openstack neutron使用ovn方式部署

admin

Controller nodes
5 F6 |' ~1 [! ^- \5 C5 \Each controller node runs the Open vSwitch (OVS) service (including dependent services such as ovsdb-server) and ovn-northd. Only a single instance of the ovsdb-server and ovn-northd services can operate in a deployment. However, deployment tools can implement active/passive high-availability using a management tool that monitors service health and automatically starts these services on another node after failure of the primary node. See the Frequently Asked Questions for more information.
4 M: V; o  c; l9 Y- L
" i0 I) q0 O9 ~# H. L$ YInstall the ovn-central and openvswitch packages (RHEL/Fedora).
4 c) e4 ^& [: _; N2 X/ A# y
/ [. b+ Z5 y: \% D5 _) M9 w! \% m4 mInstall the ovn-central and openvswitch-common packages (Ubuntu/Debian).

Start the OVS service. The central OVS service starts the ovsdb-server service that manages OVN databases.

" u' {1 h" Q9 r. Y3 k6 ], XUsing the systemd unit:
$ O/ C7 f7 ?$ O6 o+ }
8 g7 t1 ~. k8 V; Asystemctl start openvswitch (RHEL/Fedora)
, [, o  k% v$ a# S9 ]0 q" x% gsystemctl start openvswitch-switch (Ubuntu/Debian)
8 r, b7 r/ R1 I! A5 K  z5 VConfigure the ovsdb-server component. By default, the ovsdb-server service only permits local access to databases via Unix socket. However, OVN services on compute nodes require access to these databases.

Permit remote database access.

6 ?8 G! c  @9 x3 D  f0 |+ R" Movn-nbctl set-connection ptcp:6641:0.0.0.0 -- \
% d- L6 V5 q3 U: A7 u! ?0 E* g            set connection . inactivity_probe=60000
* {. a2 v8 i3 l( k8 W! Y! W% }ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- \
            set connection . inactivity_probe=60000
if using the VTEP functionality:
ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640:0.0.0.0
% T6 m& a* [, s, h# SReplace 0.0.0.0 with the IP address of the management network interface on the controller node to avoid listening on all interfaces.
& T$ \, S2 N0 \- b4 |! _
Note
1 y" G3 _, B, u' S8 w2 N
Permit remote access to TCP ports: 6640 (OVS) to VTEPS (if you use vteps), 6642 (SBDB) to hosts running neutron-server, gateway nodes that run ovn-controller, and compute node services like ovn-controller and ovn-metadata-agent. 6641 (NBDB) to hosts running neutron-server.

Start the ovn-northd service.

: r" M9 P  L1 y: \: Z/ o0 R; lUsing the systemd unit:
- U; L2 _1 H9 R( B1 j  l
systemctl start ovn-northd
Configure the Networking server component. The Networking service implements OVN as an ML2 driver. Edit the /etc/neutron/neutron.conf file:

. h9 S8 J* a0 ~8 }' PEnable the ML2 core plug-in.
3 A6 M4 s. e8 ~2 S7 l2 s( |9 F
[DEFAULT]
' m" X3 K2 T3 k  y+ }( E3 o$ P7 N3 ?( l...
- B$ p# T0 @$ }  T4 T! F$ icore_plugin = ml2
Enable the OVN layer-3 service.

[DEFAULT]
...
service_plugins = ovn-router
Configure the ML2 plug-in. Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:
/ o: p" E: a- l$ @# r" B
Configure the OVN mechanism driver, network type drivers, self-service (tenant) network types, and enable the port security extension.
- C0 k8 m* E2 k! v8 H
[ml2]
0 J& V( u) p# V...
mechanism_drivers = ovn
type_drivers = local,flat,vlan,geneve
tenant_network_types = geneve
% h) h+ G7 w: Z  X" xextension_drivers = port_security
; b! B; M9 V; b$ O: m+ koverlay_ip_version = 4
; r9 k% }) p' G3 q1 z" ~ Note
# K7 O4 p/ I: w
To enable VLAN self-service networks, make sure that OVN version 2.11 (or higher) is used, then add vlan to the tenant_network_types option. The first network type in the list becomes the default self-service network type.

