NTNX>日記

個人的な趣味による Nutanix Community Edition 日記。Japanese のみですみません。

Nutanix CE で support for network function VMs によるブリッジ構成変更を見てみる。(disable_bridge_chain / enable_bridge_chain)

Nutanix CE ce-2018.01.31-stable から、デフォルトのブリッジ構成が 大きく変更されました。これは以前のブリッジ構成に変更することもできます。

ce-2018.01.31-stable のブリッジの様子は、下記のようになっています。

商用版 Nutanix のドキュメントをもとに、「support for network function VMs」を無効化して、以前のブリッジ構成に戻してみます。(ただし今回の CE は AOS 5.5 想定ですが、このドキュメントは AOS 5.6 のものです)

https://portal.nutanix.com/#/page/docs/details?targetId=AHV-Admin-Guide-v56:ahv-nw-functions-enable-disable-t.html

今回の Nutanix CE のバージョンです。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ cat /etc/nutanix/release_version
el7.3-release-ce-2018.01.31-stable-c3b9964290bf2f28799481fed5cf32f92ab3dadc

変更前のネットワーク構成

ユーザ VM を1台だけ起動した状態にしてあります。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ acli vm.list
VM name  VM UUID
vm01     460c2689-2f01-4424-b70b-831942bdcfe3

この VM は nw-vlan-1011-br1 ネットワークに接続されています。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ acli vm.nic_list vm01
Mac Address        IP Address  Network UUID                          Network Name
50:6b:8d:0b:99:4c              ee32a361-e52a-4f99-834d-041e27394811  nw-vlan-1011-br1

この VM のネットワーク nw-vlan-1011-br1 は、br1 ブリッジが割り当てられています。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ acli net.get nw-vlan-1011-br1
nw-vlan-1011-br1 {
  identifier: 1011
  logical_timestamp: 2
  name: "nw-vlan-1011-br1"
  type: "kBridged"
  uuid: "ee32a361-e52a-4f99-834d-041e27394811"
  vswitch_name: "br1"
}

ちなみにこの VM は、下記の投稿で見ていた VM です。

CVM から manage_ovs でブリッジを表示しても、機能が有効なのか、無効なのか判別できません。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ manage_ovs show_bridges
Bridges:
br1
br0

今回は 4ノード クラスタなので、他のノードでも確認しておきます。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ allssh manage_ovs show_bridges
================== 192.168.1.185 =================
Bridges:
br1
br0
================== 192.168.1.186 =================
Bridges:
br1
br0
================== 192.168.1.187 =================
Bridges:
br1
br0
================== 192.168.1.188 =================
Bridges:
br1
br0

そこで、AHV からブリッジの様子を確認しておきます。設定変更前は、br1.local に vm01 の vNIC(tap0)が接続されています。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ hostssh "ovs-vsctl show | grep -e Bridge -e tap"
============= 192.168.1.184 ============
    Bridge br.dmx
    Bridge br.microseg
    Bridge br.mx
    Bridge br.nf
    Bridge "br1"
    Bridge "br0.local"
    Bridge "br0"
    Bridge "br1.local"
============= 192.168.1.183 ============
    Bridge "br0.local"
    Bridge br.mx
    Bridge br.microseg
    Bridge br.dmx
    Bridge "br0"
    Bridge br.nf
    Bridge "br1"
    Bridge "br1.local"
============= 192.168.1.182 ============
    Bridge br.microseg
    Bridge "br1"
    Bridge br.dmx
    Bridge "br0.local"
    Bridge "br0"
    Bridge "br1.local"
    Bridge br.nf
    Bridge br.mx
============= 192.168.1.181 ============
    Bridge "br0.local"
    Bridge br.mx
    Bridge "br1.local"
        Port "tap0"
            Interface "tap0"
    Bridge "br0"
    Bridge br.nf
    Bridge br.microseg
    Bridge br.dmx
    Bridge "br1"

support for network function VMs の無効化(disable_bridge_chain)

まず 1ノードだけ、disable_bridge_chain で無効化してみます。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ manage_ovs disable_bridge_chain

manage_ovs から見ても、特に変化はありません。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ allssh manage_ovs show_bridges
================== 192.168.1.185 =================
Bridges:
br1
br0
================== 192.168.1.186 =================
Bridges:
br1
br0
================== 192.168.1.187 =================
Bridges:
br1
br0
================== 192.168.1.188 =================
Bridges:
br1
br0

