Neutron/TrunkPort

概述

Neutron 扩展，用于通过单个 vNIC 访问大量的 neutron 网络，作为带标签/封装的流量。

实现存在于

自 Newton 起：Open vSwitch (src)，
自 Newton 起：Linux Bridge (src)，
自 Newton 起：OVN (src)，
自 Ocata？ / Carbon 起：OpenDaylight (src: networking-odl, odl)，以及
自 Ocata 起：VMWare NSX (src)。
自 Pike 起：Ironic (rfe)。
自 Pike 起：Dragonflow (src) (spec)
自？起：Cisco-Nexus (src)
自 Rocky 起：Arista 上的 baremetal trunk (src)

还有进一步的支持

自 Pike 起：在 Heat 中
自 Queens 起：在 Horizon 中

简介

2017 年 11 月悉尼峰会介绍性演示
- 视频 (youtube.com)
- 幻灯片 (docs.google.com)
James Denton 的介绍性博客文章 (jimmdenton.com)

文档

OpenStack 网络指南
- 最新
- pike
- ocata
Heat
- 模板指南
- 示例模板
设计文档
- neutron spec

API 参考

读写，extension=trunk
- https://developer.openstack.org/api-ref/networking/v2/#trunk-networking
- http://git.openstack.org/cgit/openstack/neutron/tree/neutron/extensions/trunk.py
只读便利，extension=trunk-details
- https://developer.openstack.org/api-ref/networking/v2/#trunk-details-extended-attributes-ports
- http://git.openstack.org/cgit/openstack/neutron/tree/neutron/extensions/trunk_details.py

网络转储

Newton 版本发布的 API 转储：https://etherpad.openstack.org/p/trunk-api-dump-newton

API-CLI 映射

CLI 动词	HTTP 方法	URL	CLI 动词（在规范中，已过时）
openstack network trunk create	POST	/v2.0/trunks	trunk-create
openstack network trunk delete	DELETE	/v2.0/trunks/$trunk_id	trunk-delete
openstack network trunk list	GET	/v2.0/trunks	trunk-list
openstack network trunk show	GET	/v2.0/trunks/$trunk_id	trunk-show
openstack network trunk set	PUT	/v2.0/trunks/$trunk_id	trunk-update
openstack network trunk set --subport	PUT	/v2.0/trunks/$trunk_id/add_subports	trunk-subport-add
openstack network trunk unset --subport	PUT	/v2.0/trunks/$trunk_id/remove_subports	trunk-subport-delete
openstack network subport list	GET	/v2.0/trunks/$trunk_id/get_subports	trunk-subport-list

CLI 用法示例

基础

# Business as usual.
openstack network create net0
openstack network create net1
openstack network create net2
openstack subnet create --network net0 --subnet-range 10.0.4.0/24 subnet0
openstack subnet create --network net1 --subnet-range 10.0.5.0/24 subnet1
openstack subnet create --network net2 --subnet-range 10.0.6.0/24 subnet2

openstack port create --network net0 port0 # will become a parent port

# As of pike there's no standard automation to tell the guest OS the MAC addresses of child ports. So
#
# # (a) either create child ports having the same MAC address as the parent port
# # (remember, they are on different networks),
# # NOTE This approach was affected by a bug of the openvswitch firewall driver:
# # https://bugs.launchpad.net/neutron/+bug/1626010 # the fix made the Pike release
# openstack port create --network ... parent-port
# parent_mac="$( openstack port show parent-port | awk '/ mac_address / { print $4 }' )"
# openstack port create --mac-address "$parent_mac" --network ... child-port
# openstack network trunk create --parent-port parent-port trunk0
# openstack network trunk set --subport port=child-port,segmentation-type=vlan,segmentation-id=101 trunk0
# openstack server-create --nic port-id=parent-port ... --wait vm0
# ssh vm0 sudo ip link add link eth0 name eth0.101 type vlan id 101
# # eth0 and eth0.101 have the same MAC address
#
# # (b) or create the VLAN subinterfaces with MAC addresses as random-assigned by neutron.
# openstack port create --network ... parent-port
# openstack port create --network ... child-port
# child_mac="$( openstack port show child-port | awk '/ mac_address / { print $4 }' )"
# openstack network trunk create --parent-port parent-port trunk0
# openstack network trunk set --subport port=child-port,segmentation-type=vlan,segmentation-id=101 trunk0
# openstack server-create --nic port-id=parent-port ... --wait vm0
# ssh vm0 sudo ip link add link eth0 name eth0.101 address "$child_mac" type vlan id 101
# # eth0 and eth0.101 have different MAC addresses
#
# We follow option (a) here:
parent_mac="$( openstack port show port0 | awk '/ mac_address / { print $4 }' )"

openstack port create --network net1 --mac-address "$parent_mac" port1 # will become a child port: at trunk create time
openstack port create --network net2 --mac-address "$parent_mac" port2 # will become a child port: later

# Create a trunk using port0 as parent port (ie. turn port0 into a trunk port).
openstack network trunk create --parent-port port0 trunk0
# A port can be part of one trunk only.
# Error expected: Port UUID is currently in use and is not eligible for use as a parent port.
openstack network trunk create --parent-port port0 trunk1

openstack network trunk list
openstack network trunk show trunk0

openstack network trunk delete trunk0

# A trunk can be created with subports too.
openstack network trunk create --parent-port port0 --subport port=port1,segmentation-type=vlan,segmentation-id=101 trunk0
openstack network trunk list
openstack network trunk show trunk0
openstack network subport list --trunk trunk0

