Difference between revisions of "Open vSwitch Tutorial"

From Flav's Wiki
Jump to: navigation, search
(Isolating VM traffic on VLAN)
Line 3: Line 3:
 
This is based on : https://www.youtube.com/watch?v=rYW7kQRyUvA
 
This is based on : https://www.youtube.com/watch?v=rYW7kQRyUvA
  
 +
=Create a Bridge=
 
Add a bridge :
 
Add a bridge :
  
Line 36: Line 37:
 
</source>
 
</source>
  
 +
=Adding ports=
 
Add a port to a bridge (take care if you are connecte on that port... the connexion will be lost)
 
Add a port to a bridge (take care if you are connecte on that port... the connexion will be lost)
 
<source lang="bash">
 
<source lang="bash">
Line 72: Line 74:
 
</source>
 
</source>
  
 +
==connect VM to ports==
 
Now you can use vport1 and vport2 to connect VMs on this tap devices.
 
Now you can use vport1 and vport2 to connect VMs on this tap devices.
  
Line 113: Line 116:
 
</source>
 
</source>
  
 +
=Monitoring=
 
View the know MAC addresses on the bridge
 
View the know MAC addresses on the bridge
 
  ovs-appctl fdb/show somebr
 
  ovs-appctl fdb/show somebr
Line 135: Line 139:
 
root@host:~# ovs-vsctl add-port somebr vport3 tag=2
 
root@host:~# ovs-vsctl add-port somebr vport3 tag=2
 
root@host:~# ovs-vsctl add-port somebr vport4 tag=2
 
root@host:~# ovs-vsctl add-port somebr vport4 tag=2
 +
</source>
 +
 +
Now launch the VMs:
 +
<source lang="bash" enclose="div">
 +
root@host:~# kvm vm3.deb.raw -vnc :4 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:73' -netdev tap,id=net0,ifname=vport3,script=no,downscript=no -name vm3 -daemonize
 +
root@host:~# kvm vm4.deb.raw -vnc :5 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:74' -netdev tap,id=net0,ifname=vport4,script=no,downscript=no -name vm4 -daemonize
 
</source>
 
</source>

Revision as of 16:00, 8 May 2015

This page details first steps in order to use Open vSwitch. We assume Open vSwitch is already installed.

This is based on : https://www.youtube.com/watch?v=rYW7kQRyUvA

Create a Bridge

Add a bridge :

root@host:~# ovs-vsctl add-br somebr

View the bridges

root@host:~# ovs-vsctl show
5766acdef-455cd-4167-9e08-455fda3455
    Bridge somebr
        Port somebr
            Interface somebr
                type: internal
    ovs_version: "2.3.0"

Activate the bridge

root@host:~# ifconfig somebr up

or

root@host:~# ip link set somebr up

Delete a bridge :

root@host:~# ovs-vsctl del-br somebr

Adding ports

Add a port to a bridge (take care if you are connecte on that port... the connexion will be lost)

root@host:~# ovs-vsctl add-port somebr eth0

In the rest of this tutorial we do not add eth0 to the bridge but we enable forwarding on the host:

echo 1 > /proc/sys/net/ipv4/ip_forward

(to make this permanent add in /etc/sysctl.conf the line net.ipv4.ip_forward = 1 and imediat enable with sysctl -p /etc/sysctl.conf)

Set the IP address of the bridge

root@host:~# ip addr add 192.168.21.1/24  broadcast 192.168.21.255 dev somebr

Create and add tap devices to the bridge

root@host:~# ip tuntap add mode tap vport1
root@host:~# ip tuntap add mode tap vport2
root@host:~# ifconfig vport1 up
root@host:~# ifconfig vport2 up
root@host:~# ovs-vsctl add-port somebr vport1 -- add-port somebr vport2
root@host:~# ovs-vsctl show
5766acdef-455cd-4167-9e08-455fda3455
    Bridge somebr
        Port "vport2"
            Interface "vport2"
        Port "vport1"
            Interface "vport1"
        Port somebr
            Interface somebr
                type: internal
    ovs_version: "2.3.0"

connect VM to ports

Now you can use vport1 and vport2 to connect VMs on this tap devices.

Eg with KVM:

root@host:~# kvm vm1.deb.raw -vnc :2 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:71' -netdev tap,id=net0,ifname=vport1,script=no,downscript=no -name vm1 -daemonize
root@host:~# kvm vm2.deb.raw -vnc :3 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:72' -netdev tap,id=net0,ifname=vport2,script=no,downscript=no -name vm2 -daemonize

On VM1

root@vm1:~# ifconfig eth0 192.168.21.2 netmask 255.255.255.0 broadcast 192.168.21.255
root@vm1:~# route add default gw 192.168.21.1

On VM2

root@vm2:~# ifconfig eth0 192.168.21.3 netmask 255.255.255.0 broadcast 192.168.21.255
root@vm2:~# route add default gw 192.168.21.1

On VM1

root@vm1:~# ping 192.168.21.1
PING 192.168.21.1 (192.168.21.1) 56(84) bytes of data.
64 bytes from 192.168.21.1: icmp_req=1 ttl=64 time=0.417 ms
64 bytes from 192.168.21.1: icmp_req=2 ttl=64 time=0.666 ms
^C
--- 192.168.21.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.417/0.541/0.666/0.126 ms
root@vm1:~# ping 192.168.21.3
PING 192.168.21.3 (192.168.21.3) 56(84) bytes of data.
64 bytes from 192.168.21.3: icmp_req=1 ttl=64 time=2.73 ms
64 bytes from 192.168.21.3: icmp_req=2 ttl=64 time=1.21 ms
64 bytes from 192.168.21.3: icmp_req=3 ttl=64 time=1.18 ms
^C
--- 192.168.21.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.180/1.710/2.734/0.725 ms

Monitoring

View the know MAC addresses on the bridge

ovs-appctl fdb/show somebr

What is going on : use of openflow?

ovs-ofctl show somebr
ovs-ofctl dump-flows somebr
ovs-ovctl list somebr
ovs-ovctl list Port
ovs-ovctl list Interface

Isolating VM traffic on VLAN

Read: http://www.openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/

To isolate the traffic of a vm to a vlan just tag the tap device when adding it to the ovs bridge:

root@host:~# ip tuntap add mode tap vport3
root@host:~# ip tuntap add mode tap vport4
root@host:~# ifconfig vport3 up
root@host:~# ifconfig vport4 up
root@host:~# ovs-vsctl add-port somebr vport3 tag=2
root@host:~# ovs-vsctl add-port somebr vport4 tag=2

Now launch the VMs:

root@host:~# kvm vm3.deb.raw -vnc :4 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:73' -netdev tap,id=net0,ifname=vport3,script=no,downscript=no -name vm3 -daemonize
root@host:~# kvm vm4.deb.raw -vnc :5 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:74' -netdev tap,id=net0,ifname=vport4,script=no,downscript=no -name vm4 -daemonize