网络选项2:自服务网络¶
在 compute 节点上配置网络组件。
配置Linux 桥接代理¶
Linux桥接代理为实例创建包括私有网络的VXLAN隧道和处理安全组的layer-2(桥接/交换)虚拟网络设施。
编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并完成下面的操作:
在``[linux_bridge]`` 部分,映射公共虚拟网络到公共物理网络接口:
[linux_bridge] physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
将``PUBLIC_INTERFACE_NAME`` 替换为物理公共网络接口。
在``[vxlan]``部分,启用VXLAN覆盖网络,配置处理覆盖网络和启用layer-2 的物理网络接口的IP地址。
[vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True
Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
在``[agent]``部分,启用ARP欺骗防护:
[agent] ... prevent_arp_spoofing = True
在 ``[securitygroup]``部分,启用安全组并配置 Linux 桥接 iptables 防火墙驱动:
[securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.