SlideShare a Scribd company logo

Understanding Open vSwitch

YongKi Kim
YongKi Kim

The document provides an in-depth overview of Open vSwitch (OVS) in the context of OpenStack, detailing various networking concepts, configurations, and commands. Key topics include the role of OVS in OpenStack, network topologies, bridge and tap device creation, and methods to monitor and test connections between virtual machines. Numerous example configurations and command-line instructions are provided to assist users in deploying and managing OVS in their environments.

Technology
1 of 27
Downloaded 294 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Most read
19
20
21
Most read
22
23
24
25
26
27
Most read
RED HAT ENTERPISE LINUX1 Understanding Open Vswitch Open Stack YONG-KI, KIM ykim@redhat.com Red Hat Korea
RED HAT ENTERPISE LINUX2 Session Objective Open Vswitch 1. role of OVS in Open Stack 2. Working process of OVS 3. Various IP Interfaces – TAP, TUN, veth-Pair
RED HAT ENTERPISE LINUX3 Base Network Knowledge TCP/IP Model Layer 1 Layer 2 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7
RED HAT ENTERPISE LINUX4 TCP/IP Switch covers TCP/IP but Bridge works on only L2 L2: Mac based communication - bridge, L2 Switch L3: IP based communication - router, L3 Switch L4: TCP Port based communication - L4 Switch, Load Balancer
RED HAT ENTERPISE LINUX5 Network Diagram – host alone Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 172.16.0.1
RED HAT ENTERPISE LINUX6 Network Diagram - tunneling Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 172.16.0.1 172.16.0.2
RED HAT ENTERPISE LINUX7 Network Diagram – complete picture Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
RED HAT ENTERPISE LINUX8 OVS how to – OVS Service 1. OVS start eth0 eth1 OVS IP stack (192.168.0.1/24) Host1 host1#systemctl stop firewalld; setenforce 0 host1#service openvswitch start [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 ovs_version: "2.3.2" 172.16.0.1
RED HAT ENTERPISE LINUX9 OVS how to - br 2. Create Bridge eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ovs-vsctl add-br br-int host1#ip link set dev br-int up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
RED HAT ENTERPISE LINUX10 OVS how to – br-internal 3. assign IP addr to br-int eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ip addr add 192.168.0.100/24 dev br-int [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
RED HAT ENTERPISE LINUX11 OVS how to 4. Create tap device – vtap1, vtap2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ip tuntap add mode tap vtap{1,2} host1#ovs-vsctl add-port br-int vtap1 –- add-port br-int vtap2 host1#ip link set dev vtap{1,2} up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port “vtap1” Interface “vtap1” Port “vtap2” Interface “vtap2” Port br-int Interface br-int type: internal ovs_version: "2.3.2" vtap1 vtap2 172.16.0.1
RED HAT ENTERPISE LINUX12 OVS how to – Config for VM with TAP 5. create VM and configure to use manual TAP device virt-manager는 기본 mactap 제공하나 자율성이 떨어지기 때문에 manual tap 사용 1. vi /etc/libvirt/qemu/host1.xml 2. vi /etc/libvirt/qemu.conf (&& selinux disable) 3. service libvirtd restart <?xml version="1.0" encoding="UTF-8" standalone="no"?> <interface type='ethernet'> <mac address='26:c7:a9:96:a7:7a'/> <target dev=vtap1'/> <model type='virtio'/> <script path='no'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> /etc/libvirt/qemu/host1.xml /etc/libvirt/qemu.conf a) clear_emulator_capabilities = 0 b) user = "root" c) group = "root" d) cgroup_device_acl = [ "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet", "/dev/net/tun", ]
RED HAT ENTERPISE LINUX13 OVS how to – VM IP 4. allocate IP addr to VM's eth0 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 vm1@host1#ip addr add 192.168.0.101/24 dev eth0 vm2@host1#ip addr add 192.168.0.102/24 dev eth0 VM1#ping 192.168.0.1 [success] VM2#ping 192.168.0.1 [success] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
RED HAT ENTERPISE LINUX14 OVS how to - Monitor 5. monitor ovs status eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ovs-vsctl show host1#ovs-ofctl show br-int host1#ovs-appctl fdb/show br-int host1#ovs-ofctl show br-int 1(eth1): addr:00:1a:4a:36:66:10 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 2(vtap1): addr:96:34:e5:61:0a:ca config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max 3(vtap2): addr:f2:18:36:6c:d6:62 config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max LOCAL(br-int): addr:00:1a:4a:36:66:10 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
RED HAT ENTERPISE LINUX15 OVS how to – Test Connection 6. ping test between vm1 on host1 and vm2 host2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 VM1# ping 192.168.0.102 [success] VM1#ping 192.168.0.103 [failed] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2
