Tungsten Fabric知识库丨这里有18个TF补丁程序,建议收藏
-
作者:Tatsuya Naganawa 译者:TF编译组
静态scheduler:用于svc-monitor logic选择可用的vRouter
diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b index f40de26..d5c2478 100644 --- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py +++ b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py @@ -200,3 +200,8 @@ class RandomScheduler(VRouterScheduler): self._vnc_lib.ref_update('virtual-router', chosen_vrouter, 'virtual-machine', vm.uuid, None, 'ADD') return chosen_vrouter + +class StaticScheduler(VRouterScheduler): + """Statically assign vRouter nodes for v1 service-chain, haproxy lb, SNAT e + def schedule(self, si, vm): + return ['bms11', 'bms12']
从svc-monitor logic中解耦analytics
diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler. index f40de26..7fd1f0a 100644 --- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py +++ b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py @@ -115,6 +115,8 @@ class VRouterScheduler(object): return response_dict def vrouters_running(self): + ## implement logic to see available vRouter, without checking analytics response (possible choice is xmpp status from control node) + # get az host list az_vrs = self._get_az_vrouter_list()
https://review.opencontrail.org/c/Juniper/contrail-controller/+/59457
更具扩展性的haproxy负载均衡器和SNAT
diff --git a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py index 5487b2b..1bee992 100644 --- a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py +++ b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py @@ -92,8 +92,8 @@ class OpencontrailLoadbalancerDriver( # set interfaces and ha props.set_interface_list(if_list) - props.set_ha_mode('active-standby') - scale_out = ServiceScaleOutType(max_instances=2, auto_scale=False) + props.set_ha_mode('active-active') + scale_out = ServiceScaleOutType(max_instances=10, auto_scale=False) props.set_scale_out(scale_out) return props diff --git a/src/config/svc-monitor/svc_monitor/snat_agent.py b/src/config/svc-monitor/svc_monitor/snat_agent.py index 54ea709..f5bce37 100644 --- a/src/config/svc-monitor/svc_monitor/snat_agent.py +++ b/src/config/svc-monitor/svc_monitor/snat_agent.py @@ -169,7 +169,7 @@ class SNATAgent(Agent): si_obj.fq_name = project_fq_name + [si_name] si_created = True si_prop_obj = ServiceInstanceType( - scale_out=ServiceScaleOutType(max_instances=2, + scale_out=ServiceScaleOutType(max_instances=10, auto_scale=True), auto_policy=False) @@ -181,7 +181,7 @@ class SNATAgent(Agent): right_if = ServiceInstanceInterfaceType( virtual_network=':'.join(vn_obj.fq_name)) si_prop_obj.set_interface_list([right_if, left_if]) - si_prop_obj.set_ha_mode('active-standby') + si_prop_obj.set_ha_mode('active-active') si_obj.set_service_instance_properties(si_prop_obj) si_obj.set_service_template(st_obj)
三个XMPP连接(以覆盖双重故障情景)
diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h index 3e48812..832b476 100644 --- a/src/vnsw/agent/cmn/agent.h +++ b/src/vnsw/agent/cmn/agent.h @@ -284,7 +284,10 @@ extern void RouterIdDepInit(Agent *agent); #define MULTICAST_LABEL_BLOCK_SIZE 2048 #define MIN_UNICAST_LABEL_RANGE 4098 -#define MAX_XMPP_SERVERS 2 + +/* to cover double failure case */ +#define MAX_XMPP_SERVERS 3 + #define XMPP_SERVER_PORT 5269 #define XMPP_DNS_SERVER_PORT 53 #define METADATA_IP_ADDR ntohl(inet_addr("169.254.169.254"))
