| | 1 | This tutorial demonstrates how to set up static IP traffic between two hosts |
| | 2 | connected to an OVS switch without running a seperate controller. This tutorial |
| | 3 | uses custom OpenFlow table rules. |
| | 4 | |
| | 5 | This tutorial uses the following rspec: *.xml |
| | 6 | |
| | 7 | This rspec creates a network with 3 nodes: host1, host2, host3; connected to an OVSwitch ovs. |
| | 8 | |
| | 9 | Picture of the network |
| | 10 | |
| | 11 | |
| | 12 | This tutorial will establish rules for allowing IP traffic to flow between host1 and host2. |
| | 13 | |
| | 14 | Later in the tutorial we will discuss how to setup the ovs switch to allow |
| | 15 | for host3 to observe the traffic between host1 and host2 using the Mirror feature of the ovs switch. |
| | 16 | This could be used for network monitoring setups. |
| | 17 | |
| | 18 | Setting up the static IP traffic |
| | 19 | -------------------------------- |
| | 20 | |
| | 21 | Use ssh to login to the ovs node. |
| | 22 | |
| | 23 | Use this text to setup the switch |
| | 24 | http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowRyu/DesignSetup/ 2a. Configure the Software Switch (OVS Window) |
| | 25 | |
| | 26 | We want our switch to act without a seperate controller thus setting it to operate as standalone. |
| | 27 | |
| | 28 | sudo ovs-vsctl set-fail-mode br0 standalone |
| | 29 | |
| | 30 | "Доверяй, но проверяй" {Doveryai, no proveryai} Trust but verify. You can verify your OVS settings by issuing the following: |
| | 31 | |
| | 32 | sudo ovs-vsctl show |
| | 33 | |
| | 34 | Testing the connectivity between host1, host2 and host3 |
| | 35 | ------------------------------------------- |
| | 36 | Initially the OVSwitch is setup to act like an L2 learning switch. We want to disable this behavior |
| | 37 | except for specific IP addresses |
| | 38 | |
| | 39 | sudo ovs-ofctl del-flows br0 |
| | 40 | |
| | 41 | From host1 |
| | 42 | ping -c 10 host2 |
| | 43 | |
| | 44 | From host2 |
| | 45 | ping -c 10 host1 |
| | 46 | |
| | 47 | From host3 |
| | 48 | ping -c 10 host2 |
| | 49 | |
| | 50 | Each of these should be unreachable. |
| | 51 | |
| | 52 | |
| | 53 | Setting up the static IP flows |
| | 54 | ------------------------------ |
| | 55 | With the switch set up we can now setup routing between host1 and host2 |
| | 56 | |
| | 57 | First we will add rules to allow the OVS switch to behave like a normal switch for IP traffic between |
| | 58 | the two hosts |
| | 59 | |
| | 60 | sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.1,nw_dst=10.10.1.2,actions=normal |
| | 61 | sudo ovs-ofctl add-flow br0 priority=500,ip,nw_src=10.10.1.2,nw_dst=10.10.1.1,actions=normal |
| | 62 | |
| | 63 | ARP traffic will also need to be able to flow in order for the routes to each host to be learned. |
| | 64 | |
| | 65 | sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.1 actions=normal" |
| | 66 | sudo ovs-ofctl add-flow br0 "priority=500,arp,nw_dst=10.10.1.2 actions=normal" |
| | 67 | |
| | 68 | The connectivity can then be tested with: |
| | 69 | |
| | 70 | From host1 |
| | 71 | ping -c 10 host2 |
| | 72 | |
| | 73 | From host2 |
| | 74 | ping -c 10 host1 |
| | 75 | |
| | 76 | From host3 |
| | 77 | ping -c 10 host2 |
| | 78 | |
| | 79 | Pings between host1 and host2 should succeed whereas pings from host3 will fail. |
| | 80 | |
| | 81 | |
| | 82 | Setting up mirroring of traffic from host1 and host2 to host3 |
| | 83 | |
| | 84 | This is done with a single command to ovs-vsctl. It can be done |
| | 85 | independant of the previous steps if only mirroring is of interest |
| | 86 | to the user. |
| | 87 | |
| | 88 | ovs-vsctl -- set Bridge br0 mirrors=@m \ |
| | 89 | -- --id=@ethX get Port ethX \ |
| | 90 | -- --id=@ethY get Port ethY \ |
| | 91 | -- --id=@ethZ get Port ethZ \ |
| | 92 | -- --id=@m create Mirror name=mymirror select-dst-port=@ethX,@ethY select-src-port=@ethX,@ethY output-port=@ethZ |
| | 93 | |
| | 94 | Where ethX and ethY are the names of the interfaces connected to host1 and host2 on the OVS node. |
| | 95 | ethZ is the interface on the OVS node that connects to host3 |
| | 96 | |
| | 97 | Verifying mirroring behavior |
| | 98 | |
| | 99 | To observe the mirroring behavior 3 terminal windows will need |
| | 100 | to be opened. |
| | 101 | |
| | 102 | In one terminal ssh into host1 and execute |
| | 103 | |
| | 104 | nc -ul 24565 |
| | 105 | |
| | 106 | In one terminal ssh into host2 and execute |
| | 107 | |
| | 108 | nc -u host1 24565 |
| | 109 | |
| | 110 | |
| | 111 | In one terminal ssh into host3 and execute |
| | 112 | |
| | 113 | sudo tcpdump -i eth1 -vv -X |
| | 114 | |
| | 115 | In the terminal with host2 type a message and hit return |
| | 116 | |
| | 117 | A message |
| | 118 | |
| | 119 | Observe that the message is received on host1. On host3 the packet was also |
| | 120 | received and we can observe the message "A message" inside of the packet. |
