Re: [ovs-discuss] Connecting 2 separated OvS

[Scott Lowe]

Please see my responses inline, prefixed with [SL].

On 06/01/2018 06:35 AM, Jose Carlos Ferreira de Melo Junior wrote:
> Yes,  the final idea is connect them to a openflow controller and then
> generate some isolated trafic among them.
> 
> But I dont know how it would be logically. For example: to connect one
> OvS bridge to another OvS bridge I heard about patch port but I think
> it's not working.


[SL] It is my understanding that patch ports are only for connecting OVS
bridges on the same system, not between systems.


> how can I be sure the connection really works? I don't know if Im
> missing something


[SL] From a control plane (switch to controller) perspective, OVS will
provide some feedback about whether a connection to the controller was
successful (I believe some feedback is provided via `ovs-vsctl`, other
commands may provide even more information).

From a data plane perspective, I guess you'll just need to set up the
environment and then use the appropriate tools (tcpdump, etc.) to verify
that the traffic is flowing as expected. OVS has some additional tools
that will help here as well, like `ovs-dpctl`. The man pages for OVS
will be very helpful in determining the best ways to verify if traffic
is behaving as you expect/intend.


> 2018-06-01 8:55 GMT-03:00 Scott Lowe  <mailto:scott.l...@scottlowe.org>>:
> 
> On 06/01/2018 05:41 AM, Jose Carlos Ferreira de Melo Junior wrote:
>> 
>> Hello everyone,
>> 
>> I'm new in the house so I have some doubts.
>> 
>> How can I connect 2 or more separated OvS bridges? 
>> 
>> When I say separated I really mean in OvS on different VM
> 
> 
> From a data plane perspective, you can connect them in the same way you
> would go about connecting multiple physical switches together. For
> example, you could use an interface from your VM (say, eth1) and connect
> that to the OVS bridge running in the VM. That interface is then
> connected to your hypervisor's switching functionality, which in turn
> connects it to the physical network. All three OVS bridges are now part
> of the same L2 broadcast domain.
> 
> From a control plane perspective, you'd (typically) need to use an
> OpenFlow controller if you wanted them to act as a single (logical)
> switch consisting of multiple (virtual) switches.
> 
> I hope this helps.


-- 
Scott



signature.asc
Description: OpenPGP digital signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Connecting 2 separated OvS

[Scott Lowe]

On 06/01/2018 05:41 AM, Jose Carlos Ferreira de Melo Junior wrote:
> 
> Hello everyone,
> 
> I'm new in the house so I have some doubts.
> 
> How can I connect 2 or more separated OvS bridges? 
> 
> When I say separated I really mean in OvS on different VM


From a data plane perspective, you can connect them in the same way you
would go about connecting multiple physical switches together. For
example, you could use an interface from your VM (say, eth1) and connect
that to the OVS bridge running in the VM. That interface is then
connected to your hypervisor's switching functionality, which in turn
connects it to the physical network. All three OVS bridges are now part
of the same L2 broadcast domain.

From a control plane perspective, you'd (typically) need to use an
OpenFlow controller if you wanted them to act as a single (logical)
switch consisting of multiple (virtual) switches.

I hope this helps.

-- 
Scott



signature.asc
Description: OpenPGP digital signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS on CoreOS?

[Scott Lowe]

On 05/24/2018 09:18 AM, Ben Pfaff wrote:
> I'm talking to an acquaintance who wants to use OVS on CoreOS.  Is
> anyone doing this at the moment?  He's particularly concerned about
> making sure that OVS can be upgraded gracefully along with the rest of
> the system and that it is well integrated.
> 
> Any thoughts?


I successfully tested containerized OVS on CoreOS, using the keldaio/ovs
containers available on Docker Hub. There are a few caveats and I
haven't done any extensive testing, but the procedure outlined in

will work on CoreOS.

Not sure if this helps or not.

Regards,

-- 
Scott



signature.asc
Description: OpenPGP digital signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VYOS under Libvirt connected to OpenVswitch as internal 8021q subinterfaces

[Scott Lowe]

> On Mar 10, 2018, at 12:27 PM, Chris Boley  wrote:
> 
> I'm aware of how to define an edge port under the libvirt network XML file 
> and make that guest VM assign itself to the openvswitch as an access port 
> assigned to a specific vlan like:
> 
> On a cisco switch this:
> 
> 
> 
>   
> 
>   
> 
>  is the equivalent of:
> 
> switchport mode access
> switchport access vlan 3
> 
> 
> 
> So this:
> 
> 
>   
>   
> 
>   
> 
>  is the equivalent of:
> 
> switchport trunk encapsulation dot1q
> switchport mode trunk
> switchport trunk allowed vlan 2,3
> =
> 
> So I could create dot1q based subinterfaces on a guest VM interface
> with the ( vlan trunk='yes' ) syntax?
> 
> Would that assumption be correct?


Yes.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OpenVswitch

[Scott Lowe]

> On Feb 28, 2018, at 9:00 PM, Chris Boley  wrote:
> 
> I've been tinkering with OVS on Ubuntu 16.04 with the libvirt hypervisor.
> I've gotten the XML based networks defined in the hypervisor and I've gotten 
> the host to understand it's interfacing with OVS.
> 
> So I'm hitting some sticking points that are starting to make me feel well.. 
> "thick".
> I built the bridge.
> 
> "sudo ovs-vsctl add-br vbridge0"
> 
> I set up an external bond port on the bridge.
> ovs-vsctl add-bond vbridge0 vbond0 eth0 eth1 lacp=active 
> other_config:lacp_time=fast trunks=2,3*#*#I'm kind of confused about the 
> trunks=2,3 part Do I really need that to pass the tagged frames to the Cisco 
> Switch?


The "trunks=2,3" will limit the interface to *only* trunking VLANs 2 and 3. If 
you want to trunk all VLANs, then leave that part off. You may also have to 
mess around with vlan_mode if you need interoperability with the native 
(untagged) VLAN.


> That's brings up the bond "vbond0 tied to my vswitch0
> 
> My config in my cisco switch is a standard 2 port etherchannel.
> with the good ole:
> switchport trunk encapsulation dot1q
> switchport mode trunk
> 
> Switch#sh mac ad
> Switch#sh mac address-table | i Po1
>25254.0071.b1b6DYNAMIC Po1   << here's my VM
>10004.23d7.bd0cDYNAMIC Po1
>10004.23d7.bd0dDYNAMIC Po1
> 
> 
> 
> I have my libvirt network defined, when I do an "ovs-vsctl show" it looks 
> like this:
> cboley@VMHOST:~$ sudo ovs-vsctl show
> 126a4b57-4837-42a9-95d6-d818b35e95bd
>Bridge "vbridge0"
>Port "vbond0"
>trunks: [2, 3]
>Interface "eth1"
>Interface "eth2"
>Port "vbridge0"
>Interface "vbridge0"
>type: internal
>Port "vnet0"
>tag: 2
>Interface "vnet0"
>ovs_version: "2.5.2"
> 
> 
> 
> What I'm "thick" about is the fact that unless I run the following commands 
> my bridge just won't work.
> manually at the CLI of the VM host I must run.
> ifconfig vbridge0 up
> modprobe 8021q<<< I know why that's happening and it's an easy fix.. just 
> stick it in the interfaces file.
> vconfig add vbridge0 2
> vconfig add vbridge0 3


Hmm...I don't recall ever running into this scenario, so I'm not really sure 
why you're having to add the VLANs to vbridge0. In all the times I've used OVS 
with Libvirt and VLANs, this wasn't necessary (unless I was adding a VLAN 
interface to an OVS bridge instead of using OVS' native VLAN functionality, but 
that's a different story).


> After I do that my VM's have conectivity.
> 
> So after all that said, I know my vbridge0 doesn't come up without help.. I'm 
> not an expert, I'm just muttling through info.
> I've been using a lot of helpful info from blog.scottlowe.org BTW. His info 
> really saved my tail with libvirt.


Glad my content was useful. :-)


> Should I assume it's to just create the bridge and the bond in the interfaces 
> file manually like this instead?
> OR can I create the vbridge0 under and OVS command and make it come up 
> automatically with OVS commands that I'm missing?
> 
> auto lo
> iface lo inet loopback
> post-up modprobe 8021q
> 
> auto eth0
> iface eth0 inet dhcp
> 
> 
> auto eth1
> iface eth1 inet manual
>   bond-master vbond0
> 
> 
> auto eth2
> iface eth2 inet manual
>   bond-master vbond0


You *do* want to be sure that all physical interfaces attached to an OVS bridge 
are coming up automatically. I don't recall ever having to bring the OVS bridge 
up by adding configuration stanzas to the networking configuration files.


> auto vbond0
> allow-vnetbr0 vbond0
> iface vbond0 inet manual
> bond-mode 4
> bond-miimon 100
> bond-downdelay 200
> bond-updelay 200
> bond-lacp-rate 1
> bond-slaves none
> ovs_bridge vnetbr0
> ovs_type OVSPort
> pre-up ifconfig $IFACE up
> post-down ifconfig $IFACE down
> address 0.0.0.0
> 
> 
> auto vnetbr0
> allow-ovs vnetbr0
> iface vnetbr0 inet manual
> bridge_ports eth1 eth2
> pre-up ifconfig $IFACE up
> pre-up vconfig add vnetbr0 2
> pre-up vconfig add vnetbr0 3
> post-up ifconfig eth1 mtu 1520
> post-up ifconfig eth1 promisc
> post-up ethtool -G eth1 rx 4096
> post-up ethtool -K eth1 rx off tx off sg off tso off ufo off gso off gro 
> off lro off rxvlan off txvlan off ntuple off rxhash off
> post-up ethtool -N eth1 rx-flow-hash udp4 sdfn
> post-up ethtool -N eth1 rx-flow-hash udp6 sdfn
> post-up ethtool -C eth1 rx-usecs 1 rx-frames 0
> post-up ethtool -C eth1 adaptive-rx off
> post-up ifconfig eth2 mtu 1520
> post-up ifconfig eth2 promisc
> post-up ethtool -G eth2 rx 4096
> post-up ethtool -K eth2 rx off tx off sg off tso off ufo off gso off gro 
> off lro off rxvlan off txvlan off ntuple off rxhash off
> post-up ethtool -N eth2 rx-flow-hash udp4 sdfn
> pos

Re: [ovs-discuss] Ping not working - No ARP packets passing between bridge and interface

[Scott Lowe]

> On Jan 25, 2018, at 11:24 AM, Mathias Strufe (DFKI)  
> wrote:
> 
> Dear all,
> 
> I try to setup OVS but fail ... as soon as I add the interface to the OVS 
> bridge I can't ping anymore the interface of the OVS machine ...
> and yes the interface doesn't have any IP anymore ... the Bridge has the IP 
> ...
> If I remove again the port from the bridge I can ping again ... so the 
> connection is there ...
> 
> On ens 3 is the ODL controller   I'm using ubuntu 16.04 and 
> 4.4.0-112-generic kernel!
> If I know try to ping from another machine (IP 192.168.120.10) to OVSbr2 ... 
> I can see on tcpdump on the ens5 interface the arp request:
> 
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ens5, link-type EN10MB (Ethernet), capture size 262144 bytes
> 18:14:01.917154 ARP, Request who-has 192.168.120.14 tell 192.168.120.10, 
> length 28
> 18:14:02.917072 ARP, Request who-has 192.168.120.14 tell 192.168.120.10, 
> length 28
> 18:14:03.917082 ARP, Request who-has 192.168.120.14 tell 192.168.120.10, 
> length 28
> 18:14:04.917172 ARP, Request who-has 192.168.120.14 tell 192.168.120.10, 
> length 28
> 
> 
> 
> but on the tcpdump on OVSbr2
> 
> is absolutly nothing arriving  :o
> and therefore it seems I didnt get any ping echo ...
> 
> 
> Please find below some outputs I'm using for troubleshooting ... may sombody 
> have an idea!
> 
> May it is important? All machines are VMs inside Openstack ... so I use 
> Openstack to build up a test network with 4 VMs to play a bit arround ...


