一、Neutron概述
如何快速響應業務的需求對網絡管理提出了更高的要求。傳統的網絡管理方式已經很難勝任這項工作,而“軟件定義網絡(software-defined networking, SDN)”所具有的靈活性和自動化優勢使其成為雲時代網絡管理的主流。
Neutron 的設計目標是實現“網絡即服務(Networking as a Service)”。為了達到這一目標,在設計上遵循了基於 SDN 實現網絡虛擬化的原則,在實現上充分利用了 Linux 系統上的各種網絡相關的技術。
SDN 模式服務— NeutronSDN( 軟件定義網絡 ), 通過使用它,網絡管理員和雲計算操作員可以通過程序來動態定義虛擬網絡設備。Openstack 網絡中的 SDN 組件就是 Quantum.但因為版權問題而改名為Neutron 。
https://www.cnblogs.com/mh20131118/p/12954641.html
1、概念
(1)網橋/Bridge
Bridge類似於交換機,用於連接不同的網絡設備。
Neutron 將網橋分為內部網橋(bridge-internal,bri-int)和外部網橋(bridge-external,ex-int)兩種。
- 內部網橋:實現內部網絡功能
- 外部網橋:負責與外部網絡通信
(1)網絡/Network
Network是一個隔離的二層廣播域。neutron支持多種類型的Network:
Local:與其他網絡和節點隔離,Local網絡中的instance只能與位於同一節點同一網絡的Instance通信,主要是用於單機測試。Flat:不支持VLAN,不支持二層隔離,所有虛擬機都在一個廣播域中。用虛擬網橋建立了雲主機網卡和物理網卡之間的聯系,雲主機和物理機可直接聯系。容易產生廣播風暴、能容納的雲主機數量不太多。VLAN:具有802.1q tagging的網絡,可以將若干雲主機按邏輯划分屬於不同的VLAN。同一VLAN的雲主機可以通信,不同VLAN的雲主機只能通過router通信。最多只能標識4094個網絡,無法滿足超大規模用戶需求。Vxlan:基於隧道技術的overlay網絡,Vxlan是UDP隧道,可穿越IP網絡,使得虛擬VLAN實現二層聯通,能克服VLAN和物理網絡基礎設置限制,可提供多達1600萬的虛擬網絡容量。GRE:基於‘GRE Tunnel’隧道技術的overlay網絡,主要區別是使用IP包而非UDP進行封裝。
(2)子網/Subnet
Subnet 是掛載在網絡中的一個IP 地址段(IPv4 或 IPv6)。它的主要功能是當網絡中創建新的端口時為其分配IP地址。
- Network與Subnet是一對多的關系
- 同一網絡的子網可以是不同的IP段,但CIDR不能重疊;
- 一個子網必須屬於一個網絡,一個網絡可以有多個子網;
- 不同Network的Subnet的CIDR和IP都可以重疊。因為 Neutron 的 router 是通過 linux network namespace 實現的。
Network Namespace是一種網絡隔離機制,通過網絡命令空間的每個router都有自己獨立的路由表。- 若兩個subnet是通過同一個router路由,根據router配置,只有指定的一個subnet可被路由;
- 若兩個subnet是通過不同的router路由,因為router的路由表獨立,因此兩個subnet都可以被路由。
(3)端口/Port
Port 是掛載在子網中的用於連接雲主機虛擬網卡的接口。也是虛擬交換機的一個端口,定義了MAC地址和IP地址。
當實例的虛擬網卡(VIF,Virtual interface)綁定到 Port 時,Port 就會將 MAC 地址和IP地址分配給虛擬網卡。
子網和端口是一對多關系,一個端口必須屬於某個子網,一個子網可以有多個端口。
2、功能
Neutron 為整個 OpenStack 環境提供網絡支持,包括二層交換,三層路由,負載均衡,防火牆和 VPN 等。
(1)二層交換Switching
Neutron支持多種虛擬交換機,一般使用Linux Bridge和Open vSwitch創建傳統的VLAN網絡,以及基於隧道技術的Overlay網絡,如VxLAN和GRE(Linux Bridge 目前只支持 VxLAN)。
(2)三層路由Routing
Neutron從Juno版開始正式加入的DVR(Distributed Virtual Router)服務,它將原本集中在網絡節點的部分服務分散到了計算節點上。可以通過namespace中使用ip route或者iptables實現路由或NAT,也可以通過openflow給OpenvSwitch下發流表來實現。
(3)負載均衡Load Balancing
LBaaS 支持多種負載均衡產品和方案,不同的實現以 Plugin 的形式集成到 Neutron,通過HAProxy來實現。
(4)防火牆Firewalling
Neutron有兩種方式來保障instance和網絡的安全性,分別是安全組以及防火牆功能,均可以通過iptables來實現,前者是限制進出instance的網絡包,后者是進出虛擬路由器的網絡包。
3、架構
Neutron有以下組件構成:
- Neutron Server:對外提供OpenStack網絡API,接收請求,並調用Plugin處理請求。
- Plugin:處理Neutron Server發來的請求,維護OpenStack邏輯網絡的狀態,並調用Agent處理請求。
- Agent:處理Plugin的請求,負責在Network Provider上真正實現各種網絡功能。
- Network Provider:提供網絡服務的虛擬或者物理網絡設備,比如Linux Bridge,OpenVSwitch或者其他支持Neutron的物理交換機。
- Queue:Neutron Server,Plugin和Agent之間通過Messaging Queue通信和調用。
- Database:存放OpenStack的網絡狀態信息,包括Network,Subnet,Port,Router等。
4、Open vSwitch
Open vSwitch,簡稱OVS,是一個虛擬交換軟件,主要用於虛擬機VM環境,作為一個虛擬交換機,支持Xen/XenServer, KVM, and VirtualBox多種虛擬化技術
作用:讓大規模網絡自動化可以通過編程擴展,支持跨越多個物理服務器的分布式環境,同時仍然支持標准的管理接口和協議(例如NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag)。
二、常用操作
1、網絡管理
Openstack 的網絡是一個虛擬設備構成的OSI二層網絡。
(1)openstack命令行格式案例
openstack
network create Create new network # 創建網絡
network delete Delete network(s) # 刪除網絡
network list List networks # 列出網絡
network set Set network properties # 設置網絡參數
network unset Unset network properties # 取消網絡參數——標簽tag
network show Show network details # 顯示網絡詳情
# 創建flat類型共享外部網絡
[root@controller ~]# openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat \
vm-network
+---------------------------+--------------------------------------------------+
| Field | Value |
+---------------------------+-------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-11-25T10:53:34Z |
| description | |
| dns_domain | None |
| id | 10f3ff17-a6aa-48de-977d-0b11740e9bd1 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='4188570a34464b938ed3fa7e08681df8', project.name='admin', region_name='', zone= |
| mtu | 1500 |
| name | vm-network |
| port_security_enabled | True |
| project_id | 4188570a34464b938ed3fa7e08681df8 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-11-25T10:53:34Z |
+---------------------------+---------------------------+
# 查看當前網絡列表
[root@controller ~]# openstack network list
+--------------------------------------+------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------+--------------------------------------+
| 10f3ff17-a6aa-48de-977d-0b11740e9bd1 | vm-network | |
| 23adff00-a120-45ea-8c1b-0c1e6362e2f7 | asd | 21a98fd0-f156-45e0-822a-05a74e023770 |
+--------------------------------------+------------+--------------------------------------+
# 查看網絡詳情————可以使用名稱或ID
[root@controller ~]# openstack network show 10f3ff17-a6aa-48de-977d-0b11740e9bd1
[root@controller ~]# openstack network show vm-network
# 設置網絡參數
# 1.改名、改非共享
[root@controller ~]# openstack network set --name new-vnet --no-share vm-network
# 查看更改效果
# 改之前 shared 值為 True,改之后 shared 值為 False
[root@controller ~]# openstack network show new-vnet
# 2.加標簽tag
# 執行查看詳情可看到:tags 的值為hqs
[root@controller ~]# openstack network set --tag hqs new-vnet
# 取消網絡參數(僅限標簽)
[root@controller ~]# openstack network unset -h new-vnet
usage: openstack network unset [-h] [--tag <tag> | --all-tag] <network>
Unset network properties
positional arguments:
<network> Network to modify (name or ID)
optional arguments:
-h, --help show this help message and exit
--tag <tag> Tag to be removed from the network (repeat option to remove
multiple tags)
--all-tag Clear all tags associated with the network
# 去除tags對應的值
[root@controller ~]# openstack network unset --tag hqs new-vnet
# 去除所有tags對應的值
[root@controller ~]# openstack network unset --all-tag new-vnet
# 刪除網絡
[root@controller ~]# openstack network delete vm-network
(2)neutron命令行格式案例。
neutron
net-create Create a network for a given tenant.
net-delete Delete a given network.
net-list List networks that belong to a given tenant.
net-list-on-dhcp-agent List the networks on a DHCP agent.
net-show Show information of a given network.
net-update Update network information.
