Tungsten Fabric知识库丨这里有18个TF补丁程序,建议收藏



  • 作者:Tatsuya Naganawa 译者:TF编译组

    静态scheduler:用于svc-monitor logic选择可用的vRouter

    diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b
    index f40de26..d5c2478 100644
    --- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
    +++ b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
    @@ -200,3 +200,8 @@ class RandomScheduler(VRouterScheduler):
             self._vnc_lib.ref_update('virtual-router', chosen_vrouter,
                 'virtual-machine', vm.uuid, None, 'ADD')
             return chosen_vrouter
    +
    +class StaticScheduler(VRouterScheduler):
    +    """Statically assign vRouter nodes for v1 service-chain, haproxy lb, SNAT e
    +    def schedule(self, si, vm):
    +        return ['bms11', 'bms12']
    

    从svc-monitor logic中解耦analytics

    diff --git a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.
    index f40de26..7fd1f0a 100644
    --- a/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
    +++ b/src/config/svc-monitor/svc_monitor/scheduler/vrouter_scheduler.py
    @@ -115,6 +115,8 @@ class VRouterScheduler(object):
             return response_dict
    
         def vrouters_running(self):
    +        ## implement logic to see available vRouter, without checking analytics response (possible choice is xmpp status from control node)
    +
             # get az host list
             az_vrs = self._get_az_vrouter_list()
    

    https://review.opencontrail.org/c/Juniper/contrail-controller/+/59457

    更具扩展性的haproxy负载均衡器和SNAT

    diff --git a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
    index 5487b2b..1bee992 100644
    --- a/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
    +++ b/src/config/svc-monitor/svc_monitor/services/loadbalancer/drivers/ha_proxy/driver.py
    @@ -92,8 +92,8 @@ class OpencontrailLoadbalancerDriver(
    
             # set interfaces and ha
             props.set_interface_list(if_list)
    -        props.set_ha_mode('active-standby')
    -        scale_out = ServiceScaleOutType(max_instances=2, auto_scale=False)
    +        props.set_ha_mode('active-active')
    +        scale_out = ServiceScaleOutType(max_instances=10, auto_scale=False)
             props.set_scale_out(scale_out)
    
             return props
    diff --git a/src/config/svc-monitor/svc_monitor/snat_agent.py b/src/config/svc-monitor/svc_monitor/snat_agent.py
    index 54ea709..f5bce37 100644
    --- a/src/config/svc-monitor/svc_monitor/snat_agent.py
    +++ b/src/config/svc-monitor/svc_monitor/snat_agent.py
    @@ -169,7 +169,7 @@ class SNATAgent(Agent):
                 si_obj.fq_name = project_fq_name + [si_name]
                 si_created = True
             si_prop_obj = ServiceInstanceType(
    -            scale_out=ServiceScaleOutType(max_instances=2,
    +            scale_out=ServiceScaleOutType(max_instances=10,
                                               auto_scale=True),
                 auto_policy=False)
    
    @@ -181,7 +181,7 @@ class SNATAgent(Agent):
             right_if = ServiceInstanceInterfaceType(
                 virtual_network=':'.join(vn_obj.fq_name))
             si_prop_obj.set_interface_list([right_if, left_if])
    -        si_prop_obj.set_ha_mode('active-standby')
    +        si_prop_obj.set_ha_mode('active-active')
    
             si_obj.set_service_instance_properties(si_prop_obj)
             si_obj.set_service_template(st_obj)
    

    三个XMPP连接(以覆盖双重故障情景)

    diff --git a/src/vnsw/agent/cmn/agent.h b/src/vnsw/agent/cmn/agent.h
    index 3e48812..832b476 100644
    --- a/src/vnsw/agent/cmn/agent.h
    +++ b/src/vnsw/agent/cmn/agent.h
    @@ -284,7 +284,10 @@ extern void RouterIdDepInit(Agent *agent);
     #define MULTICAST_LABEL_BLOCK_SIZE 2048
    
     #define MIN_UNICAST_LABEL_RANGE 4098
    -#define MAX_XMPP_SERVERS 2
    +
    +/* to cover double failure case */
    +#define MAX_XMPP_SERVERS 3 
    +
     #define XMPP_SERVER_PORT 5269
     #define XMPP_DNS_SERVER_PORT 53
     #define METADATA_IP_ADDR ntohl(inet_addr("169.254.169.254"))
    

    静态XMPP分配

    contrail-controller:

    diff --git a/src/vnsw/agent/cmn/agent.cc b/src/vnsw/agent/cmn/agent.cc
    index 607f384..71d27d8 100644
    --- a/src/vnsw/agent/cmn/agent.cc
    +++ b/src/vnsw/agent/cmn/agent.cc
    @@ -469,7 +469,7 @@ void Agent::CopyFilteredParams() {
         if (new_chksum != controller_chksum_) {
             controller_chksum_ = new_chksum;
             controller_list_ = params_->controller_server_list();
    -        std::random_shuffle(controller_list_.begin(), controller_list_.end());
    +        std::random_shuffle(controller_list_.begin(), controller_list_.end()); // commented out for static XMPP assignment
         }
    
         // Dns
    

    基于VLAN的EVPN T2互操作

    diff --git a/src/bgp/evpn/evpn_route.cc b/src/bgp/evpn/evpn_route.cc
    index 36412b2..a830b5c 100644
    --- a/src/bgp/evpn/evpn_route.cc
    +++ b/src/bgp/evpn/evpn_route.cc
    @@ -487,7 +487,7 @@ void EvpnPrefix::BuildProtoPrefix(BgpProtoPrefix *proto_prefix,
                     proto_prefix->prefix.begin() + esi_offset);
             }
             size_t tag_offset = esi_offset + kEsiSize;
    -        put_value(&proto_prefix->prefix[tag_offset], kTagSize, tag_);
    +        put_value(&proto_prefix->prefix[tag_offset], kTagSize, 0);
             size_t mac_len_offset = tag_offset + kTagSize;
             proto_prefix->prefix[mac_len_offset] = 48;
             size_t mac_offset = mac_len_offset + 1;
    

    “enable_nova: no”是可配置的

    (已实施)
    https://review.opencontrail.org/c/Juniper/contrail-kolla-ansible/+/58908

    git clone -b contrail/queens https://github.com/Juniper/contrail-kolla-ansible
    
    diff --git a/ansible/post-deploy-contrail.yml b/ansible/post-deploy-contrail.yml
    index e603207..c700d88 100644
    --- a/ansible/post-deploy-contrail.yml
    +++ b/ansible/post-deploy-contrail.yml
    @@ -63,6 +63,8 @@
           - ['baremetal-hosts', 'virtual-hosts']
         register: command_result
         failed_when: "command_result.rc == 1 and 'already exists' not in command_result.stderr"
    +    when:
    +      - enable_nova | bool
         run_once: yes
    
       - name: Add compute hosts to virtual-hosts Aggregate Group
    

    每个标签的安全端点统计信息作为UVE

    https://review.opencontrail.org/c/Juniper/contrail-specs/+/55761

    kubernetes的多master设置

    (已实施)

    1. https://review.opencontrail.org/c/Juniper/contrail-controller/+/55758

    2. https://github.com/tnaganawa/tungstenfabric-docs/blob/master/TungstenFabricPrimer.md#k8sk8s

    tc-flower卸载

    对此感兴趣的朋友,
    
    我尝试了两种vRouter设置,并在一个节点上键入了这些命令以绕过vRouter数据路径,来使用tc,
    发现基于tc-flower的vxlan数据路径(出口)和vRouter的vxlan数据路径可以互通:)
      -ingress vxlan decap无法正常运作,我仍在调查..
    
    vRouter0: 172.31.4.175 (container, 10.0.1.251)
    vRouter1: 172.31.1.214 (container, 10.0.1.250, connected to tapeth0-038fdd)
    
    [from specific tap to known ip address, vxlan encap could be offloaded to tc]
     - typed on vRouter1
    ip link set vxlan7 up
    ip link add vxlan7 type vxlan vni 7 dev ens5 dstport 0 external
    tc filter add dev tapeth0-038fdd protocol ip parent ffff: \
                    flower \
                      ip_proto icmp dst_ip 10.0.1.251 \
                    action simple sdata "ttt" action tunnel_key set \
                      src_ip 172.31.1.214 \
                      dst_ip 172.31.4.175 \
                      id 7 \
                      dst_port 4789 \
                    action mirred egress redirect dev vxlan7
    
    [although for egress traffic vRouter1 is bypassed, it can still communicate]
    
    [root@ip-172-31-1-214 ~]# tcpdump -nn -i ens5 udp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens5, link-type EN10MB (Ethernet), capture size 262144 bytes
    04:55:41.566458 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7
    IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 180, length 64
    04:55:41.566620 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7
    IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 180, length 64
    04:55:42.570917 IP 172.31.1.214.57877 > 172.31.4.175.4789: VXLAN, flags [I] (0x08), vni 7
    IP 10.0.1.250 > 10.0.1.251: ICMP echo request, id 60416, seq 181, length 64
    04:55:42.571056 IP 172.31.4.175.61117 > 172.31.1.214.4789: VXLAN, flags [I] (0x08), vni 7
    IP 10.0.1.251 > 10.0.1.250: ICMP echo reply, id 60416, seq 181, length 64
    ^C
    4 packets captured
    5 packets received by filter
    0 packets dropped by kernel
    [root@ip-172-31-1-214 ~]#
    
    / # ping 10.0.1.251
    PING 10.0.1.251 (10.0.1.251): 56 data bytes
    64 bytes from 10.0.1.251: seq=0 ttl=64 time=5.183 ms
    64 bytes from 10.0.1.251: seq=1 ttl=64 time=4.587 ms
    ^C
    --- 10.0.1.251 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 4.587/4.885/5.183 ms
    / # 
    
    [tap's RX is not incrementing since that is bypassed (TX increments, since ingress traffic still uses vRouter datapath)]
    
    [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
                RX packets:3393  bytes:288094 errors:0
                TX packets:3438  bytes:291340 errors:0
    [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
                RX packets:3393  bytes:288094 errors:0
                TX packets:3439  bytes:291438 errors:0
    [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
                RX packets:3394  bytes:288136 errors:0
                TX packets:3442  bytes:291676 errors:0
    [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
                RX packets:3394  bytes:288136 errors:0
                TX packets:3444  bytes:291872 errors:0
    [root@ip-172-31-1-214 ~]# vif --get 8 | grep bytes
                RX packets:3394  bytes:288136 errors:0
                TX packets:3447  bytes:292166 errors:0
    [root@ip-172-31-1-214 ~]#
    
    contrail-controller
    
    diff --git a/src/vnsw/agent/pkt/flow_mgmt.cc b/src/vnsw/agent/pkt/flow_mgmt.cc
    index c888a26..a1b0189 100644
    --- a/src/vnsw/agent/pkt/flow_mgmt.cc
    +++ b/src/vnsw/agent/pkt/flow_mgmt.cc
    @@ -511,6 +511,9 @@ void FlowMgmtManager::LogFlowUnlocked(FlowEntry *flow, const std::string &op) {
         FlowInfo trace;
         flow->FillFlowInfo(trace);
         FLOW_TRACE(Trace, op, trace);
    +
    +    // Add tc flower logic, based on FlowEntry *flow
    + 
     }
    
     // Extract all the FlowMgmtKey for a flow
    

    GCE上的vRouter无法到达同一子网中的其它节点

    在GCE中安装vRouter时,它无法到达同一子网中的某个节点。该补丁是一个临时的解决方法。

    diff --git a/containers/vrouter/agent/entrypoint.sh b/containers/vrouter/agent/entrypoint.sh
    index f4f49f4..01e1349 100755
    --- a/containers/vrouter/agent/entrypoint.sh
    +++ b/containers/vrouter/agent/entrypoint.sh
    @@ -140,7 +140,7 @@ if [ "$gcp" == "Google" ]; then
         for intf in $intfs ; do
             if [[ $phys_int_mac == "$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/mac)" ]]; then
                 mask=$(curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/network-interfaces/${intf}/subnetmask)
    -            vrouter_cidr=$vrouter_ip/$(mask2cidr $mask)
    +            vrouter_cidr=$vrouter_ip/31  ### this can't be set /32, since in that setup, vrouter can't create ingress flow for some reason ..
             fi
         done
     fi
    

    何时与multus一起使用

    (已实施)

    提交后发现,vRouter可以很好地与multus-cni一起工作(它可以动态识别是直接调用还是由某些元插件调用)。

    (install kubernetes and vRouter by ansible-deployer: container tag: master-latest, ansible-deployer: master)
    git clone https://github.com/intel/multus-cni.git && cd multus-cni
    cat ./images/deprecated/multus-daemonset-pre-1.16.yml | kubectl apply -f -
    

    注意:由于ansible-deployer安装了v0.3.0 CNI,因此默认情况下,桥接CNI不能正常工作。将/opt/cni/bin/bridge(和/opt/cni/bin/static)文件替换为v0.8.6模块时,它可以正常工作。

