wiki:HowTo/ConfigureOVSStaticRouteMirroringNoController

1 How to set up static flows in OVS

This page demonstrates how to set up static IP traffic flows between two hosts connected to an OVS switch without running a separate OpenFlow controller and by using custom OpenFlow table rules.

The following RSpec is used: https://raw.githubusercontent.com/GENI-NSF/geni-tutorials/master/OVSSwitch/openVSwitch-all-xen.xml

This RSpec requests a network topology with 3 nodes (host1, host2, host3) connected to an OVS switch (OVS). The OVS node uses a Custom Image that will auto-configure a bridge for the 3 connections to the hosts. If you are interested in finding out how this is done see the How to setup OVS page.

The figure below details the connections.


First we will establish rules for allowing IP traffic to flow between host1 and host2. Later in the howto we will discuss how to setup the OVS switch to allow for host3 to observe the traffic between host1 and host2 using OpenFlow table rules. An alternative method using the Mirror feature of the OVS switch is also presented if only mirroring is required. These setups maybe be used for network monitoring.

1.1 Setting up the static IP traffic

1.1.1 Configure OVS Switch

  1. Login to the OVS host
  2. We want our switch to act without a separate controller thus setting it to operate as standalone.
    sudo ovs-vsctl set-fail-mode br0 standalone
    
  3. Verify all OVS settings and that the dataplane ports have been assigned to bridge by issuing the following:
    sudo ovs-vsctl show
    

1.1.2 Testing the connectivity between host1, host2 and host3

Initially the OVS switch is setup to act like an L2 learning switch. We want to disable this behavior except for specific IP addresses.

On the host OVS:

sudo ovs-ofctl del-flows br0

Open 3 terminals, which are used to SSH into each of the host nodes (host1, host2, and host3). These terminals will be needed in subsequent sections of this page to show connectivity, so leave these SSH sessions open. First, we test the connectivity of our hosts to each other using the ping command:

From host1:

ping -c 10 host2

From host2:

ping -c 10 host1

From host3:

ping -c 10 host2

Each of these should be unreachable.

1.1.3 Setting up the static IP flows

We can now setup routing between host1 and host2 on the OVS switch. First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between the two hosts.

On the OVS switch:

sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal
sudo ovs-ofctl add-flow br0 ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal

ARP traffic will also need to be able to flow in order for the routes to each host to be learned.

On the OVS switch:

sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.1 actions=normal"
sudo ovs-ofctl add-flow br0 "arp,nw_dst=10.10.1.2 actions=normal"

Test connectivity with the above flows in place:

From host1:

ping -c 10 host2

From host2:

ping -c 10 host1

From host3:

ping -c 10 host2

Pings between host1 and host2 should succeed whereas pings from host3 will fail.

2 Setting up mirroring behavior

There are two possible ways in which port mirroring can be setup using an OVS switch. The first method presented uses OpenFlow table rules. An alternative method is presented that does not use OpenFlow at all.

2.1 Setting up mirroring of traffic from host1 and host2 to host3 (using ovs-ofctl)

Mirroring can be setup by adding flows to the OpenFlow table that take for in_port the port we want monitored, and by specifying the output port in which we want the monitoring traffic to be sent to. This is done using actions=output:#.

For example if we want ports 1 and 2 to be monitored by port 3, the following flows need to be added.

On the OVS switch:

sudo ovs-ofctl add-flow br0 in_port=1,actions=normal,output:3
sudo ovs-ofctl add-flow br0 in_port=2,actions=normal,output:3

Port numbers are assigned based on the order that the ports were added to the bridge as presented in Configure OVS Switch

2.2 Setting up mirroring of traffic from host1 and host2 to host3 (using ovs-vctl)

It is possible to setup mirroring without ever adding any flows to the OpenFlow table. This is done with a single command to ovs-vsctl.

On the OVS switch:

sudo ovs-vsctl -- set Bridge br0 mirrors=@m \
              -- --id=@ethX get Port ethX \
              -- --id=@ethY get Port ethY \
              -- --id=@ethZ get Port ethZ \
              -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ

A file /local/InterfacesInfo was created on the OVS switch that includes all interface information before the IP was shutdown. From the file /local/InterfacesInfo determine ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. The interface ethZ is the interface on the OVS switch that connects to host3.

2.3 Verifying mirroring behavior

Using the three hosts (host1, host2, and host3) SSH connections, we will use netcat to pass along messages and observe the mirroring behavior.

On host1 execute:

nc -ul 24565

On host2 execute:

nc -u host1 24565

On host3 execute:

sudo tcpdump -i eth1 -vv -X

In the terminal with host2 type a message and hit return

My Message

Observe that the message is received on host1. On host3 the packet was also received and we can observe the message My Message inside of the packet.

Last modified 3 years ago Last modified on 07/12/17 17:45:55

Attachments (1)

Download all attachments as: .zip