网络虚拟化：

复杂的虚拟化网络：
netns
OpenVSwitch

OVS：基于C语言研发；特性：
802.1q, trunk, access
NIC bonding
NetFlow, sFlow
QoS配置及策略
GRE, VxLAN,
OpenFlow

OVS的组成部分：
ovs-vswitchd: OVS daemon, 实现数据报文交换功能，和Linux内核兼容模块一同实现了基于流的交换技术；
ovsdb-server：轻量级的数据库服务，主要保存了整个OVS的配置信息，例如接口、交换和VLAN等等；ovs-vswithed的交换功能基于此库实现；
ovs-dpctl：用于控制内核模块，控制转发规则的。
ovs-vsctl：用于获取或更改ovs-vswitchd的配置信息，其修改操作会保存至ovsdb-server中；
ovs-appctl
ovsdbmonitor：gui工具用来显示ovsdb中的数据
ovs-controller：流控工具
ovs-ofctl：
ovs-pki：openflow命令行工具

ovs-vsctl命令的使用：
show: ovsdb配置内容查看
add-br NAME：添加桥设备；
list-br: 显示所有已定义BRIDGE
del-br BRIDGE: 删除桥
add-port BRIDGE PORT: 将PORT添加至指定的BRIDGE
list-ports BRIDGE: 显示指定BRIDGE上已经添加的所有PORT
del-port [BRIDGE] PORT: 从指定BRIDGE移除指定的PORT
# ovs-vsctl list port:查看端口数据库

/etc/if-up脚本：
#!/bin/bash
#
bridge=br-in

if [ -n “$1” ]; then
ip link set $1 up
sleep 1
ovs-vsctl add-port $bridge $1
[ $? -eq 0 ] && exit 0 || exit 1
else
echo “Error: no port specified.”
exit 2
fi

/etc/if-down脚本：
#!/bin/bash
#
bridge=br-in

if [ -n “$1” ]; then
ip link set $1 down
sleep 1
ovs-vsctl del-port $bridge $1
[ $? -eq 0 ] && exit 0 || exit 1
else
echo “Error: no port specified.”
exit 2
fi

安装openvswitch：
# yum -y install centos-release-openstack-ocata.noarch
# yum -y install openvswitch
# systemctl start openvswitch

# ovs-vsctl show
fb96b8f0-9d4e-46af-80a4-c1dffd185a99
ovs_version: “2.6.1”

创建两个桥：
# ovs-vsctl add-br br1
# ovs-vsctl add-br br2
# ovs-vsctl show
fb96b8f0-9d4e-46af-80a4-c1dffd185a99
Bridge “br1”
Port “br1”
Interface “br1”
type: internal
Bridge “br2”
Port “br2”
Interface “br2”
type: internal
ovs_version: “2.6.1”

创建虚拟网卡对：
# ip link add veth0 type veth peer name veth0.1
# ip link show
9: veth0.1@veth0: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 0e:da:cb:9e:78:d5 brd ff:ff:ff:ff:ff:ff
10: [email protected]: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether ce:37:9f:0b:df:2b brd ff:ff:ff:ff:ff:ff
# ip link set veth0 up
# ip link set veth0.1 up

把虚拟网卡加入桥：
# ovs-vsctl add-port br1 veth0
# ovs-vsctl add-port br2 veth0.1
# ovs-vsctl show
fb96b8f0-9d4e-46af-80a4-c1dffd185a99
Bridge “br1”
Port “br1”
Interface “br1”
type: internal
Port “veth0”
Interface “veth0”
Bridge “br2”
Port “veth0.1”
Interface “veth0.1”
Port “br2”
Interface “br2”
type: internal
ovs_version: “2.6.1”

两个桥之间利用虚拟网卡对进行trunk连接
# ovs-vsctl set port veth0.1 vlan_mode=trunk
# ovs-vsctl set port veth0.1 trunks=10,20
# ovs-vsctl set port veth0 vlan_mode=trunk
# ovs-vsctl set port veth0 trunks=10,20
# ovs-vsctl list port veth0
_uuid               : d2207ae3-4b3c-4d3d-a7c7-3554f3840d83
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
external_ids        : {}
fake_bridge         : false
interfaces          : [9b4388ee-e169-4f3b-9d6e-59063a17f60d]
lacp                : []
mac                 : []
name                : “veth0”
other_config        : {}
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : []
trunks              : [10, 20]
vlan_mode           : trunk
# ovs-vsctl list port veth0.1
_uuid               : 0402c6ae-a97c-4f6b-8794-b7b48ba435ac
bond_active_slave   : []
bond_downdelay      : 0
bond_fake_iface     : false
bond_mode           : []
bond_updelay        : 0
external_ids        : {}
fake_bridge         : false
interfaces          : [02022ec7-478a-49a3-9649-57039dd16118]
lacp                : []
mac                 : []
name                : “veth0.1”
other_config        : {}
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : []
trunks              : [10, 20]
vlan_mode           : trunk

启动虚拟机：
# qemu-kvm -m 128 -smp 1 \
-drive file=/images/cirros/cirros-0.3.5-x86_64-disk.img,media=disk,format=qcow2,if=virtio,cache=writeback \
-balloon virtio \
-net nic,model=virtio,macaddr=52:54:00:A5:41:1E -net tap,vhost=on,vnet_hdr=on,script=/etc/qemu-kvm/if-up,downscript=/etc/qemu-kvm/if-down \
-daemonize -vnc :0

# yum -y install tigervnc

# cp -av /etc/qemu-kvm/if-up{,2}
‘/etc/qemu-kvm/if-up’ -> ‘/etc/qemu-kvm/if-up2’
# cp -av /etc/qemu-kvm/if-down{,2}
‘/etc/qemu-kvm/if-down’ -> ‘/etc/qemu-kvm/if-down2’
# cp -av /etc/qemu-kvm/if-up{,3}
‘/etc/qemu-kvm/if-up’ -> ‘/etc/qemu-kvm/if-up3’
# cp -av /etc/qemu-kvm/if-down{,3}
‘/etc/qemu-kvm/if-down’ -> ‘/etc/qemu-kvm/if-down3’

# qemu-kvm -m 128 -smp 1 \
-drive file=/images/cirros/cirros-0.3.5-x86_64-disk2.img,media=disk,format=qcow2,cache=writeback,if=virtio \
-balloon virtio \
-net nic,model=virtio,macaddr=52:54:00:A5:41:2E -net tap,vhost=on,vnet_hdr=on,script=/etc/qemu-kvm/if-up2,downscript=/etc/qemu-kvm/if-down2 \
-daemonize -vnc :1 \
-usbdevice tablet \

# ovs-vsctl set port tap0 tag=10
# ovs-vsctl set port tap1 tag=10
# ovs-vsctl remove port tap1 tag 10

# qemu-kvm -m 128 -smp 1 -balloon virtio -name br2 \
-drive file=/images/cirros/cirros-0.3.5-x86_64-disk3.img,media=disk,cache=writeback,format=qcow2,if=virtio \
-vnc :3 -daemonize \
-net nic,macaddr=52:54:00:A5:41:3E,model=virtio -net tap,vhost=on,vnet_hdr=on,script=/etc/qemu-kvm/if-up3,downscript=/etc/qemu-kvm/if-down3

把虚拟机网卡加入桥中vlan：
# ovs-vsctl set port tap2 tag=10

# ovs-vsctl remove port tap1 tag 10
# ovs-vsctl set port tap1 tag=20
# ovs-vsctl remove port tap2 tag 10
# ovs-vsctl set port tap2 tag=20