RED HAT ENTERPISE LINUX16 OVS how to – Tun(VXLAN) 7. create vxlan TUN for connection between VM1 and MV3 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1# ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.2] host2#ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.1 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2 vxlan1 VNI=100 vxlan1 VNI=100
RED HAT ENTERPISE LINUX17 OVS how to - Monitor 8. current ovs status host1#ovs-vsctl show host1#ovs-ofctl ip a [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} ovs_version: "2.3.2" eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0d brd ff:ff:ff:ff:ff:ff inet 10.64.168.146/24 eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0e brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 vtap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 16:07:a0:03:15:ac brd ff:ff:ff:ff:ff:ff vtap2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether e2:05:f1:38:5d:21 brd ff:ff:ff:ff:ff:ff br-int: <BROADCAST,MULTICAST> mtu 1500 link/ether 46:8c:72:ee:f0:4b brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 scope global br-int
RED HAT ENTERPISE LINUX18 OVS how to – veth pair 9. connection between bridges. host1#ip link add veth0 type veth peer name veth1 host1# ovs-vsctl add-br br-tun host1#ovs-vsctl add-port br-int veth0 host1#ovs-vsctl add-port br-tun veth1 host1#ovs-vsctl add-port eth1 host1#ip link set dev veth{0,1} up
RED HAT ENTERPISE LINUX19 OVS how to – veth pair 10. connection between bridges. host1#ovs-vsctl show host1# ip addr [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port "veth0" Interface "veth0" Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} Bridge br-tun Port br-tun Interface br-tun type: internal Port "veth1" Interface "veth1" Port "eth1" Interface "eth1" ovs_version: "2.3.2"
RED HAT ENTERPISE LINUX20 Network Diagram Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
RED HAT ENTERPISE LINUX21 ref: http://docs.ocselected.org/openstack-manuals/kilo/networking-guide/content/under_the_hood_openvswitch.html Open Stack Neutron Architecture
RED HAT ENTERPISE LINUX22 ref: http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN Docker Network w/ Open Vswitch
RED HAT ENTERPISE LINUX23 Ref - articles reference articles 1. open stack neutron: http://docs.ocselected.org/openstack-manuals/kilo/networking- guide/content/under_the_hood_openvswitch.html 2. open vswitch tutorial video: https://www.youtube.com/watch?v=rYW7kQRyUvA 3. docker on open vswitch (한글): http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN 4. ovs script - refer to below slides
RED HAT ENTERPISE LINUX24 Ref – ovs-host1.sh KimYongKis-MacBook-Pro:20151013-Internal-OVS-training ykim$ cat ovs-host1.sh #!/bin/sh #define vnet="192.168.0.1/24" target_host="172.16.0.2" tun_net="172.16.0.1/24" #help if [ -z "$1" ] || [ $1 == "help" ];then echo "Help: $0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" echo "" echo "How to use this scripts" echo "" echo "1st: clear" echo "2nd: init, clear iptables and change selinux mode to permissive" echo "3rd: br-int, create br-int bridge" echo "4th: vtap, create vtap and start VMs" echo "5th: vxlan, create vxlan tunnel" echo "6th: br-tun, optional, create br-tun bridge" echo "7th: veth-pair, optional, create veth-pair to connect between bridges(br-int and br-tun)" echo "8th: en-br-tun, optional, insert eth1 to br-tun and assign ip address to br-tun" echo "" exit 1 fi ## clear if [ $1 == "clear" ];then echo "$1" iptables -F ip addr flush dev eth1 ovs-vsctl del-port br-int vtap1 ovs-vsctl del-port br-int vtap2 ovs-vsctl del-port br-int vxlan0 ovs-vsctl del-br br-int ovs-vsctl del-br br-tun virsh destroy cirros1 virsh destroy cirros2 ip tuntap del mode tap vtap1 ip tuntap del mode tap vtap2 ip link del veth0 type veth peer name veth1 ip link del virbr0 ip link del virbr0-nic ovs-vsctl show
RED HAT ENTERPISE LINUX25 Ref – ovs-host1.sh (cont.) ## br-int elif [ $1 == "br-int" ];then echo $1 ovs-vsctl add-br br-int ip addr add $vnet dev br-int ip link set dev br-int up ovs-vsctl show ## vtap elif [ $1 == "vtap" ];then echo $1 echo "vm 1 and vm2 starting" ip tuntap add mode tap vtap1 ip tuntap add mode tap vtap2 virsh start cirros1 virsh start cirros2 sleep 5 ip link set dev vtap1 up ip link set dev vtap2 up ovs-vsctl add-port br-int vtap1 ovs-vsctl add-port br-int vtap2 ovs-vsctl show ## vxlan elif [ $1 == "vxlan" ];then echo $1 ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=$target_host ovs-vsctl show ## br-tun elif [ $1 == "br-tun" ];then echo $1 ovs-vsctl add-br br-tun ip link set dev br-tun up ovs-vsctl show ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show
RED HAT ENTERPISE LINUX26 Ref – ovs-host1.sh (cont.) ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show ## en-br-tun elif [ $1 == "en-br-tun" ];then echo $1 ip addr flush dev eth1 ovs-vsctl add-port br-tun eth1 ip addr add $tun_net dev br-tun ip link set br-tun up ovs-vsctl show ## init elif [ $1 == "init" ];then echo $1 iptables -F setenforce 0 ip addr add $tun_net dev eth1 ip link set eth1 up else echo "$0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" fi
RED HAT ENTERPISE LINUX27 End of Document

