Cisco ASR1001 Tungsten Fabric OpenStack VM
Материал из noname.com.ua
Предварительная настройка
Openstack в этом сетапе использует Tungsten Fabric в качестве Core Network Plugin в Neutron.
Подробнее: Настройка Cisco ASR1001X как Edge Router для Tungsten Fabric
Создание ВМ по шагам
Дано: только что развернутый опенстек, в качестве внешнего роутреа используется ASR1001X
Требуется: Задеплоить 2 VM с Floating IP
openstack image create
Пример загрузки образа в OpenStack
openstack \
image create \
--container-format bare \
--disk-format qcow2 \
--file ~/Downloads/noble-server-cloudimg-amd64.img \
Ubuntu-24.04
keypair create
Создать пару ключей, если нужно, приватную часть сохранить так как она больше нигде не сохраняется.
openstack keypair create mmazur
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAp4Yv+iyTCrHSMwbPahlGRdSGuuMtG+JPMYdeIhi/QDA4Wvyh Af/TlBUNkdiYJfOJp8R6xFCOv9wREs5VHlHHk3b3xcl/w8Vtz53G3jYSu/cRV0VY <skipped> 4vyy0i8k2fkcZooAtU4I60g9GJEWhJLiLaytXcv0XXSralhV6hihICX4SxSL5HCP DroCuM9W/AI4rK7gyfsMdqhF6yHri8lvVAYiQMHqmvrrS85WenuY -----END RSA PRIVATE KEY-----
Публичная сеть
openstack network create
openstack network createopenstack network create --external public
--external public- сеть внешняя, использует для Floating IPs и будет маршрутизироваться наружу, за пределы OpenStack
openstack subnet create
openstack subnet createСабнет определяет диапазон адресов
openstack subnet create \
--network public \
--subnet-range 10.170.6.0/24 \
--allocation-pool start=10.170.6.201,end=10.170.6.249 \
--dns-nameserver 8.8.8.8 \
--gateway none \
public-subnet
Приватная сеть
openstack network create internal
openstack network create internalopenstack network create internal +---------------------------+-----------------------------------------+ | Field | Value | +---------------------------+-----------------------------------------+ | admin_state_up | UP | | availability_zone_hints | None | | availability_zones | None | | created_at | 2025-08-18T13:58:20.948683 | | description | | | dns_domain | None | | fq_name | ['default-domain', 'admin', 'internal'] | | id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 0 | | name | internal | | port_security_enabled | True | | project_id | f39e087061ea48378c9c68348eebbb59 | | provider:network_type | None | | provider:physical_network | None | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | None | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | tenant_id | f39e087061ea48378c9c68348eebbb59 | | updated_at | 2025-08-18T13:58:20.948683 | +---------------------------+-----------------------------------------+
openstack subnet create
openstack subnet create openstack subnet create \
--subnet-range 192.168.77.0/24 \
--network internal \
--dns-nameserver 8.8.8.8 \
internal-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.77.2-192.168.77.254 |
| cidr | 192.168.77.0/24 |
| created_at | 2025-08-18T14:00:35.578348 |
| description | None |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.77.1 |
| host_routes | |
| id | 06488205-7fa6-416c-accb-d6cdc514ae13 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | internal-subnet |
| network_id | 8546fd5c-f9bc-4521-8f46-f54f42a5491d |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| revision_number | None |
| segment_id | None |
| service_types | None |
| subnetpool_id | None |
| tags | |
| updated_at | 2025-08-18T14:00:35.578348 |
+----------------------+--------------------------------------+
router
openstack router create
openstack router create openstack router create rtr01
set external-gateway
openstack router set --external-gateway public rtr01 Вывод пустой
openstack router add subnet
openstack router add subnet rtr01 internal-subnet
openstack security group
openstack security group create
openstack security group create icmp_ssh
openstack security group rule create
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol icmp \
icmp_ssh
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2025-08-18T14:01:58.366970 |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 8e754684-e017-4ddf-8ebe-91fd314fdf1c |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | f39e087061ea48378c9c68348eebbb59 |
| protocol | icmp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 |
| tags | [] |
| updated_at | 2025-08-18T14:01:58.366970 |
+-------------------------+--------------------------------------+
openstack security group rule create \
--remote-ip 0.0.0.0/0 \
--protocol tcp \
--dst-port 22 \
icmp_ssh
+-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | created_at | 2025-08-18T14:15:58.444894 | | description | | | direction | ingress | | ether_type | IPv4 | | id | 1248e9a7-b1da-459d-bbe1-b98c566f68f4 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | f39e087061ea48378c9c68348eebbb59 | | protocol | tcp | | remote_address_group_id | None | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | None | | security_group_id | 990e0698-f9d0-4ee6-b567-676541f84344 | | tags | [] | | updated_at | 2025-08-18T14:15:58.444894 | +-------------------------+--------------------------------------+
openstack server create (Cirros)
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-01
openstack server create \
--flavor m1.small \
--image Cirros-6.0.raw \
--network internal \
--security-group icmp_ssh \
test-02
openstack floating
openstack floating ip create public
+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2025-08-18T16:40:33.022272 | | description | | | dns_domain | None | | dns_name | None | | fixed_ip_address | None | | floating_ip_address | 10.170.6.202 | | floating_network_id | d8b0b12c-de94-4068-8b0c-0f1f39d85e26 | | id | 3856367c-c409-4840-9ff4-9528cd150873 | | name | 10.170.6.202 | | port_details | None | | port_id | None | | project_id | f39e087061ea48378c9c68348eebbb59 | | qos_policy_id | None | | revision_number | None | | router_id | None | | status | DOWN | | subnet_id | None | | tags | [] | | updated_at | 2025-08-18T16:40:33.022272 | +---------------------+--------------------------------------+
openstack server add floating ip
openstack server add floating ip test-01 10.170.6.202
SR-IOV
Простой случай - Access в сторонй VM
SR-IOV openstack network create
openstack \ network create \ --enable-port-security \ --provider-network-type vlan \ --provider-physical-network sriovnet0 \ --provider-segment 101 \ sriov-vlan101
--provider-network-type vlan???--provider-physical-network sriovnet0???--provider-segment 100???
SR-IOV openstack subnet create
openstack \ subnet create \ --network sriov-vlan101 \ --no-dhcp \ --ip-version 4 \ --gateway none \ --subnet-range 172.16.64.0/24 \ sriov-vlan101-subnet01
SR-IOV openstack port create
openstack \
port create \
--network test-sriov01-phys_network-manual \
--disable-port-security \
--fixed-ip subnet=test-sriov01-phys_subnet-manual,ip-address=172.16.63.163 \
--vnic-type direct \
test-sriov01-sriov_port_1-manual
111
openstack server add port ubuntu-test-01 test-sriov01-sriov_port_2-manual
[Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: [10ec:8139] type 00 class 0x020000 conventional PCI endpoint [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x0000-0x00ff] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x00000000-0x000000ff] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x00000000-0x0007ffff pref] [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: ROM [mem 0x80000000-0x8007ffff pref]: assigned [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 0 [io 0x1000-0x10ff]: assigned [Fri Aug 22 17:16:58 2025] pci 0000:00:08.0: BAR 1 [mem 0x80080000-0x800800ff]: assigned [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0: enabling device (0000 -> 0003) [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 eth0: RTL-8139C+ at 0x000000007f98c756, 02:46:69:0b:0e:7c, IRQ 11 [Fri Aug 22 17:16:58 2025] 8139cp 0000:00:08.0 ens8: renamed from eth0
openstack port set --disable-port-security --binding-profile trusted=true test-sriov01-sriov_port_1-manual