Typically, when running OVS in a virtualized environment (like in OpenStack, or 
in VMs running on VirtualBox or the like), you'll need to configure your 
virtualization layer to allow the VMs running OVS to enter promiscuous mode. 
Many virtualized environments don't allow this by default, and the process to 
enable promiscuous mode will vary from platform to platform. Within OpenStack, 
this process will depend on the Neutron provider that's in use.

Hope this helps,

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ping between 2 instances using an ovs in the middle

[Scott Lowe]

> On Jan 16, 2018, at 9:28 AM, David Gabriel  wrote:
> 
> Dears,
> 
> I am writing you this email to look for your help in order to fix a problem, 
> I am facing since a while, related to creating two ubuntu instances in 
> Openstack (Fuel 9.2 for Mitaka) and setting an ovs bridge in each VM.
> Here is the problem description:
> I have defined two instances called VM1 and VM2 and ovs bridge, each one of 
> them is deployed in one Virtual Machine (VM) based on this simple topology:
> VM1 ---LAN1OVS---LAN2--- VM2
> 
> I used the following commands, taken from some tutorial, for OVS:
> 
> 
> ovs-vsctl add-br mybridge1
> ifconfig mybridge1 up
> ovs-vsctl add-port eth1 mybridge1
> ifconfig eth1 0
> ovs-vsctl add-port eth1 mybridge1 ovs-vsctl set-controller mybridge 
> tcp:AddressOfController:6633
> 
> Then I tried to make the ping between the two VMs but it fails !
> Could you please tell/guide me how to fix this problem.


When running OVS in a VM, the VM's NICs assigned to the OVS bridge must 
typically be put into promiscuous mode, something that not all virtualized 
networking solutions (Neutron, in this case) support. I suspect that you'll 
need to check with the provider you're using behind Neutron to see if you can 
enable promiscuous mode on the OVS VM's NICs. Whether this is possible and the 
process for doing so will depend upon the Neutron provider in use.

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Configure Error

[Scott Lowe]

> On Jan 10, 2018, at 1:16 AM, saher ...  wrote:
> 
> Hiee,
> 
> I am using Ubuntu 16.04 LTS installed on virtualbox, im installing 
> openvswitch-2.7.0 on it. Installation process includes a step with command 
> ($./configure --with-linux=/lib/module/`uname =r` /build).
> This is returning me the error regarding linux kernel version as shown below. 
> plz suggest.
> 
> configure: error: Linux kernel in /lib/modules/4.10.0-28-generic/build is 
> version 4.10.17, but version newer than 4.9.x is not supported (please refer 
> to the FAQ for advice)
> 
> What release of openvswitch should i use that support my linux kernel.. also 
> i want to use socketplane with it. plz let me know the version of openvswitch 
> that supports my kernel as well as socketplane both


I don't know about Socketplane, but to use OVS with kernel 4.10 you'd need to 
use a 2.8.x or greater release of OVS. See this FAQ for kernel support for 
various versions of OVS:



Hope this helps!

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Bridge not working..

[Scott Lowe]

> On Jan 3, 2018, at 10:51 PM, Steven Pollock  wrote:
> 
> Hopefully this is the correct mailing list, there is no description on the 
> admin page.
> 
> Running on Ubuntu 16.04 on top of vmware.
> 
> ens192 is connect to the 10.80.180.0/24 network
> ens224 is connected to a standard vswitch4, and a windows machine is also 
> connected to vswitch4
> 
> I expected packets from the windows machine 10.80.180.222 to pass through 
> kitbr0 to any devices on the 10.80.180.0/24 network connected on ens192
> 
> Here is the /etc/network/interfaces
> 
> auto ens192
> iface ens192 inet manual
> 
> auto ens224
> iface ens224 inet manual
> 
> auto kitbr0
> allow-ovs kitbr0
> iface kitbr0 inet static
> address 10.80.180.223
> netmask 255.255.255.0
> gateway 10.80.180.1
>  ovs_type OVSBridge
>  ovs_ports ens192 ens224
> 
> 
> I also note that the mac address on the bridge and ens224 are the same.
> 
> The windows machine off ens224 can ping the bridge at 10.80.180.223
> The devices off ens192 (the rest of the 10.80.180.x network) cannot ping 
> 10.80.180.223 however
> 
> ens192Link encap:Ethernet  HWaddr 00:50:56:ab:e2:5b
>   inet6 addr: fe80::250:56ff:feab:e25b/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:74 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:369 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:4964 (4.9 KB)  TX bytes:35695 (35.6 KB)
> 
> ens224Link encap:Ethernet  HWaddr 00:50:56:ab:46:85
>   inet6 addr: fe80::250:56ff:feab:4685/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:289 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:26138 (26.1 KB)  TX bytes:15431 (15.4 KB)
> 
> kitbr0Link encap:Ethernet  HWaddr 00:50:56:ab:46:85
>   inet addr:10.80.180.223  Bcast:10.80.180.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:feab:4685/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:349 errors:0 dropped:37 overruns:0 frame:0
>   TX packets:96 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1
>   RX bytes:25386 (25.3 KB)  TX bytes:10749 (10.7 KB)
> 
> 
> root@ovs:/etc/network# ovs-vsctl show
> 3a6b26a7-6e7a-44fd-8893-65f2c8fac4f2
> Bridge "kitbr0"
> Port "kitbr0"
> Interface "kitbr0"
> type: internal
> Port "ens192"
> Interface "ens192"
> Port "ens224"
> Interface "ens224"
> ovs_version: "2.5.2"
> 
> 
> Any clues about what is going are much appreciated. (I do not have a 
> controller at this time)


When running OVS in a VM on top of vSphere, you'll need to allow the NICs added 
to the OVS bridge to be in promiscuous mode. This is a setting on the vSwitch 
(IIRC it's called "Allow promiscuous mode"). Set that on the portgroup(s) where 
your interfaces are connected, and this should take care of it.

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Setting ovs bridge IP failed using ioctl

[Scott Lowe]

> On Dec 28, 2017, at 12:18 AM, netsurfed  wrote:
> 
> Hi all, 
> I created a bridge and added my Ethernet port to it, using commands like 
> these:
> 
> $ ovs-vsctl add-br br0
> $ ovs-vsctl add-port br0 eth0
> 
> and as soon as I ran the “add-port” command I lost all connectivity through 
> eth0.
> 
> I found on the website, 
> http://docs.openvswitch.org/en/latest/faq/issues/?highlight=ip%20link, can 
> restore functionality by moving the IP address to an Open vSwitch "internal" 
> device to solve the problem. 
> 
> I then tried to set "bro" IP through ioctl, but the ioctl returned failed, 
> errno was "19", and the error message was "no such device". 
> 
> If ioctl does not support the setting of an ovs bridge, why can I get IP from 
> ioctl??
> 
> Is involved in "modules_install"?


I don't know about using `ioctl`, but you should be able to assign an IP 
address to the br0 internal port using the `ip addr add` command, just as with 
most any other network interface.

Regards,

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Replace Linux Bridge with Openvswitch on Ubuntu

[Scott Lowe]

> On Nov 13, 2017, at 2:12 AM, den...@exemail.com.au wrote:
> 
> Hi Forum
> 
> I would like to replace the linux bridge installed with libvirt with a
> openvswitch bridge, so I can learn about openvswitch.
> 
> I cannot get the VM to communicate with the bridge I create with openvswitch.
> 
> Here is what I did on a vanilla Ubutnu 17.10 Server X86_64 installation.
> Installing libvirt and openvswitch.
> 
> PACKAGES="qemu-kvm openvswitch-switch libvirt-bin virtinst virt-manager"
> sudo apt-get update
> sudo apt-get dist-upgrade -qy
> 
> sudo apt-get install -qy ${PACKAGES}
> 
> sudo adduser `id -un` libvirtd
> sudo adduser `id -un` kvm
> 
> I deleted the current linux bridge using
> 
> virsh net-destroy default
> virsh net-undefine default
> systemctl restart libvirtd
> 
> Created a openvswitch bridge and assigned a IP address.
> 
> ovs-vsctl add-br virbr0
> ip addr add 192.168.122.1/24 dev virbr0
> 
> I can see the bridge and ip address.
> 
> 5: virbr0:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
>link/ether 26:68:17:50:25:40 brd ff:ff:ff:ff:ff:ff
>inet 192.168.122.1/24 scope global virbr0
>   valid_lft forever preferred_lft forever
> 
> I create a VM using virsh-install
> 
> sudo qemu-img create -f qcow2 -o preallocation=metadata
> /var/lib/libvirt/images/kvm01.qcow2 10G
> 
> sudo virt-install -n kvm01 \
> --connect qemu:///system \
> --vcpus=2 \
> -r 4096 \
> --os-type linux \
> --os-variant ubuntu16.04 \
> --network=bridge:virbr0,virtualport_type='openvswitch' \
> --vnc --noautoconsole \
> --keymap=en-us \
> --console pty,target_type=serial \
> -f /var/lib/libvirt/images/kvm01.qcow2 \
> --location /var/lib/libvirt/images/ubuntu-16.04.3-server-amd64.iso \
> get_hostname=kvm01 vga=788"
> 
> 
> When the VM boots I assign a static IP address to 192.168.122.2/24.
> Inside the VM the NIC reoprts as
> 
> 2: ens3:  mtu 1500 qdisc pfifo_fast qlen
> 1000
>link/ether 52:54:00:a5:53:36 brd ff:ff:ff:ff:ff:ff
>inet 192.168.122.2/24 brd 192.168.122.255 scope global ens3
>   valid_lft forever preferred_lft forever
>inet6 fe80::5254:ff:faa5:5336/64 scope link
>   valid_lft forever preferred_lft forever
> 
> 
> When I virsh dumpxml on the VM domain I see the network setup as
> 
>  
>  
>  
>
>  
>  
>  
>  
>   function='0x0'/>
>
> 
> From the host machine openswitch reports the vnet0 as an internal port
> sudo ovs-vsctl show
> 30fdaeff-9867-4651-85a6-5b0bf53f5130
>Bridge "virbr0"
>Port "vnet0"
>Interface "vnet0"
>Port "virbr0"
>Interface "virbr0"
>type: internal
>ovs_version: "2.8.0"
> 
> From the VM I am unable to ping the IP of the bridge.
> #ping 192.168.122.1
> 
> From the host I am also unable to ping the VM
> #ping 192.168.122.2
> 
> I am at my limit of understanding of linux networking and I wonder could
> someone point out what I have done wrong here?