静态XMPP分配
contrail-controller:
diff --git a/src/vnsw/agent/cmn/agent.cc b/src/vnsw/agent/cmn/agent.cc index 607f384..71d27d8 100644 --- a/src/vnsw/agent/cmn/agent.cc +++ b/src/vnsw/agent/cmn/agent.cc @@ -469,7 +469,7 @@ void Agent::CopyFilteredParams() { if (new_chksum != controller_chksum_) { controller_chksum_ = new_chksum; controller_list_ = params_->controller_server_list(); - std::random_shuffle(controller_list_.begin(), controller_list_.end()); + std::random_shuffle(controller_list_.begin(), controller_list_.end()); // commented out for static XMPP assignment } // Dns
基于VLAN的EVPN T2互操作
diff --git a/src/bgp/evpn/evpn_route.cc b/src/bgp/evpn/evpn_route.cc index 36412b2..a830b5c 100644 --- a/src/bgp/evpn/evpn_route.cc +++ b/src/bgp/evpn/evpn_route.cc @@ -487,7 +487,7 @@ void EvpnPrefix::BuildProtoPrefix(BgpProtoPrefix *proto_prefix, proto_prefix->prefix.begin() + esi_offset); } size_t tag_offset = esi_offset + kEsiSize; - put_value(&proto_prefix->prefix[tag_offset], kTagSize, tag_); + put_value(&proto_prefix->prefix[tag_offset], kTagSize, 0); size_t mac_len_offset = tag_offset + kTagSize; proto_prefix->prefix[mac_len_offset] = 48; size_t mac_offset = mac_len_offset + 1;
“enable_nova: no”是可配置的
(已实施)
https://review.opencontrail.org/c/Juniper/contrail-kolla-ansible/+/58908git clone -b contrail/queens https://github.com/Juniper/contrail-kolla-ansible diff --git a/ansible/post-deploy-contrail.yml b/ansible/post-deploy-contrail.yml index e603207..c700d88 100644 --- a/ansible/post-deploy-contrail.yml +++ b/ansible/post-deploy-contrail.yml @@ -63,6 +63,8 @@ - ['baremetal-hosts', 'virtual-hosts'] register: command_result failed_when: "command_result.rc == 1 and 'already exists' not in command_result.stderr" + when: + - enable_nova | bool run_once: yes - name: Add compute hosts to virtual-hosts Aggregate Group
每个标签的安全端点统计信息作为UVE
https://review.opencontrail.org/c/Juniper/contrail-specs/+/55761
kubernetes的多master设置
(已实施)
-
https://review.opencontrail.org/c/Juniper/contrail-controller/+/55758
-
https://github.com/tnaganawa/tungstenfabric-docs/blob/master/TungstenFabricPrimer.md#k8sk8s
tc-flower卸载
对此感兴趣的朋友, 我尝试了两种vRouter设置,并在一个节点上键入了这些命令以绕过vRouter数据路径,来使用tc, 发现基于tc-flower的vxlan数据路径(出口)和vRouter的vxlan数据路径可以互通:) -ingress vxlan decap无法正常运作,我仍在调查.. vRouter0: 172.31.4.175 (container, 10.0.1.251) vRouter1: 172.31.1.214 (container, 10.0.1.250, connected to tapeth0-038fdd) [from specific tap to known ip address, vxlan encap could be offloaded to tc] - typed on vRouter1 ip link set vxlan7 up ip link add vxlan7 type vxlan vni 7 dev ens5 dstport 0 external tc filter add dev tapeth0-038fdd protocol ip parent ffff: \ flower \ ip_proto icmp dst_ip 10.0.1.251 \ action simple sdata "ttt" action tunnel_key set \ src_ip 172.31.1.214 \ dst_ip 172.31.4.175 \ id 7 \ dst_port 4789 \ action mirred egress redirect dev vxlan7 [although for egress traffic vRouter1 is bypassed, it can still communicate] [root@ip-172-31-1-214 ~]# tcpdump -nn -i ens5 