标签:
openvswicth : 开源的网络虚拟化软件,可以划分vlan隔离虚拟机,做流量控制
dnsmasq:小心的dns,dhcp服务器
安装openvswicth
wget http://openvswitch.org/releases/openvswitch-2.5.0.tar.gz
编译成rpm包安装
yum install rpm-build mkdir -p ~/rpmbuild/SOURCES tar xf openvswitch-2.5.0.tar.gz sed ‘s/openvswitch-kmod, //g‘ openvswitch-2.5.0/rhel/openvswitch.spec > openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec rpmbuild -bb --without check ~/openvswitch-2.5.0/rhel/openvswitch_no_kmod.spec
yum localinstall ~/rpmbuild/RPMS/x86_64/openvswitch-2.5.0-1.x86_64.rpm
systemctl start openvswitch 开启服务
systemctl enable openvswitch
配置桥(交换机)
/etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes DEVICETYPE=ovs TYPE=OVSPort OVS_BRIDGE=ovs-br0 BOOTPROTO=none HOTPLUG=no /etc/sysconfig/network-scripts/ifcfg-ovs-br0 DEVICE=ovs-br0 ONBOOT=yes DEVICETYPE=ovs TYPE=OVSBridge BOOTPROTO=static IPADDR=192.168.100.250 NETMASK=255.255.255.0 HOTPLUG=no
重启网络
systemctl restart network
ifconfig ovs-br0 #查看网络是否配置成功
ovs-vsctl show #查看桥
将桥与kvm关联
cd /etc/libvirt/qemu/networks vim ovsnet.xml <network> <name>ovs-br0</name> <forward mode=‘bridge‘/> <bridge name=‘ovs-br0‘/> <virtualport type=‘openvswitch‘/> </network> virsh define ovsnet.xml virsh start ovs-br0 virsh autostart ovs-br0
virsh net-list 可以查看桥是否和kvm关联
然后使用virt-manager工具安装一台linux虚拟机dncpserver,搭建dnsmasq服务
添加两块网口,使用ovs-br0做桥
编辑配置文件,将两块网卡分配到不同vlan
virsh edit dhcpserver
搜索openvswitch 然后添加 vlan ,第一张网卡 tag=1 第二张网卡 tag=2
<interface type=‘bridge‘> <source bridge=‘ovs-br0‘/> <virtualport type=‘openvswitch‘/> <vlan> <tag id="1"/> </vlan> <model type=‘virtio‘/>
</interface>
<interface type=‘bridge‘> <source bridge=‘ovs-br0‘/> <virtualport type=‘openvswitch‘/> <vlan> <tag id="2"/> </vlan> <model type=‘virtio‘/> </interface>
进入虚拟机,重启网络,配置两个不同网络的ip地址
临时生效,若长期生效则需要修改配置文件
ipaddr eth0 192.168.100.1
ipaddr eth1 192.168.200.1
然后搭建dhcp服务
yum install dnsmasq
编辑配置文件
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak echo > /etc/dnsmasq.conf vim /etc/dnsmasq.conf dhcp-range=eth0,192.168.100.100,192.168.100.199,4h dhcp-range=eth1,192.168.200.100,192.168.200.199,4h interface=eth1 interface=eth2 启动服务 systemctl start dnsmasq systemctl enable dnsmasq
然后安装两台测试虚拟机
一台将网卡分倒tag1,一台将网卡分倒tag2
然后测试能否拿到IP
使用openvswitch 和dnsmasq来实现虚拟机网络隔离
标签:
原文地址:http://www.cnblogs.com/pdjun/p/5908642.html