Changes between Version 18 and Version 19 of HowTo/ConfigureOVSStaticRouteMirroringNoController


Ignore:
Timestamp:
07/06/17 15:10:40 (7 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HowTo/ConfigureOVSStaticRouteMirroringNoController

    v18 v19  
    1818== Setting up the static IP traffic ==
    1919=== Configure OVS Switch === #configureovs
     20
    2021 i. Login to the OVS host
    21  ii. Create an Ethernet bridge that will act as our software switch:
    22 {{{
    23 sudo ovs-vsctl add-br br0
    24 }}}
    25  iii. Prepare the interfaces to be added as ports to the OVS switch
    26    * Your OVS bridge will be a Layer 2 switch and your ports do not need IP addresses. Before we remove them let's keep some information
    27      * Run  {{{ ifconfig }}}
    28      * Write down the interface names that correspond to the connections to your hosts. The correspondence is
    29        * Interface with IP ''10.10.1.11'' to host1  - ethX
    30        * Interface with IP ''10.10.1.12'' to host2 - ethY
    31        *  Interface with IP ''10.10.1.13'' to host3 - ethZ
    32     * Remove the IP from your data interfaces. [[BR]]
    33      [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]]  Be careful '''not to bring down eth0'''. This is the control interface, if you bring that interface down you ''' won't be able to login''' to your host. For all interfaces other than `eth0` and ` l0` (your interface names may vary) run :
    34     {{{
    35 sudo ifconfig ethX 0 
    36 sudo ifconfig ethY 0
    37 sudo ifconfig ethZ 0
     22 ii. Download the script [https://raw.githubusercontent.com/GENI-NSF/geni-support/master/Utilities/geniovs.sh geniovs.sh], which will create an OVS bridge and add all the dataplane interfaces to the bridge:
     23  {{{
     24  wget https://raw.githubusercontent.com/GENI-NSF/geni-support/master/Utilities/geniovs.sh
     25  bash ./geniovs.sh
    3826  }}}
    39  iv. Add all the data interfaces to your switch (bridge). [[BR]]
    40   [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]]  Be careful ''' not to add interface eth0'''. This is the control interface. The other three interfaces are your data interfaces. (Use the same interfaces as you used in the previous step.)
    41  {{{
    42  sudo  ovs-vsctl add-port br0 ethX
    43  sudo  ovs-vsctl add-port br0 ethY
    44  sudo  ovs-vsctl add-port br0 ethZ
    45 }}}
    46  v. Verify the three ports configured run:
     27 iii. Verify the dataplane ports have been assigned to bridge:
    4728  {{{
    48 sudo ovs-vsctl list-ports br0
    49 }}}
    50  vi. We want our switch to act without a separate controller thus setting it to operate as standalone.
     29  sudo ovs-vsctl list-ports br0
     30  }}}
     31 iv. We want our switch to act without a separate controller thus setting it to operate as standalone.
    5132  {{{
    52 sudo ovs-vsctl set-fail-mode br0 standalone
    53 }}}
    54  vii. Trust but verify. You can verify your OVS settings by issuing the following:
     33  sudo ovs-vsctl set-fail-mode br0 standalone
     34  }}}
     35 v. Verify all OVS settings by issuing the following:
    5536  {{{
    56 sudo ovs-vsctl show
    57 }}}
     37  sudo ovs-vsctl show
     38   }}}
     39
     40
    5841=== Testing the connectivity between host1, host2 and host3 ===
    5942
    60 Initially the OVS switch is setup to act like an L2 learning switch. We want to disable this behavior
    61 except for specific IP addresses.
     43Initially the OVS switch is setup to act like an L2 learning switch. We want to disable this behavior except for specific IP addresses.
    6244
    63 From ovs
     45On the host OVS:
    6446{{{
    6547sudo ovs-ofctl del-flows br0
     
    8466=== Setting up the static IP flows ===
    8567
    86 With the switch set up we can now setup routing between host1 and host2
     68We can now setup routing between host1 and host2 on the OVS switch.  First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between the two hosts.
    8769
    88 First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between
    89 the two hosts.
    90 
    91 From ovs
     70On the OVS switch:
    9271{{{
    9372sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal
    9473sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal
    9574}}}
     75
    9676ARP traffic will also need to be able to flow in order for the routes to each host to be learned.
    9777
    98 From ovs
     78On the OVS switch:
    9979{{{
    10080sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.1 actions=normal"
    10181sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.2 actions=normal"
    10282}}}
    103 The connectivity can then be tested with:
    10483
    105 From host1
     84Test connectivity with the above flows in place:
     85
     86From host1:
    10687{{{
    10788ping -c 10 host2
    10889}}}
    109 From host2
     90From host2:
    11091{{{
    11192ping -c 10 host1
    11293}}}
    113 From host3
     94From host3:
    11495{{{
    11596ping -c 10 host2
     
    11899
    119100== Setting up mirroring behavior ==
     101
    120102There are two possible ways in which port mirroring can be setup using an OVS switch. The first method presented uses !OpenFlow table rules. An alternative method is presented that does not use !OpenFlow at all.
     103
    121104=== Setting up mirroring of traffic from host1 and host2 to host3 (using ovs-ofctl) ===
    122 Mirroring can be setup by adding flows to the !OpenFlow table that take for {{{in_port}}} the port we want monitored, and by specifying the output port in which we want
    123 the monitoring traffic to be sent to. This is done using {{{actions=output:#.}}}
     105
     106Mirroring can be setup by adding flows to the !OpenFlow table that take for {{{in_port}}} the port we want monitored, and by specifying the output port in which we want the monitoring traffic to be sent to. This is done using {{{actions=output:#.}}}
    124107
    125108For example if we want ports 1 and 2 to be monitored by port 3, the following flows need to be added.
    126109
    127 From ovs
     110On the OVS switch:
    128111{{{
    129 ovs-ofctl add-flow br0 in_port=1,actions=normal,output:3
    130 }}}
    131 {{{
    132 ovs-ofctl add-flow br0 in_port=2,actions=normal,output:3
     112sudo ovs-ofctl add-flow br0 in_port=1,actions=normal,output:3
     113sudo ovs-ofctl add-flow br0 in_port=2,actions=normal,output:3
    133114}}}
    134115
     
    139120It is possible to setup mirroring without ever adding any flows to the !OpenFlow table. It can be done independently of setting up the static IP flows. This is done with a single command to ovs-vsctl.
    140121
    141 From ovs
     122On the OVS switch:
    142123{{{
    143 ovs-vsctl -- set Bridge br0 mirrors=@m \
     124sudo ovs-vsctl -- set Bridge br0 mirrors=@m \
    144125              -- --id=@ethX get Port ethX \
    145126              -- --id=@ethY get Port ethY \
     
    147128              -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ
    148129}}}
    149 Where ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node.
    150 ethZ is the interface on the OVS node that connects to host3
     130A file /tmp/InterfacesInfo was created on the OVS switch that includes all interface information before the IP was shutdown. From the file /tmp/InterfacesInfo  determine ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. The interface
     131ethZ is the interface on the OVS switch that connects to host3.
    151132
    152133== Verifying mirroring behavior ==
     
    172153A message
    173154}}}
    174 Observe that the message is received on host1. On host3 the packet was also
    175 received and we can observe the message "A message" inside of the packet.
     155Observe that the message is received on host1. On host3 the packet was also received and we can observe the message "A message" inside of the packet.