码迷,mamicode.com
首页 > 其他好文 > 详细

ovs 实现vlan隔离(二)

时间:2020-04-05 22:43:42      阅读:137      评论:0      收藏:0      [点我收藏+]

标签:rtt   remote   端口   bond   bridge   图片   data   color   bash   

技术图片

 

 

[root@kunpeng82 devuser]# ovs-vsctl list port tap6_br
_uuid               : 70e22269-7254-4300-88fc-b3e8cfcc1df6
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
cvlans              : []
external_ids        : {}
fake_bridge         : false
interfaces          : [151c8cc1-d6ab-4351-afb7-cef0021ca246]
lacp                : []
mac                 : []
name                : "tap6_br"
other_config        : {}
protected           : false
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : 100
trunks              : []
vlan_mode           : []
[root@kunpeng82 devuser]# ovs-vsctl list port tap7_br
_uuid               : 2f371b05-f6f2-41c6-91f3-7cd7e7f883cf
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
cvlans              : []
external_ids        : {}
fake_bridge         : false
interfaces          : [060208b7-834c-4ffa-b4e3-7bc15733b7a3]
lacp                : []
mac                 : []
name                : "tap7_br"
other_config        : {}
protected           : false
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : 200
trunks              : []
vlan_mode           : []
[root@kunpeng82 devuser]# ovs-vsctl list port tap0_br
_uuid               : f8b41259-a1b3-4226-bd25-afb7c0dfe9e1
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
cvlans              : []
external_ids        : {}
fake_bridge         : false
interfaces          : [202a2f21-c8f3-4f23-8a64-5dc5de6c6e72]
lacp                : []
mac                 : []
name                : "tap0_br"
other_config        : {}
protected           : false
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : 100
trunks              : []
vlan_mode           : []
[root@kunpeng82 devuser]# ovs-vsctl list port tap3_br
_uuid               : 29780fb3-41de-46b6-bf96-2df7ac16fb9d
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
cvlans              : []
external_ids        : {}
fake_bridge         : false
interfaces          : [9fe5705c-f864-42e9-87e1-671062bba462]
lacp                : []
mac                 : []
name                : "tap3_br"
other_config        : {}
protected           : false
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : 200
trunks              : []
vlan_mode           : []
[root@kunpeng82 devuser]# 

 

[root@kunpeng82 devuser]# ovs-vsctl show 
25581fe4-f414-4c0a-a9eb-5d04cc658c0c
    Bridge "vswitch0"
        Port "tap3_br"
            tag: 200
            Interface "tap3_br"
        Port "vswitch0"
            Interface "vswitch0"
                type: internal
        Port "vxlan1"
            Interface "vxlan1"
                type: vxlan
                options: {key=flow, remote_ip="10.10.18.216"}
        Port "patch_to_vswitch1"
            Interface "patch_to_vswitch1"
                type: patch
                options: {peer="patch_to_vswitch0"}
        Port "tap0_br"
            tag: 100
            Interface "tap0_br"
    Bridge "vswitch1"
        Port "tap7_br"
            tag: 200
            Interface "tap7_br"
        Port "patch_to_vswitch0"
            Interface "patch_to_vswitch0"
                type: patch
                options: {peer="patch_to_vswitch1"}
        Port "tap6_br"
            tag: 100
            Interface "tap6_br"
        Port "vswitch1"
            Interface "vswitch1"
                type: internal
    ovs_version: "2.12.0"
[root@kunpeng82 devuser]# 
[root@kunpeng82 devuser]# ip netns exec ns6 ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.423 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.026 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.014 ms
64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=0.016 ms
^C
--- 192.168.1.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3108ms
rtt min/avg/max/mdev = 0.014/0.119/0.423/0.175 ms
[root@kunpeng82 devuser]# ip netns exec ns6 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1018ms

[root@kunpeng82 devuser]#

[root@kunpeng82 devuser]# ip netns exec ns7 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.487 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.025 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1068ms
rtt min/avg/max/mdev = 0.025/0.256/0.487/0.231 ms
[root@kunpeng82 devuser]#

 

相同vlan能够通信,不通vlan之间隔离了

ovs端口默认是trunk模式,且所有的VLAN tag都可以通过。

 

现在将patch设备为trunk,且只允许vlan 200通过

 

 

[root@kunpeng82 devuser]# ovs-vsctl set port patch_to_vswitch1 VLAN_mode=trunk
[root@kunpeng82 devuser]# ovs-vsctl set port patch_to_vswitch0 VLAN_mode=trunk
[root@kunpeng82 devuser]# ovs-vsctl set port patch_to_vswitch0 trunk=200
[root@kunpeng82 devuser]# ovs-vsctl set port patch_to_vswitch1 trunk=200
[root@kunpeng82 devuser]# ip netns exec ns7 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.304 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.025 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.025/0.164/0.304/0.140 ms
[root@kunpeng82 devuser]# ip netns exec ns6 ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
^C
--- 192.168.1.100 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1068ms

 

ovs 实现vlan隔离(二)

标签:rtt   remote   端口   bond   bridge   图片   data   color   bash   

原文地址:https://www.cnblogs.com/dream397/p/12639307.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!