udp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens5, link-type EN10MB (Ethernet), capture size 262144 bytes 04:55:41.566458 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7 IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 180, length 64 04:55:41.566620 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7 IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 180, length 64 04:55:42.570917 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7 IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 181, length 64 04:55:42.571056 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7 IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 181, length 64 ^C 4 packets captured 5 packets received by filter 0 packets dropped by kernel [root@ip-172-31-1-214 ~]# / # ping 10.0.1.251 PING 10.0.1.251 (10.0.1.251): 56 data bytes 64 bytes from 10.0.1.251: seq=0 ttl=64 time=5.183 ms 64 bytes from 10.0.1.251: seq=1 ttl=64 time=4.587 ms ^C --- 10.0.1.251 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 4.587/4.885/5.183 ms / # [tap's RX is not incrementing since that is bypassed (TX increments, since ingress traffic still uses vRouter datapath)] [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes RX packets:3393 bytes:288094 errors:0 TX packets:3438 bytes:291340 errors:0 [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes RX packets:3393 bytes:288094 errors:0 TX packets:3439 bytes:291438 errors:0 [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes RX packets:3394 bytes:288136 errors:0 TX packets:3442 bytes:291676 errors:0 [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes RX packets:3394 bytes:288136 errors:0 TX packets:3444 bytes:291872 errors:0 [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes RX packets:3394 bytes:288136 errors:0 TX packets:3447 bytes:292166 errors:0 [root@ip-172-31-1-214 ~]#
contrail-controller diff --git a/src/vnsw/agent/pkt/flow_mgmt.cc b/src/vnsw/agent/pkt/flow_mgmt.cc index c888a26..a1b0189 100644 --- a/src/vnsw/agent/pkt/flow_mgmt.cc +++ b/src/vnsw/agent/pkt/flow_mgmt.cc @@ -511,6 +511,9 @@ void FlowMgmtManager::LogFlowUnlocked(FlowEntry *flow, const std::string &op) { FlowInfo trace; flow->FillFlowInfo(trace); FLOW_TRACE(Trace, op, trace); + + // Add tc flower logic, based on FlowEntry *flow + } // Extract all the FlowMgmtKey for a flow
GCE上的vRouter无法到达同一子网中的其它节点
在GCE中安装vRouter时,它无法到达同一子网中的某个节点。该补丁是一个临时的解决方法。
diff --git a/containers/vrouter/agent/entrypoint.sh b/containers/vrouter/agent/entrypoint.sh index f4f49f4..01e1349 100755 --- a/containers/vrouter/agent/entrypoint.sh +++ b/containers/vrouter/agent/entrypoint.sh @@ -140,7 +140,7 @@ if [ "$gcp" == "Google" ]; then for intf in $intfs ; do if [[ $phys_int_mac == "$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/mac)" ]]; then mask=$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/subnetmask) - vrouter_cidr=$vrouter_ip/$(mask2cidr $mask) + vrouter_cidr=$vrouter_ip/31 ### this can't be set /32, since in that setup, vrouter can't create ingress flow for some reason .. fi done fi
何时与multus一起使用
(已实施)
提交后发现,vRouter可以很好地与multus-cni一起工作(它可以动态识别是直接调用还是由某些元插件调用)。