6 T0 j! u# v: `5 }) u2 lTo use IPv6 for all overlay (tunnel) network endpoints, set the overlay_ip_version option to 6.

/ }+ a5 M& @3 w: e* E3 k1 {Configure the Geneve ID range and maximum header size. The IP version overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) is added to the maximum header size based on the ML2 overlay_ip_version option.

: R# s; z  f+ }' k[ml2_type_geneve]
...
) x: I2 j7 w* Evni_ranges = 1:65536
max_header_size = 38
& T. V- g( X# e" D+ F; Z Note
. V9 H& f0 t9 ?; a
The Networking service uses the vni_ranges option to allocate network segments. However, OVN ignores the actual values. Thus, the ID range only determines the quantity of Geneve networks in the environment. For example, a range of 5001:6000 defines a maximum of 1000 Geneve networks. On the other hand, these values are still relevant in Neutron context so 1:1000 and 5001:6000 are not simply interchangeable.

/ k7 S/ {/ l0 d1 [, s Warning

The default for max_header_size, 30, is too low for OVN. OVN requires at least 38.
3 p# K. g3 }1 Q" `: G
Optionally, enable support for VXLAN type networks. Because of limited space in VXLAN VNI to pass over the needed information that requires OVN to identify a packet, the header size to contain the segmentation ID is reduced to 12 bits, that allows a maximum number of 4096 networks. The same limitation applies to the number of ports in each network, that are also identified with a 12 bits header chunk, limiting their number to 4096 ports. Please check [1] for more information.

[ml2]
) f2 K6 g/ y  n3 b...
type_drivers = geneve,vxlan

[ml2_type_vxlan]
' T* _" L2 p0 \6 k4 L+ Q3 dvni_ranges = 1001:1100
) G- R7 B- ~& k# g: _Optionally, enable support for VLAN provider and self-service networks on one or more physical networks. If you specify only the physical network, only administrative (privileged) users can manage VLAN networks. Additionally specifying a VLAN ID range for a physical network enables regular (non-privileged) users to manage VLAN networks. The Networking service allocates the VLAN ID for each self-service network using the VLAN ID range for the physical network.

[ml2_type_vlan]
...
9 r2 I& n5 X- w9 l2 i& m- vnetwork_vlan_ranges = PHYSICAL_NETWORK:MIN_VLAN_ID:MAX_VLAN_ID
  Q5 q( P0 U* q/ CReplace PHYSICAL_NETWORK with the physical network name and optionally define the minimum and maximum VLAN IDs. Use a comma to separate each physical network.
  g; [  C& R# N8 I0 k
% [" `# g" U( `; l# X* x1 BFor example, to enable support for administrative VLAN networks on the physnet1 network and self-service VLAN networks on the physnet2 network using VLAN IDs 1001 to 2000:

network_vlan_ranges = physnet1,physnet2:1001:2000
Enable security groups.

3 j# r/ v& J* x5 z2 d- ^[securitygroup]
5 B/ p% t5 y. n( E5 b7 J- s...
enable_security_group = true
2 I; n1 f8 A2 \) B! e8 u  `, m Note
! W8 q4 p# T/ Z
8 X( \9 d  W0 x0 B4 ^The firewall_driver option under [securitygroup] is ignored since the OVN ML2 driver itself handles security groups.
1 X& H0 @2 R8 k2 A( N
0 I5 P: U9 P- |! v* Q% D2 ]8 fConfigure OVS database access and L3 scheduler

9 p2 G* r& x8 V7 ?- |[ovn]
" v. \9 {: e& H) b...
. }" i8 }( ]  t( ]1 Q* fovn_nb_connection = tcp:IP_ADDRESS:6641
ovn_sb_connection = tcp:IP_ADDRESS:6642
9 H' L7 h- h7 e  U5 s: oovn_l3_scheduler = OVN_L3_SCHEDULER
0 r- _+ V6 @" C2 x: p Note
, Y& j7 Y/ w/ y( V, S: S
. V$ S! R* S/ B6 }0 P5 c  R& M; O& Z. EReplace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service. Replace OVN_L3_SCHEDULER with leastloaded if you want the scheduler to select a compute node with the least number of gateway ports or chance if you want the scheduler to randomly select a compute node from the available list of compute nodes.
- o+ H6 q0 `- Q* y
Set ovn-cms-options with enable-chassis-as-gw in Open_vSwitch table’s external_ids column. Then if this chassis has proper bridge mappings, it will be selected for scheduling gateway routers.
& Z7 F3 g4 w" ^$ p5 D( C# d
' E& {/ k7 P, ?ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw
Start, or restart, the neutron-server service.