# Use an image with support for vlan interfaces. CirrOS will not cut it.
# But see also: https://etherpad.openstack.org/p/cirros-respin
# eg: sudo ip link add ... type vlan ...
wget --timestamping --tries=1 https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img
openstack image create --disk-format qcow2 --public --file trusty-server-cloudimg-amd64-disk1.img vlan-capable-image

# The only vNIC in your instance corresponds to the parent port, so boot your instance with the parent port given.
# Do not add child ports as NICs to 'nova boot / openstack server create'.
openstack server create --flavor ds512M --image vlan-capable-image --nic port-id=port0 --wait vm0

# The typical cloud image will auto-configure the first NIC (eg. eth0) only and not the vlan interfaces (eg. eth0.VLAN-ID).
ssh VM0-ADDRESS sudo ip link add link eth0 name eth0.101 type vlan id 101

# Error expected: Failed to add subports to trunk 'trunk0': Port UUID is in use by another trunk.
openstack network trunk set --subport port=port1,segmentation-type=vlan,segmentation-id=999 trunk0
# Error expected: Failed to add subports to trunk 'trunk0': segmentation_type vlan and segmentation_id 101 already in use on trunk UUID.
openstack network trunk set --subport port=port2,segmentation-type=vlan,segmentation-id=101 trunk0
# Add subports to a running instance.
openstack network trunk set --subport port=port2,segmentation-type=vlan,segmentation-id=102 trunk0
openstack network trunk show trunk0

# Again you need to bring your subport vlan interfaces up.
ssh VM0-ADDRESS sudo ip link add link eth0 name eth0.102 type vlan id 102

# Delete subports from a running instance.
ssh VM0-ADDRESS sudo ip link delete dev eth0.102
openstack network trunk unset --subport port2 trunk0

# Cannot delete ports used as parent or subports. Delete the trunk first.
# Error expected: FIXME HttpException: Conflict
openstack port delete port0
# Error expected: FIXME HttpException: Conflict
openstack port delete port1

# Clean up.
openstack server delete vm0
openstack network trunk delete trunk0
openstack port delete port2 port1 port0
openstack network delete net2 net1 net0

继承提供者网络的隔离细节

当交换机无法重新映射（标签弹出-推送）时，您可能希望暴露提供者网络的隔离细节（想想 Ironic）

openstack network create net0 --provider-network-type vlan --provider-physical-network test --provider-segment 100
openstack network create net1 --provider-network-type vlan --provider-physical-network test --provider-segment 101
openstack subnet create subnet0 --network net0 --subnet-range 10.0.4.0/24
openstack subnet create subnet1 --network net1 --subnet-range 10.0.5.0/24
openstack port create port0 --network net0
openstack port create port1 --network net1
openstack network trunk create trunk0 --parent-port port0
openstack network trunk set trunk0 --subport port=port1,segmentation-type=inherit
openstack network subport list --trunk itrunk0 -f value -c 'Segmentation ID' # prints 101

图示

连接许多网络的旧模型
连接许多网络的 trunk 模型

旧 API
trunk API

trunk Open vSwitch 模型的示例

截图

Horizon 截图：项目/网络/Trunks 面板
Horizon 截图：Trunk 详情
Horizon 截图：创建工作流程的 Subport(s) 选择器步骤

性能 / 扩展性

一个单独的 wiki 页面记录了 Ericsson 对 trunk API 的一些性能和规模测量。
另请参阅此 openstack-dev 线程，了解 HPE QE 团队的测量结果。

链接

相关开发
- horizon
  - horizon 蓝图
  - gerrit 主题 bp/neutron-trunk-ui
- heat
  - heat spec
  - gerrit 主题 bp/support-trunk-port
- nova
  - gerrit 主题 bp/expose-vlan-trunking
- odl
  - openstack/networking-odl
  - odl yang 模型

bugs
- https://bugs.launchpad.net/neutron/+bugs?field.tag=trunk
- https://bugs.launchpad.net/neutron/+bug/1626010

openvswitch vlan 模型
- https://opendev.org/openstack/neutron/src/commit/7d48bde722fecfa5efffb1c4e7018dab8b8d6366/doc/source/contributor/internals/openvswitch_agent.rst#tackling-the-network-trunking-use-case
- https://etherpad.openstack.org/p/trunk-bridge-tagged-patch-ovs-firewall-experiment

tests
- repo openstack/neutron
  - neutron/tests/unit/services/trunk/
  - neutron/tests/functional/services/trunk/
  - neutron/tests/fullstack/test_trunk.py
  - neutron/tests/tempest/scenario/test_trunk.py
  - neutron/tests/tempest/api/test_trunk.py
  - neutron/tests/tempest/api/test_trunk_negative.py
  - neutron/tests/tempest/api/test_trunk_details.py
  - rally-jobs/plugins/trunk_scenario.py
- repo openstack/heat
  - heat/tests/openstack/neutron/test_neutron_trunk.py
  - heat_integrationtests/functional/test_create_update_neutron_trunk.py
- repo openstack/horizon
  - openstack_dashboard/static/app/core/trunks/**/*.spec.js
  - openstack_dashboard/test/api_tests/neutron_*.py