    多vCenter设置

    Tungsten Fabric控制器节点提供的vCenter插件数量与vCenter数量一样多。

    由于每个vCenter下都有多个ESXi,因此对于某个特定vCenter的ESXi,其vRouterVM上的每个vcenter-manager,都需要使用该租户名称(而不是硬编码的“vCenter”租户)来配置。

    contrail-vcenter-plugin:
    diff --git a/src/net/juniper/contrail/vcenter/VCenterMonitor.java b/src/net/juniper/contrail/vcenter/VCenterMonitor.java
    index d5c0043..294ee99 100644
    --- a/src/net/juniper/contrail/vcenter/VCenterMonitor.java
    +++ b/src/net/juniper/contrail/vcenter/VCenterMonitor.java
    @@ -74,7 +74,7 @@ public class VCenterMonitor {
         private static String _authurl           = "http://10.84.24.54:35357/v2.0";
    
         private static String _zookeeperAddrPort  = "127.0.0.1:2181";
    -    private static String _zookeeperLatchPath = "/vcenter-plugin";
    +    private static String _zookeeperLatchPath = "/vcenter-plugin"; // make this configurable
         private static String _zookeeperId        = "node-vcenter-plugin";
    
         static volatile Mode mode  = Mode.VCENTER_ONLY;
    diff --git a/src/net/juniper/contrail/vcenter/VncDB.java b/src/net/juniper/contrail/vcenter/VncDB.java
    index 9d004b7..a831a37 100644
    --- a/src/net/juniper/contrail/vcenter/VncDB.java
    +++ b/src/net/juniper/contrail/vcenter/VncDB.java
    @@ -61,8 +61,8 @@ public class VncDB {
         Mode mode;
    
         public static final String VNC_ROOT_DOMAIN     = "default-domain";
    -    public static final String VNC_VCENTER_PROJECT = "vCenter";
    -    public static final String VNC_VCENTER_IPAM    = "vCenter-ipam";
    +    public static final String VNC_VCENTER_PROJECT = "vCenter"; // make this configurable
    +    public static final String VNC_VCENTER_IPAM    = "vCenter-ipam"; // make this configurable
         public static final String VNC_VCENTER_DEFAULT_SG    = "default";
         public static final String VNC_VCENTER_PLUGIN  = "vcenter-plugin";
         public static final String VNC_VCENTER_TEST_PROJECT = "vCenter-test";
    
    
    contrail-vcenter-manager:
    diff --git a/cvm/constants.py b/cvm/constants.py
    index 0dcabab..4b30299 100644
    --- a/cvm/constants.py
    +++ b/cvm/constants.py
    @@ -31,8 +31,8 @@ VM_UPDATE_FILTERS = [
         'runtime.powerState',
     ]
     VNC_ROOT_DOMAIN = 'default-domain'
    -VNC_VCENTER_PROJECT = 'vCenter'
    -VNC_VCENTER_IPAM = 'vCenter-ipam'
    +VNC_VCENTER_PROJECT = 'vCenter' ## make this configurable
    +VNC_VCENTER_IPAM = 'vCenter-ipam' ## make this configurable
     VNC_VCENTER_IPAM_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_IPAM]
     VNC_VCENTER_DEFAULT_SG = 'default'
     VNC_VCENTER_DEFAULT_SG_FQN = [VNC_ROOT_DOMAIN, VNC_VCENTER_PROJECT, VNC_VCENTER_DEFAULT_SG]
    

    在所有计算节点上使用相同的ECMP散列,以实现数据包模式下的对称ECMP

    (已实施)

    diff --git a/src/vnsw/agent/pkt/pkt_handler.cc b/src/vnsw/agent/pkt/pkt_handler.cc
    index 28e5637..075bb17 100644
    --- a/src/vnsw/agent/pkt/pkt_handler.cc
    +++ b/src/vnsw/agent/pkt/pkt_handler.cc
    @@ -1304,7 +1304,7 @@ std::size_t PktInfo::hash(const Agent *agent,
         // We need to ensure that hash computed in Compute-1 and Compute-2 are
         // different. We also want to have same hash on agent restarts. So, include
         // vhost-ip also to compute hash
    -    boost::hash_combine(seed, agent->router_id().to_ulong());
    +    ////// boost::hash_combine(seed, agent->router_id().to_ulong());
    
         if (family == Address::INET) {
             if (ecmp_load_balance.is_source_ip_set()) {
    