More Related Content

What's hot (20)

PDF
Virtualized network with openvswitch
Sim Janghoon
 
PPTX
OVN - Basics and deep dive
Trinath Somanchi
 
PDF
Open vSwitch Introduction
HungWei Chiu
 
PPTX
OVN 設定サンプル | OVN config example 2015/12/27
Kentaro Ebisawa
 
PDF
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
PPTX
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
PDF
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
VirtualTech Japan Inc.
 
PDF
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Nalee Jang
 
PDF
日本OpenStackユーザ会 第37回勉強会
Yushiro Furukawa
 
PPTX
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
PDF
Neutron packet logging framework
Vietnam Open Infrastructure User Group
 
PDF
Linux Networking Explained
Thomas Graf
 
PDF
OpenStackでも重要な役割を果たすPacemakerを知ろう!
ksk_ha
 
PDF
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
PPTX
Packet flow on openstack
Achhar Kalia
 
PDF
VXLAN and FRRouting
Faisal Reza
 
PDF
debugging openstack neutron /w openvswitch
어형 이
 
PPTX
Introduction to DPDK
Kernel TLV
 
PPTX
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
PDF
ML2/OVN アーキテクチャ概観
Yamato Tanaka
 
Virtualized network with openvswitch
Sim Janghoon
 
OVN - Basics and deep dive
Trinath Somanchi
 
Open vSwitch Introduction
HungWei Chiu
 
OVN 設定サンプル | OVN config example 2015/12/27
Kentaro Ebisawa
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
知っているようで知らないNeutron -仮想ルータの冗長と分散- - OpenStack最新情報セミナー 2016年3月
VirtualTech Japan Inc.
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Nalee Jang
 
日本OpenStackユーザ会 第37回勉強会
Yushiro Furukawa
 
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
Neutron packet logging framework
Vietnam Open Infrastructure User Group
 
Linux Networking Explained
Thomas Graf
 
OpenStackでも重要な役割を果たすPacemakerを知ろう!
ksk_ha
 
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
Packet flow on openstack
Achhar Kalia
 
VXLAN and FRRouting
Faisal Reza
 
debugging openstack neutron /w openvswitch
어형 이
 
Introduction to DPDK
Kernel TLV
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
ML2/OVN アーキテクチャ概観
Yamato Tanaka
 

Viewers also liked (20)

PDF
Open VSwitch .. Use it for your day to day needs
rranjithrajaram
 
PDF
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
The Linux Foundation
 
PDF
Sdnds tw-meetup-2
Fei Ji Siao
 
PDF
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
PDF
Open stack networking vlan, gre
Sim Janghoon
 