(install kubernetes and vRouter by ansible-deployer: container tag: master-latest, ansible-deployer: master) git clone https://github.com/intel/multus-cni.git && cd multus-cni cat ./images/deprecated/multus-daemonset-pre-1.16.yml | kubectl apply -f -
注意:由于ansible-deployer安装了v0.3.0 CNI,因此默认情况下,桥接CNI不能正常工作。将/opt/cni/bin/bridge(和/opt/cni/bin/static)文件替换为v0.8.6模块时,它可以正常工作。
多vCenter设置
Tungsten Fabric控制器节点提供的vCenter插件数量与vCenter数量一样多。
由于每个vCenter下都有多个ESXi,因此对于某个特定vCenter的ESXi,其vRouterVM上的每个vcenter-manager,都需要使用该租户名称(而不是硬编码的“vCenter”租户)来配置。
contrail-vcenter-plugin: diff --git a/src/net/juniper/contrail/vcenter/VCenterMonitor.java b/src/net/juniper/contrail/vcenter/VCenterMonitor.java index d5c0043..294ee99 100644 --- a/src/net/juniper/contrail/vcenter/VCenterMonitor.java +++ b/src/net/juniper/contrail/vcenter/VCenterMonitor.java @@ -74,7 +74,7 @@ public class VCenterMonitor { private static String _authurl = "http://10.84.24.54:35357/v2.0"; private static String _zookeeperAddrPort = "127.0.0.1:2181"; - private static String _zookeeperLatchPath = "/vcenter-plugin"; + private static String _zookeeperLatchPath = "/vcenter-plugin"; // make this configurable private static String _zookeeperId = "node-vcenter-plugin"; static volatile Mode mode = Mode.VCENTER_ONLY; diff --git a/src/net/juniper/contrail/vcenter/VncDB.java b/src/net/juniper/contrail/vcenter/VncDB.java index 9d004b7..a831a37 100644 --- a/src/net/juniper/contrail/vcenter/VncDB.java +++ b/src/net/juniper/contrail/vcenter/VncDB.java @@ -61,8 +61,8 @@ public class VncDB { Mode mode; public static final String VNC_ROOT_DOMAIN = "default-domain"; - public static final String VNC_VCENTER_PROJECT = "vCenter"; - public static final String VNC_VCENTER_IPAM = "vCenter-ipam"; + public static final String VNC_VCENTER_PROJECT = "vCenter"; // make this configurable + public static final String VNC_VCENTER_IPAM = "vCenter-ipam"; // make this configurable public static final String VNC_VCENTER_DEFAULT_SG = "default"; public static final String VNC_VCENTER_PLUGIN = "vcenter-plugin"; public static final String VNC_VCENTER_TEST_PROJECT = "vCenter-test"; contrail-vcenter-manager: diff --git a/cvm/constants.py b/cvm/constants.py index 0dcabab..4b30299 100644 --- a/cvm/constants.py +++ b/cvm/constants.py @@ -31,8 +31,8 @@ VM_UPDATE_FILTERS = [ 'runtime.powerState', ] VNC_ROOT_DOMAIN = 'default-domain' -VNC_VCENTER_PROJECT = 'vCenter' -VNC_VCENTER_IPAM = 'vCenter-ipam' +VNC_VCENTER_PROJECT = 'vCenter' ## make this configurable +VNC_VCENTER_IPAM = 'vCenter-ipam' ## make this configurable VNC_VCENTER_IPAM_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_IPAM] VNC_VCENTER_DEFAULT_SG = 'default' VNC_VCENTER_DEFAULT_SG_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_DEFAULT_SG]
在所有计算节点上使用相同的ECMP散列,以实现数据包模式下的对称ECMP
(已实施)
- https://review.opencontrail.org/c/Juniper/contrail-controller/+/57643
- https://review.opencontrail.org/c/Juniper/contrail-controller/+/32223
