我已经顺利安装了 Openstack。但我面临的问题是无法从其他网络访问控制器主机。
在我的工作环境中,我在 Cisco 交换机上配置了许多 VLAN。
- 用户VLAN为(10.10.10.0/24.)
- 服务器VLAN为(192.168.100.0/24)。
控制器服务器分机 IP(192.168.100.100),在控制器上创建网络/路由器后,来自用户的网络(10.10.10.0/24)无法 ping/访问 192.168.100.100,但在控制器的同一网络(192.168.100.0/24)上仍然可以 ping 到控制器节点。
这意味着只有控制器所在的网络可以访问它,其他网络则无法访问。
那么如何让它在所有网络上可用呢?
来自控制器的一些结果:
tcpdump:
verbose output suppressed, use -v or -vv for full protocol decode
listening on vxlan-1, link-type EN10MB (Ethernet), capture size 262144 bytes.
IP地址
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:87:7c:e8 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe87:7ce8/64 scope link
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brq2d2d66af-87 state UP group default qlen 1000
link/ether 00:50:56:87:d6:1c brd ff:ff:ff:ff:ff:ff
6: tap96c05264-57@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq2d2d66af-87 state UP group default qlen 1000
link/ether 72:b8:0a:01:9d:36 brd ff:ff:ff:ff:ff:ff link-netns qdhcp-2d2d66af-87f8-4c5e-9329-dbb903debc0d
7: tape473efb7-92@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq98128308-8d state UP group default qlen 1000
link/ether 96:e0:72:ac:06:18 brd ff:ff:ff:ff:ff:ff link-netns qdhcp-98128308-8d26-4ef5-947d-0620396348d7
8: vxlan-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq98128308-8d state UNKNOWN group default qlen 1000
link/ether ee:48:01:ef:1f:03 brd ff:ff:ff:ff:ff:ff
9: brq98128308-8d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 02:d5:28:7f:48:8f brd ff:ff:ff:ff:ff:ff
inet6 fe80::5093:1dff:feaa:1698/64 scope link
valid_lft forever preferred_lft forever
10: brq2d2d66af-87: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:87:d6:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global brq2d2d66af-87
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe87:d61c/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::70dc:72ff:fe53:152f/64 scope link
valid_lft forever preferred_lft forever
11: tape188178b-33@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq98128308-8d state UP group default qlen 1000
link/ether 02:d5:28:7f:48:8f brd ff:ff:ff:ff:ff:ff link-netns qrouter-50ae9644-5fe8-4bc3-9813-c96c22c294ff
12: tap97c393cc-e5@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq2d2d66af-87 state UP group default qlen 1000
link/ether 1a:c8:66:85:59:c6 brd ff:ff:ff:ff:ff:ff link-netns qrouter-50ae9644-5fe8-4bc3-9813-c96c22c294ff
路由
default via 10.0.0.1 dev ens160 proto static
default via 192.168.100.1 dev brq2d2d66af-87 proto static metric 100
10.0.0.0/24 dev ens160 proto kernel scope link src 10.0.0.11
192.168.100.0/24 dev brq2d2d66af-87 proto kernel scope link src 192.168.100.100
谢谢你!
答案1
路由
默认通过 10.0.0.1 dev ens160 proto static
默认通过 192.168.100.1 dev brq2d2d66af-87 proto static metric 100
这是因为默认路由是内部接口,所以用户无法访问 Openstack。执行以下命令后,问题解决。
ip route del default via 10.0.0.1
非常感谢你的帮助伯恩德鲍什先生