# 查看網絡列表
[root@controller ~]# neutron net-list
+--------------------------------------+--------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+--------------+------------------------------------------------------+
| 451fd2af-e1eb-4437-bf71-53b5f91c10b5 | int-gre | 948ee8fd-8700-4f17-a356-f2b8c5880396 172.25.2.0/24 |
| 8a87c829-f1d2-452b-9d0d-2ff7f3c628c5 | acme-int-gre | aa96a0f8-7f32-4c4f-aadc-467ebf02bcf5 192.168.30.0/24 |
| 702c5142-f227-45ad-ab02-b5773ae0a166 | net-gre | ace98613-346e-4973-9364-99ae0fb1a3ce 192.168.20.0/24 |
+--------------------------------------+--------------+------------------------------------------------------+
# 創建外部網絡
[root@controller ~]# neutron net-create --shared --router:external=true --provider:network_type gre net-test-gre
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-11-01T22:02:46 |
| description | |
| id | 0268d645-e55f-4d0c-ba0c-a358d5b36eaa |
| ipv4_address_scope | |
| ipv6_address_scope | |
| is_default | False |
| mtu | 1458 |
| name | net-test-gre |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 46 |
| router:external | True |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-01T22:02:46 |
+---------------------------+--------------------------------------+
# 創建內部網絡
[root@controller ~]# neutron net-create --shared --provider:network_type gre int-test-gre
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-11-01T22:03:45 |
| description | |
| id | 77f5fe53-15f4-4775-a04e-86aeb355c49e |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1458 |
| name | int-test-gre |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 75 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-01T22:03:45 |
+---------------------------+--------------------------------------+
# 查看網絡詳情
[root@controller ~]# neutron net-show int-test-gre
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-11-01T22:03:45 |
| description | |
| id | 77f5fe53-15f4-4775-a04e-86aeb355c49e |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1458 |
| name | int-test-gre |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 75 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-01T22:03:45 |
+---------------------------+--------------------------------------+
# 刪除網絡
[root@controller ~]# neutron net-delete int-test-gre
Deleted network: int-test-gre
# 更新網絡
[root@controller ~]# openstack network set net-test-gre --name net-test11-gre --disable --no-share
[root@controller ~]# neutron net-show net-test11-gre
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | False |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-11-01T22:02:46 |
| description | |
| id | 0268d645-e55f-4d0c-ba0c-a358d5b36eaa |
| ipv4_address_scope | |
| ipv6_address_scope | |
| is_default | False |
| mtu | 1458 |
| name | net-test11-gre |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 46 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-01T22:06:50 |
+---------------------------+--------------------------------------+
2、子網管理
子網(Subnet)是掛載在網絡中的一個IP地址段,主要功能:當網絡中創建新的端口時為其分配IP地址。
子網和網絡是多對一的關系。
(1)openstack命令行格式案例
openstack
subnet create Create a subnet # 創建子網
subnet delete Delete subnet(s) # 刪除子網
subnet list List subnets # 列出子網
subnet set Set subnet properties # 設置子網參數
subnet show Display subnet details # 顯示子網詳細信息
subnet unset Unset subnet properties # 取消子網參數設置
# 修改網絡名稱為vm-network
[root@controller ~]# openstack network set --name vm-network new-vnet
# 創建子網
[root@controller ~]# openstack subnet create --network vm-network \ # 設置子網所屬的網絡
> --allocation-pool start=10.10.10.101,end=10.10.10.201 \ # DHCP分配的IP地址池
> --dns-nameserver 114.114.114.114 \ # 設置DNS服務器地址
> --subnet-range 10.10.10.0/24 \ # 設置子網網段
> vm-subnetwork # 子網名稱
+-------------------+------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------------------------------------+
| allocation_pools | 10.10.10.101-10.10.10.201 |
| cidr | 10.10.10.0/24 |
| created_at | 2022-11-25T11:36:57Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 10.10.10.1 |
| host_routes | |
| id | 83faafb8-4660-40d6-86bb-5030b37af4eb |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='4188570a34464b938ed3fa7e08681df8', project.name='admin', region_name='', zone= |
| name | vm-subnetwork |
| network_id | 10f3ff17-a6aa-48de-977d-0b11740e9bd1 |
| prefix_length | None |
| project_id | 4188570a34464b938ed3fa7e08681df8 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-11-25T11:36:57Z |
+-------------------+---------------------------------------------+
# 查看子網列表
[root@controller ~]# openstack subnet list
+-------------------------------+---------------+-----------------------+---------------+
| ID | Name | Network | Subnet |
+--------------------------------------+---------------+--------------------------------------+---------------+
| 21a98fd0-f156-45e0-822a-05a74e023770 | asd | 23adff00-a120-45ea-8c1b-0c1e6362e2f7 | 10.10.1.0/24 |
| 83faafb8-4660-40d6-86bb-5030b37af4eb | vm-subnetwork | 10f3ff17-a6aa-48de-977d-0b11740e9bd1 | 10.10.10.0/24 |
+------------------------------+---------------+-----------------------------+---------------+
# 查看子網詳情(名稱或ID均可)
[root@controller ~]# openstack subnet show vm-subnetwork
[root@controller ~]# openstack subnet show 21a98fd0-f156-45e0-822a-05a74e023770
# 修改子網名稱並設置網關
[root@controller ~]# openstack subnet set --name new-subvnet --gateway 10.10.10.2 vm-subnetwork
# 取消子網參數
[root@controller ~]# openstack subnet unset -h
optional arguments:
-h, --help show this help message and exit
--allocation-pool start=<ip-address>,end=<ip-address> 刪除DHCP地址池
--dns-nameserver <dns-nameserver> 刪除dns
--host-route destination=<subnet>,gateway=<ip-address> 刪除路由網關
--service-type <service-type> 刪除服務類型
--tag <tag> 刪除指定的標簽
--all-tag 刪除所有的標簽
[root@controller ~]# openstack subnet unset --allocation-pool start=172.16.1.101,end=172.16.1.240 vm-subnetwork
[root@controller ~]# openstack subnet show vm-subnetwork
+-------------------+-----------------------------------------------------+
| Field | Value |
+-------------------+-----------------------------------------------------+
# 刪除子網
[root@controller ~]# openstack subnet delete new-subvnet
(2)neutron命令行格式案例
neutron
subnet-create Create a subnet for a given tenant.
subnet-delete Delete a given subnet.
subnet-list List subnets that belong to a given tenant.
subnet-show Show information of a given subnet.
subnet-update Update subnet information.
