Posts tagged openvswitch

openvswitch: intro

posted on 2016-04-09 23:16

This is for debian testing branch, packages installed from the repository. openvswitch is used without a SDN controller.


Don't use regular linux bridges on your system, you will run into troubles, as far as I heard. (Didn't feel like testing this out myself.)

install packages

apt install openvswitch-switch


# init database
ovs-vsctl init
# check if initialization worked
ovsdb-tool show-log
# find out db file
ovsdb-tool --help
# emergency reset in case you need it
ovs-vsctl emer-reset

# create your virtual switch
ovs-vsctl add-br ovs0
# show your virtual switch
ovs-vsctl list-br
ovs-vsctl add-port ovs0 ovs0eth0
# show your ports on the switch
ovs-vsctl list-ports ovs0

# show current configuration
ovs-vsctl show

openvswitch: installation for the impatient

posted on 2015-10-04 20:15:52

There is a lot of information out there concerning openvswitch, but a universal installer does not seem to exist.

For testing purposes, all this is done in a fresh virtualbox VM, with nothing else configured. Used virtualbox network type is NAT. Also these settings will not stick, unless you persist them in your network configuration afterwards. You have been warned.


Back to basics, openvswitch has a big download button.

cd ~/Downloads
mkdir ovs
mv openvswitch-2.4.0.tar.gz ovs
cd ovs
tar xzvf openvswitch-2.4.0.tar.gz
cd openvswitch-2.4.0
make -j4 # depends on the number of cores you have in your system
make install
rmmod bridge
modprobe openvswitch
modprobe brcompat

Then this suff will have been put to /usr/local hierarchy afterwards. Now make sure that /usr/local/bin and /usr/local/sbin are also part of your $PATH environment.



ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
ovsdb-server -v --remote=punix:/usr/local/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --pidfile --detach --log-file
# ovs-01 will be our switch name, its arbitrary and is the shown name of the network interface in linux
ovs-vsctl add-br ovs-01

Then you can add other interfaces to the switch. However, if you do things wrong, you might have no more network connectivity, so either first try this in a virtual machine, or have a notebook at hand so you can keep on googling.

configuration theory

First some notes on the IP's:

eth0 is our default interface, and it will usually have which is the default ip for a single vbox VM. The hypervisor (the machine which runs your virtualbox) usually gets the for whatever reason, it least from the virtual maching. You will not be able to see or ping this IP on the host itself.

Second on basic OVS switch usage:

Add all interfaces to your new OVS instance, wether they are virtual or physical. (It's all layer2, baby!) Then assign the switch the actual IP you'd have given your external NIC usually.

actual configuration

ip addr / ip link / ip route are abbreviated ip a / ip l / ip r for brevity. Also ovs-vsctl is better shortened to just ovs via alias ovs=ovs-vsctl, but that is a matter of taste. In the following I will use the complete command name, so noone gets confused more than needed.

Armed with that kind of knowledge, the configuration should work like this:

# take interface down (ssh tunnels will die!)
ip l s eth0 down
# clear ip from current interface
ip a d dev eth0
# flush all routes
ip r f all

# add physical interface to the switch, it was created already above at 'setup'
ovs-vsctl add-port ovs-01 eth0

# add ip back to it and create default route with the hosts gateway
ip a a dev ovs-01
ip r a default via


Now you should be able to ping


In case the test fails, try these steps:

  1. ping to see if you can reach the gateway. (Else your vbox network is somehow broken.)
  2. ping to see if you have internet connectivity.
  3. ping to see if your DNS works. Else try setting a dns server.

Use echo nameserver >> /etc/resolv.conf for testing purposes.


If all that works and you want to make your changes persistant, put these informations into your interface configuration:

Make your new interface ovs-01 get an ip via DHCP (instead of eth0) and set eth0 to manual. No need to fix the nameserver entry, as this should be handled automatically.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, 16.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, PS1, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, cmd, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fakeroot, fbsd, fdisk, fedora, file, files, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, gitbucket, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, make-jpkg, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, python3, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, ubuntu16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas