====== OpenVSwitch (OVS) ======
===== Doc =====
Tuto : http://openvswitch.org/support/config-cookbooks/
* [[http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/|Isolating VM Traffic Using VLANs]]
* [[http://openvswitch.org/support/config-cookbooks/sflow/|Monitoring VM Traffic Using sFlow]]
* [[http://openvswitch.org/support/config-cookbooks/qos-rate-limiting/|Rate-Limiting VM Traffic Using QoS Policing]]
* [[http://openvswitch.org/support/config-cookbooks/port-tunneling/|Connecting VMs Using Tunnels]]
===== Exemple =====
* Démarrer le service openvswitch (fedora) :
$ systemctl start openvswitch.service
* Créer un bridgre ''bridge1'' :
$ ovs-vsctl add-br bridge1
* Activer le bridge nouvellement créé :
$ ifconfig bridge1 up
* Ajouter l'interface ''wls34'' au bridge ''bridge1'' (Attention on pert le réseau à partir de ce moment là) :
$ ovs-vsctl add-port bridge1 wls34
* On reset l'interface ''wls34'' :
$ ifconfig eth0 0
* On configure une ip pour le switch (dans notre exemple en DHCP) :
$ dhclient bridge1
$ route del default gw 192.168.1.1 wls34
$ route del 192.168.1.1 wls34
ou à la main :
$ ifconfig br-int 192.168.1.46 netmask 255.255.255.0
$ route add default gw 192.168.1.1 bridge1
$ route del default gw 192.168.1.1 wls34
$ route del 192.168.1.1 wls34
Après la modification des ''route'' on récupère le réseau.
Table de routage :
$ route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 bridge1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 bridge1
* Affichage de la vue :
$ ovs-vsctl show
109065b0-a911-48ad-a0ad-4fa6785c0552
Bridge "bridge1"
Port "wls34"
Interface "wls34"
Port "bridge1"
Interface "bridge1"
type: internal
ovs_version: "2.3.1"
* Créer 2 interfaces de type ''tap'' nommées ''vport1'' et ''vport2'' :
$ ip tuntap add mode tap vport1
$ ip tuntap add mode tap vport2
$ ifconfig vport1 up
$ ifconfig vport2 up
Vous pouvez également utiliser ''tunctl'' pour créer une interface de type ''tap'' :
$ tunctl –t tap0 –u root
* Ajoutons ces 2 interfaces ''vport1'' et ''vport2'' au switch ''bridge1'' (''--'' permet de lui spécifier plusieurs commandes à la suite) :
$ ovs-vsctl add-port bridge1 vport1 -- add-port bridge1 vport2
On peut maintenant venir brancher par exemple deux VM sur les ports ''vport1'' et ''vport2''.
* Nous voyons maintenant notre switch composée des interfaces ''vport1'', ''vport2'' et ''wls34'' :
$ ovs-vsctl show
109065b0-a911-48ad-a0ad-4fa6785c0552
Bridge "bridge1"
Port "vport1"
Interface "vport1"
Port "bridge1"
Interface "bridge1"
type: internal
Port "vport2"
Interface "vport2"
Port "wls34"
Interface "wls34"
ovs_version: "2.3.1"
* informations sur les port/VLAN et MAC de ''bridge1'' :
ovs-appctl fdb/show bridge1
port VLAN MAC Age
3 0 e0:a1:d7:ab:62:78 76
3 0 d4:3d:7e:f3:22:ea 74
3 0 e0:a1:d7:39:cf:e0 5
LOCAL 0 00:21:5d:5f:05:f8 5
* On peut voir la vitesse réseau négociée entre les VM et les ports du switch ''bridge1'' :
ovs-ofctl show bridge1
OFPT_FEATURES_REPLY (xid=0x2): dpid:000000215d5f05f8
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
3(wls34): addr:00:21:5d:5f:05:f8
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
4(vport1): addr:8a:b8:20:e9:9e:56
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
5(vport2): addr:ce:18:f9:2f:46:f6
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
LOCAL(bridge1): addr:00:21:5d:5f:05:f8
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
* Packets :
$ ovs-ofctl dump-flows bridge1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=3986.626s, table=0, n_packets=5660, n_bytes=1785393, idle_age=0, priority=0 actions=NORMAL
* Lister les switchs :
$ ovs-vsctl list Bridge
_uuid : 21680110-ef3b-4145-b5d2-17662e97c3cc
controller : []
datapath_id : "000000215d5f05f8"
datapath_type : ""
external_ids : {}
fail_mode : []
flood_vlans : []
flow_tables : {}
ipfix : []
mirrors : []
name : "bridge1"
netflow : []
other_config : {}
ports : [423dd0b4-e9f1-415c-8d2e-5b1420f3fbad, 837fd7e1-160d-4de1-a78d-521165766f38, 951efaa1-cd8f-4b5a-99cc-d81a78c3aafb, dfa58c1e-6ccb-4b1f-b310-089663148935]