# 創建外網子網
[root@controller ~]# neutron subnet-create net-gre 192.168.20.0/24 --name net-subnet01 --gateway 192.168.20.2 --allocation-pool start=192.168.20.101,end=192.168.20.240 --enable-dhcp --dns-nameserver 8.8.8.8
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.20.101", "end": "192.168.20.240"} |
| cidr | 192.168.20.0/24 |
| created_at | 2021-11-02T02:12:44 |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 192.168.20.2 |
| host_routes | |
| id | 0a750744-648a-4072-8e3b-453ee4123d3d |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | net-subnet01 |
| network_id | 8c27039d-7652-4e70-ab16-3681ff8d128f |
| subnetpool_id | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-02T02:12:44 |
+-------------------+------------------------------------------------------+
# 創建內網子網
[root@controller ~]# neutron subnet-create int-gre 10.10.1.0/24 --name int-subnet01 --gateway 10.10.1.2 --allocation-pool start=10.10.1.101,end=10.10.1.240 --enable-dhcp
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "10.10.1.101", "end": "10.10.1.240"} |
| cidr | 10.10.1.0/24 |
| created_at | 2021-11-07T01:54:48 |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.10.1.2 |
| host_routes | |
| id | 0ca0d421-d90f-4082-943b-ad24fb620821 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | int-subnet01 |
| network_id | 3b264885-ea04-45f4-abb9-27d6a88aa02a |
| subnetpool_id | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-07T01:54:48 |
+-------------------+------------------------------------------------+
# 查看子網列表信息
[root@controller ~]# neutron subnet-list
+--------------------------------------+--------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+--------------+-----------------+------------------------------------------------------+
| d6b592a6-ce17-4e52-924b-1d7c5963c4cf | int-subnet01 | 10.10.0.0/24 | {"start": "10.10.0.101", "end": "10.10.0.240"} |
| 0a750744-648a-4072-8e3b-453ee4123d3d | net-subnet01 | 192.168.20.0/24 | {"start": "192.168.20.101", "end": "192.168.20.240"} |
+--------------------------------------+--------------+-----------------+------------------------------------------------------+
# 查看子網詳細信息
[root@controller ~]# neutron subnet-show net-subnet01
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.20.101", "end": "192.168.20.198"} |
| cidr | 192.168.20.0/24 |
| created_at | 2021-11-08T23:21:38 |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 192.168.20.2 |
| host_routes | |
| id | f2f78780-c255-4392-9a25-10b84221b004 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | net-subnet01 |
| network_id | 74568ca5-10cb-4635-b0d9-bd8464df036b |
| subnetpool_id | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-08T23:21:38 |
+-------------------+------------------------------------------------------+
# 刪除子網
[root@controller ~]# neutron subnet-delete int-subnet01
Deleted subnet: int-subnet01
[root@controller ~]# neutron subnet-delete net-subnet-test
Deleted subnet: net-subnet-test
# 修改子網
# 參數如下:
positional arguments:
SUBNET ID or name of subnet to update.
optional arguments:
-h, --help show this help message and exit
--request-format {json}
DEPRECATED! Only JSON request format is supported.
--name NAME Name of this subnet.
--gateway GATEWAY_IP Gateway IP of this subnet.
--no-gateway No distribution of gateway.
--allocation-pool start=IP_ADDR,end=IP_ADDR
Allocation pool IP addresses for this subnet (This
option can be repeated).
--host-route destination=CIDR,nexthop=IP_ADDR
Additional route (This option can be repeated).
--dns-nameserver DNS_NAMESERVER
DNS name server for this subnet (This option can be
repeated).
--disable-dhcp Disable DHCP for this subnet.
--enable-dhcp Enable DHCP for this subnet.