diff --git a/src/vnsw/agent/pkt/pkt_handler.cc b/src/vnsw/agent/pkt/pkt_handler.cc index 28e5637..075bb17 100644 --- a/src/vnsw/agent/pkt/pkt_handler.cc +++ b/src/vnsw/agent/pkt/pkt_handler.cc @@ -1304,7 +1304,7 @@ std::size_t PktInfo::hash(const Agent *agent, // We need to ensure that hash computed in Compute-1 and Compute-2 are // different. We also want to have same hash on agent restarts. So, include // vhost-ip also to compute hash - boost::hash_combine(seed, agent->router_id().to_ulong()); + ////// boost::hash_combine(seed, agent->router_id().to_ulong()); if (family == Address::INET) { if (ecmp_load_balance.is_source_ip_set()) {
使用透明服务链时指定vlan-id
# diff -u config_db.py.orig config_db.py --- config_db.py.orig 2019-08-04 10:54:22.993291899 +0000 +++ config_db.py 2019-08-04 13:05:23.665843100 +0000 @@ -3059,6 +3062,21 @@ service_ri1, service_ri2): vlan = self._object_db.allocate_service_chain_vlan(vm_info['vm_uuid'], self.name) + #### + ## vlan-id is embedded in service-instance name + ## servicename---vm_uuid---vlanid + #### + for servicename in self.service_list: + left_interface_uuid = vm_info['left']['vmi'].name.split (':')[-1] + if (servicename.find(left_interface_uuid ) > -1): + vlan = servicename.split(':')[-1].split('---')[-1] + self.add_pbf_rule(vm_info['left']['vmi'], service_ri1, v4_address, v6_address, vlan) self.add_pbf_rule(vm_info['right']['vmi'], service_ri2, @@ -3911,6 +3929,22 @@ vlan = self._object_db.allocate_service_chain_vlan( vm_pt.uuid, service_chain.name) + + ### + # begin: added + ### + for servicename in service_chain.service_list: + if (servicename.find(self.name.split(':')[-1]) > -1): + vlan = servicename.split(':')[-1].split('---')[-1] + ### + # end: added + ### + service_chain.add_pbf_rule(self, service_ri, v4_address, v6_address, vlan) #end for service_chain
支持CentOS的旧内核
Juniper/contrail-packages
diff --git a/kernel_version.info b/kernel_version.info index 8d38f34..d5e711b 100644 --- a/kernel_version.info +++ b/kernel_version.info @@ -1,2 +1,3 @@ +3.10.0-862.2.3.el7.x86_64 3.10.0-1062.4.1.el7.x86_64 -3.10.0-1062.9.1.el7.x86_64 \ No newline at end of file +3.10.0-1062.9.1.el7.x86_64
可配置的最小路由目标ID
diff --git a/src/config/common/cfgm_common/__init__.py b/src/config/common/cfgm_common/__init__.py index 088b03b..dd484ab 100644 --- a/src/config/common/cfgm_common/__init__.py +++ b/src/config/common/cfgm_common/__init__.py @@ -18,7 +18,7 @@ DCI_VN_FQ_NAME = ['default-domain', 'default-project', 'dci-network'] DCI_IPAM_FQ_NAME = ['default-domain', 'default-project', 'default-dci-lo0-network-ipam'] OVERLAY_LOOPBACK_FQ_PREFIX = ['default-domain', 'default-project'] -_BGP_RTGT_MIN_ID_TYPE0 = 8000000 +_BGP_RTGT_MIN_ID_TYPE0 = 8100000 _BGP_RTGT_MIN_ID_TYPE1_2 = 8000 SGID_MIN_ALLOC = 8000000 VNID_MIN_ALLOC = 1
使用Linux 5.x内核构建vRouter失败问题
https://review.opencontrail.org/c/Juniper/contrail-vrouter/+/57506
原文链接:
https://github.com/tnaganawa/tungstenfabric-docs/blob/master/TungstenFabricKnowledgeBase.md
往期精选
Tungsten Fabric知识库丨vRouter内部运行探秘
Tungsten Fabric知识库丨更多组件内部探秘
Tungsten Fabric知识库丨 构建、安装与公有云部署
Tungsten Fabric知识库丨测试2000个vRouter节点部署
Tungsten Fabric知识库丨关于OpenStack、K8s、CentOS安装问题的补充Tungsten Fabric入门宝典系列文章——
1.首次启动和运行指南
2.TF组件的七种“武器”
3.编排器集成
4.关于安装的那些事(上)
5.关于安装的那些事(下)
6.主流监控系统工具的集成
7.开始第二天的工作
8.8个典型故障及排查Tips
9.关于集群更新的那些事
10.说说L3VPN及EVPN集成
11.关于服务链、BGPaaS及其它
12.关于多集群和多数据中心
13.多编排器用法及配置
-