Using the systemd unit:
( y9 F' g7 T$ H. D  P$ D" q
  m- G6 Y. B# O# g6 e7 Jsystemctl start neutron-server
Network nodes
4 Y& s3 z  E* g0 k  h. vDeployments using OVN native layer-3 and DHCP services do not require conventional network nodes because connectivity to external networks (including VTEP gateways) and routing occurs on compute nodes.
1 p6 o& a# U3 H3 e. r. d: ?% y5 w
Compute nodes
& D- s( Q" }  y8 W$ M& l: I4 pEach compute node runs the OVS and ovn-controller services. The ovn-controller service replaces the conventional OVS layer-2 agent.
* w5 ]4 X2 S  t( _9 r! x
Install the ovn-host, openvswitch and neutron-ovn-metadata-agent packages (RHEL/Fedora).

- n  x/ ~  t) Z( W6 J# {- ^: G& q$ [Install the ovn-host, openvswitch-switch and neutron-ovn-metadata-agent packages (Ubuntu/Debian).
+ h* [; T  ]4 M9 {& a, F
Start the OVS service.
7 B0 X, I6 H$ x0 M0 q
Using the systemd unit:
% \4 S% S- ]+ k3 ~
systemctl start openvswitch (RHEL/Fedora)
systemctl start openvswitch-switch (Ubuntu/Debian)
8 @8 A+ ^7 I0 BConfigure the OVS service.
6 d; z, s4 _: [! D: E8 l. w
Use OVS databases on the controller node.
6 ]! ?  @2 V0 d4 V
9 Y! M' G3 \1 r( Govs-vsctl set open . external-ids:ovn-remote=tcp:IP_ADDRESS:6642
Replace IP_ADDRESS with the IP address of the controller node that runs the ovsdb-server service.

# o1 J$ X9 ]% ?" |Enable one or more overlay network protocols. At a minimum, OVN requires enabling the geneve protocol. Deployments using VTEP gateways should also enable the vxlan protocol.

ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan
3 C% z0 r2 n/ ~ Note
4 \! A9 U# {3 V! O; f
Deployments without VTEP gateways can safely enable both protocols.
* f7 E# F4 U6 q. T8 Z
Configure the overlay network local endpoint IP address.
, H$ u/ n# O  ?1 ]+ _4 l4 y
ovs-vsctl set open . external-ids:ovn-encap-ip=IP_ADDRESS
0 A9 H" C- O& J) h1 O/ \3 b' fReplace IP_ADDRESS with the IP address of the overlay network interface on the compute node.

Start the ovn-controller and neutron-ovn-metadata-agent services.

Using the systemd unit:

- `0 m. J+ B+ h9 R' esystemctl start ovn-controller neutron-ovn-metadata-agent
- Q4 P( [# l, X: C: LVerify operation¶
" c# W/ n# k- SEach compute node should contain an ovn-controller instance.

0 \/ D4 @1 c1 e. c/ Y1 B3 a6 novn-sbctl show
, Z0 T) I% h. y9 J  <output>


/ T$ j8 r2 @, ^  r7 q. I  @* jDeployment steps
5 x4 |, K4 l& I) G6 G( i/ eDownload the quickstart.sh script with curl:

curl -O https://raw.githubusercontent.co ... aster/quickstart.sh
6 U9 R6 }; r3 ?0 P. CInstall the necessary dependencies by running:

bash quickstart.sh --install-deps
Clone the tripleo-quickstart and neutron repositories:

