Changes between Version 2 and Version 3 of HowTo/ConfigureOVSStaticRouteMirroringNoController


Ignore:
Timestamp:
06/19/17 10:29:30 (7 years ago)
Author:
joshua.fasching@raytheon.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowTo/ConfigureOVSStaticRouteMirroringNoController

    v2 v3  
    2525We want our switch to act without a seperate controller thus setting it to operate as standalone.
    2626
     27{{{
    2728sudo ovs-vsctl set-fail-mode br0 standalone
     29}}}
    2830
    2931Trust but verify. You can verify your OVS settings by issuing the following:
    3032
     33{{{
    3134sudo ovs-vsctl show
    32 
     35}}}
    3336== Testing the connectivity between host1, host2 and host3 ==
    3437
    3538Initially the OVSwitch is setup to act like an L2 learning switch. We want to disable this behavior
    3639except for specific IP addresses
    37 
     40{{{
    3841sudo ovs-ofctl del-flows br0
    39 
     42}}}
    4043From host1
     44{{{
    4145ping -c 10  host2
    42 
     46}}}
    4347From host2
     48{{{
    4449ping -c 10 host1
    45 
     50}}}
    4651From host3
     52{{{
    4753ping -c 10 host2
    48 
     54}}}
    4955Each of these should be unreachable.
    5056
     
    5662First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between
    5763the two hosts
    58 
     64{{{
    5965sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal
    6066sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal
    61 
     67}}}
    6268ARP traffic will also need to be able to flow in order for the routes to each host to be learned.
    63 
     69{{{
    6470sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.1 actions=normal"
    6571sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.2 actions=normal"
    66 
     72}}}
    6773The connectivity can then be tested with:
    6874
    6975From host1
     76{{{
    7077ping -c 10 host2
    71 
     78}}}
    7279From host2
     80{{{
    7381ping -c 10 host1
    74 
     82}}}
    7583From host3
     84{{{
    7685ping -c 10 host2
    77 
     86}}}
    7887Pings between host1 and host2 should succeed whereas pings from host3 will fail.
    7988
     
    8493independent of the previous steps if only mirroring is of interest
    8594to the user.
    86 
     95{{{
    8796ovs-vsctl -- set Bridge br0 mirrors=@m \
    8897              -- --id=@ethX get Port ethX \
     
    9099              -- --id=@ethZ get Port ethZ \
    91100              -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ
    92 
     101}}}
    93102Where ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node.
    94103ethZ is the interface on the OVS node that connects to host3
     
    100109
    101110In one terminal ssh into host1 and execute
    102 
     111{{{
    103112nc -ul 24565
    104 
     113}}}
    105114In one terminal ssh into host2 and execute
    106 
     115{{{
    107116nc -u host1 24565
    108 
     117}}}
    109118
    110119In one terminal ssh into host3 and execute
    111 
     120{{{
    112121sudo tcpdump -i eth1 -vv -X
    113 
     122}}}
    114123In the terminal with host2 type a message and hit return
    115 
     124{{{
    116125A message
    117 
     126}}}
    118127Observe that the message is received on host1. On host3 the packet was also
    119128received and we can observe the message "A message" inside of the packet.