There are a couple different ways to integrate Libvirt with virtual networks 
with Open vSwitch (OVS). Here's one way:



This doesn't get you the NAT the default Libvirt network uses, but it may be 
useful nevertheless.

Regards,

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Route between bridges in OVS+DPDK

[Scott Lowe]

> On Oct 18, 2017, at 9:08 PM, BALL SUN  wrote:
> 
> I have two VLANs in the host, and bridge is created for each VLAN, and
> I need to perofrm routing between, so I believed I need a patch port,
> right?
> 
> On Thu, Oct 19, 2017 at 4:44 AM, Aaron Conole  wrote:
>> BALL SUN  writes:
>> 
>>> Hi
>>> 
>>> is it possible to route the packet from bridge interface 1 to bridge
>>> interface 2 in OVS+DPDK environment?
>> 
>> Are you looking for patch ports?  veth ports?  What are you trying to
>> accomplish?


I don't know how it works with OVS+DPDK, but with the kernel datapath you need 
some L3 interfaces (one for each subnet/VLAN; IIRC you can use OVS internal 
interfaces here) and then you need to enable routing in the Linux kernel. That, 
or you need to use an OpenFlow controller and program all the routing functions 
(rewrite MAC address, decrement TTL, etc.) via flows.

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] I can't manage to use more than one port on the vswitch

[Scott Lowe]

> On Sep 28, 2017, at 10:30 AM, O Alabeatrix  wrote:
> 
> 
> >> On Sep 28, 2017, at 8:50 AM, O Alabeatrix > wrote:
> >>
> >> Hi
> >>
> >> I’m a network admin starting to learn Open vSwitch. I don’t manage to make 
> >> it functionning.
> >> I’m using Debian 9 with three physical interfaces:
> >> . enp0s3: management interfaces
> >> . enp0s8: physical interface on vswitch0
> >> . enp0s9: physical interface on vswitch1
> >>
> >> vswitch0 (LOCALE) IP: 192.168.1.200
> >>
> >> Theorically, as there is an IP on vswitch0, it shouldn’t matter wether 
> >> it’s enp0s8 or enp0s9 that is plugged into the 192.168.1.0/24 network.
> >> Alas, it’s only when enp0s9 is used that the ping to the outter physical 
> >> IP succeed.
> >> An both in default L2 and OpenFlow3 mode.
> >>
> >> Here are the config and status files:
> >>
> >> Debian9 config:
> >>
> >> sudo apt-get update
> >> sudo apt-get dist-upgrade
> >> sudo apt-get install openvswitch-switch openvswitch-common
> >> sudo ovs-vsctl add-br vswitch0
> >> sudo ip link set vswitch0 up
> >> sudo ip addr flush dev enp0s8
> >> sudo ip addr flush dev enp0s9
> >> sudo ovs-vsctl add-port vswitch0 enp0s8
> >> sudo ovs-vsctl add-port vswitch0 enp0s9
> >> sudo ip link set enp0s8 up
> >> sudo ip link set enp0s9 up
> >> sudo ip addr add 192.168.1.200/24 dev vswitch0
> >>
> >> Normal default L2 Test:
> >>
> >> ping -c 3 192.168.1.1 --->> Fails, unless I swap the interfaces used
> >>
> >> Status:
> >>
> >> sudo ovs-vsctl show
> >> bf88303a-48cb-48b6-bd07-af1b8eaaca89
> >> Bridge "vswitch0"
> >> Port "enp0s9"
> >> Interface "enp0s9"
> >> Port "vswitch0"
> >> Interface "vswitch0"
> >> type: internal
> >> Port "enp0s8"
> >> Interface "enp0s8"
> >> ovs_version: "2.6.2"
> >>
> >> --
> >> sudo ovs-ofctl show vswitch0
> >> OFPT_FEATURES_REPLY (xid=0x2): dpid:080027c5c636
> >> n_tables:254, n_buffers:256
> >> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
> >> actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src 
> >> mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
> >> 1(enp0s8): addr:08:00:27:f4:a5:b9
> >>  config: 0
> >>  state:  0
> >>  current:1GB-FD COPPER AUTO_NEG
> >>  advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
> >>  supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
> >>  speed: 1000 Mbps now, 1000 Mbps max
> >> 2(enp0s9): addr:08:00:27:c5:c6:36
> >>  config: 0
> >>  state:  0
> >>  current:1GB-FD COPPER AUTO_NEG
> >>  advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
> >>  supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
> >>  speed: 1000 Mbps now, 1000 Mbps max
> >> LOCAL(vswitch0): addr:08:00:27:c5:c6:36
> >>  config: 0
> >>  state:  0
> >>  speed: 0 Mbps now, 0 Mbps max
> >> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
> >> --
> >> sudo ovs-ofctl dump-flows vswitch0
> >> NXST_FLOW reply (xid=0x4):
> >> cookie=0x0, duration=686.922s, table=0, n_packets=224, n_bytes=28746, 
> >> idle_age=1, priority=0 actions=NORMAL
> >> 
> >>
> >> OpenFlow3 mode and tests:
> >>
> >> sudo ovs-vsctl set bridge vswitch0 protocols=OpenFlow13
> >> sudo ovs-ofctl -O Openflow13 dump-flows vswitch0
> >>
> >> OFPST_FLOW reply (OF1.3) (xid=0x2):
> >> cookie=0x0, duration=1334.814s, table=0, n_packets=398, n_bytes=66282, 
> >> priority=0 actions=NORMAL
> >>
> >> ping 192.168.1.1 –>> Fail ( functions if I swap the interfaces cables)
> >>
> >> I just can’t figure out what is going wrong here, even after compairing 
> >> the status files ( ip link show, ip addr show).
> >> thanks for any help 
> 
> 
> >In this instance, I think it's appropriate to ask about the upstream switch 
> >configuration. I don't see anything immediately odd about your 
> >>configuration, so we'll need to determine how OVS is interacting with the 
> >upstream physical switch (things like VLANs, tagging, etc.).
> 
> >Also, since you have 2 NICs added to the OVS bridge and don't appear to be 
> >connected to an OpenFlow controller, you'll need to address bridging >loops 
> >and Spanning Tree. Specifically, you'll want to either a) place the physical 
> >interfaces in different broadcast domains, or b) use some form >of link 
> >aggregation.
> >
> >--
> >Scott
> 
> Only 1 NIC is plugged int the 192.168.1.0/24 L2 domain at a time, so there is 
> no STP/bridging loop involved.
> The other cable is always plugged in another L2 domain:
> 
> Actually, the Debian 9 Open vSwitch is a VirtualBox VM.
> enp0S8 is bridged on the physical network
> enp0s9 is on another plane (inet)
> 
> I’ll investigate your suggestion pointing to a weird interaction between Open 
> vSwitch and VirtualBox networking.
> But if one cable is plugged into ‘nowhere land’ (inet), that shouldn’t 
> prevent the Open vSwitch from tryi

Re: [ovs-discuss] I can't manage to use more than one port on the vswitch

[Scott Lowe]

> On Sep 28, 2017, at 8:50 AM, O Alabeatrix  wrote:
> 
> Hi
> 
> I’m a network admin starting to learn Open vSwitch. I don’t manage to make it 
> functionning.
> I’m using Debian 9 with three physical interfaces:
> . enp0s3: management interfaces
> . enp0s8: physical interface on vswitch0
> . enp0s9: physical interface on vswitch1
> 
> vswitch0 (LOCALE) IP: 192.168.1.200
> 
> Theorically, as there is an IP on vswitch0, it shouldn’t matter wether it’s 
> enp0s8 or enp0s9 that is plugged into the 192.168.1.0/24 network.
> Alas, it’s only when enp0s9 is used that the ping to the outter physical IP 
> succeed.
> An both in default L2 and OpenFlow3 mode.
> 
> Here are the config and status files:
> 
> Debian9 config:
> 
> sudo apt-get update
> sudo apt-get dist-upgrade
> sudo apt-get install openvswitch-switch openvswitch-common
> sudo ovs-vsctl add-br vswitch0
> sudo ip link set vswitch0 up
> sudo ip addr flush dev enp0s8
> sudo ip addr flush dev enp0s9
> sudo ovs-vsctl add-port vswitch0 enp0s8
> sudo ovs-vsctl add-port vswitch0 enp0s9
> sudo ip link set enp0s8 up
> sudo ip link set enp0s9 up
> sudo ip addr add 192.168.1.200/24 dev vswitch0
> 
> Normal default L2 Test:
> 
> ping -c 3 192.168.1.1 ---> Fails, unless I swap the interfaces used
> 
> Status:
> 
> sudo ovs-vsctl show
> bf88303a-48cb-48b6-bd07-af1b8eaaca89
> Bridge "vswitch0"
> Port "enp0s9"
> Interface "enp0s9"
> Port "vswitch0"
> Interface "vswitch0"
> type: internal
> Port "enp0s8"
> Interface "enp0s8"
> ovs_version: "2.6.2"
> 
> --
> sudo ovs-ofctl show vswitch0
> OFPT_FEATURES_REPLY (xid=0x2): dpid:080027c5c636
> n_tables:254, n_buffers:256
> capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
> actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src 
> mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
> 1(enp0s8): addr:08:00:27:f4:a5:b9
>  config: 0
>  state:  0
>  current:1GB-FD COPPER AUTO_NEG
>  advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
>  supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
>  speed: 1000 Mbps now, 1000 Mbps max
> 2(enp0s9): addr:08:00:27:c5:c6:36
>  config: 0
>  state:  0
>  current:1GB-FD COPPER AUTO_NEG
>  advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
>  supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
>  speed: 1000 Mbps now, 1000 Mbps max
> LOCAL(vswitch0): addr:08:00:27:c5:c6:36
>  config: 0
>  state:  0
>  speed: 0 Mbps now, 0 Mbps max
> OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
> --
> sudo ovs-ofctl dump-flows vswitch0
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=686.922s, table=0, n_packets=224, n_bytes=28746, 
> idle_age=1, priority=0 actions=NORMAL
> 
> 
> OpenFlow3 mode and tests:
> 
> sudo ovs-vsctl set bridge vswitch0 protocols=OpenFlow13
> sudo ovs-ofctl -O Openflow13 dump-flows vswitch0
> 
> OFPST_FLOW reply (OF1.3) (xid=0x2):
> cookie=0x0, duration=1334.814s, table=0, n_packets=398, n_bytes=66282, 
> priority=0 actions=NORMAL
> 
> ping 192.168.1.1 –> Fail ( functions if I swap the interfaces cables)
> 
> I just can’t figure out what is going wrong here, even after compairing the 
> status files ( ip link show, ip addr show).
> thanks for any help 


In this instance, I think it's appropriate to ask about the upstream switch 
configuration. I don't see anything immediately odd about your configuration, 
so we'll need to determine how OVS is interacting with the upstream physical 
switch (things like VLANs, tagging, etc.).

