wiki:HowTo/ConfigureOVSStaticRouteMirroringNoController

Version 1 (modified by joshua.fasching@raytheon.com, 7 years ago) (diff)

--

This tutorial demonstrates how to set up static IP traffic between two hosts connected to an OVS switch without running a seperate controller. This tutorial uses custom OpenFlow table rules.

This tutorial uses the following rspec: *.xml

This rspec creates a network with 3 nodes: host1, host2, host3; connected to an OVSwitch ovs.

Picture of the network

This tutorial will establish rules for allowing IP traffic to flow between host1 and host2.

Later in the tutorial we will discuss how to setup the ovs switch to allow for host3 to observe the traffic between host1 and host2 using the Mirror feature of the ovs switch. This could be used for network monitoring setups.

Setting up the static IP traffic


Use ssh to login to the ovs node.

Use this text to setup the switch http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowRyu/DesignSetup/ 2a. Configure the Software Switch (OVS Window)

We want our switch to act without a seperate controller thus setting it to operate as standalone.

sudo ovs-vsctl set-fail-mode br0 standalone

"Доверяй, но проверяй" {Doveryai, no proveryai} Trust but verify. You can verify your OVS settings by issuing the following:

sudo ovs-vsctl show

Testing the connectivity between host1, host2 and host3


Initially the OVSwitch is setup to act like an L2 learning switch. We want to disable this behavior except for specific IP addresses

sudo ovs-ofctl del-flows br0

From host1 ping -c 10 host2

From host2 ping -c 10 host1

From host3 ping -c 10 host2

Each of these should be unreachable.

Setting up the static IP flows


With the switch set up we can now setup routing between host1 and host2

First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between the two hosts

sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal

ARP traffic will also need to be able to flow in order for the routes to each host to be learned.

sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.1 actions=normal" sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.2 actions=normal"

The connectivity can then be tested with:

From host1 ping -c 10 host2

From host2 ping -c 10 host1

From host3 ping -c 10 host2

Pings between host1 and host2 should succeed whereas pings from host3 will fail.

Setting up mirroring of traffic from host1 and host2 to host3

This is done with a single command to ovs-vsctl. It can be done independant of the previous steps if only mirroring is of interest to the user.

ovs-vsctl -- set Bridge br0 mirrors=@m \

-- --id=@ethX get Port ethX \ -- --id=@ethY get Port ethY \ -- --id=@ethZ get Port ethZ \ -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ

Where ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. ethZ is the interface on the OVS node that connects to host3

Verifying mirroring behavior

To observe the mirroring behavior 3 terminal windows will need to be opened.

In one terminal ssh into host1 and execute

nc -ul 24565

In one terminal ssh into host2 and execute

nc -u host1 24565

In one terminal ssh into host3 and execute

sudo tcpdump -i eth1 -vv -X

In the terminal with host2 type a message and hit return

A message

Observe that the message is received on host1. On host3 the packet was also received and we can observe the message "A message" inside of the packet.

Attachments (1)

Download all attachments as: .zip