Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

Virtual Router Principle Analysis – Master OpenStack in 5 Minutes (101)

by

Article 101

Analysis of Virtual Router Principles

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

In the previous section, we created the virtual router “router_100_101” and verified the connectivity between vlan100 and vlan101 using ping. This section will focus on analyzing the principles involved.

First, let’s see what changes have occurred in the linux bridge structure on the control node.

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

On the bridge for vlan101, there is an additional tap device tap17162c5-00. From the naming, we can infer that this TAP device corresponds to the interface of router_100_101 (e17162c5-00fa).

On the bridge for vlan100, there is an additional tap device tapd568ba1a-74. From the naming, we can infer that this TAP device corresponds to the interface of router_100_101 (d568ba1a-740e).

The current network structure is shown in the diagram:

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

However, there is a problem: the two TAP devices do not have the corresponding Gateway IP configured.

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

If there is no Gateway IP, how does router_100_101 complete routing?

The answer is: the l3 agent creates a namespace for each router, connects it to the TAP via a veth pair, and then configures the Gateway IP on the veth interface located inside the namespace, thus enabling routing.

We can view the namespace using ip netns:Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

The namespace corresponding to the router is named qrouter-<router id>.

Using the command ip netns exec <namespace name> ip a to view the veth interface configuration in the router_100_101 namespace.

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

There are two interfaces in the namespace:

  1. qr-e17162c5-00 has the Gateway IP 172.16.101.1, forming a veth pair with tap17162c5-00 in the root namespace.

  2. qr-d568ba1a-74 has the Gateway IP 172.16.100.1, forming a veth pair with tapd568ba1a-74 in the root namespace.

The network structure is shown in the diagram:

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

The routing table in the namespace also ensures that subnet_172_16_100_0 and subnet_172_16_101_0 can route between them.

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

At this point in the analysis, we have clarified how router_100_101 connects vlan100 and vlan 101. However, there is a key question that needs further analysis: Why is router_100_101 placed in the namespace? In the next section, we will analyze this question in detail.

Virtual Router Principle Analysis - Master OpenStack in 5 Minutes (101)

Leave a Comment