作者简介:刘成天,就职于赛特斯信息科技股份有限公司,高级工程师,目前工作地点南京,主要从事vCPE和路由器相关的研发工作
author profile: Liu Sung Tsang, employed at Setes Information Technology Inc., Senior Engineer, currently working in Nanjing, mainly in VCPE and router-related research and development
VLAN作为一种虚拟局域网技术,在交换机组网管理、云计算平台的网络服务中都有较为重要的作用,尤其在目前的虚拟交换OVS中,VLAN的应用更加灵活和重要,关于VLAN在OVS中的基础使用方法,可以参见作者的另一篇文章《基于OVS的VLAN应用及实现》,行描述。本文主要介绍在VLAN网络中的DHCP服务器,如何在不同的VLAN网络中分配不同网段的DHCP地址池。
VLAN, as a virtual local area network technology, plays a more important role in network management, cloud computing platforms and, in particular, in the current virtual exchange of OVS, VLAN applications are more flexible and important. The basic use of VLAN in OVS can be found in another author's article, VLAN Application and Realization based on OVS, a description of how the DHCP server in the VLAN network allocates different segments of the DHCP address pool in different VLAN networks.
通常DHCP服务器能够根据DHCP协议的option扩展字段来分配不同的地址池,由于VLAN属于二层网络属性,在DHCP上层应用中是无法获取VLAN信息的,想要根据VLAN信息进行地址池的划分,要么把VLAN信息通过一定的方式带到应用层,要么在不同的VLAN网络中启用多个DHCP服务,一般情况下,选择后一种方式较为简单。
As a rule, DHCP servers are able to allocate different address pools according to the DHCP protocol's option extension field, and because VLAN is a second-tier network attribute, VLAN information is not available in the DHCP upper-level application, and there is a desire to divide the address pool based on VLAN information, either to bring VLAN information to the application level in a given way or to enable multiple DHCP services in different VLAN networks, which is generally easier to choose.
例如,在下图一个Linux系统的网络节点中,外部不同vlan网络可以和节点中的不同VM主机通信,通过eth0接口接入的设备需要根据不同的vlan获取不同网段的地址,eth0接口为了处理vlan1和vlan2的报文,使用vconfig工具创建eth0.1和eth0.2的虚拟接口,和VM的tap口桥接,然后在每个桥接口上采用接口绑定的方式启用DHCP Server服务,这样就完成了不同vlan划分不同地址池的功能。
For example, in the following figure, in a network node for a Linux system, different external vlan networks can communicate with different VM hosts in the node, equipment connected through the eth0 interface requires different addresses of different segments of the network based on different vlans. The eth0 interface, in order to process vlan1 and vlan2, uses the vconfig tool to create virtual interfaces for eth0.1 and eth0.2 and the VM tap interface, and then activates the DHCP Server service on each bridge interface in an interface-bound manner, thus completing the function of dividing the different addresses pool between different vlans.
上述基于Linux虚拟接口实现的VLAN处理,如果设备接口较多,且VLAN子网也较多的情况下,就需要创建很多个VLAN虚接口来处理不同接口的不同vlan报文,比如存在两个eth0、eth1接口,都需要处理vlan1和vlan2的报文,这样就需要创建eth0.1、eth0.2、eth1.1、eth1.2四个虚拟接口,这种乘法关系在网络接口和vlan子网较多的场景中使用相对繁琐,更进一步的,如果这些虚拟接口在虚拟交换OVS中完成多个地址池,也需要创建多个OVS桥。
The above VLAN processing, based on the Linux virtual interface, would require the creation of many VLAN virtual interfaces to deal with different vlan messages from different interfaces, such as the presence of two eth0 and eth1 interfaces, and would require the creation of four eth 0.1, eth 0.2, eth1.1 and eth1.2 virtual interfaces, which are relatively cumbersome and further developed in the context of the network interface and VLAN subnetwork, as well as the creation of multiple OVS bridges if these virtual interfaces are completed in the virtual exchange of OVS.
在OVS网络中,有一种类型为internal的桥接口,可以通过针对该接口设置tag来处理不同vlan的报文,通过在该接口上启动DHCP服务来分配不同的地址池,实现组网如下图所示:
其中eth1和eth2作为OVS的trunk口转发链路上的报文,dhcp1和dhcp2分别是tag为1和2的internal类型的桥接口,在dhcp1和dhcp2上配置地址并启用DHCP Server,这样就完成了不同的VLAN分配不同地址池的要求。
In the OVS network, there is a bridge interface of the type internal, where different addresses of vlans can be distributed by setting tag for the interface and distributing different addresses by starting the DHCP service on it, as shown in the following graph:
![](https://img1.sdnlab.com/wp-content/uploads/2017/OVS-VXLAN-fig-2.png")
br/>, where Eth1 and eth2 are the reports on the trunk relay road of OVS, dhcp1 and dhcp2 are internal interfaces for tags 1 and 2, respectively, with different addresses for Dhcp1 and dhcp2 and the launch of DHCP Server, and the distribution of different LAN addresses has been completed.
创建ovs桥
Create ovs bridge
|
1 |
# ovs-vsctl add-br br-ovs |
eth1和eth2加入OVS
Eth1 and Eth2 joined OVS.
|
1 2 |
# ovs-vsctl add-port br-ovs eth1 # ovs-vsctl add-port br-ovs eth1 |
创建启用dhcp服务的桥接口dhcp1和dhcp2
Create bridge interfaces that enable dhcp servicesdhcp1 and dhcp2
|
1 2 |
# ovs-vsctl add-port br-ovs dhcp1 -- set interface dhcp1 type=internal # ovs-vsctl add-port br-ovs dhcp2 -- set interface dhcp2 type=internal |
设置dhcp1和dhcp2的tag
Set dhcp1 and dhcp2 tag
|
1 2 |
# ovs-vsctl set Port dhcp1 tag=1 # ovs-vsctl set Port dhcp2 tag=2 |
查看上述配置如下:
配置地址到桥接口dhcp1和dhcp2
Look at the above configuration as follows:
br/> configuration address to bridge interfaceddhcp1 and dhcp2
|
1 2 |
# ifconfig dhcp1 192.168.1.1 # ifconfig dhcp2 10.0.0.1 |
在dhcp1和dhcp2上启动dhcp服务
|
1 2 3 4 |
# dnsmasq --bind-interfaces --except-interface=lo --interface dhcp1 --dhcp-range 192.168.1.2,192.168.1.10 # dnsmasq --bind-interfaces --except-interface=lo --interface dhcp2 --dhcp-range 10.0.0.2,10.0.0.10 |
用PC设备运行dhcp client获取地址,并通过交换机分别打上tag1和tag2接入eth1(或eth2)进行vlan的测试。
Rund dhcp clit to get the address using PC equipment and tested vlan by switching to tag1 and tag2 access to eth1 (or eth2) respectively.
当tag值为1时,在eth1上通过tcpdump抓包可以看到vlan1的dhcp报文如下:
在dhcp1上通过tcpdump抓包可以看到dhcp报文如下:
当tag值为2时,在eth1上通过tcpdump抓包可以看到vlan2的dhcp报文如下:
在dhcp2上通过tcpdump抓包可以看到dhcp报文如下:
从上面的验证结果可以看出,两个桥接口dhcp1和dhcp2根据配置的tag只选择处理了对应vlan值的报文,完成了不同网段的VLAN隔离,从而实现了不同VLAN分配不同DHCP地址池的功能。
发表评论