[root@controller ~]# neutron subnet-update net-subnet01 --name net-subnet-test --no-gateway --allocation-pool start=192.168.20.99,end=192.168.20.110
[root@controller ~]# neutron subnet-show net-subnet-test
+-------------------+-----------------------------------------------------+
| Field | Value |
+-------------------+-----------------------------------------------------+
| allocation_pools | {"start": "192.168.20.99", "end": "192.168.20.110"} |
| cidr | 192.168.20.0/24 |
| created_at | 2021-11-02T02:12:44 |
| description | |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | |
| host_routes | |
| id | 0a750744-648a-4072-8e3b-453ee4123d3d |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | net-subnet-test |
| network_id | 8c27039d-7652-4e70-ab16-3681ff8d128f |
| subnetpool_id | |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-02T02:30:18 |
+-------------------+-----------------------------------------------------+
3、路由管理
注意:set修改路由沒有完成測試完成,記得補全。
(1)openstack命令行格式案例
openstack
router add port Add a port to a router # 給路由添加端口
router add subnet Add a subnet to a router # 給路由添加子網
router create Create a new router # 創建新路由
router delete Delete router(s) # 刪除路由
router list List routers # 查看路由列表
router remove port Remove a port from a router # 從路由刪除端口
router remove subnet Remove a subnet from a router # 從路由刪除子網
router set Set router properties # 修改路由屬性
router show Display router details # 查看路由詳情
router unset Unset router properties # 取消路由屬性
# 創建路由
[root@controller ~]# openstack router create router
+-------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-11-30T03:40:07Z |
| description | |
| distributed | False |
| external_gateway_info | null |
| flavor_id | None |
| ha | False |
| id | cbbbff98-f8ca-45ff-9ff8-81abe9972fcb |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='4188570a34464b938ed3fa7e08681df8', project.name='admin', region_name='', zone= |
| name | router |
| project_id | 4188570a34464b938ed3fa7e08681df8 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-11-30T03:40:07Z |
+-------------------------+---------------------------------------------------------+
# 查看路由列表
[root@controller ~]# openstack router list
+-----------------------+--------+--------+-------+----------------+--------+-------+
| ID | Name | Status | State | Project | Distributed | HA |
+-----------------------+--------+--------+-------+--------------------+-----+-------+
| cbbbff98-f8ca-45ff-9ff8-81abe9972fcb | router | ACTIVE | UP | 4188570a34464b938ed3fa7e08681df8 | False | False |
+-------------------------+--------+--------+-------+-------------+--------+-------+
# 查看路由詳情
[root@controller ~]# openstack router show cbbbff98-f8ca-45ff-9ff8-81abe9972fcb
# 刪除路由
[root@controller ~]# openstack router delete router
# 創建內網子網
[root@controller ~]# openstack subnet create --network vm-network \
--subnet-range 10.10.1.0/24 --gateway 10.10.1.2 \
int-net
+-------------------+-----------------------------------------------------+
| Field | Value |
+-------------------+-----------------------------------------------------------+
| allocation_pools | 10.10.1.1-10.10.1.1,10.10.1.3-10.10.1.254 |
| cidr | 10.10.1.0/24 |
| created_at | 2022-11-30T06:06:19Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.10.1.2 |
| host_routes | |
| id | ba596a0a-3a91-4268-a5e7-0da8aa9041e8 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='4188570a34464b938ed3fa7e08681df8', project.name='admin', region_name='', zone= |
| name | int-net |
| network_id | c825a616-0e7e-41d9-8cde-a184c14d0db2 |
| prefix_length | None |
| project_id | 4188570a34464b938ed3fa7e08681df8 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-11-30T06:06:19Z |
+-------------------+--------------------------------------------------------------+
# 給路由添加子網(子網連接路由)
openstack router add subnet
usage: openstack router add subnet [-h] <router> <subnet>
Add a subnet to a router
positional arguments:
<router> Router to which subnet will be added (name or ID)
<subnet> Subnet to be added (name or ID)
# 內外子網分別連接路由
[root@controller ~]# openstack subnet list
+----------------------------+---------------+------------------------+---------------+
| ID | Name | Network | Subnet |
+------------------------+---------------+-------------------+---------------+
| 85b59f1f-dc8b-4ad6-b920-a65a9abb46e7 | vm-subnetwork | c825a616-0e7e-41d9-8cde-a184c14d0db2 | 172.16.1.0/24 |
| ba596a0a-3a91-4268-a5e7-0da8aa9041e8 | int-net | c825a616-0e7e-41d9-8cde-a184c14d0db2 | 10.10.1.0/24 |
+--------------------+---------------+-------------------+---------------+
[root@controller ~]# openstack router add subnet router int-net
[root@controller ~]# openstack router add subnet router vm-subnetwork
# 刪除子網和路由的關聯
[root@controller ~]# openstack router remove subnet router int-net
[root@controller ~]# openstack router remove subnet router vm-subnetwork
# 修改路由
openstack router set
--external-gateway <network> External Network used as router s gateway (name or ID) # 外部網絡用作路由的網關
# 添加外部網關
[root@controller ~]# openstack router set router --external-gateway vm-network
(1)neutron命令行格式案例
neutron
router-create Create a router for a given tenant.
router-delete Delete a given router.
router-gateway-clear Remove an external network gateway from a router.
router-gateway-set Set the external network gateway for a router.
router-interface-add Add an internal network interface to a router.
router-interface-delete Remove an internal network interface from a router.
router-list List routers that belong to a given tenant.
router-list-on-l3-agent List the routers on a L3 agent.
router-port-list List ports that belong to a given tenant, with specified router.
router-show Show information of a given router.
router-update Update router information.
# 創建路由
neutron router-create <router-name>
[root@controller ~]# neutron router-create router
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| distributed | False |
| external_gateway_info | |
| ha | False |
| id | 6936356c-878c-4470-943b-f971c14b8348 |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
+-------------------------+--------------------------------------+
# 查看路由列表
neutron router-list
[root@controller ~]# neutron router-list
+--------------------------------------+--------+-----------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+--------------------------------------+--------+-----------------------+-------------+-------+
| 6936356c-878c-4470-943b-f971c14b8348 | router | null | False | False |
+--------------------------------------+--------+-----------------------+-------------+-------+
# 查看路由詳情
neutron router-show <router>
[root@controller ~]# neutron router-show router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| distributed | False |
| external_gateway_info | |
| ha | False |
| id | 6936356c-878c-4470-943b-f971c14b8348 |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
+-------------------------+--------------------------------------+
# 刪除路由
neutron router-delete <router>
[root@controller ~]# neutron router-delete router
Deleted router: router
# 添加外部網關
neutron router-gateway-set <router> <external-network(用neutron net-list查看)>
[root@controller ~]# neutron router-gateway-set router01 net-gre
Set gateway for router router01
[root@controller ~]# neutron router-port-list router01
+--------------------------------------+------+-------------------+----------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------+
| 712873bf-5971-4047-bf85-9b983652a084 | | fa:16:3e:10:4c:5f | {"subnet_id": |
| | | | "d2e87691-4901-4606-bcb3-0c573ab56914", |
| | | | "ip_address": "192.168.20.102"} |
+--------------------------------------+------+-------------------+----------------------------------------------------+
# 刪除外部網關
neutron router-gateway-clear <router>
[root@controller ~]# neutron router-gateway-clear router01
Removed gateway from router router01
[root@controller ~]# neutron router-port-list router01
[空]
# 添加內部接口
neutron router-interface-add <router> <inner-subnet>
[root@controller ~]# neutron router-interface-add router01 int-subnet
Added interface 43d0492c-2e44-448c-8e54-3a06976ccb55 to router router01.
[root@controller ~]# neutron router-port-list router01
+--------------------------------------+------+-------------------+----------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------+
| 43d0492c-2e44-448c-8e54-3a06976ccb55 | | fa:16:3e:9b:cd:01 | {"subnet_id": "0ca0d421-d90f-4082-943b- |
| | | | ad24fb620821", "ip_address": "10.10.1.2"} |
| b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": |
| | | | "d2e87691-4901-4606-bcb3-0c573ab56914", |
| | | | "ip_address": "192.168.20.103"} |
+--------------------------------------+------+-------------------+----------------------------------------------------+
# 刪除內部接口
neutron router-interface-delete <router> subnet=<subnet>
[root@controller ~]# neutron router-interface-delete router01 subnet=int-subnet
Removed interface from router router01.
[root@controller ~]# neutron router-port-list router01
+--------------------------------------+------+-------------------+----------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------+
| b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": |
| | | | "d2e87691-4901-4606-bcb3-0c573ab56914", |
| | | | "ip_address": "192.168.20.103"} |
+--------------------------------------+------+-------------------+----------------------------------------------------+
# 查看路由端口信息列表(外部網關、內部接口都添加好的情況)
[root@controller ~]# neutron router-port-list router01
+--------------------------------------+------+-------------------+----------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+----------------------------------------------------+
| b341273e-28a5-4616-baa0-1aaebe95c557 | | fa:16:3e:1d:54:0f | {"subnet_id": |
| | | | "d2e87691-4901-4606-bcb3-0c573ab56914", |
| | | | "ip_address": "192.168.20.103"} |
| c699cb6b-ce9e-41e2-ac1f-3bdad0f49ca3 | | fa:16:3e:6d:21:72 | {"subnet_id": "0ca0d421-d90f-4082-943b- |
| | | | ad24fb620821", "ip_address": "10.10.1.2"} |
+--------------------------------------+------+-------------------+----------------------------------------------------+
4、端口管理
端口(Port)是掛載在子網上用於連接雲主機虛擬網卡的接口。
端口定義了MAC地址和獨立IP地址,當雲主機虛擬網卡連接端口時,端口會將MAC地址和IP地址分配給虛擬網卡。
子網和端口時一對多關系,一個端口必須屬於某個子網;一個子網可擁有多個端口。(類似交換機上有多個端口)
(1)openstack命令行格式案例
openstack
port create Create a new port # 創建端口
port delete Delete port(s) # 刪除端口
port list List ports # 查看端口列表
port set Set port properties # 設置端口參數
port show Display port details # 查看端口詳情
port unset Unset port properties # 取消端口參數設置
# 創建端口
openstack port create