PPT
CRIU on RHEL7
YongKi Kim
 
PDF
Openstack Networking Internals - first part
lilliput12
 
PDF
Open vSwitch의 Vendor Extension 구현
Seung-Hoon Baek
 
PPTX
Accelerating Neutron with Intel DPDK
Alexander Shalimov
 
PDF
Aura Framework Overview
rajdeep
 
PDF
Open daylight and Openstack
Dave Neary
 
DOCX
SDN Training - Open daylight installation + example with mininet
SAMeh Zaghloul
 
PDF
OpenStack networking
Sim Janghoon
 
PDF
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Mirantis
 
PDF
OVS VXLAN Network Accelaration on OpenStack (VXLAN offload and DPDK) - OpenSt...
VirtualTech Japan Inc.
 
PDF
Intel DPDK Step by Step instructions
Hisaki Ohara
 
PPTX
DEVNET-1006 Getting Started with OpenDayLight
Cisco DevNet
 
PDF
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Seung-Hoon Baek
 
PDF
Docker Container
Seung-Hoon Baek
 
PPTX
How to Be a Better Marketer?
Ayswarrya Ganapathiraman
 
Open VSwitch .. Use it for your day to day needs
rranjithrajaram
 
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
The Linux Foundation
 
Sdnds tw-meetup-2
Fei Ji Siao
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
Open stack networking vlan, gre
Sim Janghoon
 
CRIU on RHEL7
YongKi Kim
 
Openstack Networking Internals - first part
lilliput12
 
Open vSwitch의 Vendor Extension 구현
Seung-Hoon Baek
 
Accelerating Neutron with Intel DPDK
Alexander Shalimov
 
Aura Framework Overview
rajdeep
 
Open daylight and Openstack
Dave Neary
 
SDN Training - Open daylight installation + example with mininet
SAMeh Zaghloul
 
OpenStack networking
Sim Janghoon
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Mirantis
 
OVS VXLAN Network Accelaration on OpenStack (VXLAN offload and DPDK) - OpenSt...
VirtualTech Japan Inc.
 
Intel DPDK Step by Step instructions
Hisaki Ohara
 
DEVNET-1006 Getting Started with OpenDayLight
Cisco DevNet
 
Open vSwitch와 Mininet을 이용한 가상 네트워크 생성과 OpenDaylight를 사용한 네트워크 제어실험
Seung-Hoon Baek
 
Docker Container
Seung-Hoon Baek
 
How to Be a Better Marketer?
Ayswarrya Ganapathiraman
 
Ad

Similar to Understanding Open vSwitch (20)

PPTX
Openstack openswitch basics
nshah061
 
PPTX
Thebasicintroductionofopenvswitch
Ramses Ramirez
 
PPTX
Harmonia open iris_basic_v0.1
Yongyoon Shin
 
PDF
Secure LXC Networking
Marian Marinov
 
PPTX
Virtual Networking (1) (1).pptx
KrishnaMishra386849
 
PPTX
Networking in linux
Varnnit Jain
 
DOCX
Alcatel vm
Muideen Jokanola
 
PDF
Linux router
Miguel E Arellano Quezada
 
PPTX
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
PPTX
Mininet demo
Momina Masood
 
