OVS
1
# Supported datapaths
2
Linux upstream
3
Linux OVS tree:implemented by the Linux kernel module distributed with the OVS source tree.
4
Userspace:Also known as DPDK, dpif-netdev or dummy datapath. on NetBSD, FreeBSD and Mac OSX.
5
Hyper-V:Also known as the Windows datapath.
Copied!
  • A physical Ethernet device that is part of an Open vSwitch bridge should not have an IP address.
http://docs.openvswitch.org/en/latest/faq/openflow/ version 2.8: OF 1.0-1.4; 1.5/1.6 missing features All current versions of ovs-ofctl enable only OpenFlow 1.0 by default.
1
ovs-ofctl -O OpenFlow13 dump-flows br0 # enable support for later versions
Copied!
  • ovs-dpctl, a tool for configuring the switch kernel module.
  • ovs-vsctl, a utility for querying and updating the configuration of ovs-vswitchd.
  • ovs-appctl, a utility that sends commands to running Open vSwitch daemons.
  • ovs-ofctl, a utility for querying and controlling OpenFlow switches and controllers.
  • ovs-pki, a utility for creating and managing the public-key infrastructure for OpenFlow switches.
  • ovs-testcontroller, a simple OpenFlow controller that may be useful for testing
  • A patch to tcpdump that enables it to parse OpenFlow messages.
http://docs.openvswitch.org/en/latest/ref/ ovn- ovsdb- ovs-* vtep[-ctl] VTEP: VXLAN Tunnel End Point

br

1
ovs-vsctl add-br br0
2
ovs-vsctl add-port br0 eth0 # trunk port (the default)
Copied!

VLAN

1
ovs-vsctl add-port br0 tap0 tag=9 # access port
2
ovs-vsctl add-port br0 eth0 tag=9 vlan_mode=native-tagged
3
4
native-tagged
5
A native-tagged port resembles a trunk port, with the
6
exception that a packet without an 802.1Q header that
7
ingresses on a native-tagged port is in the ``native
8
VLAN’’ (specified in the tag column).
9
10
native-untagged
11
A native-untagged port resembles a native-tagged port,
12
with the exception that a packet that egresses on a
13
native-untagged port in the native VLAN will not have an
14
802.1Q header.
15
16
ovs-vsctl set port tap0 tag=9 # set existing port
Copied!

Port bonding

1
ovs-vsctl add-bond br0 bond0 eth0 eth1 # ovs-vswitchd.conf.db(5) for options
Copied!
each of the interfaces in my bonded port shows up as an individual OpenFlow port. Open vSwitch makes individual bond interfaces visible as OpenFlow ports, rather than the bond as a whole.

Port mirroring

1
# eth0 + tap0 mirrored to tap1
2
ovs-vsctl add-port br0 eth0
3
ovs-vsctl set bridge br0 stp_enable=true # not well tested
4
ovs-vsctl add-port br0 tap0
5
ovs-vsctl add-port br0 tap1 \
6
-- [email protected] get port tap1 \
7
-- [email protected] create mirror name=m0 select-all=true [email protected] \
8
-- set bridge br0 [email protected]
9
ovs-vsctl clear bridge br0 mirrors # disable mirror
Copied!
RSPAN VLAN, mirroring of all traffic to that VLAN. Mirroring to a VLAN can disrupt a network that contains unmanaged switches.

Controller

1
ovs-vsctl set-controller of-switch tcp:0.0.0.0:6633 # set Remote Controller
Copied!

Faucet

1
IP_faucet=127.0.0.1 # don't use domain name
2
ovs-vsctl add-br br0 \
3
-- set bridge br0 other-config:datapath-id=0000000000000001 \
4
-- set-controller br0 tcp:$IP_faucet:6653 \
5
-- set controller br0 connection-mode=out-of-band
6
ovs-vsctl add-port br0 enp3s0 -- set interface enp3s0 ofport_request=1
7
ovs-vsctl -- --columns=name,ofport,link_speed,admin_state,statistics,mac_in_use list Interface # mapping
8
9
for i in 1 2 3; do
10
ip tuntap add mode tap dev tap$i
11
ovs-vsctl add-port br0 tap$i -- set interface tap$i ofport_request=$i
12
ovs-ofctl mod-port br0 tap$i up
13
done
14
15
cat /var/log/openvswitch/ovs-vswitchd.log
16
ovs-vsctl show
17
ovs-vsctl --if-exists del-br br0
18
ovs-appctl ofproto/trace br0 in_port=tap1
19
20
ovs-appctl vlog/list
21
ovs-appctl vlog/set ANY:file:dbg
22
23
ovs-ofctl dump-flows br0
Copied!
https://github.com/osrg/openvswitch/blob/master/FAQ "in-band": controllers are actually part of the network that is being controlled. occasionally they can cause unexpected behavior.
1
ovs-appctl bridge/dump-flows br0 # full OpenFlow flow table, including hidden flows
2
ovs-vsctl set bridge br0 other-config:disable-in-band=true # disables in-band control entirely
Copied!

Misc

A physical Ethernet device that is part of an Open vSwitch bridge should not have an IP address.
"normalization": a flow cannot match on an L3 field without saying what L3 protocol is in use.
1
ovs-ofctl add-flow br0 ip,nw_dst=192.168.0.1,actions=drop
2
ovs-ofctl add-flow br0 arp,nw_dst=192.168.0.1,actions=drop
Copied!
"tp_src=1234" will be ignored. write "tcp,tp_src=1234", or "udp,tp_src=1234".
ofport value -1 means that the interface could not be created due to an error. ofport value [] means that the interface hasn't been created yet.
ovs-dpctl dump-flows queries a kernel datapath ovs-ofctl dump-flows queries an OpenFlow switch

UI

Last modified 1yr ago