Also, since you have 2 NICs added to the OVS bridge and don't appear to be 
connected to an OpenFlow controller, you'll need to address bridging loops and 
Spanning Tree. Specifically, you'll want to either a) place the physical 
interfaces in different broadcast domains, or b) use some form of link 
aggregation.

--
Scott



signature.asc
Description: Message signed with OpenPGP
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] ovs infrastructure deployment question

[Scott Lowe]

When you're running this sort of configuration (OVS in a VM on top of another 
hypervisor), your best bet (IMHO) is to run each "guest" VM on a different 
VLAN, then trunk all those VLANs into the OVS VM and write your rules 
accordingly.

-- 
Scott

Sent from my mobile device

> On Aug 28, 2017, at 7:12 AM, Nusrat Atta  wrote:
> 
> Hi,
> I am getting confused on how OVS is supposed to be deployed. I am using 
> VMware ESXi to provision VMs. I have a portgroup OVS_10.0.0.x that has no 
> uplinks (i.e. not connected physically to any ports) and all of my VMs are on 
> this network.
> So I created a couple of VMs (e.g. ovsvm1, ovsvm2, ovswebserver, vswitch). I 
> installed the OVS 2.7.2 on my vswitch machine and created a bridge and 
> attached the single eth0 port to the bridge. So I also gave my vswitch VM, 
> the ip of 10.0.0.1, gateway=10.0.0.1, dns=10.0.0.1 and created static ips on 
> all the other VMs (e.g. ovsvm1 ip = 10.0.0.10, gateway=10.0.0.1, 
> dns=10.0.0.1), I did similar for all the other machines with everyone 
> pointing their gateway and dns to the vswitch machine. Because it is in a mac 
> learning mode, I can now ping every machine with out any problems.
>  
> Is this the way it is supposed to be deployed? Because I only have one 
> physical port on the vswitch VM I cant seem to do add-flows of simple actions 
> like:
>  
> ovs-ofctl add-flow mybridge priority=500,in_port=1,actions=output:2
> ovs-ofctl add-flow mybridge priority=500,in_port=2,actions=output:1
>  
> How do you I accomplish ports? The vswitch VM is supposed to act like a 
> physical switch with many ports.
>  
> Do I need to install ovs on each VM? Even then I don’t know how that will 
> help.
>  
> Any guidance, tutorials, urls, etc. would be appreciated. I have been reading 
> up a ton on this, but a nudge in the right direction will help.
>  
> Thanks in advance
> Nuz
>  
> Sent from Mail for Windows 10
>  
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Getting to learn how OVS works.

[Scott Lowe]

> On Jul 17, 2017, at 8:43 AM, dE  wrote:
> 
> Ok so I guess I missed out the question and that is -- is there any 
> document/reference/tutorial etc... which explains the mode of operation of 
> OVS?
> 
> 
> On 07/17/17 18:53, dE wrote:
>> Hi,
>>I was browsing through the documentation searching for the internal 
>> workings of OVS. It appears there are 2 levels of details that the OVS 
>> project provides about OVS --
>> 
>> 1) Extreme -- http://docs.openvswitch.org/en/latest/tutorials/ovs-advanced/, 
>> http://docs.openvswitch.org/en/latest/topics/datapath/ etc...
>> 2) In brief -- http://docs.openvswitch.org/en/latest/intro/install/, 
>> http://docs.openvswitch.org/en/latest/intro/what-is-ovs/, 
>> http://docs.openvswitch.org/en/latest/intro/why-ovs/
>> 
>> You can't jump from 1) to 2) or 2) to 1) without an intermediate 1.5) which 
>> explains things like --
>> 
>> What kind of bridge does OVS make? How does it behave?
>> The concept of ports and interfaces.
>> The 'controller' and where does it exist and how to build it (well 1st let's 
>> try to explain what this is in term of OVS).
>> The role of tunnels(like GRE) and how does OVS accomplish a single switch 
>> view using them.


This is a difficult question to answer because OVS can be used in many 
different ways. How you would use OVS in conjunction with OpenStack, for 
example, could be _very_ different than how you might use OVS with an SDN 
controller such as OpenDaylight.

Is there a particular use case/solution for which you need more information? 
That might better enable the OVS community to help you. We _want_ to help; we 
just need a bit more information in order to do so.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How to configure VxLAN tunnel with OpenVSwitch-2.7.0 on Ubuntu14.04.1 ?

[Scott Lowe]

> On Jul 16, 2017, at 9:30 AM, sujz  wrote:
> 
> Hi, ALL:
>  
> I want to connect VMs located on two different machines with ovs bridge and 
> VxLAN tunnel, suppose the topology as the picture 
> shows, my configuration on host A like this(configuration on host B is almost 
> the same except changing remote_ip to address of host A'eth0):
>  
> ovs-vsctl add-br ovs-br0
> ovs-vsctl add-port ovs-br0 vtep -- set interface vtep type=vxlan 
> options:remote_ip=172.168.1.200 options:key=5000
> 
>  
> tap0 is created and automatically added to bridge ovs-br0 while starting VMs 
> with qemu, but I cannot ping from VM1 to VM2.
> 
> I also googled some links like this: 
> http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/ , 
> which says I have to create two ovs-bridge, unfortunately, it doesn't tell 
> whether(and how to) it is necessary to link these two bridges together.
> 
> I am confused that how does the ovs-br0 and eth0 communicate, does that the 
> kernel TCP/IP stack help doing this job, or I have to create another 
> ovs-bridge and connect these two bridges with patch ports ?
> 
> So please correct me if my topology or configurations aren't right, and many 
> thanks in advance.
> 
>  
> I also tried to configure vtep: ovs-vsctl add-port ovs-br0 vtep -- set 
> interface vtep type=vxlan options:remote_ip=flow options:local_ip=flow 
> options:key=flow Then add flow entry explicitly to match ARP request from VM1 
> and forward them to vtep. ovs-ofctl add-flow ovs-br0 "table=0, priority=50, 
> in_port=ofport_of_tap0, actions=output:ofport_of_vtep". After ping from VM1 
> to VM2, dump-flows showed that the added entry was matched (according to the 
> entry matched packets should be forwarded to vtep), but dump-ports showed 
> that vtep received nothing, I don't know why, any hints are appreciated. 


If I’m understanding your configuration correctly, you don’t need an additional 
bridge. The OVS bridge hosting the VTEP (and the TAP interface) doesn’t need 
any additional interfaces or patch ports; you just need to ensure that the host 
system has a route to the tunnel endpoint on the other host. You may also need 
to adjust the MTU, since the VXLAN encapsulation adds some overhead.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Parallel VxLAN tunnels

[Scott Lowe]

On 07/07/2017 04:36 PM, Jean Tourrilhes wrote:
>   Hi,
> 
>   I want to know how to implement parallel VxLAN tunnels between
> two hosts with OVS.
>   Each host, h0 and h1, has two OVS instances, br0 and
> br1. I want two separate VxLAN tunnels :
>   h0-br0 <=> h1-br0
>   h0-br1 <=> h1-br1
>   Those two tunnels could be using different VNI, so is there
> a way for a OVS instance to use only a single VNI ? I also saw that
> VxLAN support alternate port number, should I use that ?
>   Thanks in advance !


I haven't tried this, but it seems like it should be possible to build
two VXLAN tunnels between two hosts using two different IP endpoints
(tunnel endpoints) on each host. You could accomplish this using an OVS
internal port on each bridge, like this:

h0-br0 has internal port w/ IP addr W.X.Y.Z1
h0-br1 has internal port w/ IP addr A.B.C.D1
h1-br0 has internal port w/ IP addr W.X.Y.Z2
h1-br1 has internal port w/ IP addr A.B.C.D2

Then configure the tunnels with the appropriate IP endpoints (h0-br0
points to internal port on h1-br0 and vice versa, h0-br1 points to
internal port on h1-br1 and vice versa).

Again, I haven't tested this, so there may be (one or more) things I'm
overlooking/don't know about.

Of course, then you'll have the issue of installing flows to properly
direct traffic across those tunnels, but that's a different topic.

Good luck!

-- 
Scott
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Create GRE/VXLAN Tunnel between VM'S using virtual interfaces

[Scott Lowe]

On 06/15/2017 01:41 PM, Phaniprakash Jayanthi wrote:
> Hello everyone, 
> I have configured the following topology on a single host machine as
> described below:
> 
> I have created 3 VM'S & 2 ovs bridges in this topology. VM1, ovs-br1,
> vm2, ovs-br2, vm3 are connected serially. 
> 
> VM1 --- ovs-br1  VM2 --- ovs-br2  VM3
> 
> VM2 acts as a router. VM1 and VM3 are in different subnets. I want
> packets sent from VM1 to VM3 to be GRE/VXLAN encapsulated when the
> packets leave ovs-br1 and decapsulated when they leave ovs-br2. I do not
> want to use any physical ethernet ports as the tunnel
> endpoints/remote_ip's. I am trying to use the IP addresses configured to
> the two ports of VM2 as endpoints but it does not seem to work. Can
> anyone help me out with this idea? I would like to discuss how to
> configure my ovs-bridges for this idea. Your ideas are really appreciated.


This is a topic that has come up a few times, and (so far) there haven't
been any useful answers.

In thinking about this, it's possible you could use OVS internal ports
on ovs-br1 and ovs-br2. (These would act as the IP endpoints that the
GRE/VXLAN tunnel needs.) Put these internal ports on the appropriate
subnets, and ensure the host (where all this is running) has routes to
the subnets (which I assume would mean pointing the routes to interfaces
on VM2). Then configure tunnel ports pointing to the IPs assigned to the
internal ports (ovs-br1's tunnel port would point to ovs-br2's internal
port and vice versa).