AHV の ovs-vsctl show コマンドで確認すると、コマンドを実行した AHV(CVM 192.168.1.185 が起動している AHV 192.168.1.181)だけ、ブリッジが以前の構成に戻っています。ユーザ VM の tap も、自動的に br1.local から br1 に付け替えられました。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ hostssh "ovs-vsctl show | grep -e Bridge -e tap"
============= 192.168.1.184 ============
    Bridge br.dmx
    Bridge br.microseg
    Bridge br.mx
    Bridge br.nf
    Bridge "br1"
    Bridge "br0.local"
    Bridge "br0"
    Bridge "br1.local"
============= 192.168.1.183 ============
    Bridge "br0.local"
    Bridge br.mx
    Bridge br.microseg
    Bridge br.dmx
    Bridge "br0"
    Bridge br.nf
    Bridge "br1"
    Bridge "br1.local"
============= 192.168.1.182 ============
    Bridge br.microseg
    Bridge "br1"
    Bridge br.dmx
    Bridge "br0.local"
    Bridge "br0"
    Bridge "br1.local"
    Bridge br.nf
    Bridge br.mx
============= 192.168.1.181 ============
    Bridge "br0"
    Bridge "br1"
        Port "tap0"
            Interface "tap0"

grep なしでの、ovs-vsctl show 出力です。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ ssh root@192.168.5.1 ovs-vsctl show
FIPS mode initialized
e97f53fc-c1c9-499f-bc14-f4768401d8b0
    Bridge "br0"
        Port "br0-up"
            Interface "ens224"
            Interface "ens192"
        Port "br0-dhcp"
            Interface "br0-dhcp"
                type: vxlan
                options: {key="1", remote_ip="192.168.1.188"}
        Port "br0"
            Interface "br0"
                type: internal
        Port "br0-arp"
            Interface "br0-arp"
                type: vxlan
                options: {key="1", remote_ip="192.168.5.2"}
        Port "vnet0"
            Interface "vnet0"
    Bridge "br1"
        Port "br1-arp"
            Interface "br1-arp"
                type: vxlan
                options: {key="2", remote_ip="192.168.5.2"}
        Port "br1"
            Interface "br1"
                type: internal
        Port "br1-dhcp"
            Interface "br1-dhcp"
                type: vxlan
                options: {key="2", remote_ip="192.168.1.188"}
        Port "br1-up"
            Interface "ens256"
            Interface "ens161"
        Port "tap0"
            tag: 1011
            Interface "tap0"
    ovs_version: "2.5.2"

すべてのノードで Bridge Chain を無効化します。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ allssh manage_ovs disable_bridge_chain
================== 192.168.1.185 =================
================== 192.168.1.186 =================
================== 192.168.1.187 =================
================== 192.168.1.188 =================

すべてのノードで AHV のブリッジ構成が変更されました。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ hostssh "ovs-vsctl show | grep -e Bridge -e tap"
============= 192.168.1.184 ============
    Bridge "br1"
    Bridge "br0"
============= 192.168.1.183 ============
    Bridge "br0"
    Bridge "br1"
============= 192.168.1.182 ============
    Bridge "br1"
    Bridge "br0"
============= 192.168.1.181 ============
    Bridge "br0"
    Bridge "br1"
        Port "tap0"
            Interface "tap0"

support for network function VMs の有効化(enable_bridge_chain)

ブリッジ構成は、enable_bridge_chain で元に戻すこともできます。ちなみにコマンド実行中に Nutanix クラスタ外部のマシンからユーザ VM に ping を実行していたところ、特にネットワーク断は見受けられませんでした。

nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ allssh manage_ovs enable_bridge_chain
================== 192.168.1.185 =================
================== 192.168.1.186 =================
================== 192.168.1.187 =================
================== 192.168.1.188 =================
nutanix@NTNX-54e60e4a-A-CVM:192.168.1.185:~$ hostssh "ovs-vsctl show | grep -e Bridge -e tap"
============= 192.168.1.184 ============
    Bridge "br1"
    Bridge br.dmx
    Bridge "br0"
    Bridge br.mx
    Bridge "br0.local"
    Bridge br.nf
    Bridge "br1.local"
    Bridge br.microseg
============= 192.168.1.183 ============
    Bridge "br1.local"
    Bridge br.mx
    Bridge br.dmx
    Bridge "br0"
    Bridge br.microseg
    Bridge br.nf
    Bridge "br1"
    Bridge "br0.local"
============= 192.168.1.182 ============
    Bridge "br1"
    Bridge br.microseg
    Bridge "br1.local"
    Bridge br.nf
    Bridge br.dmx
    Bridge br.mx
    Bridge "br0.local"
    Bridge "br0"
============= 192.168.1.181 ============
    Bridge br.microseg
    Bridge br.dmx
    Bridge br.nf
    Bridge "br0"
    Bridge br.mx
    Bridge "br0.local"
    Bridge "br1"
    Bridge "br1.local"
        Port "tap0"
            Interface "tap0"

以上。