openvswitch特别适合于虚拟化环境。实际上openvswitch在性能上相较于原生的linux bridge并无优势,但是在管理方面强的不是一点半点,完全不可同日而语。

物理服务器只有一个端口跟交换机相连,由于需要用到5个vlan,所以启用了vlan trunk功能。libvirt中的网络定义如下:

定义openswitch网络

  • 新建一个新的openvswitch network

    /etc/libvirt/qemu/ovs-network.xml
    <network>
        <name>ovs-network</name>
        <forward mode='bridge'/>
        <bridge name='ovsbr1'/>
        <virtualport type='openvswitch'/>
        <portgroup name='vlan-20'>
            <vlan>
                <tag id='20'/>
            </vlan>
        </portgroup>
        <portgroup name='vlan-24'>
            <vlan>
                <tag id='24'/>
            </vlan>
        </portgroup>
        <portgroup name='vlan-28'>
            <vlan>
                <tag id='28'/>
            </vlan>
        </portgroup>
        <portgroup name='vlan-111'>
            <vlan>
                <tag id='111'/>
            </vlan>
        </portgroup>
        <portgroup name='vlan-300'>
            <vlan>
                <tag id='300'/>
            </vlan>
        </portgroup>
        <portgroup name='vlan-all'>
            <vlan trunk='yes'>
                <tag id='20'/>
                <tag id='24'/>
                <tag id='28'/>
                <tag id='111'/>
                <tag id='300'/>
            </vlan>
        </portgroup>
    </network>
  • 在线修改openvswitch network

    后续如果希望在线修改network[1],可以通过virsh net-update来实现,譬如要添加一个vlan112。

    virsh net-update ovs-network add portgroup \
      "<portgroup name='vlan-113'> \
         <vlan> \
          <tag id='113'/> \
         </vlan> \
       </portgroup>" \
    --current

    还要修改一下portgroup定义

    $ sudo virsh net-update ovs-network modify portgroup \
     "<portgroup name='vlan-all'> \
       <vlan trunk='yes'> \
         <tag id='20'/> \
         <tag id='24'/> \
         <tag id='28'/> \
         <tag id='111'/> \
         <tag id='112'/> \
         <tag id='300'/>\
       </vlan> \
     </portgroup>" --current
  • 新增vm网口别名

通过<target/>可以定义vm网口的别名,为后续的维护提供便利:

+

$ sudo virsh net-define ovs-network.xml
$ sudo virsh net-start ovs-network
$ sudo vim d7-32-wptMgmt.xml
------------8<---------------
    <interface type='network'>
      <mac address='52:54:00:64:63:4e'/>
      <source network='ovs-network' portgroup='vlan-300'/>
      <target dev='wptMgmt-300'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
------------>8---------------

完成vm配置文件的修改后,需要重新定义一下,下次重启vm后方能生效

  • 重新定义vm配置

    $ sudo cp /etc/libvirt/qemu/d7-32-wptMgmt.xml /backup
    $ sudo virsh undefine d7-32-wptMgmt
    $ sudo cp /backupd7-32-wptMgmt.xml /etc/libvirt/qemu/
    $ sudo virsh define d7-32-wptMgmt.xml
    $ sudo virsh start d7-32-wptMgmt
  • 在线更新vm配置

    在先更新vm配置文件的的意义在于不需要关机,然后重新定义vm[2]

$ sudo virsh edit d7-32-wptMgmt
------------8<---------------
    <interface type='network'>
      <mac address='52:54:00:64:63:4e'/>
      <source network='ovs-network' portgroup='vlan-300'/>
      <target dev='wptMgmt-300'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
------------>8---------------

+ 需要说明的是在线更新vm配置并不意味着会hotplug网卡,还需要:

+ 检查一下:

+

$ sudo ovs-vsctl show
2bb445bb-53d7-4cae-be95-5a37b16ba4d7
    Bridge "ovsbr1"
        Port "vnet2"
            tag: 111
            Interface "vnet2"
        Port "wptMgmt-111"
            tag: 111
            Interface "wptMgmt-111"
        Port "ovsbr1"
            Interface "ovsbr1"
                type: internal
        Port "bond1"
            Interface "eth2"
            Interface "eth3"
        Port "wptMgmt-300"
            tag: 300
            Interface "wptMgmt-300"
    ovs_version: "2.3.2"
$ sudo ip ad ls
------------8<---------------
138: wptMgmt-300: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:64:63:4e brd ff:ff:ff:ff:ff:ff
139: wptMgmt-111: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:3e:0a:f5 brd ff:ff:ff:ff:ff:ff
------------>8---------------

1. 在线修改并非openvswitch独有
2. 相当于undefine & define