As stated in the OVS documentation, hypervisors need the ability to bridge traffic between VMs and the outside world. On Linux-based hypervisors, this used to mean using the built-in L2 switch - the Linux bridge.
Open vSwitch is targeted at multi-server virtualization deployments where VM mobility and network dynamics are important.
Open vSwitch supports a number of features that allow a network control system to respond and adapt as the environment changes. This includes simple accounting and visibility support such as NetFlow and sFlow. But perhaps more useful, Open vSwitch supports a network state database (OVSDB) that supports remote triggers. Therefore, a piece of orchestration software can "watch" various aspects of the network and respond if/when they change. This is used heavily today, for example, to respond to and track VM migrations.
Open vSwitch also supports OpenFlow as a method of exporting remote access to control traffic. There are a number of uses for this including global network discovery through inspection of discovery or link-state traffic (e.g. LLDP, CDP, OSPF, etc.).
The goal with Open vSwitch is to keep the in-kernel code as small as possible (as is necessary for performance) and to re-use existing subsystems when applicable (for example Open vSwitch uses the existing QoS stack).
For more information on OVS refer to [1].
Most Linux distributions now come with the OVS user-space tools and the kernel module, but I prefer to get the latest code and compile it manually (the source code also comes with spec files for building rpm or deb packages).
First lets download and compile the code:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:src]# cd /usr/src | |
| [root@hype1:src]# wget http://openvswitch.org/releases/openvswitch-1.9.0.tar.gz | |
| [root@hype1:src]# tar zxfv openvswitch-1.9.0.tar.gz; cd openvswitch-1.9.0 | |
| [root@hype1:openvswitch-1.9.0]# ./congiure;make;make install;cd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# cd | |
| [root@hype1:~]# mkdir -p rpmbuild/SOURCES | |
| [root@hype1:~]# cd rpmbuild/SOURCES | |
| [root@hype1:SOURCES]# wget http://openvswitch.org/releases/openvswitch-1.9.0.tar.gz | |
| [root@hype1:SOURCES]# tar xvfz openvswitch-1.9.0.tar.gz | |
| [root@hype1:SOURCES]# cd openvswitch-1.9.0 | |
| [root@hype1:SOURCES]# ./configure | |
| [root@hype1:SOURCES]# make dist | |
| [root@hype1:SOURCES]# cp openvswitch-1.9.0.tar.gz ../ | |
| [root@hype1:SOURCES]# rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec | |
| [root@hype1:SOURCES]# rpmbuild -bb rhel/openvswitch.spec | |
| [root@hype1:SOURCES]# yum localinstall ~/rpmbuild/RPMS/x86_64/kmod-openvswitch-1.9.0-1.el6.x86_64.rpm | |
| [root@hype1:SOURCES]# yum localinstall ~/rpmbuild/RPMS/x86_64/openvswitch-1.10.90-1.x86_64.rpm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# rmmod bridge |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# modprobe openvswitch |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# modprobe brcompat |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# virsh -c lxc:// start haproxy1 | |
| error: Failed to start domain haproxy1 | |
| error: Unable to add bridge br0 port veth0: Operation not supported |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# cat /etc/sysconfig/modules/openvswitch.modules | |
| #!/bin/sh | |
| exec /sbin/modprobe openvswitch | |
| exec /sbin/modprobe brcompat | |
| [root@hype1:~]# chmod u+x /etc/sysconfig/modules/openvswitch.modules | |
| [root@hype1:~]# echo "blacklist bridge" >> /etc/modprobe.d/blacklist.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# mkdir -p /usr/local/etc/openvswitch | |
| [root@hype1:~]# ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \ | |
| --remote=db:Open_vSwitch,manager_options \ | |
| --private-key=db:SSL,private_key \ | |
| --certificate=db:SSL,certificate \ | |
| --bootstrap-ca-cert=db:SSL,ca_cert \ | |
| --pidfile --detach |
Then initialize the database using ovs-vsctl. This is only necessary the first time after you create the database with ovsdb-tool (but running it at any time is harmless):
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# ovs-vsctl --no-wait init |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# ovs-vswitchd --pidfile --detach |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# service openvswitch start |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# ovs-vsctl add-br br0 | |
| [root@hype1:~]# ovs-vsctl add-port br0 eth2 | |
| [root@hype1:~]# ovs-vsctl add-port br0 veth0 | |
| [root@hype1:~]# ifconfig eth2 0 | |
| [root@hype1:~]# ifconfig br0 10.24.6.213 netmask 255.255.240.0 | |
| [root@hype1:~]# route add default gw 10.24.0.1 br0 |
To directly connect your VM to the bridge and not use NAT make sure your VM network definition looks similar to this:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# cat lxc.xml | |
| --snip-- | |
| <interface type='bridge'> | |
| <mac address='52:54:00:cb:ee:4b'/> | |
| <source bridge='br0'/> | |
| </interface> | |
| --snip-- |
To see the ports that are connected to the bridge run:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# ovs-vsctl show | |
| 95098a68-1281-4dab-90d7-46374a5d5e23 | |
| Bridge "br0" | |
| Port "veth0" | |
| Interface "veth0" | |
| Port "eth2" | |
| Interface "eth2" | |
| Port "br0" | |
| Interface "br0" | |
| type: internal |
The network configuration should look like the following (on RHEL):
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@hype1:~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 | |
| DEVICE=br0 | |
| BOOTPROTO=static | |
| IPADDR=10.24.6.213 | |
| NETMASK=255.255.240.0 | |
| GATEWAY=10.24.0.1 | |
| ONBOOT=yes | |
| TYPE="OVSBridge" | |
| DEVICETYPE="ovs" | |
| [root@hype1:~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2 | |
| DEVICE="eth2" | |
| HWADDR="00:8C:FA:00:C6:00" | |
| NM_CONTROLLED="no" | |
| ONBOOT="yes" | |
| DEVICETYPE="ovs" | |
| OVS_BRIDGE=br0 |
Resources:
[1] http://openvswitch.org/