    使用透明服务链时指定vlan-id

    # diff -u config_db.py.orig config_db.py
    --- config_db.py.orig 2019-08-04 10:54:22.993291899 +0000
    +++ config_db.py 2019-08-04 13:05:23.665843100 +0000
    @@ -3059,6 +3062,21 @@
                                         service_ri1, service_ri2):
             vlan = self._object_db.allocate_service_chain_vlan(vm_info['vm_uuid'],
                                                                self.name)
    +        ####
    +        ## vlan-id is embedded in service-instance name
    +        ## servicename---vm_uuid---vlanid
    +        ####
    +        for servicename in self.service_list:
    +          left_interface_uuid = vm_info['left']['vmi'].name.split (':')[-1]
    +          if (servicename.find(left_interface_uuid ) > -1):
    +            vlan = servicename.split(':')[-1].split('---')[-1]
    +
             self.add_pbf_rule(vm_info['left']['vmi'], service_ri1,
                               v4_address, v6_address, vlan)
             self.add_pbf_rule(vm_info['right']['vmi'], service_ri2,
    @@ -3911,6 +3929,22 @@
                     vlan = self._object_db.allocate_service_chain_vlan(
                         vm_pt.uuid, service_chain.name)
    
    +
    +                ###
    +                # begin: added
    +                ###
    +                for servicename in service_chain.service_list:
    +                  if (servicename.find(self.name.split(':')[-1]) > -1):
    +                    vlan = servicename.split(':')[-1].split('---')[-1]
    +                ###
    +                # end: added
    +                ###
    +
                     service_chain.add_pbf_rule(self, service_ri, v4_address,
                                                v6_address, vlan)
                 #end for service_chain
    

    支持CentOS的旧内核

    Juniper/contrail-packages

    diff --git a/kernel_version.info b/kernel_version.info
    index 8d38f34..d5e711b 100644
    --- a/kernel_version.info
    +++ b/kernel_version.info
    @@ -1,2 +1,3 @@
    +3.10.0-862.2.3.el7.x86_64
     3.10.0-1062.4.1.el7.x86_64
    -3.10.0-1062.9.1.el7.x86_64
    \ No newline at end of file
    +3.10.0-1062.9.1.el7.x86_64
    

    可配置的最小路由目标ID

    diff --git a/src/config/common/cfgm_common/__init__.py b/src/config/common/cfgm_common/__init__.py
    index 088b03b..dd484ab 100644
    --- a/src/config/common/cfgm_common/__init__.py
    +++ b/src/config/common/cfgm_common/__init__.py
    @@ -18,7 +18,7 @@ DCI_VN_FQ_NAME = ['default-domain', 'default-project', 'dci-network']
     DCI_IPAM_FQ_NAME = ['default-domain', 'default-project', 'default-dci-lo0-network-ipam']
     OVERLAY_LOOPBACK_FQ_PREFIX = ['default-domain', 'default-project']
    
    -_BGP_RTGT_MIN_ID_TYPE0 = 8000000
    +_BGP_RTGT_MIN_ID_TYPE0 = 8100000
     _BGP_RTGT_MIN_ID_TYPE1_2 = 8000
     SGID_MIN_ALLOC = 8000000
     VNID_MIN_ALLOC = 1
    

    使用Linux 5.x内核构建vRouter失败问题

    https://review.opencontrail.org/c/Juniper/contrail-vrouter/+/57506


    原文链接:
    https://github.com/tnaganawa/tungstenfabric-docs/blob/master/TungstenFabricKnowledgeBase.md


    往期精选

    Tungsten Fabric知识库丨vRouter内部运行探秘
    Tungsten Fabric知识库丨更多组件内部探秘
    Tungsten Fabric知识库丨 构建、安装与公有云部署
    Tungsten Fabric知识库丨测试2000个vRouter节点部署
    Tungsten Fabric知识库丨关于OpenStack、K8s、CentOS安装问题的补充

    Tungsten Fabric入门宝典系列文章——
    1.首次启动和运行指南
    2.TF组件的七种“武器”
    3.编排器集成
    4.关于安装的那些事(上)
    5.关于安装的那些事(下)
    6.主流监控系统工具的集成
    7.开始第二天的工作
    8.8个典型故障及排查Tips
    9.关于集群更新的那些事
    10.说说L3VPN及EVPN集成
    11.关于服务链、BGPaaS及其它
    12.关于多集群和多数据中心
    13.多编排器用法及配置


Log in to reply