7 ?& R1 S3 q7 }5 g8 B4 z/ Mgit clone https://opendev.org/openstack/tripleo-quickstart
- ]' z& p  r% W4 [* |8 p- u& t: mgit clone https://opendev.org/openstack/neutron
Once you’re done, run quickstart as follows (3 controller HA + 1 compute):

( t. Z" I" _4 p& D: u5 O5 ^, TExporting the tags is a workaround until the bug
https://bugs.launchpad.net/tripleo/+bug/1737602 is resolved
# r- H2 Q( o, g3 N( ?( Z
export ansible_tags="untagged,provision,environment,libvirt,\
: \+ A4 x% G  {$ d" b/ wundercloud-scripts,undercloud-inventory,overcloud-scripts,\
undercloud-setup,undercloud-install,undercloud-post-install,\
" m6 E+ W. @& m2 q% D' }4 h, Kovercloud-prep-config"
) a/ M9 R, e0 `/ q8 E
bash ./quickstart.sh --tags $ansible_tags --teardown all \
--release master-tripleo-ci \
  ]6 z  g  b  D# U7 U3 k5 n--nodes tripleo-quickstart/config/nodes/3ctlr_1comp.yml  \
6 l; ]4 u* i) @$ S7 I" i) X& t--config neutron/tools/tripleo/ovn.yml \
VIRTHOST
6 l6 b( w- r& M+ m1 z3 b Note
  Z6 I9 M* g5 X! m( @3 K% S
When deploying directly on localhost use the loopback address 127.0.0.2 as your $VIRTHOST. The loopback address 127.0.0.1 is reserved by ansible. Also make sure that 127.0.0.2 is accessible via public keys:
; A; \, `5 u: s# R
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Note
; J2 q! f& ^( Q/ c, C, c3 ?
You can adjust RAM/VCPUs if you want by editing config/nodes/3ctlr_1comp.yml before running the above command. If you have enough memory stick to the defaults. We recommend using 8GB of RAM for the controller nodes.

When quickstart has finished you will have 5 VMs ready to be used, 1 for the undercloud (TripleO’s node to deploy your openstack from), 3 VMs for controller nodes and 1 VM for the compute node.
2 f2 a1 z4 I2 ?- R8 o
# T/ y4 ]5 V* n* `& Y! Z/ l$ DLog in into the undercloud:
* a' Y0 j* C' t3 g2 E; o; h
2 g1 }: U) B0 S2 p! E8 [# Essh -F ~/.quickstart/ssh.config.ansible undercloud
Prepare overcloud container images:

1 P. Q! u% H! [$ W./overcloud-prep-containers.sh
# X) R, E, j! F* {5 GRun inside the undercloud:

./overcloud-deploy.sh
Grab a coffee, that may take around 1 hour (depending on your hardware).
5 M7 E: z& h5 |& d3 C# M! t
If anything goes wrong, go to IRC on OFTC, and ask on #oooq
$ Q* R$ M+ h$ s6 V
Description of the environment
Once deployed, inside the undercloud root directory two files are present: stackrc and overcloudrc, which will let you connect to the APIs of the undercloud (managing the openstack node), and to the overcloud (where your instances would live).
, c2 r9 D. \9 M
8 ]9 l. x; |' j/ |& [# nWe can find out the existing controller/computes this way:
% K8 \7 c6 D% L! t, F7 r
( S: `- l* t, i2 e. U4 Y. `source stackrc
$ C# E: ^; z+ ^# ] openstack server list -c Name -c Networks -c Flavor
) g2 G3 y  E& O+-------------------------+------------------------+--------------+
8 D) r& t, j/ E4 E( n. K$ Y| Name                    | Networks               | Flavor       |
+-------------------------+------------------------+--------------+
$ T0 _6 t5 G5 P. Z1 P| overcloud-controller-1  | ctlplane=192.168.24.16 | oooq_control |
| overcloud-controller-0  | ctlplane=192.168.24.14 | oooq_control |
| overcloud-controller-2  | ctlplane=192.168.24.12 | oooq_control |
* C2 y: A) e/ l2 T$ T% o$ {. L| overcloud-novacompute-0 | ctlplane=192.168.24.13 | oooq_compute |
; |% B2 O' t) y8 ?. J+-------------------------+------------------------+--------------+
9 ?6 i# [; T2 b0 zNetwork architecture of the environment
TripleO Quickstart single NIC with vlans
! a+ @, l- R: N! b3 y1 u& J. c  Y* \Connecting to one of the nodes via ssh
! V; R% ]& d9 U% OWe can connect to the IP address in the openstack server list we showed before.

