Changes between Version 18 and Version 19 of HowTo/ConfigureOVSStaticRouteMirroringNoController
- Timestamp:
- 07/06/17 15:10:40 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
HowTo/ConfigureOVSStaticRouteMirroringNoController
v18 v19 18 18 == Setting up the static IP traffic == 19 19 === Configure OVS Switch === #configureovs 20 20 21 i. Login to the OVS host 21 ii. Create an Ethernet bridge that will act as our software switch: 22 {{{ 23 sudo ovs-vsctl add-br br0 24 }}} 25 iii. Prepare the interfaces to be added as ports to the OVS switch 26 * Your OVS bridge will be a Layer 2 switch and your ports do not need IP addresses. Before we remove them let's keep some information 27 * Run {{{ ifconfig }}} 28 * Write down the interface names that correspond to the connections to your hosts. The correspondence is 29 * Interface with IP ''10.10.1.11'' to host1 - ethX 30 * Interface with IP ''10.10.1.12'' to host2 - ethY 31 * Interface with IP ''10.10.1.13'' to host3 - ethZ 32 * Remove the IP from your data interfaces. [[BR]] 33 [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful '''not to bring down eth0'''. This is the control interface, if you bring that interface down you ''' won't be able to login''' to your host. For all interfaces other than `eth0` and ` l0` (your interface names may vary) run : 34 {{{ 35 sudo ifconfig ethX 0 36 sudo ifconfig ethY 0 37 sudo ifconfig ethZ 0 22 ii. Download the script [https://raw.githubusercontent.com/GENI-NSF/geni-support/master/Utilities/geniovs.sh geniovs.sh], which will create an OVS bridge and add all the dataplane interfaces to the bridge: 23 {{{ 24 wget https://raw.githubusercontent.com/GENI-NSF/geni-support/master/Utilities/geniovs.sh 25 bash ./geniovs.sh 38 26 }}} 39 iv. Add all the data interfaces to your switch (bridge). [[BR]] 40 [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful ''' not to add interface eth0'''. This is the control interface. The other three interfaces are your data interfaces. (Use the same interfaces as you used in the previous step.) 41 {{{ 42 sudo ovs-vsctl add-port br0 ethX 43 sudo ovs-vsctl add-port br0 ethY 44 sudo ovs-vsctl add-port br0 ethZ 45 }}} 46 v. Verify the three ports configured run: 27 iii. Verify the dataplane ports have been assigned to bridge: 47 28 {{{ 48 sudo ovs-vsctl list-ports br049 }}}50 vi. We want our switch to act without a separate controller thus setting it to operate as standalone.29 sudo ovs-vsctl list-ports br0 30 }}} 31 iv. We want our switch to act without a separate controller thus setting it to operate as standalone. 51 32 {{{ 52 sudo ovs-vsctl set-fail-mode br0 standalone53 }}}54 v ii. Trust but verify. You can verify yourOVS settings by issuing the following:33 sudo ovs-vsctl set-fail-mode br0 standalone 34 }}} 35 v. Verify all OVS settings by issuing the following: 55 36 {{{ 56 sudo ovs-vsctl show 57 }}} 37 sudo ovs-vsctl show 38 }}} 39 40 58 41 === Testing the connectivity between host1, host2 and host3 === 59 42 60 Initially the OVS switch is setup to act like an L2 learning switch. We want to disable this behavior 61 except for specific IP addresses. 43 Initially the OVS switch is setup to act like an L2 learning switch. We want to disable this behavior except for specific IP addresses. 62 44 63 From ovs 45 On the host OVS: 64 46 {{{ 65 47 sudo ovs-ofctl del-flows br0 … … 84 66 === Setting up the static IP flows === 85 67 86 W ith the switch set up we can now setup routing between host1 and host268 We can now setup routing between host1 and host2 on the OVS switch. First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between the two hosts. 87 69 88 First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between 89 the two hosts. 90 91 From ovs 70 On the OVS switch: 92 71 {{{ 93 72 sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal 94 73 sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal 95 74 }}} 75 96 76 ARP traffic will also need to be able to flow in order for the routes to each host to be learned. 97 77 98 From ovs 78 On the OVS switch: 99 79 {{{ 100 80 sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.1 actions=normal" 101 81 sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.2 actions=normal" 102 82 }}} 103 The connectivity can then be tested with:104 83 105 From host1 84 Test connectivity with the above flows in place: 85 86 From host1: 106 87 {{{ 107 88 ping -c 10 host2 108 89 }}} 109 From host2 90 From host2: 110 91 {{{ 111 92 ping -c 10 host1 112 93 }}} 113 From host3 94 From host3: 114 95 {{{ 115 96 ping -c 10 host2 … … 118 99 119 100 == Setting up mirroring behavior == 101 120 102 There are two possible ways in which port mirroring can be setup using an OVS switch. The first method presented uses !OpenFlow table rules. An alternative method is presented that does not use !OpenFlow at all. 103 121 104 === Setting up mirroring of traffic from host1 and host2 to host3 (using ovs-ofctl) === 122 Mirroring can be setup by adding flows to the !OpenFlow table that take for {{{in_port}}} the port we want monitored, and by specifying the output port in which we want 123 the monitoring traffic to be sent to. This is done using {{{actions=output:#.}}}105 106 Mirroring can be setup by adding flows to the !OpenFlow table that take for {{{in_port}}} the port we want monitored, and by specifying the output port in which we want the monitoring traffic to be sent to. This is done using {{{actions=output:#.}}} 124 107 125 108 For example if we want ports 1 and 2 to be monitored by port 3, the following flows need to be added. 126 109 127 From ovs 110 On the OVS switch: 128 111 {{{ 129 ovs-ofctl add-flow br0 in_port=1,actions=normal,output:3 130 }}} 131 {{{ 132 ovs-ofctl add-flow br0 in_port=2,actions=normal,output:3 112 sudo ovs-ofctl add-flow br0 in_port=1,actions=normal,output:3 113 sudo ovs-ofctl add-flow br0 in_port=2,actions=normal,output:3 133 114 }}} 134 115 … … 139 120 It is possible to setup mirroring without ever adding any flows to the !OpenFlow table. It can be done independently of setting up the static IP flows. This is done with a single command to ovs-vsctl. 140 121 141 From ovs 122 On the OVS switch: 142 123 {{{ 143 ovs-vsctl -- set Bridge br0 mirrors=@m \124 sudo ovs-vsctl -- set Bridge br0 mirrors=@m \ 144 125 -- --id=@ethX get Port ethX \ 145 126 -- --id=@ethY get Port ethY \ … … 147 128 -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ 148 129 }}} 149 Where ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. 150 ethZ is the interface on the OVS node that connects to host3130 A file /tmp/InterfacesInfo was created on the OVS switch that includes all interface information before the IP was shutdown. From the file /tmp/InterfacesInfo determine ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. The interface 131 ethZ is the interface on the OVS switch that connects to host3. 151 132 152 133 == Verifying mirroring behavior == … … 172 153 A message 173 154 }}} 174 Observe that the message is received on host1. On host3 the packet was also 175 received and we can observe the message "A message" inside of the packet. 155 Observe that the message is received on host1. On host3 the packet was also received and we can observe the message "A message" inside of the packet.