Open vSwitch Tutorial

From Flav's Wiki
Jump to: navigation, search

This page details first steps in order to use Open vSwitch. We assume Open vSwitch is already installed.

This is based on : https://www.youtube.com/watch?v=rYW7kQRyUvA

Create a Bridge

Add a bridge :

root@host:~# ovs-vsctl add-br somebr

View the bridges

root@host:~# ovs-vsctl show
5766acdef-455cd-4167-9e08-455fda3455
    Bridge somebr
        Port somebr
            Interface somebr
                type: internal
    ovs_version: "2.3.0"

Activate the bridge

root@host:~# ifconfig somebr up

or

root@host:~# ip link set somebr up

Delete a bridge :

root@host:~# ovs-vsctl del-br somebr

Adding ports

Add a port to a bridge (take care if you are connecte on that port... the connexion will be lost)

root@host:~# ovs-vsctl add-port somebr eth0

In the rest of this tutorial we do not add eth0 to the bridge but we enable forwarding on the host:

echo 1 > /proc/sys/net/ipv4/ip_forward

(to make this permanent add in /etc/sysctl.conf the line net.ipv4.ip_forward = 1 and imediat enable with sysctl -p /etc/sysctl.conf)

Set the IP address of the bridge

root@host:~# ip addr add 192.168.21.1/24  broadcast 192.168.21.255 dev somebr

Create and add tap devices to the bridge

root@host:~# ip tuntap add mode tap vport1
root@host:~# ip tuntap add mode tap vport2
root@host:~# ifconfig vport1 up
root@host:~# ifconfig vport2 up
root@host:~# ovs-vsctl add-port somebr vport1 -- add-port somebr vport2
root@host:~# ovs-vsctl show
5766acdef-455cd-4167-9e08-455fda3455
    Bridge somebr
        Port "vport2"
            Interface "vport2"
        Port "vport1"
            Interface "vport1"
        Port somebr
            Interface somebr
                type: internal
    ovs_version: "2.3.0"

connect VM to ports

Now you can use vport1 and vport2 to connect VMs on this tap devices.

Eg with KVM:

root@host:~# kvm vm1.deb.raw -vnc :2 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:71' -netdev tap,id=net0,ifname=vport1,script=no,downscript=no -name vm1 -daemonize
root@host:~# kvm vm2.deb.raw -vnc :3 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:72' -netdev tap,id=net0,ifname=vport2,script=no,downscript=no -name vm2 -daemonize

On VM1

root@vm1:~# ifconfig eth0 192.168.21.2 netmask 255.255.255.0 broadcast 192.168.21.255
root@vm1:~# route add default gw 192.168.21.1

On VM2

root@vm2:~# ifconfig eth0 192.168.21.3 netmask 255.255.255.0 broadcast 192.168.21.255
root@vm2:~# route add default gw 192.168.21.1

On VM1

root@vm1:~# ping 192.168.21.1
PING 192.168.21.1 (192.168.21.1) 56(84) bytes of data.
64 bytes from 192.168.21.1: icmp_req=1 ttl=64 time=0.417 ms
64 bytes from 192.168.21.1: icmp_req=2 ttl=64 time=0.666 ms
^C
--- 192.168.21.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.417/0.541/0.666/0.126 ms
root@vm1:~# ping 192.168.21.3
PING 192.168.21.3 (192.168.21.3) 56(84) bytes of data.
64 bytes from 192.168.21.3: icmp_req=1 ttl=64 time=2.73 ms
64 bytes from 192.168.21.3: icmp_req=2 ttl=64 time=1.21 ms
64 bytes from 192.168.21.3: icmp_req=3 ttl=64 time=1.18 ms
^C
--- 192.168.21.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.180/1.710/2.734/0.725 ms

Monitoring

View the know MAC addresses on the bridge

ovs-appctl fdb/show somebr

View what ports are mapping to what interfaces. Using openflow command:

ovs-ofctl show somebr

Openvswitch is using openflows. Without any options the ports are using default L2forwarding. This can be seen by command:

ovs-ofctl dump-flows somebr

View entries in the ovsdb tables (which are persistent):

ovs-ovctl list Bridge
ovs-ovctl list Port
ovs-ovctl list Interface

Isolating VM traffic on VLAN

Read: http://www.openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/

To isolate the traffic of a vm to a vlan just tag the tap device when adding it to the ovs bridge:

root@host:~# ip tuntap add mode tap vport3
root@host:~# ip tuntap add mode tap vport4
root@host:~# ifconfig vport3 up
root@host:~# ifconfig vport4 up
root@host:~# ovs-vsctl add-port somebr vport3 tag=2
root@host:~# ovs-vsctl add-port somebr vport4 tag=2

Now launch the VMs:

root@host:~# kvm vm3.deb.raw -vnc :4 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:73' -netdev tap,id=net0,ifname=vport3,script=no,downscript=no -name vm3 -daemonize
root@host:~# kvm vm4.deb.raw -vnc :5 -k fr -device virtio-net-pci,netdev=net0,mac='12:34:56:AB:CD:74' -netdev tap,id=net0,ifname=vport4,script=no,downscript=no -name vm4 -daemonize