It's just a guess, and I don't have time to try out the configuration
myself, but it just might work.

-- 
Scott
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] How can I change OpenVSwitch

[Scott Lowe]

On 06/07/2017 12:25 PM, Simone Aglianò wrote:
> Ok I have to choose reply all 
> My question is the initial question regarding the architecture that I
> have attached, I don t want to turn my switch in a Open Flow switch but
> I would use it like that with Open V Switch I mean I want take the
> advantage of the forwarding capacity of the Catalyst cisco switch but in
> the meantime I would use the Open Flow features. 
> 
> So If I send a openflow command from the Floodlight, does my
> architecture work as if I had an openflow switch?
> 
> Thank you.


It sounds like what you're asking is whether you can use Open vSwitch as
an OpenFlow "front-end" for a traditional network switch such as Cisco
Catalyst. OpenFlow commands would come from the Floodlight controller to
OVS, and OVS would do something to communicate to the Catalyst switch,
where the actual data forwarding would occur. Is that what you're asking?

I'm not aware of any functionality within OVS that would enable you to
do this, nor am I aware of any other project out there that is working
on this sort of functionality. Of course, I could certainly be mistaken.

-- 
Scott
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Interfaces cannot ping each other over ovs vxlan

[Scott Lowe]

On 04/07/2017 01:59 AM, duhongwei wrote:
> Hi,
> 
> I'm setting up a layer 2 network over two virtual machines using
> OpenvSwitch-2.5.2, like the picture shows below.
> 
> After reading the ovs official tutorials and some other articles, I've
> tried the following cmds on each virtual machine:
> 
> |# on vm1 ip link add dev veth0 type veth peer name veth1 ip link add dev
> veth3 type veth peer name veth4 ip netns add ns0 ip netns add ns1 ip
> link set veth0 netns ns0 ip link set veth3 netns ns1 ip link set veth1
> up ip link set veth4 up ip netns exec ns0 ip link set veth0 up ip netns
> exec ns1 ip link set veth3 up ip netns exec ns0 ip addr add 10.0.0.1/24
> dev veth0 ip netns exec ns1 ip addr add 10.0.0.3/24 dev veth3 ovs-vsctl
> add-br br0 ovs-vsctl add-port br0 veth1 ovs-vsctl add-port br0 veth4
> ovs-vsctl add-port br0 vx1 -- set Interface vx1 type=vxlan
> options:remote_ip=192.168.99.101 # on vm2 ip link add dev veth0 type
> veth peer name veth1 ip netns add ns0 ip link set veth0 netns ns0 ip
> link set veth1 up ip netns exec ns0 ip link set veth0 up ip netns exec
> ns0 ip addr add 10.0.0.2/24 dev veth0 ovs-vsctl add-br br0 ovs-vsctl
> add-port veth1 ovs-vsctl add-port br0 vx1 -- set Interface vx1
> type=vxlan options:remote_ip=192.168.99.100 |
> 
> Turns out,
> 
> |#vm1 ip netns exec ns0 ping 10.0.0.2| failed.
> 
> Even worse,
> 
> |#vm1 ip netns exec ns0 ping 10.0.0.3| failed.
> 
> However, if I delete the vxlan port, on vm1, ping from veth0 to veth3
> works well as expected.
> 
> Am I missing anything so that this whole overlay network just won't behave?


I just replicated your test environment (using VirtualBox with Vagrant,
see 
for the Vagrant environment I used), and I was able to ping between
namespaces without any issues. That includes pinging between namespaces
on the same VM as well as pinging between namespaces on different VMs.

Here's the output of `ovs-vsctl show` from VM1:

929b24f3-4a7b-4036-9ee7-22870a3bdf80
Bridge "br0"
Port "veth1"
Interface "veth1"
Port "veth4"
Interface "veth4"
Port "br0"
Interface "br0"
type: internal
Port "vx1"
Interface "vx1"
type: vxlan
options: {remote_ip="192.168.100.102"}
ovs_version: "2.5.2"

The output of `ovs-vsctl show` on VM2 is pretty much identical, except
for the configuration of the vx1 port and the specific veth interfaces
that are connected to the bridge.

You'll need to ensure that VM1 can communicate with VM2 via the
192.168.100.x addresses. If that doesn't work, the VXLAN tunnel won't
come up and your namespace-to-namespace ping tests will fail.

Hope this helps!

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN and vlans inside VMs

[Scott Lowe]

Please see my reply below.

On 03/16/2017 12:17 PM, Madko wrote:
> Are you sure it's for OVN?
> 
> 
> Le jeu. 16 mars 2017 à 19:07, Felipe Arturo Polanco
> mailto:felipeapola...@gmail.com>> a écrit :
> 
> Change the VM port to trunk port to allow vlans tag into the VM,
> more info here:
> http://blog.scottlowe.org/2013/05/28/vlan-trunking-to-guest-domains-with-open-vswitch/


As the author of that post, I can tell you for sure that it wasn't
written with OVN in mind (the post is almost 4 years old). Given what I
know of OVN and carrying VLANs inside encapsulation protocols, I suspect
this will *not* work with OVN.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] startup-config vs. running-config for OVS?

[Scott Lowe]

On 03/14/2017 01:59 PM, Sterdnot Shaken wrote:
> Is there a way to set a "startup-config" for a OVS bridge? I want to
> have the ovs bridge interface config set to something, and then, if I
> make a change, have those changes NOT be persistent nor saved to OVSDB
> unless I write/commit it…?
> 
> That way, I can ensure that if someone hoses something over, I can
> always reboot and it will return to the per-configured working state...
> 
> Thanks in advance!


Depending upon your Linux distribution, there is some integration with
the networking startup scripts (/etc/network/interfaces on
Debian/Ubuntu, for example). You may be able to leverage that
integration to help.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OpenVSwitch connecting between private network and public network

[Scott Lowe]

Please see my reply below.

> On Mar 11, 2017, at 11:59 PM, Egg VS Sphere  wrote:
> 
> Hi,
> 
> I have a question about whether OpenvSwitch supports the following 
> requirement:
> 
> Firstly, I am sure that OpenvSwitch can connect 2 sub-networks via a tunnel 
> (e.g. vxlan) -->
> Assume the IP address of two hosts are 192.168.1.10 and 192.168.1.147 
> respectively, what people should do is just to use
> "ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan 
> options:remote_ip=192.168.1.147" and
> "ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan 
> options:remote_ip=192.168.1.10" to link the 2 hosts.
> It is clear that this is a DUPLEX task for each host to link to another host.
> 
> But it doesn't work on such requirement:
> I have a remote cloud machine (named host-1) whose IP is allocated a public 
> address that anyone can get access to it.
> And I have a local machine (named host-2) from a family router whose IP is a 
> private sub-net, all connections from this host to public service is NATed.
> 
> I want to link host-1 and host-2 to create a shared subnet. If I use the 
> following method,
> run "ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan 
> options:remote_ip=" on host-2
> run "ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan 
> options:remote_ip=" on host-1
> 
> Obviously, the second command doesn't work.
> 
> I want to know whether there is a way to connect host-1 and host-2 to 
> generate a shared subnet. (Assume I have no access to change settings of the 
> family router)
> Looking forward to your reply. 


If you have no access to the family router such that you cannot set 
up/configure NAT rules, then I think you will not be able to accomplish what 
you're seeking.

-- 
Scott

Sent from my mobile device___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] communication between two ovs bridges

[Scott Lowe]

Please see my reply inline, prefixed by [SL].


On 03/10/2017 10:07 AM, David Gabriel wrote:
> Thanks for help.
> In fact, I am in the second case you mentionned about openstack
> configuration.
> My objective is not using patch ports but ensuring the communication
> between the two ovs bridges I created in my toplogy.
> Shall I set new route to force using the ovs bridge in each VM or not ?


[SL] Because there are a lot of different configurations that can
support VLAN-backed networks in OpenStack, I think it's probably best
for you to take up this question on one of the OpenStack mailing lists
(or IRC---try #openstack on Freenode). There are a great many variables
involved (Are you using Nova-Network or Neutron? If Neutron, which
plugin? Which hypervisor? etc.) that will make it difficult for users of
this mailing list to assist.


> kind regards.
> 
> 2017-03-09 17:38 GMT+01:00 Scott Lowe  <mailto:scott.l...@scottlowe.org>>:
> 
> Please see my reply inline, prefixed by [SL].
> 
> 
> On 03/09/2017 03:12 AM, David Gabriel wrote:
> > Thanks for your reply.
> > What do you suggest to ensure the communication between the VMs using my
> > topology.
> > It is possible to create it based on openstack.
> > Any help is welcome.
> 
> 
> [SL] Based on the information provided, I'm guessing that you want to
> run OVS inside a guest VM that is running on an OpenStack-managed
> hypervisor. If that is the case, then a lot will depend on how your
> OpenStack installation is configured:
> 
> - If you are using OpenStack Neutron with another SDN solution
> underneath, that solution may not support NICs running in promiscuous
> mode, which I believe would be required in order to run OVS in a VM on
> top of OpenStack.
> 
> - If you are using OpenStack Neutron with VLAN-backed networks, then you
> may be fine running OVS in a guest VM.
> 
> If your primary interest is simply using patch ports to connect 2 OVS
> bridges, then I'd suggest running them in a single VM.
> 
> I'm afraid we'll need more information in order to be able to help you.
> 
> 
> > Thanks in advance.
> > Best regards
> >
> > 2017-03-08 20:54 GMT+01:00 Scott Lowe  <mailto:scott.l...@scottlowe.org>
> > <mailto:scott.l...@scottlowe.org <mailto:scott.l...@scottlowe.org>>>:
> >
> > On 03/08/2017 10:12 AM, David Gabriel wrote:
> >> Dears,
> >>
> >> I have defined two ovs bridges, each one of them is deployed in one
> >> Virtual Machine (VM) based on this simple topology:
> >> Internet - OVS1 LAN OVS2
> -Internet
> >> I used the following commands for OVS1:
> >> ovs-vsctl add-br mybridge1
> >> ifconfig mybridge1 up
> >> ovs-vsctl add-port eth1 mybridge1 //eth0 is dedicated for Internet
> >> ifconfig eth1 0
> >> ovs-vsctl add-port eth1 mybridge1
> >> ovs-vsctl set-controller mybridge tcp:AddressOfController:6633
> >>
> >> Then I added a patch port for each bridge based on this tutorial
> >>
> >>
> 
> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/
> 
> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/>
> >>
> 
> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/
> 
> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/>>>
> >> ovs-vsctl add-port mybridge1 patch2-1
> >> ovs-vsctl set interface patch2-1 type=patch
> >> ovs-vsctl set interface patch2-1 options:peer=patch2-1
> >>
> >> Then I tried to make the ping between the two VMs but it fails !
> >> Could you please tell me how to fix this problem.
> >
> >
> > It's my understanding that patch ports should only be used to connect
> > OVS bridges running on the same system. Since your bridges are across
> > two different VMs, using a patch port here won't work.


