拟机2 right

root@controller-VirtualBox:~# ip netns exec left ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.953 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.609 ms

VXLAN TUNNEL配置

• vbox虚拟机1

  ovs-vsctl add-port sw1 tun0 -- set Interface tun0 type=vxlan options:local_ip=10.30.10.145 options:remote_ip=10.30.10.141

• vbbox虚拟机2

  ovs-vsctl add-port sw2 tun0 -- set Interface tun0 type=vxlan options:local_ip=10.30.10.141 options:remote_ip=10.30.10.145

查看配置

• vbox虚拟机1

  root@controller-VirtualBox:~# ovs-vsctl show
  29c5cc05-2a31-4f14-a304-3a697698f96a
      Bridge "sw1"
          Port "sw1"
              Interface "sw1"
                  type: internal
          Port "sw1-p1"
              Interface "sw1-p1"
          Port "tun0"
              Interface "tun0"
                  type: vxlan
                  options: {local_ip="10.30.10.145", remote_ip="10.30.10.141"}
      ovs_version: "2.5.2"

• vbox虚拟机2

  root@controller-VirtualBox:~# ovs-vsctl show
  0f92aaa0-5385-48f5-a54a-644e05652f59
      Bridge "sw2"
          Port "sw2-p1"
              Interface "sw2-p1"
          Port "sw2"
              Interface "sw2"
                  type: internal
          Port "tun0"
              Interface "tun0"
                  type: vxlan
                  options: {local_ip="10.30.10.141", remote_ip="10.30.10.145"}
      ovs_version: "2.5.2"
  root@controller-VirtualBox:~#

连通性测试,在vbox虚拟机1 left ns中ping虚拟机2 right

root@controller-VirtualBox:~# ip netns exec left ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.905 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.490 ms
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.490/0.697/0.905/0.209 ms

ipsec_gre配置

如果运行失败或则无法创建接口，首先安装

apt-get install openvswitch* -y

• vbox虚拟机1

  ovs-vsctl add-port sw1 tun0 -- set interface tun0 type=ipsec_gre options:remote_ip=10.30.10.141 options:psk=test123

• vbbox虚拟机2

  ovs-vsctl add-port sw2 tun0 -- set interface tun0 type=ipsec_gre options:remote_ip=10.30.10.145 options:psk=test123

在ipsec gre tunnel情况下，我的环境中并没有完成连通，而且日志中也没有报错；具体原因还需要探究。当然我已经翻阅论坛，然并卵，哎。。。，暂且未解之谜吧