PDF
SR-IOV, KVM and Emulex OneConnect 10Gbps cards on Debian/Stable
juet-y
 
PPTX
Install ovs on local pc
ApplistarVN
 
PDF
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
juet-y
 
PDF
Approaching hyperconvergedopenstack
Ikuo Kumagai
 
PDF
SR-IOV+KVM on Debian/Stable
juet-y
 
ODP
Securing the network for VMs or Containers
Marian Marinov
 
PPTX
lab 2 (1)bbbbhbbbvvvvvvccccbbvvvccc.pptx
BinyamBekeleMoges
 
PPTX
Neutron Deep Dive
Joern Stenkamp
 
PDF
Open stack 4day
Mario Cho
 
DOCX
How to configure cisco 6500 vss
IT Tech
 
Openstack openswitch basics
nshah061
 
Thebasicintroductionofopenvswitch
Ramses Ramirez
 
Harmonia open iris_basic_v0.1
Yongyoon Shin
 
Secure LXC Networking
Marian Marinov
 
Virtual Networking (1) (1).pptx
KrishnaMishra386849
 
Networking in linux
Varnnit Jain
 
Alcatel vm
Muideen Jokanola
 
Linux router
Miguel E Arellano Quezada
 
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
Mininet demo
Momina Masood
 
SR-IOV, KVM and Emulex OneConnect 10Gbps cards on Debian/Stable
juet-y
 
Install ovs on local pc
ApplistarVN
 
SR-IOV, KVM and Intel X520 10Gbps cards on Debian/Stable
juet-y
 
Approaching hyperconvergedopenstack
Ikuo Kumagai
 
SR-IOV+KVM on Debian/Stable
juet-y
 
Securing the network for VMs or Containers
Marian Marinov
 
lab 2 (1)bbbbhbbbvvvvvvccccbbvvvccc.pptx
BinyamBekeleMoges
 
Neutron Deep Dive
Joern Stenkamp
 
Open stack 4day
Mario Cho
 
How to configure cisco 6500 vss
IT Tech
 
Ad

Recently uploaded (20)

PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
July Patch Tuesday
Ivanti
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
July Patch Tuesday
Ivanti
 