--network <network> Network this port belongs to (name or ID) # 端口屬於哪個網絡
--fixed-ip subnet=<subnet>,ip-address=<ip-address> # 為端口綁定IP地址
--enable Enable port (default) # 啟用端口
--enable-port-security # 啟用端口安全設置
[root@controller ~]# openstack port create --network vm-network \
--fixed-ip subnet=vm-subnetwork,ip-address=172.16.1.120 \
hqs-port01
+-------------------------+-----------------------------------------+
| Field | Value
+-------------------------+--------------------------------------+
| admin_state_up | UP
| binding_vif_details | |
| binding_vif_type | unbound |
| binding_vnic_type | normal |
| created_at | 2022-11-30T03:04:58Z
| extra_dhcp_opts | |
| fixed_ips | ip_address='172.16.1.120', subnet_id='85b59f1f-dc8b-4ad6-b920-a65a9abb46e7' |
| id | 156b4f48-564f-45f3-a911-c866eaa41b82 |
| location | cloud='', project.domain_id=, project.domain_name='Default', project.id='4188570a34464b938ed3fa7e08681df8', project.name='admin', region_name='', zone= |
| mac_address | fa:16:3e:aa:e0:3b |
| name | hqs-port01 |
| network_id | c825a616-0e7e-41d9-8cde-a184c14d0db2 |
| port_security_enabled | True |
| project_id | 4188570a34464b938ed3fa7e08681df8 |
| revision_number | 1 |
| security_group_ids | 28eef41f-54f8-4e99-b355-6799f2eedd2d |
| status | DOWN |
| tags | |
| trunk_details | None |
| updated_at | 2022-11-30T03:04:58Z |
+-------------------------+-------------------------------------------+
# 查看端口列表
+-------------------+------------+-------------------+----------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+-------------------+------------+-------------------+-------------------------------+--------+
| 156b4f48-564f-45f3-a911-c866eaa41b82 | hqs-port01 | fa:16:3e:aa:e0:3b | ip_address='172.16.1.120', subnet_id='85b59f1f-dc8b-4ad6-b920-a65a9abb46e7' | DOWN |
| f3d30c48-2821-4361-991f-5f162680940e | | fa:16:3e:2c:97:56 | ip_address='172.16.1.101', subnet_id='85b59f1f-dc8b-4ad6-b920-a65a9abb46e7' | ACTIVE |
+--------------------+------------+-------------------+------------------------------+--------+
# 刪除端口(端口ID或端口名均可)
[root@controller ~]# openstack port delete f3d30c48-2821-4361-991f-5f162680940e
[root@controller ~]# openstack port delete hqs-port01
# 修改端口
openstack port set
--device <device-id> Port device ID
--host <host-id> Allocate port on host <host-id> (ID only)
--dns-name <dns-name> Set DNS name for this port
--enable Enable port
--disable Disable port
--name <name> Set port name
--fixed-ip subnet=<subnet>,ip-address=<ip-address>
# 新綁定一個地址並改名,且禁用端口
[root@controller ~]# openstack port set --fixed-ip subnet=vm-subnetwork,ip-address=172.16.1.105 \
> --disable --name test-port01 \
> hqs-port01
# 取消綁定一個地址
[root@controller ~]# openstack port unset --fixed-ip subnet=vm-subnetwork,ip-address=172.16.1.120 test-port01
(2)neutron命令行格式案例
neutron
port-create Create a port for a given tenant.
port-delete Delete a given port.
port-list List ports that belong to a given tenant.
port-show Show information of a given port.
port-update Update port information.
# 查看端口列表
[root@controller ~]# neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 1b46a0d6-0df6-4f96-b3a3-d47aae6ed589 | | fa:16:3e:23:a2:36 | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.81"} |
| 40e657a2-f196-4fc5-a815-c9dbd613bc05 | | fa:16:3e:e0:95:15 | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.101"} |
| 7fa18ceb-04aa-4f7e-824e-4ed5dc0ee0ee | | fa:16:3e:90:05:f0 | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.102"} |
| 7fd9c4fa-9ecc-4cc6-ba72-fe5d8afe1a3c | | fa:16:3e:f2:5f:0c | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.82"} |
| ae3c993e-c48a-4a0c-9fe3-2f7a8cd0472a | | fa:16:3e:af:6c:ab | {"subnet_id": "f2f78780-c255-4392-9a25-10b84221b004", "ip_address": "192.168.20.103"} |
| c347316f-c880-4643-8eaf-8570e34aefb4 | | fa:16:3e:dd:7e:d3 | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.2"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
# 查看端口詳情
[root@controller ~]# neutron port-show 1b46a0d6-0df6-4f96-b3a3-d47aae6ed589
# 創建端口
[root@controller ~]# neutron port-create int-gre --name test-port
Created a new port:
+-----------------------+-----------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| created_at | 2021-11-09T02:03:23 |
| description | |
| device_id | |
| device_owner | |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "4703dd26-cab3-4daa-ac25-da186e2d7371", "ip_address": "10.10.0.83"} |
| id | fea92586-6f36-48d6-a67d-8dd7fb21e062 |
| mac_address | fa:16:3e:ce:c2:39 |
| name | test-port |
| network_id | b85cd3c7-a864-422c-8a11-6e034a1539bb |
| port_security_enabled | True |
| security_groups | 486eaa38-8e3d-4214-96bc-e6fee9b81be6 |
| status | DOWN |
| tenant_id | 386dbfcf77e444c7872e4e23d5829fcc |
| updated_at | 2021-11-09T02:03:23 |
+-----------------------+-----------------------------------------------------------------------------------+