-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] communication between two ovs bridges

[Scott Lowe]

Please see my reply inline, prefixed by [SL].


On 03/09/2017 03:12 AM, David Gabriel wrote:
> Thanks for your reply.
> What do you suggest to ensure the communication between the VMs using my
> topology.
> It is possible to create it based on openstack.
> Any help is welcome.


[SL] Based on the information provided, I'm guessing that you want to
run OVS inside a guest VM that is running on an OpenStack-managed
hypervisor. If that is the case, then a lot will depend on how your
OpenStack installation is configured:

- If you are using OpenStack Neutron with another SDN solution
underneath, that solution may not support NICs running in promiscuous
mode, which I believe would be required in order to run OVS in a VM on
top of OpenStack.

- If you are using OpenStack Neutron with VLAN-backed networks, then you
may be fine running OVS in a guest VM.

If your primary interest is simply using patch ports to connect 2 OVS
bridges, then I'd suggest running them in a single VM.

I'm afraid we'll need more information in order to be able to help you.


> Thanks in advance.
> Best regards
> 
> 2017-03-08 20:54 GMT+01:00 Scott Lowe  <mailto:scott.l...@scottlowe.org>>:
> 
> On 03/08/2017 10:12 AM, David Gabriel wrote:
>> Dears,
>>
>> I have defined two ovs bridges, each one of them is deployed in one
>> Virtual Machine (VM) based on this simple topology:
>> Internet - OVS1 LAN OVS2 -Internet
>> I used the following commands for OVS1:
>> ovs-vsctl add-br mybridge1
>> ifconfig mybridge1 up
>> ovs-vsctl add-port eth1 mybridge1 //eth0 is dedicated for Internet
>> ifconfig eth1 0
>> ovs-vsctl add-port eth1 mybridge1
>> ovs-vsctl set-controller mybridge tcp:AddressOfController:6633
>>
>> Then I added a patch port for each bridge based on this tutorial
>>
>> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/
>> <http://blog.scottlowe.org/2012/11/27/connecting-ovs-bridges-with-patch-ports/>>
>> ovs-vsctl add-port mybridge1 patch2-1
>> ovs-vsctl set interface patch2-1 type=patch
>> ovs-vsctl set interface patch2-1 options:peer=patch2-1
>>
>> Then I tried to make the ping between the two VMs but it fails !
>> Could you please tell me how to fix this problem.
> 
> 
> It's my understanding that patch ports should only be used to connect
> OVS bridges running on the same system. Since your bridges are across
> two different VMs, using a patch port here won't work.


-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] communication between two ovs bridges

[Scott Lowe]

On 03/08/2017 10:12 AM, David Gabriel wrote:
> Dears,
> 
> I have defined two ovs bridges, each one of them is deployed in one
> Virtual Machine (VM) based on this simple topology: 
> Internet - OVS1 LAN OVS2 -Internet 
> I used the following commands for OVS1:
> ovs-vsctl add-br mybridge1 
> ifconfig mybridge1 up
> ovs-vsctl add-port eth1 mybridge1 //eth0 is dedicated for Internet
> ifconfig eth1 0
> ovs-vsctl add-port eth1 mybridge1
> ovs-vsctl set-controller mybridge tcp:AddressOfController:6633
> 
> Then I added a patch port for each bridge based on this tutorial
> 
> ovs-vsctl add-port mybridge1 patch2-1
> ovs-vsctl set interface patch2-1 type=patch
> ovs-vsctl set interface patch2-1 options:peer=patch2-1
> 
> Then I tried to make the ping between the two VMs but it fails !
> Could you please tell me how to fix this problem.


It's my understanding that patch ports should only be used to connect
OVS bridges running on the same system. Since your bridges are across
two different VMs, using a patch port here won't work.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Kernel 4.10.* supported in 2.7?

[Scott Lowe]

On 02/28/2017 11:44 AM, Marko Weber wrote:
> What about the idea of supported Kernels at top of Release notes?
> Interesting maybe for a lot ppl.
> 
> Can anyone tell me if 2.7 Supports 4.10.* ?


It looks as if 2.7 only supports up to 4.9:



-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS Topology - Output to specific interface of OVS VM

[Scott Lowe]

On 02/28/2017 08:45 AM, 蘇于倫 wrote:
> Hi everyone,
> 
> I am currently configuring OVS VM instances to build specific topology
> in VMWare Player.
> 
> [SNIP]
> 
> When I add a new network adapter with the same "LAN Segment 1"
> to the OVS VMs and add-port to the same bridge br0, I am not able
> to ping anymore. I'd like to connect the specific interface to the one
> on the other OVS VM. (The MAC of br0 after the second port (eth1)
> added is still the same as eth0's MAC.)
> 
> I'd like to ask how can I build the topology with OVS VMs in the 
> above manner. Is there the possibility to achieve it by add rules to 
> OVS or create GRE tunnel ? I'd like to do it in the simplest way.
> Any comment is appreciated.


If you are still using OVS as a MAC learning switch (i.e., you haven't
explicitly programmed some flow rules), then I think you may be running
into a bridging loop. You either need to explicitly program flow rules
to tell OVS how to forward traffic, or enable Spanning Tree.

The same would be true for creating a topology of tunnels as well
(regardless of the tunneling protocol).

Hope this helps,

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] setting remote ovs bridge with ssh

[Scott Lowe]

Please see my reply below.

On 02/14/2017 10:03 AM, David Gabriel wrote:
> Dears,
> 
> I want to configure an ovs bridge located in one VM in a an openstack
> environment.
> I am using the following commands after logging to the remote VM using
> ssh command :
> ovs-vsctl add-br mybridge && ifconfig mybridge up && ifconfig eth0 0 &&
> ovs-vsctl add-port mybridge eth0 && dhclient mybridge && ip tuntap add
> mode tap vport1 && ifconfig vport1 up && ovs-vsctl add-port mybridge vport1
> 
> The problem is when 'eth0' is set to 0, I loose the connection so I can
> not connect any more to my remote VM.


The simplest solution that comes to mind would be to use the VM console
that is available via OpenStack to perform your configuration (instead
of using SSH).

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Indirect Control Channel

[Scott Lowe]

Please see my reply below.


On 02/09/2017 08:36 AM, Jannis Ohms wrote:
> I would like to connect my Switches indirect with the controller. To
> achive this i would like to deploy 2 bridges on every switch one to
> provide classical L2 forwarding for the controlchannel and one to use
> with Openflow. Something like this
> (http://archive.openflow.org/wp/deploy-production-planning/)
> 
> did someone build such a thing using OVS ?


Unless I misunderstand your intent, this should be easily accomplished
using current builds of OVS. Models similar to what you describe are
already in use in some OpenStack environments, if I'm not mistaken.

- Create two bridges---one to use with the controller, and one to use
for L2 forwarding over physical interfaces. For example, you might call
them "br-int" (integration bridge) and "br-phy" (for physical interfaces).

- Connect "br-int" to the controller.

- Configure "br-phy" with appropriate physical interfaces, bonds, etc.

This should accomplish what you're seeking.

Hope this helps,

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Does OVN support to set traffic routing rules?

[Scott Lowe]

On 02/03/2017 07:10 AM, Shuaijun Zhang wrote:
> Hi All,
> 
> With using OVN, we can create the logical switch and logical ports,
> these switch and ports are applied to each hosts in the cluster. My
> question is that can we use OVN to add traffic flow routing rules, 
> 
> for example:
> the traffic can go from A directly to C (A->C), but I want the traffic
> to go through A->B->C, does OVN have tools to do so?


May I ask what you're trying to achieve? If you're looking for some form
of service function chaining (i.e., "B" is some sort of VNF), then I
believe some others are working on SFC support within OVN. I do not,
however, know any of the details or the current status of the work.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

On 01/16/2017 11:39 PM, Shravan S K wrote:
> How to do the IP connectivity part using OVS internal ports?


[SL] Take a look at either of these blog posts:

<http://blog.scottlowe.org/2012/10/30/running-host-management-on-open-vswitch/>

<http://blog.scottlowe.org/2013/12/02/connecting-bare-metal-workloads-using-gre-tunnels-and-ovs/>

Both posts illustrate the use of an OVS internal port as an IP interface.

Hope this helps!


> Thanks.
> 
> Shravan
> 
> On 16 January 2017 at 04:40, Scott Lowe  <mailto:scott.l...@scottlowe.org>> wrote:
> 
> On 01/13/2017 03:20 AM, Shravan S K wrote:
>> My motive is to simulate VXLAN functionality on a bigger topology using
>> mininet.
>> My plan - As Mininet uses OVS bridges to simulate vswitch functionality,
>> we can use ovs-vsctl to configure VXLAN functionality on the bridges. I
>> thought let me try for a simple topology without using Mininet and just
>> using OVS on a single host and 2 VMs. If it works, then I can make a
>> similar configuration for a bigger topology using mininet.
>>
>> OVS on a single host and 2 VMs : vm1-br1---br2-vm2
>> I am confused on how to perform the vxlan config for the above setup.
>>
>> If the above one works, I could try on the mininet topologies.
>> For the mininet topology ( --topo=linear,2 )
>> h1 - s1 -- s2  h2 (h1,h2 are hosts, s1,s2 are switches -
>> actually ovs bridges)
> 
> 
> Setting aside the mininet question for the moment, the way to get VXLAN
> working between two OVS bridges is to establish an IP endpoint (also
> known as a VXLAN Tunnel Endpoint, or VTEP) for each bridge. So, in your
> example configuration, br1 and br2 each need an interface (of some sort)
> with an IP address. You'd then configure a VXLAN port on br1 that points
> to the IP endpoint for br2, and configure a VXLAN port on br2 that
> points to the IP endpoint for br1. Since you're trying to do this within
> a single host, you might consider using OVS internal ports as the IP
> endpoints for each bridge. As long as each IP endpoint can reach the
> other, then in theory it should work.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Virsh XML definition & openvswith

[Scott Lowe]

On 01/16/2017 09:34 AM, Benoît wrote:
> Hi,
> 
> I am using ovs with virsh for VM under KVM, but I would like to
> automatically start some commands when my VM is started (to start
> mirroring for example) is there a way to do it or should I use a
> workaround like a sh script ?


Don't consider this a definitive answer, but I believe that you'd have
to use a shell script. I checked the Libvirt network XML page
() but didn't see any Libvirt XML
definitions that would enable you to do this.