Understanding Open vSwitch

  • 1. RED HAT ENTERPISE LINUX1 Understanding Open Vswitch Open Stack YONG-KI, KIM [email protected] Red Hat Korea
  • 2. RED HAT ENTERPISE LINUX2 Session Objective Open Vswitch 1. role of OVS in Open Stack 2. Working process of OVS 3. Various IP Interfaces – TAP, TUN, veth-Pair
  • 3. RED HAT ENTERPISE LINUX3 Base Network Knowledge TCP/IP Model Layer 1 Layer 2 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7
  • 4. RED HAT ENTERPISE LINUX4 TCP/IP Switch covers TCP/IP but Bridge works on only L2 L2: Mac based communication - bridge, L2 Switch L3: IP based communication - router, L3 Switch L4: TCP Port based communication - L4 Switch, Load Balancer
  • 5. RED HAT ENTERPISE LINUX5 Network Diagram – host alone Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 172.16.0.1
  • 6. RED HAT ENTERPISE LINUX6 Network Diagram - tunneling Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 172.16.0.1 172.16.0.2
  • 7. RED HAT ENTERPISE LINUX7 Network Diagram – complete picture Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
  • 8. RED HAT ENTERPISE LINUX8 OVS how to – OVS Service 1. OVS start eth0 eth1 OVS IP stack (192.168.0.1/24) Host1 host1#systemctl stop firewalld; setenforce 0 host1#service openvswitch start [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 ovs_version: "2.3.2" 172.16.0.1
  • 9. RED HAT ENTERPISE LINUX9 OVS how to - br 2. Create Bridge eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ovs-vsctl add-br br-int host1#ip link set dev br-int up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
  • 10. RED HAT ENTERPISE LINUX10 OVS how to – br-internal 3. assign IP addr to br-int eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal Host1 host1#ip addr add 192.168.0.100/24 dev br-int [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.3.2" 172.16.0.1
  • 11. RED HAT ENTERPISE LINUX11 OVS how to 4. Create tap device – vtap1, vtap2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ip tuntap add mode tap vtap{1,2} host1#ovs-vsctl add-port br-int vtap1 –- add-port br-int vtap2 host1#ip link set dev vtap{1,2} up [root@yhost2 ~]# ovs-vsctl show da8683f3-e1c1-4c9a-9587-2e3e860f9f82 Bridge br-int Port “vtap1” Interface “vtap1” Port “vtap2” Interface “vtap2” Port br-int Interface br-int type: internal ovs_version: "2.3.2" vtap1 vtap2 172.16.0.1
  • 12. RED HAT ENTERPISE LINUX12 OVS how to – Config for VM with TAP 5. create VM and configure to use manual TAP device virt-manager는 기본 mactap 제공하나 자율성이 떨어지기 때문에 manual tap 사용 1. vi /etc/libvirt/qemu/host1.xml 2. vi /etc/libvirt/qemu.conf (&& selinux disable) 3. service libvirtd restart <?xml version="1.0" encoding="UTF-8" standalone="no"?> <interface type='ethernet'> <mac address='26:c7:a9:96:a7:7a'/> <target dev=vtap1'/> <model type='virtio'/> <script path='no'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> /etc/libvirt/qemu/host1.xml /etc/libvirt/qemu.conf a) clear_emulator_capabilities = 0 b) user = "root" c) group = "root" d) cgroup_device_acl = [ "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet", "/dev/net/tun", ]
  • 13. RED HAT ENTERPISE LINUX13 OVS how to – VM IP 4. allocate IP addr to VM's eth0 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 vm1@host1#ip addr add 192.168.0.101/24 dev eth0 vm2@host1#ip addr add 192.168.0.102/24 dev eth0 VM1#ping 192.168.0.1 [success] VM2#ping 192.168.0.1 [success] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
  • 14. RED HAT ENTERPISE LINUX14 OVS how to - Monitor 5. monitor ovs status eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1#ovs-vsctl show host1#ovs-ofctl show br-int host1#ovs-appctl fdb/show br-int host1#ovs-ofctl show br-int 1(eth1): addr:00:1a:4a:36:66:10 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 2(vtap1): addr:96:34:e5:61:0a:ca config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max 3(vtap2): addr:f2:18:36:6c:d6:62 config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max LOCAL(br-int): addr:00:1a:4a:36:66:10 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 172.16.0.1
  • 15. RED HAT ENTERPISE LINUX15 OVS how to – Test Connection 6. ping test between vm1 on host1 and vm2 host2 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 VM1# ping 192.168.0.102 [success] VM1#ping 192.168.0.103 [failed] vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2
  • 16. RED HAT ENTERPISE LINUX16 OVS how to – Tun(VXLAN) 7. create vxlan TUN for connection between VM1 and MV3 eth0 eth1 OVS br-int IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 host1# ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.2] host2#ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=172.16.0.1 vtap1 vtap2 VM1 eth0 VM2 eth0 192.168.0.101 192.168.0.102 eth0 eth1 OVS br-int IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host1 vtap1 vtap2 VM3 eth0 VM4 eth0 192.168.0.103 192.168.0.104 172.16.0.1 172.16.0.2 vxlan1 VNI=100 vxlan1 VNI=100
  • 17. RED HAT ENTERPISE LINUX17 OVS how to - Monitor 8. current ovs status host1#ovs-vsctl show host1#ovs-ofctl ip a [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} ovs_version: "2.3.2" eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0d brd ff:ff:ff:ff:ff:ff inet 10.64.168.146/24 eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 00:1a:4a:36:66:0e brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 vtap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether 16:07:a0:03:15:ac brd ff:ff:ff:ff:ff:ff vtap2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 link/ether e2:05:f1:38:5d:21 brd ff:ff:ff:ff:ff:ff br-int: <BROADCAST,MULTICAST> mtu 1500 link/ether 46:8c:72:ee:f0:4b brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 scope global br-int
  • 18. RED HAT ENTERPISE LINUX18 OVS how to – veth pair 9. connection between bridges. host1#ip link add veth0 type veth peer name veth1 host1# ovs-vsctl add-br br-tun host1#ovs-vsctl add-port br-int veth0 host1#ovs-vsctl add-port br-tun veth1 host1#ovs-vsctl add-port eth1 host1#ip link set dev veth{0,1} up
  • 19. RED HAT ENTERPISE LINUX19 OVS how to – veth pair 10. connection between bridges. host1#ovs-vsctl show host1# ip addr [root@yhost1 ~]# ovs-vsctl show 84c282c9-b992-4673-a715-2d2e46f0c175 Bridge br-int Port "veth0" Interface "veth0" Port br-int Interface br-int type: internal Port "vtap1" Interface "vtap1" Port "vtap2" Interface "vtap2" Port "vxlan0" Interface "vxlan0" type: vxlan options: {key="100", remote_ip="172.16.0.2"} Bridge br-tun Port br-tun Interface br-tun type: internal Port "veth1" Interface "veth1" Port "eth1" Interface "eth1" ovs_version: "2.3.2"
  • 20. RED HAT ENTERPISE LINUX20 Network Diagram Basic Network topology eth0 External Internal eth1 VM1 eth0 OVS VM2 eth0 br-int vtap1 vtap2 IP stack (192.168.0.1/24) br-int/internal vtap1 vtap2 Host1 eth0 eth1 VM3 eth0 OVS VM4 eth0 br-int vtap1 vtap2 IP stack (192.168.0.2/24) br-int/internal vtap1 vtap2 Host2 br-tun veth1 veth0 172.16.0.1 br-tun /internal eth1 br-tun veth1 eth1 veth0 172.16.0.2 br-tun /internal
  • 21. RED HAT ENTERPISE LINUX21 ref: http://docs.ocselected.org/openstack-manuals/kilo/networking-guide/content/under_the_hood_openvswitch.html Open Stack Neutron Architecture
  • 22. RED HAT ENTERPISE LINUX22 ref: http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN Docker Network w/ Open Vswitch
  • 23. RED HAT ENTERPISE LINUX23 Ref - articles reference articles 1. open stack neutron: http://docs.ocselected.org/openstack-manuals/kilo/networking- guide/content/under_the_hood_openvswitch.html 2. open vswitch tutorial video: https://www.youtube.com/watch?v=rYW7kQRyUvA 3. docker on open vswitch (한글): http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN 4. ovs script - refer to below slides
  • 24. RED HAT ENTERPISE LINUX24 Ref – ovs-host1.sh KimYongKis-MacBook-Pro:20151013-Internal-OVS-training ykim$ cat ovs-host1.sh #!/bin/sh #define vnet="192.168.0.1/24" target_host="172.16.0.2" tun_net="172.16.0.1/24" #help if [ -z "$1" ] || [ $1 == "help" ];then echo "Help: $0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" echo "" echo "How to use this scripts" echo "" echo "1st: clear" echo "2nd: init, clear iptables and change selinux mode to permissive" echo "3rd: br-int, create br-int bridge" echo "4th: vtap, create vtap and start VMs" echo "5th: vxlan, create vxlan tunnel" echo "6th: br-tun, optional, create br-tun bridge" echo "7th: veth-pair, optional, create veth-pair to connect between bridges(br-int and br-tun)" echo "8th: en-br-tun, optional, insert eth1 to br-tun and assign ip address to br-tun" echo "" exit 1 fi ## clear if [ $1 == "clear" ];then echo "$1" iptables -F ip addr flush dev eth1 ovs-vsctl del-port br-int vtap1 ovs-vsctl del-port br-int vtap2 ovs-vsctl del-port br-int vxlan0 ovs-vsctl del-br br-int ovs-vsctl del-br br-tun virsh destroy cirros1 virsh destroy cirros2 ip tuntap del mode tap vtap1 ip tuntap del mode tap vtap2 ip link del veth0 type veth peer name veth1 ip link del virbr0 ip link del virbr0-nic ovs-vsctl show
  • 25. RED HAT ENTERPISE LINUX25 Ref – ovs-host1.sh (cont.) ## br-int elif [ $1 == "br-int" ];then echo $1 ovs-vsctl add-br br-int ip addr add $vnet dev br-int ip link set dev br-int up ovs-vsctl show ## vtap elif [ $1 == "vtap" ];then echo $1 echo "vm 1 and vm2 starting" ip tuntap add mode tap vtap1 ip tuntap add mode tap vtap2 virsh start cirros1 virsh start cirros2 sleep 5 ip link set dev vtap1 up ip link set dev vtap2 up ovs-vsctl add-port br-int vtap1 ovs-vsctl add-port br-int vtap2 ovs-vsctl show ## vxlan elif [ $1 == "vxlan" ];then echo $1 ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=$target_host ovs-vsctl show ## br-tun elif [ $1 == "br-tun" ];then echo $1 ovs-vsctl add-br br-tun ip link set dev br-tun up ovs-vsctl show ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show
  • 26. RED HAT ENTERPISE LINUX26 Ref – ovs-host1.sh (cont.) ## veth pair elif [ $1 == "veth-pair" ];then echo $1 ip link add veth0 type veth peer name veth1 ovs-vsctl add-port br-int veth0 ovs-vsctl add-port br-tun veth1 ip link set veth0 up ip link set veth1 up ovs-vsctl show ## en-br-tun elif [ $1 == "en-br-tun" ];then echo $1 ip addr flush dev eth1 ovs-vsctl add-port br-tun eth1 ip addr add $tun_net dev br-tun ip link set br-tun up ovs-vsctl show ## init elif [ $1 == "init" ];then echo $1 iptables -F setenforce 0 ip addr add $tun_net dev eth1 ip link set eth1 up else echo "$0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun" fi
  • 27. RED HAT ENTERPISE LINUX27 End of Document