# 刪除端口
[root@controller ~]# neutron port-delete test-port
Deleted port: test-port
# 修改端口
[root@controller ~]# neutron port-update test-port --name test-port-8080 --security-group 54c9ccb7-7f00-4485-898f-e4bbebafa73b
Updated port: test-port
三、防火牆管理
1、規則管理
2、策略管理
3、防火牆
四、負載均衡管理
1、LBaaS v1管理
2、LBaaS v2管理
五、Open vSwitch管理
1、網橋管理
網橋屬於OSI模型的二層設備,類似交換機,負責連在它上面的雲主機之間的通訊。
采用網橋管理工具包 bridge-utils中的brctl命令來管理虛擬網橋。
(1)安裝和語法
# 安裝bridge-utils工具包
[root@controller ~]# yum install -y bridge-utils
# brctl語法
[root@controller ~]# brctl
Usage: brctl [commands]
commands:
addbr <bridge> add bridge # 添加網橋
delbr <bridge> delete bridge # 刪除網橋
addif <bridge> <device> add interface to bridge # 網卡接入網橋
delif <bridge> <device> delete interface from bridge # 從網橋刪除網卡
hairpin <bridge> <port> {on|off} turn hairpin on/off
setageing <bridge> <time> set ageing time # 設置老化時間(生存周期)
setbridgeprio <bridge> <prio> set bridge priority # 設置網橋優先級
setfd <bridge> <time> set bridge forward delay # 設置網橋轉發延遲時間
sethello <bridge> <time> set hello time # 設置hello時間
setmaxage <bridge> <time> set max message age # 設置消息最大生命周期
setpathcost <bridge> <port> <cost> set path cost # 設置路徑權值
setportprio <bridge> <port> <prio> set port priority # 設置端口優先級
show [ <bridge> ] show a list of bridges # 顯示網橋信息
showmacs <bridge> show a list of mac addrs # 顯示MAC信息
showstp <bridge> show bridge stp info # 啟用/禁用 STP 信息
stp <bridge> {on|off} turn stp on/off # 啟用/禁用 STP
(2)實驗案例
# 創建一個網橋
[root@controller ~]# brctl addbr hqs-br
# 從網橋刪除網卡
[root@controller ~]# brctl delif brqc825a616-0e ens34
[root@controller ~]# brctl show brqc825a616-0e
bridge name bridge id STP enabled interfaces
brqc825a616-0e 8000.000000000000 no
# 把網卡連上網橋
[root@controller ~]# brctl addif hqs-br ens34
# 查看網橋信息
[root@controller ~]# brctl show hqs-br
bridge name bridge id STP enabled interfaces
hqs-br 8000.000c29ac5c2a no ens34
# 網卡改回默認網橋
[root@controller ~]# brctl delif hqs-br ens34
[root@controller ~]# brctl addif brqc825a616-0e ens34
# 刪除網橋
[root@controller ~]# brctl delbr hqs-br
[root@controller ~]# brctl show
bridge name bridge id STP enabled interfaces
brqc825a616-0e 8000.000c29ac5c2a no ens34
(3)flat網絡和網橋
Flat類型的網絡需要獨占一塊物理網卡,因此無法創建第二個Flat類型網絡。
Flat network是不帶tag的網絡類型,要求宿主機的網卡直接與linux bridge相連。
Flat網絡需要子網和外部網絡處於同一個網段,因此子網應該采用和ens34網卡一致的192.168.20.0/24網段。
# 創建虛擬網絡
[root@controller ~]# openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat \
vm-network
# 創建虛擬子網
[root@controller ~]# openstack subnet create --network vm-network \
--allocation-pool start=192.168.20.100,end=192.168.20.200 \
--dns-nameserver 114.114.114.114 \
--gateway 192.168.20.2 \
--subnet-range 192.168.20.0/24 \
vm-subnetwork
# 查看子網信息
[root@controller ~]# openstack subnet list
+--------------------------------------+---------------+--------------------------------------+-----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+---------------+--------------------------------------+-----------------+
| cc96053f-61f7-42d4-af8a-698133c88197 | vm-subnetwork | 9dc1a761-3bee-4a8f-8f13-2e246f9740cb | 192.168.20.0/24 |
+--------------------------------------+---------------+--------------------------------------+-----------------+
# 查看網絡情況
# 此時可發現系統生成了名為`brq9dc1a761-3b`的網卡
# 另外還生成了名為 `tap734037c8-e3@if2` 的雲主機虛擬接口
[root@controller ~]# ip a
1:lo 略
2:ens33 略
3: ens34 略
8: tap734037c8-e3@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq9dc1a761-3b state UP group default qlen 1000
link/ether 0e:14:0a:06:0e:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
9: brq9dc1a761-3b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:ac:5c:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.20.10/24 brd 192.168.20.255 scope global brq9dc1a761-3b
valid_lft forever preferred_lft forever
inet6 fe80::244e:7dff:fe1e:1568/64 scope link tentative
valid_lft forever preferred_lft forever
# 查看網橋情況
# 網橋與兩個設備連接,分別是ens34物理網卡、與雲主機連接的tap734037c8-e3網絡端口
[root@controller ~]# brctl show
bridge name bridge id STP enabled interfaces
brq9dc1a761-3b 8000.000c29ac5c2a no ens34
tap734037c8-e3
# 然后在控制台創建雲主機,在雲主機創建完成后,計算節點產生網橋
# 查看計算節點網絡情況
[root@compute ~]# ip a
1: lo: 略
2: ens33: 略
3: ens34: 略
4: brq9dc1a761-3b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:fc:73:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.20.20/24 brd 192.168.20.255 scope global brq9dc1a761-3b
valid_lft forever preferred_lft forever
5: tapa1786edc-12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq9dc1a761-3b state UNKNOWN group default qlen 1000
link/ether fe:16:3e:b3:4f:6f brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:feb3:4f6f/64 scope link
valid_lft forever preferred_lft forever
# 連接雲主機
[root@compute ~]# ssh cirros@192.168.20.134
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.134' (ECDSA) to the list of known hosts.
cirros@192.168.20.134 password: gocubsgo