If you do find a way to do it via Libvirt XML, please let me know. Thanks!

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

On 01/13/2017 03:20 AM, Shravan S K wrote:
> My motive is to simulate VXLAN functionality on a bigger topology using
> mininet.
> My plan - As Mininet uses OVS bridges to simulate vswitch functionality,
> we can use ovs-vsctl to configure VXLAN functionality on the bridges. I
> thought let me try for a simple topology without using Mininet and just
> using OVS on a single host and 2 VMs. If it works, then I can make a
> similar configuration for a bigger topology using mininet.
> 
> OVS on a single host and 2 VMs : vm1-br1---br2-vm2
> I am confused on how to perform the vxlan config for the above setup.
> 
> If the above one works, I could try on the mininet topologies.
> For the mininet topology ( --topo=linear,2 )
> h1 - s1 -- s2  h2 (h1,h2 are hosts, s1,s2 are switches -
> actually ovs bridges)


Setting aside the mininet question for the moment, the way to get VXLAN
working between two OVS bridges is to establish an IP endpoint (also
known as a VXLAN Tunnel Endpoint, or VTEP) for each bridge. So, in your
example configuration, br1 and br2 each need an interface (of some sort)
with an IP address. You'd then configure a VXLAN port on br1 that points
to the IP endpoint for br2, and configure a VXLAN port on br2 that
points to the IP endpoint for br1. Since you're trying to do this within
a single host, you might consider using OVS internal ports as the IP
endpoints for each bridge. As long as each IP endpoint can reach the
other, then in theory it should work.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

I would still echo Raymond's suggestion: use VirtualBox to create two "hosts" 
running OVS and connect them via a VXLAN tunnel over standard VBox networking. 
You can use network namespaces (as Justin suggested) on the VMs running OVS to 
simulate connecting to OVS since VBox doesn't support nested virtualization.

You can take a look at <https://github.com/lowescott/learning-tools> to see if 
there is a Vagrant environment I've already created that might help you in this 
situation.

-- 
Scott

Sent from my mobile device

> On Jan 12, 2017, at 9:46 PM, Shravan S K  wrote:
> 
> I know that. But I wanted to experiment with OVS bridges first, and then if 
> it worked I wanted to re-create the config for a larger topology using 
> Mininet(which uses OVS bridges(for switches) using OVS).
> 
> Thanks.
> 
> Shravan
> 
>> On 13 January 2017 at 08:06, Raymond Burkholder  wrote:
>> Try running VirtualBox, and build two guests with shared networking.   That 
>> will get you an appropriate simulation of computer to computer vxlan 
>> mechanisms.
>> 
>>  
>> 
>> From: ovs-discuss-boun...@openvswitch.org 
>> [mailto:ovs-discuss-boun...@openvswitch.org] On Behalf Of Shravan S K
>> Sent: Thursday, January 12, 2017 22:34
>> To: Scott Lowe 
>> Cc: ovs-discuss@openvswitch.org
>> Subject: Re: [ovs-discuss] VXLAN support in OVS 2.5.0
>> 
>>  
>> 
>> Because of lack of hardware, I'm trying a vxlan setup on a single computer.
>> 
>> On 13-Jan-2017 04:47, "Scott Lowe"  wrote:
>> 
>> Please don't drop the list.
>> 
>> Before we go down that path, can you help me understand what you're
>> trying to achieve by building a VXLAN tunnel between two VMs on the same
>> host?
>> 
>> 
>> 
>> On 01/12/2017 10:15 AM, Shravan S K wrote:
>> > I am not sure how to do the config for what you said.
>> > Can you please explain how to configure the setup that you're suggesting ?
>> >
>> > Shravan
>> >
>> > On 12 January 2017 at 02:17, Scott Lowe > > <mailto:scott.l...@scottlowe.org>> wrote:
>> >
>> > On 01/11/2017 03:54 AM, Shravan S K wrote:
>> > > Like this?
>> > > vm01---|
>> > > |--vm03
>> > >
>> > > 
>> > br1(vxlanport1)br-int1=br-int2--(vxlanport2)br2
>> > > vm02---|
>> > > |---vm04
>> > >
>> > > What is the need for the bridges br-int1 and br-int2? Why is it not
>> > > possible without them(as the topology shown earlier in this thread)?
>> >
>> >
>> > [SL] No, I don't think this is the configuration you'd want to use. The
>> > "br-int" bridges aren't strictly required; you could use br1 and br2.
>> > The trick here---as you're trying to create a VXLAN tunnel within a
>> > host---would be that you'll need 2 IP endpoints (one for each end of 
>> > the
>> > tunnel), and you'd need each bridge with a VXLAN port to be associated
>> > with one of those IP endpoints.
>> >
>> > As I said, though, I haven't tested a configuration like this. Further,
>> > to be honest, I'm not really sure what you're trying to accomplish with
>> > such a configuration.
>> >
>> >
>> > > Shravan
>> > >
>> > > On 11 January 2017 at 11:59, Scott Lowe > > <mailto:scott.l...@scottlowe.org>
>> > > <mailto:scott.l...@scottlowe.org <mailto:scott.l...@scottlowe.org>>> 
>> > wrote:
>> > >
>> > > Please see my response inline, prefixed with [SL].
>> > >
>> > >
>> > > On 01/10/2017 09:50 PM, Shravan S K wrote:
>> > >> I am asking if that can be done on a single physical host having
>> > >> OVS. Say, as mininet creates bridges which act as switches. Can
>> > >> vxlan be setup using Mininet?
>> > >
>> > >
>> > > [SL] I don't know if it's possible for Mininet to set up VXLAN;
>> > > that's a question best asked on a Mininet-related forum.
>> > >
>> > > As for whether it can be done on a single host, I suppose if you were
>> > > to use 2 separate bridges 

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

Please don't drop the list.

Before we go down that path, can you help me understand what you're
trying to achieve by building a VXLAN tunnel between two VMs on the same
host?



On 01/12/2017 10:15 AM, Shravan S K wrote:
> I am not sure how to do the config for what you said.
> Can you please explain how to configure the setup that you're suggesting ?
> 
> Shravan
> 
> On 12 January 2017 at 02:17, Scott Lowe  <mailto:scott.l...@scottlowe.org>> wrote:
> 
> On 01/11/2017 03:54 AM, Shravan S K wrote:
> > Like this?
> > vm01---|
> > |--vm03
> >
> > 
> br1(vxlanport1)br-int1=br-int2--(vxlanport2)br2
> > vm02---|
> > |---vm04
> >
> > What is the need for the bridges br-int1 and br-int2? Why is it not
> > possible without them(as the topology shown earlier in this thread)?
> 
> 
> [SL] No, I don't think this is the configuration you'd want to use. The
> "br-int" bridges aren't strictly required; you could use br1 and br2.
> The trick here---as you're trying to create a VXLAN tunnel within a
> host---would be that you'll need 2 IP endpoints (one for each end of the
> tunnel), and you'd need each bridge with a VXLAN port to be associated
> with one of those IP endpoints.
> 
> As I said, though, I haven't tested a configuration like this. Further,
> to be honest, I'm not really sure what you're trying to accomplish with
> such a configuration.
> 
> 
> > Shravan
> >
> > On 11 January 2017 at 11:59, Scott Lowe  <mailto:scott.l...@scottlowe.org>
> > <mailto:scott.l...@scottlowe.org <mailto:scott.l...@scottlowe.org>>> 
> wrote:
> >
> > Please see my response inline, prefixed with [SL].
> >
> >
> > On 01/10/2017 09:50 PM, Shravan S K wrote:
> >> I am asking if that can be done on a single physical host having
> >> OVS. Say, as mininet creates bridges which act as switches. Can
> >> vxlan be setup using Mininet?
> >
> >
> > [SL] I don't know if it's possible for Mininet to set up VXLAN;
> > that's a question best asked on a Mininet-related forum.
> >
> > As for whether it can be done on a single host, I suppose if you were
> > to use 2 separate bridges for physical connectivity along with 2
> > separate bridges for the tunnels, it might work. I've never tried it,
> > though, so this is just conjecture.
> >
> >
> >> Shravan
> >>
> >> On 10 January 2017 at 23:33, Scott Lowe  <mailto:scott.l...@scottlowe.org>
> <mailto:scott.l...@scottlowe.org <mailto:scott.l...@scottlowe.org>>
> >> <mailto:scott.l...@scottlowe.org
> <mailto:scott.l...@scottlowe.org> <mailto:scott.l...@scottlowe.org
> <mailto:scott.l...@scottlowe.org>>>> wrote:
> >>
> >> Please see my response below.
> >>
> >>
> >> On 01/10/2017 02:26 AM, Shravan S K wrote:
> >>> Is it possible to create a VXLAN setup using just bridges created
> >>> by OVS? (using ovs-vsctl to create these bridges,ports and vxlan
> >>> config)
> >>>
> >>> vm01---| |--vm03
> >>>   br1---br2
> >>> vm02---| |---vm04
> >>
> >>
> >> Yes, this is possible. On each hypervisor where OVS is running and
> >> where you have VMs you'd like to connect over VXLAN tunnels, create
> >> a bridge ("br-tun", for example). Create and configure a VXLAN port
> >> appropriately on br-tun on each hypervisor, and then connect your
> >> VMs. You should be good to go. My website has an example of doing
> >> this with GRE; VXLAN should be nearly identical.
> >>
> >> Hope this helps,
> 
> 
> --
> Scott
> 
> 
> 

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

On 01/11/2017 03:54 AM, Shravan S K wrote:
> Like this?
> vm01---|  
>   
> |--vm03
>  
> br1(vxlanport1)br-int1=br-int2--(vxlanport2)br2
> vm02---|  
>
> |---vm04
> 
> What is the need for the bridges br-int1 and br-int2? Why is it not
> possible without them(as the topology shown earlier in this thread)?


[SL] No, I don't think this is the configuration you'd want to use. The
"br-int" bridges aren't strictly required; you could use br1 and br2.
The trick here---as you're trying to create a VXLAN tunnel within a
host---would be that you'll need 2 IP endpoints (one for each end of the
tunnel), and you'd need each bridge with a VXLAN port to be associated
with one of those IP endpoints.

As I said, though, I haven't tested a configuration like this. Further,
to be honest, I'm not really sure what you're trying to accomplish with
such a configuration.