protocols : []
sflow : []
status : {}
stp_enable : false
* Lister les ports du switch :
$ ovs-vsctl list Port
_uuid : 423dd0b4-e9f1-415c-8d2e-5b1420f3fbad
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
external_ids : {}
fake_bridge : false
interfaces : [d88afbae-18f3-46b3-a1c6-6a52032fb1f9]
lacp : []
mac : []
name : "vport1"
other_config : {}
qos : []
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []
_uuid : 951efaa1-cd8f-4b5a-99cc-d81a78c3aafb
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
external_ids : {}
fake_bridge : false
interfaces : [b9d5a333-12c2-4c75-90cf-7db30138241b]
lacp : []
mac : []
name : "vport2"
other_config : {}
qos : []
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []
_uuid : 837fd7e1-160d-4de1-a78d-521165766f38
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
external_ids : {}
fake_bridge : false
interfaces : [6547e7b6-1dd2-4b59-9a1b-f4639fd020e1]
lacp : []
mac : []
name : "bridge1"
other_config : {}
qos : []
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []
_uuid : dfa58c1e-6ccb-4b1f-b310-089663148935
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
external_ids : {}
fake_bridge : false
interfaces : [532efcf6-eee5-4b3d-b6fe-986f2089676c]
lacp : []
mac : []
name : "wls34"
other_config : {}
qos : []
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []
* Lister les interfaces :
$ ovs-vsctl list Interface
_uuid : 532efcf6-eee5-4b3d-b6fe-986f2089676c
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : []
external_ids : {}
ifindex : 3
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 0
link_speed : []
link_state : up
mac : []
mac_in_use : "00:21:5d:5f:05:f8"
mtu : 1500
name : "wls34"
ofport : 3
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=93328146, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=95891, tx_bytes=8789787, tx_dropped=0, tx_errors=0, tx_packets=59516}
status : {driver_name=iwlwifi, driver_version="3.17.8-300.fc21.x86_64", firmware_version="8.83.5.1 build 33692"}
type : ""
_uuid : 6547e7b6-1dd2-4b59-9a1b-f4639fd020e1
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : []
external_ids : {}
ifindex : 6
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 1
link_speed : []
link_state : up
mac : []
mac_in_use : "00:21:5d:5f:05:f8"
mtu : 1500
name : "bridge1"
ofport : 65534
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=643639, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=2264, tx_bytes=1331489, tx_dropped=0, tx_errors=0, tx_packets=3928}
status : {driver_name=openvswitch}
type : internal
_uuid : d88afbae-18f3-46b3-a1c6-6a52032fb1f9
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : full
external_ids : {}
ifindex : 7
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 0
link_speed : 10000000
link_state : down
mac : []
mac_in_use : "8a:b8:20:e9:9e:56"
mtu : 1500
name : "vport1"
ofport : 4
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=0, tx_dropped=0, tx_errors=0, tx_packets=0}
status : {driver_name=tun, driver_version="1.6", firmware_version=""}
type : ""
_uuid : b9d5a333-12c2-4c75-90cf-7db30138241b
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : full
external_ids : {}
ifindex : 8
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 0
link_speed : 10000000
link_state : down
mac : []
mac_in_use : "ce:18:f9:2f:46:f6"
mtu : 1500
name : "vport2"
ofport : 5
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=0, tx_dropped=0, tx_errors=0, tx_packets=0}
status : {driver_name=tun, driver_version="1.6", firmware_version=""}
type : ""
* Supprimer le port ''wls34'' :
$ ovs-vsctl add-port bridge1 wls34
Supprimer le bridgre ''bridge1'' :
$ ovs-vsctl del-br bridge1
===== VLANs =====
* Ajoute le port ''vport0'' à ''bridge1'' avec numéro de vlan 100 :
$ ovs-vsctl add-port bridge1 vport0 tag=100
* Ajoute le port ''vport1'' à ''bridge1'' avec numéro de vlan 200 :
$ ovs-vsctl add-port bridge1 vport1 tag=200