6 {4 X- N5 G7 K* e: o9 E ssh heat-admin@192.168.24.16
2 P3 s, w' a) CLast login: Wed Feb 21 14:11:40 2018 from 192.168.24.1

ps fax | grep ovn-controller
20422 ?        S<s   30:40 ovn-controller unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --no-chdir --log-file=/var/log/openvswitch/ovn-controller.log --pidfile=/var/run/openvswitch/ovn-controller.pid --detach
" f8 }/ L% p, t
% N& {9 I! U' }# I1 Tsudo ovs-vsctl show
bb413f44-b74f-4678-8d68-a2c6de725c73
Bridge br-ex
4 u$ a7 t3 x; Z  v  fail_mode: standalone
  ...
  Port "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"
' _$ ]' B7 F! ~! R; i# R      Interface "patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"
          type: patch
          options: {peer="patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"}
5 [2 R1 g3 L% @/ g, m  Port "eth0"
$ x( Z+ r$ }% g1 }& W      Interface "eth0"
2 n. o* r9 T7 q* [! x7 }/ r- s  ...
Bridge br-int
  fail_mode: secure
+ ^0 }7 n4 |, E9 |+ C; G   Port "ovn-c8b85a-0"
* ]" Y0 E1 \' s1 M. u( H   Interface "ovn-c8b85a-0"
5 z  q5 P5 n( Z0 u       type: geneve
6 P+ Q7 A3 v1 _  k4 @2 e4 `       options: {csum="true", key=flow, remote_ip="172.16.0.17"}
& x# p( p* \7 w, f2 J7 u* a2 e   Port "ovn-b5643d-0"
      Interface "ovn-b5643d-0"
          type: geneve
6 G  v, b' |) K& s          options: {csum="true", key=flow, remote_ip="172.16.0.14"}
( g% [; g1 e3 V' k: ?   Port "ovn-14d60a-0"
      Interface "ovn-14d60a-0"
          type: geneve
" h* q$ c1 x4 H          options: {csum="true", key=flow, remote_ip="172.16.0.12"}
   Port "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"
      Interface "patch-br-int-to-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6"
          type: patch
          options: {peer="patch-provnet-84d63c87-aad1-43d0-bdc9-dca5145b6fe6-to-br-int"}
   Port br-int
6 a, S  g" x8 `3 M8 ^5 E      Interface br-int
# W6 w: q! O2 ]' j          type: internal
Initial resource creation
+ t5 z9 _( n. vWell, now you have a virtual cloud with 3 controllers in HA, and one compute node, but no instances or routers running. We can give it a try and create a few resources:
5 `6 G9 k" ^# g. B, R
' e7 p5 p: h: u, BInitial resources we can create
! ]$ x. j9 I8 A! yYou can use the following script to create the resources.