> Shravan
> 
> On 11 January 2017 at 11:59, Scott Lowe  <mailto:scott.l...@scottlowe.org>> wrote:
> 
> Please see my response inline, prefixed with [SL].
> 
> 
> On 01/10/2017 09:50 PM, Shravan S K wrote:
>> I am asking if that can be done on a single physical host having
>> OVS. Say, as mininet creates bridges which act as switches. Can
>> vxlan be setup using Mininet?
> 
> 
> [SL] I don't know if it's possible for Mininet to set up VXLAN;
> that's a question best asked on a Mininet-related forum.
> 
> As for whether it can be done on a single host, I suppose if you were
> to use 2 separate bridges for physical connectivity along with 2
> separate bridges for the tunnels, it might work. I've never tried it,
> though, so this is just conjecture.
> 
> 
>> Shravan
>>
>> On 10 January 2017 at 23:33, Scott Lowe > <mailto:scott.l...@scottlowe.org>
>> <mailto:scott.l...@scottlowe.org <mailto:scott.l...@scottlowe.org>>> wrote:
>>
>> Please see my response below.
>>
>>
>> On 01/10/2017 02:26 AM, Shravan S K wrote:
>>> Is it possible to create a VXLAN setup using just bridges created
>>> by OVS? (using ovs-vsctl to create these bridges,ports and vxlan
>>> config)
>>>
>>> vm01---| |--vm03
>>>   br1---br2
>>> vm02---| |---vm04
>>
>>
>> Yes, this is possible. On each hypervisor where OVS is running and
>> where you have VMs you'd like to connect over VXLAN tunnels, create
>> a bridge ("br-tun", for example). Create and configure a VXLAN port
>> appropriately on br-tun on each hypervisor, and then connect your
>> VMs. You should be good to go. My website has an example of doing
>> this with GRE; VXLAN should be nearly identical.
>>
>> Hope this helps,


-- 
Scott




signature.asc
Description: OpenPGP digital signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

Please see my response inline, prefixed with [SL].


On 01/10/2017 09:50 PM, Shravan S K wrote:
> I am asking if that can be done on a single physical host having OVS.
> Say, as mininet creates bridges which act as switches. Can vxlan be
> setup using Mininet?


[SL] I don't know if it's possible for Mininet to set up VXLAN; that's a
question best asked on a Mininet-related forum.

As for whether it can be done on a single host, I suppose if you were to
use 2 separate bridges for physical connectivity along with 2 separate
bridges for the tunnels, it might work. I've never tried it, though, so
this is just conjecture.


> Shravan
> 
> On 10 January 2017 at 23:33, Scott Lowe  <mailto:scott.l...@scottlowe.org>> wrote:
> 
> Please see my response below.
> 
> 
> On 01/10/2017 02:26 AM, Shravan S K wrote:
> > Is it possible to create a VXLAN setup using just bridges created by
> > OVS? (using ovs-vsctl to create these bridges,ports and vxlan config)
> >
> > vm01---| |--vm03
> >   br1---br2
> > vm02---| |---vm04
> 
> 
> Yes, this is possible. On each hypervisor where OVS is running and where
> you have VMs you'd like to connect over VXLAN tunnels, create a bridge
> ("br-tun", for example). Create and configure a VXLAN port appropriately
> on br-tun on each hypervisor, and then connect your VMs. You should be
> good to go. My website has an example of doing this with GRE; VXLAN
> should be nearly identical.
> 
> Hope this helps,


-- 
Scott




signature.asc
Description: OpenPGP digital signature
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

Please see my response below.


On 01/10/2017 02:26 AM, Shravan S K wrote:
> Is it possible to create a VXLAN setup using just bridges created by
> OVS? (using ovs-vsctl to create these bridges,ports and vxlan config)
> 
> vm01---| |--vm03
>   br1---br2
> vm02---| |---vm04


Yes, this is possible. On each hypervisor where OVS is running and where
you have VMs you'd like to connect over VXLAN tunnels, create a bridge
("br-tun", for example). Create and configure a VXLAN port appropriately
on br-tun on each hypervisor, and then connect your VMs. You should be
good to go. My website has an example of doing this with GRE; VXLAN
should be nearly identical.

Hope this helps,

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] VXLAN support in OVS 2.5.0

[Scott Lowe]

Please see my responses inline, prefixed by [SL].


On Dec 28, 2016, at 4:15 AM, Shravan S K  wrote:
> 
> I am trying this - 
> http://docs.openvswitch.org/en/latest/howto/userspace-tunneling/
> 
> 1) Which step connects vxlan interface,vxlan0, to the bridge,br-phy, as shown 
> in the diagram ?


[SL] I haven't worked with userspace tunneling yet, but I believe the 
principles here are much the same as with a "traditional" kernel-mode 
implementation. Traffic from the vxlan0 port on br-int is directed out the 
physical interfaces attached to br-phy via the kernel's routing table (which is 
why step #5 is necessary).

This article may help you understand the various traffic patterns you may 
encounter with OVS:




> 2) What should I do if also want to access(from the VM) the network that my 
> host is in ?


[SL] You would need to either a) add an additional interface to the VM, or b) 
create a VXLAN-to-VLAN gateway. In the case of a), this additional interface 
would need to be connected to br-phy (or its equivalent). In the case of b), 
this would be another system (guest or VM) that receives VXLAN traffic and 
handles decapsulation of the traffic and placement onto a VLAN outside the 
overlay.

I hope this helps.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN on a non-OpenStack and non-sandbox environment.

[Scott Lowe]

On 12/23/2016 03:45 AM, pranab boruah wrote:

Hello Everyone,
We are trying to experiment OVN ACLs on a native setup.(non-OpenStack
and non-sandbox). We couldn't find any blog posts or documentation on
how to do this.
*Gerhard Stenzel*  has posted in this thread somewhat similar to what I
need :
https://mail.openvswitch.org/pipermail/ovs-discuss/2016-July/041871.html

But my requirements are different. Also the ovn architecture document
specifically mentions that we shouldn't add physical ports to br-int*:**
C**h**a**s**s**i**s* *S**e**t**u**p *section in
http://openvswitch.org/support/dist-docs/ovn-architecture.7.html.

Setup Configurations :
Physical Host 1:
  - ovs 2.6 installed.
  - launched a VM with MacVTap(macvtap0) to em1(physical NIC).
  - VM's nic ip : 172.16.10.50

Physical Host 2:
  - em1(Physical NIC) with IP 172.16.10.10

I can ping 172.16.10.50 from 172.16.10.10. My question is how do I
set-up ACL rules for the traffic that are to be allowed/not-allowed to
this VM. The constraints are :
1) Should work in non-OpenStack and non-sandbox environment.
2) VM's interface attached either through MacVTap or SRIOV modes only.



To echo what Ben said already, you can't use MacVTAP or SRIOV interfaces 
with OVN, as both of these types of interfaces bypass OVS (and OVS is 
where the ACLs are enforced).


Using "normal" TAP interfaces for your VMs would work, though, even in 
non-OpenStack environments.


Best of luck,

--
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] what is openflow

[Scott Lowe]

On 12/16/2016 02:16 AM, Yuxin Ren wrote:

Hi all,

What is the relationship between openflow and open vswitch?
I got very confused.



Open vSwitch (OVS) supports the use of OpenFlow as a means for 
controlling/modifying the way that OVS forwards traffic across a network.


If you aren't clear on what OpenFlow is, then just do a web search for 
"what is openflow" and you should get plenty of hits.


I hope this helps.

--
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN vs Distributed vSwitches

[Scott Lowe]

On 12/15/2016 02:29 AM, Shravan S K wrote:

On 14 December 2016 at 00:47, Ben Pfaff mailto:b...@ovn.org>> wrote:

OVN is an SDN controller.

> Most SDN controllers are platforms.  OVN is an application.


Could you clarify this, please?

And, is microsegmentation(for example VMWare NSX, Cisco ACI) possible
using OVN?



Fine-grained ACLs/firewall rules are possible via OVS' integration with 
the kernel conntrack module (leveraged by OVN). However, OVN lacks any 
sort of policy engine that would make managing these ACLs/firewall rules 
possible at any reasonable scale---that policy functionality is pushed 
off to the CMS (OpenStack or other).


I hope this helps.

--
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN vs Distributed vSwitches

[Scott Lowe]

Please see my responses inline, prefixed by [SL].


> On Dec 13, 2016, at 9:22 AM, Shravan S K  wrote:
> 
> The example that you mentioned, isn't it the same as what VXLAN can do ?
> 
> And can you please compare the OVN Controller to an SDN controller(say 
> Floodlight) ?


[SL] VXLAN is simply an encapsulation protocol, and is leveraged by network 
virtualization solutions such as OVN (among others). VXLAN by itself, however, 
does not provide any control plane functionality to enable network 
virtualization (it is strictly a data plane protocol).

As for the comparison between OVN's components and an SDN controller, I'll 
leave that to others who are far more qualified than I am.


> On 13-Dec-2016 20:59, "Scott Lowe"  wrote:
> Please see my response below.
> 
> 
> > On Dec 13, 2016, at 4:08 AM, Shravan S K  wrote:
> >
> > How is OVN related to distributed virtual switches like the VMware vNetwork 
> > distributed switch or the Cisco Nexus 1000V ?
> 
> 
> OVN is intended to add network virtualization functionality to OVS. With 
> network virtualization via OVN, you can build logical network topologies that 
> are independent of the underlying physical network topology. Thus, you could 
> create a logical switch (a logical L2 domain) that spans multiple L3 segments 
> in the physical network (as an example). Distributed virtual switches such as 
> the vSphere Distributed Switch or the Cisco Nexus 1000V do not have this 
> functionality.


--
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVN vs Distributed vSwitches

[Scott Lowe]

Please see my response below.


> On Dec 13, 2016, at 4:08 AM, Shravan S K  wrote:
> 
> How is OVN related to distributed virtual switches like the VMware vNetwork 
> distributed switch or the Cisco Nexus 1000V ?


OVN is intended to add network virtualization functionality to OVS. With 
network virtualization via OVN, you can build logical network topologies that 
are independent of the underlying physical network topology. Thus, you could 
create a logical switch (a logical L2 domain) that spans multiple L3 segments 
in the physical network (as an example). Distributed virtual switches such as 
the vSphere Distributed Switch or the Cisco Nexus 1000V do not have this 
functionality.

-- 
Scott

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] OVS conntrack on rhel7

[Scott Lowe]

Please see my response below.


> On Nov 25, 2016, at 8:41 AM, Michael Kashin  wrote:
> 
> Greetings,
> I've got an oldish  kernel (3.10.0-327.36.3.el7.x86_64) that comes with 
> centos7. If i build OVS RPMs from master branch should this support the 
> conntrack required for OVN ACLs?


According to the FAQ[1], you should be able to build the OVS kernel module for 
kernel 3.10, and using the OVS kernel module will (as I understand it) allow 
you to use the conntrack integration.

The INSTALL[2] document describes how to build the kernel modules.

Good luck!

-- 
Scott

[1]: https://github.com/openvswitch/ovs/blob/master/FAQ.rst
[2]: https://github.com/openvswitch/ovs/blob/master/INSTALL.rst

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss