Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding Open vSwitch

this slide is created for understand open vswitch more easily.
so I tried to make it practical. if you just follow up this scenario, then you will get some knowledge about OVS.
In this document, I mainly use only two command "ip" and "ovs-vsctl" to show you the ability of these commands.

  • Be the first to comment

Understanding Open vSwitch

  1. 1. RED HAT ENTERPISE LINUX1 Understanding Open Vswitch Open Stack YONG-KI, KIM ykim@redhat.com Red Hat Korea
  2. 2. RED HAT ENTERPISE LINUX2 Session Objective Open Vswitch 1. role of OVS in Open Stack 2. Working process of OVS 3. Various IP Interfaces – TAP, TUN, veth-Pair
  3. 3. RED HAT ENTERPISE LINUX3 Base Network Knowledge TCP/IP Model Layer 1 Layer 2 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7
  4. 4. RED HAT ENTERPISE LINUX4 TCP/IP Switch covers TCP/IP but Bridge works on only L2 L2: Mac based communication - bridge, L2 Switch L3: IP based communication - router, L3 Switch L4: TCP Port based communication - L4 Switch, Load Balancer
  5. 5. RED HAT ENTERPISE LINUX5 Network Diagram – host alone Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 172.16.0.1
  6. 6. RED HAT ENTERPISE LINUX6 Network Diagram - tunneling Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 172.16.0.1 172.16.0.2
  7. 7. RED HAT ENTERPISE LINUX7 Network Diagram – complete picture Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
  8. 8. RED HAT ENTERPISE LINUX8 OVS how to – OVS Service 1. OVS start eth0 eth1 OVS IP stack (192.168.0.1/24) Host1 host1#systemctl stop firewalld; setenforce 0 host1#service openvswitch start [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 ovs_version: "2.3.2" 172.16.0.1
  9. 9. RED HAT ENTERPISE LINUX9 OVS how to - br 2. Create Bridge eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ovs-vsctl add-br br-int host1#ip link set dev br-int up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
  10. 10. RED HAT ENTERPISE LINUX10 OVS how to – br-internal 3. assign IP addr to br-int eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ip addr add 192.168.0.100/24 dev br-int [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
  11. 11. RED HAT ENTERPISE LINUX11 OVS how to 4. Create tap device – vtap1, vtap2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ip tuntap add mode tap vtap{1,2} host1#ovs-vsctl add-port br-int vtap1 –- add-port br-int vtap2 host1#ip link set dev vtap{1,2} up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port “vtap1” Interface “vtap1” Port “vtap2” Interface “vtap2” Port br-int Interface br-int type: internal ovs_version: "2.3.2" vtap1 vtap2 172.16.0.1
  12. 12. RED HAT ENTERPISE LINUX12 OVS how to – Config for VM with TAP 5. create VM and configure to use manual TAP device virt-manager는 기본 mactap 제공하나 자율성이 떨어지기 때문에 manual tap 사용 1. vi /etc/libvirt/qemu/host1.xml 2. vi /etc/libvirt/qemu.conf (&& selinux disable) 3. service libvirtd restart <?xml version="1.0" encoding="UTF-8" standalone="no"?> <interface type='ethernet'> <mac address='26:c7:a9:96:a7:7a'/> <target dev=vtap1'/> <model type='virtio'/> <script path='no'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> /etc/libvirt/qemu/host1.xml /etc/libvirt/qemu.conf a) clear_emulator_capabilities = 0 b) user = "root" c) group = "root" d) cgroup_device_acl = [ "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet", "/dev/net/tun", ]
  13. 13. RED HAT ENTERPISE LINUX13 OVS how to – VM IP 4. allocate IP addr to VM's eth0 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 vm1@host1#ip addr add 192.168.0.101/24 dev eth0 vm2@host1#ip addr add 192.168.0.102/24 dev eth0 VM1#ping 192.168.0.1 [success] VM2#ping 192.168.0.1 [success] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
  14. 14. RED HAT ENTERPISE LINUX14 OVS how to - Monitor 5. monitor ovs status eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ovs-vsctl show host1#ovs-ofctl show br-int host1#ovs-appctl fdb/show br-int host1#ovs-ofctl show br-int 1(eth1): addr:00:1a:4a:36:66:10 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 2(vtap1): addr:96:34:e5:61:0a:ca config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max 3(vtap2): addr:f2:18:36:6c:d6:62 config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max LOCAL(br-int): addr:00:1a:4a:36:66:10 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
  15. 15. RED HAT ENTERPISE LINUX15 OVS how to – Test Connection 6. ping test between vm1 on host1 and vm2 host2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 VM1# ping 192.168.0.102 [success] VM1#ping 192.168.0.103 [failed] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2
  16. 16. RED HAT ENTERPISE LINUX16 OVS how to – Tun(VXLAN) 7. create vxlan TUN for connection between VM1 and MV3 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1# ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.2] host2#ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.1 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2 vxlan1 VNI=100 vxlan1 VNI=100
  17. 17. RED HAT ENTERPISE LINUX17 OVS how to - Monitor 8. current ovs status host1#ovs-vsctl show host1#ovs-ofctl ip a [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} ovs_version: "2.3.2" eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0d brd ff:ff:ff:ff:ff:ff inet 10.64.168.146/24 eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0e brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 vtap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 16:07:a0:03:15:ac brd ff:ff:ff:ff:ff:ff vtap2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether e2:05:f1:38:5d:21 brd ff:ff:ff:ff:ff:ff br-int: <BROADCAST,MULTICAST> mtu 1500 link/ether 46:8c:72:ee:f0:4b brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 scope global br-int
  18. 18. RED HAT ENTERPISE LINUX18 OVS how to – veth pair 9. connection between bridges. host1#ip link add veth0 type veth peer name veth1 host1# ovs-vsctl add-br br-tun host1#ovs-vsctl add-port br-int veth0 host1#ovs-vsctl add-port br-tun veth1 host1#ovs-vsctl add-port eth1 host1#ip link set dev veth{0,1} up
  19. 19. RED HAT ENTERPISE LINUX19 OVS how to – veth pair 10. connection between bridges. host1#ovs-vsctl show host1# ip addr [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port "veth0" Interface "veth0" Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} Bridge br-tun Port br-tun Interface br-tun type: internal Port "veth1" Interface "veth1" Port "eth1" Interface "eth1" ovs_version: "2.3.2"
  20. 20. RED HAT ENTERPISE LINUX20 Network Diagram Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
  21. 21. RED HAT ENTERPISE LINUX21 ref: http://docs.ocselected.org/openstack-manuals/kilo/networking-guide/content/under_the_hood_openvswitch.html Open Stack Neutron Architecture
  22. 22. RED HAT ENTERPISE LINUX22 ref: http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN Docker Network w/ Open Vswitch
  23. 23. RED HAT ENTERPISE LINUX23 Ref - articles reference articles 1. open stack neutron: http://docs.ocselected.org/openstack-manuals/kilo/networking- guide/content/under_the_hood_openvswitch.html 2. open vswitch tutorial video: https://www.youtube.com/watch?v=rYW7kQRyUvA 3. docker on open vswitch (한글): http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN 4. ovs script - refer to below slides
  24. 24. RED HAT ENTERPISE LINUX24 Ref – ovs-host1.sh KimYongKis-MacBook-Pro:20151013-Internal-OVS-training ykim$ cat ovs-host1.sh #!/bin/sh #define vnet="192.168.0.1/24" target_host="172.16.0.2" tun_net="172.16.0.1/24" #help if [ -z "$1" ] || [ $1 == "help" ];then echo "Help: $0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" echo "" echo "How to use this scripts" echo "" echo "1st: clear" echo "2nd: init, clear iptables and change selinux mode to permissive" echo "3rd: br-int, create br-int bridge" echo "4th: vtap, create vtap and start VMs" echo "5th: vxlan, create vxlan tunnel" echo "6th: br-tun, optional, create br-tun bridge" echo "7th: veth-pair, optional, create veth-pair to connect between bridges(br-int and br-tun)" echo "8th: en-br-tun, optional, insert eth1 to br-tun and assign ip address to br-tun" echo "" exit 1 fi ## clear if [ $1 == "clear" ];then echo "$1" iptables -F ip addr flush dev eth1 ovs-vsctl del-port br-int vtap1 ovs-vsctl del-port br-int vtap2 ovs-vsctl del-port br-int vxlan0 ovs-vsctl del-br br-int ovs-vsctl del-br br-tun virsh destroy cirros1 virsh destroy cirros2 ip tuntap del mode tap vtap1 ip tuntap del mode tap vtap2 ip link del veth0 type veth peer name veth1 ip link del virbr0 ip link del virbr0-nic ovs-vsctl show
  25. 25. RED HAT ENTERPISE LINUX25 Ref – ovs-host1.sh (cont.) ## br-int elif [ $1 == "br-int" ];then echo $1 ovs-vsctl add-br br-int ip addr add $vnet dev br-int ip link set dev br-int up ovs-vsctl show ## vtap elif [ $1 == "vtap" ];then echo $1 echo "vm 1 and vm2 starting" ip tuntap add mode tap vtap1 ip tuntap add mode tap vtap2 virsh start cirros1 virsh start cirros2 sleep 5 ip link set dev vtap1 up ip link set dev vtap2 up ovs-vsctl add-port br-int vtap1 ovs-vsctl add-port br-int vtap2 ovs-vsctl show ## vxlan elif [ $1 == "vxlan" ];then echo $1 ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=$target_host ovs-vsctl show ## br-tun elif [ $1 == "br-tun" ];then echo $1 ovs-vsctl add-br br-tun ip link set dev br-tun up ovs-vsctl show ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show
  26. 26. RED HAT ENTERPISE LINUX26 Ref – ovs-host1.sh (cont.) ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show ## en-br-tun elif [ $1 == "en-br-tun" ];then echo $1 ip addr flush dev eth1 ovs-vsctl add-port br-tun eth1 ip addr add $tun_net dev br-tun ip link set br-tun up ovs-vsctl show ## init elif [ $1 == "init" ];then echo $1 iptables -F setenforce 0 ip addr add $tun_net dev eth1 ip link set eth1 up else echo "$0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" fi
  27. 27. RED HAT ENTERPISE LINUX27 End of Document

×