ssh -F ~ /.quickstart/ssh.config.ansible undercloud

$ a  [7 u+ |/ V$ }source ~/overcloudrc

: d% H) w7 n7 m" x' Rcurl http://download.cirros-cloud.net ... 5.1-x86_64-disk.img \
, E2 Y& s3 s& n  > cirros-0.5.1-x86_64-disk.img
% W+ c; l. f3 k3 a, topenstack image create "cirros" --file cirros-0.5.1-x86_64-disk.img   \
               --disk-format qcow2 --container-format bare --public
! M2 f/ ~# X1 }, m" T- X2 g
; M: O% r$ |" z" i! Uopenstack network create public --provider-physical-network datacentre \
$ S' p- c3 ^. x2 F  Y/ G                                --provider-network-type vlan \
4 P( d- A: f2 U                                --provider-segment 10 \
                                --external --share
  x1 ]3 _, [/ t( G+ I* n& s# M
openstack subnet create --network public public --subnet-range 10.0.0.0/24 \
                         --allocation-pool start=10.0.0.20,end=10.0.0.250 \
6 n$ H0 C4 F8 w0 @; ~- J                         --dns-nameserver 8.8.8.8 --gateway 10.0.0.1 \
9 o- |# o2 e4 V& t$ c" e6 L+ m                         --no-dhcp
: S1 O3 B- o6 V2 L- Q
2 h, H, p% l& A) ]7 [* Ropenstack network create private
  G/ T! Q9 G5 w& K$ h4 G2 ?2 E+ ]openstack subnet create --network private private \
# _( G% X- T2 e7 E6 b) n: t( W3 }                        --subnet-range 192.168.99.0/24
4 Z" V( b0 \, A' y5 n4 Aopenstack router create router1
* F( g/ W* Q/ S9 L1 q' v
openstack router set --external-gateway public router1
openstack router add subnet router1 private

openstack security group create test
openstack security group rule create --ingress --protocol tcp \
% a! d6 f; }7 K                                     --dst-port 22 test
openstack security group rule create --ingress --protocol icmp test
openstack security group rule create --egress test

openstack flavor create m1.tiny --disk 1 --vcpus 1 --ram 64
* \/ n2 f; E2 l; C! d6 }* R  z8 h
PRIV_NET=$(openstack network show private -c id -f value)

4 F. D9 Y8 ^5 r' _( T& lopenstack server create --flavor m1.tiny --image cirros \
                        --nic net-id=$PRIV_NET --security-group test \
                        --wait cirros

$ i0 q, x& R5 p  ~% _- Wopenstack floating ip create --floating-ip-address 10.0.0.130 public
, Z( U* s8 q! E- Aopenstack server add floating ip cirros 10.0.0.130
Note
4 V5 q5 b, N! K/ b* p4 c
3 J# v$ Q' y$ f! C% }0 UYou can now log in into the instance if you want. In a CirrOS >0.4.0 image, the login account is cirros. The password is gocubsgo.

ssh cirros@10.0.0.130
1 W' ~" l) W  b: E. j$ ]  c  r' h( Rcirros@10.0.0.130's password:

ip a | grep eth0 -A 10
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast qlen 1000
    link/ether fa:16:3e:85:b4:66 brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.5/24 brd 192.168.99.255 scope global eth0
$ a# Q9 a2 m) a  W) H6 w6 `       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe85:b466/64 scope link
+ ?) g0 U, d2 h; h9 I( j       valid_lft forever preferred_lft forever
# d, O. h2 l1 B& {0 b
4 R  E& Q8 \0 Q! N  e9 lping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=63 time=2.145 ms
( a( ~  ?9 [; `% |3 J6 J& c64 bytes from 10.0.0.1: seq=1 ttl=63 time=1.025 ms
" b9 B; n0 d& @% I  q- D64 bytes from 10.0.0.1: seq=2 ttl=63 time=0.836 ms
^C
9 i. l0 a& ^" c8 B--- 10.0.0.1 ping statistics ---
. p# P# I: {% U  e& f3 packets transmitted, 3 packets received, 0% packet loss
+ p7 y' k/ J! x- Nround-trip min/avg/max = 0.836/1.335/2.145 ms
' V3 t3 }" {$ r; o3 [
8 e: _5 G7 V2 ^6 o# M$ B& s; Aping 8.8.8.8
" y% Z9 f( l. ^( b. ^& [PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=52 time=3.943 ms
6 ^7 l  i$ X1 ?/ ]  E: U$ x' [64 bytes from 8.8.8.8: seq=1 ttl=52 time=4.519 ms
, Y& N# e6 t7 [: B' Y64 bytes from 8.8.8.8: seq=2 ttl=52 time=3.778 ms

% I& K% B- w5 ~# r8 E4 rcurl http://169.254.169.254/2009-04-04/meta-data/instance-id
i-00000002
) G, ^! k0 b3 }  P( M1 v
. p2 m$ A! n) y7 Z& \5 \% x9 D1 c