Posts tagged openvswitch

openvswitch: intro
posted on 2016-04-09 23:16

This is for debian testing branch, packages installed from the repository. openvswitch is used without a SDN controller.

prerequisites

Don't use regular linux bridges on your system, you will run into troubles, as far as I heard. (Didn't feel like testing this out myself.)

install packages

apt install openvswitch-switch

setup

# init database
ovs-vsctl init
# check if initialization worked
ovsdb-tool show-log
# find out db file
ovsdb-tool --help
# emergency reset in case you need it
ovs-vsctl emer-reset

# create your virtual switch
ovs-vsctl add-br ovs0
# show your virtual switch
ovs-vsctl list-br
ovs-vsctl add-port ovs0 ovs0eth0
# show your ports on the switch
ovs-vsctl list-ports ovs0

# show current configuration
ovs-vsctl show
openvswitch: installation for the impatient
posted on 2015-10-04 20:15:52

There is a lot of information out there concerning openvswitch, but a universal installer does not seem to exist.

For testing purposes, all this is done in a fresh virtualbox VM, with nothing else configured. Used virtualbox network type is NAT. Also these settings will not stick, unless you persist them in your network configuration afterwards. You have been warned.

install

Back to basics, openvswitch has a big download button.

cd ~/Downloads
mkdir ovs
mv openvswitch-2.4.0.tar.gz ovs
cd ovs
tar xzvf openvswitch-2.4.0.tar.gz
cd openvswitch-2.4.0
./configure
make -j4 # depends on the number of cores you have in your system
make install
rmmod bridge
modprobe openvswitch
modprobe brcompat

Then this suff will have been put to /usr/local hierarchy afterwards. Now make sure that /usr/local/bin and /usr/local/sbin are also part of your $PATH environment.

setup

Then:

ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
ovsdb-server -v --remote=punix:/usr/local/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --pidfile --detach --log-file
# ovs-01 will be our switch name, its arbitrary and is the shown name of the network interface in linux
ovs-vsctl add-br ovs-01

Then you can add other interfaces to the switch. However, if you do things wrong, you might have no more network connectivity, so either first try this in a virtual machine, or have a notebook at hand so you can keep on googling.

configuration theory

First some notes on the IP's:

eth0 is our default interface, and it will usually have 10.0.2.15 which is the default ip for a single vbox VM. The hypervisor (the machine which runs your virtualbox) usually gets the 10.0.2.2 for whatever reason, it least from the virtual maching. You will not be able to see or ping this IP on the host itself.

Second on basic OVS switch usage:

Add all interfaces to your new OVS instance, wether they are virtual or physical. (It's all layer2, baby!) Then assign the switch the actual IP you'd have given your external NIC usually.

actual configuration

ip addr / ip link / ip route are abbreviated ip a / ip l / ip r for brevity. Also ovs-vsctl is better shortened to just ovs via alias ovs=ovs-vsctl, but that is a matter of taste. In the following I will use the complete command name, so noone gets confused more than needed.

Armed with that kind of knowledge, the configuration should work like this:

# take interface down (ssh tunnels will die!)
ip l s eth0 down
# clear ip from current interface
ip a d 10.0.2.15/24 dev eth0
# flush all routes
ip r f all

# add physical interface to the switch, it was created already above at 'setup'
ovs-vsctl add-port ovs-01 eth0

# add ip back to it and create default route with the hosts gateway
ip a a 10.0.2.15 dev ovs-01
ip r a default via 10.0.2.2

testing

Now you should be able to ping google.com.

troubleshooting

In case the test fails, try these steps:

  1. ping 10.0.2.2 to see if you can reach the gateway. (Else your vbox network is somehow broken.)
  2. ping 8.8.8.8 to see if you have internet connectivity.
  3. ping google.com to see if your DNS works. Else try setting a dns server.

Use echo nameserver 8.8.8.8 >> /etc/resolv.conf for testing purposes.

persisting

If all that works and you want to make your changes persistant, put these informations into your interface configuration:

Make your new interface ovs-01 get an ip via DHCP (instead of eth0) and set eth0 to manual. No need to fix the nameserver entry, as this should be handled automatically.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas