Changes between Version 22 and Version 23 of HowTo/ConfigureOVSWithLayer3Routing
- Timestamp:
- 08/27/14 17:41:28 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
HowTo/ConfigureOVSWithLayer3Routing
v22 v23 12 12 [[Image(OVS Routing abstract.png, 30%, nolink)]] 13 13 14 The configuration we want to have is shown in below figure.14 The configuration we want to have is shown in the figure below. 15 15 16 16 [[Image(OVS Routing detail.png, 45%, nolink)]] 17 17 18 In summary the idea is to create a single OVS bridge for each interface on your machine that you want to assign an IP; pass the packet between the interface and the network stack through the LOCAL port of OVS; and let Linux routing handle the rest of the part.18 In summary the idea is to create a single OVS bridge for each interface on your machine that you want to assign an IP; pass the packet between the interface and the network stack through the LOCAL port of OVS; and let Linux routing handle the rest. 19 19 This wiki page provides step-by-step instructions. 20 20 21 We've generated a RSpec [http://www.gpolab.bbn.com/exp/NAT/ovs-l3-routing.rspec http://www.gpolab.bbn.com/exp/NAT/ovs-l3-routing.rspec] for you to try it out before applying it to your topology. You need to reserve it and login to host `OVS` to configure.21 We've generated an RSpec [http://www.gpolab.bbn.com/exp/NAT/ovs-l3-routing.rspec http://www.gpolab.bbn.com/exp/NAT/ovs-l3-routing.rspec] for you to try out this technique before applying it to your topology. You need to reserve it and login to host `OVS` to configure it. 22 22 23 23 1. Create 2 OVS bridges. 24 24 {{{ 25 ovs-vsctl add-br OVSbr126 ovs-vsctl add-br OVSbr225 sudo ovs-vsctl add-br OVSbr1 26 sudo ovs-vsctl add-br OVSbr2 27 27 }}} 28 28 29 2. Zero out the IP of interfaces as you will assign itto the OVS bridges (your interface names may vary). On GENI, be careful not to bring down eth0, because it is your control interface, if you bring that interface down you won't be able to login to your host!29 2. Remove the IPs of dataplane interfaces as you will assign them to the OVS bridges (your interface names may vary). On GENI, be careful not to bring down eth0, because it is your control interface, if you bring that interface down you won't be able to login to your host! 30 30 {{{ 31 ifconfig eth1 032 ifconfig eth2 031 sudo ifconfig eth1 0 32 sudo ifconfig eth2 0 33 33 }}} 34 34 35 3. Attach interfaces to according OVS bridges. Again, don't attach control plane interface.35 3. Attach each interfaces to its own OVS bridge. Again, don't attach control plane interface. 36 36 {{{ 37 ovs-vsctl add-port OVSbr1 eth138 ovs-vsctl add-port OVSbr2 eth237 sudo ovs-vsctl add-port OVSbr1 eth1 38 sudo ovs-vsctl add-port OVSbr2 eth2 39 39 }}} 40 40 41 41 4.Verify the configurations by: 42 42 {{{ 43 ovs-ofctl show OVSbr143 sudo ovs-ofctl show OVSbr1 44 44 }}} 45 45 See the output [wiki:HowTo/ConfigureOVSWithLayer3Routing/outputs#ovs-ofctlshowOVSbr1 here]. 46 46 {{{ 47 ovs-ofctl show OVSbr247 sudo ovs-ofctl show OVSbr2 48 48 }}} 49 49 See the output [wiki:HowTo/ConfigureOVSWithLayer3Routing/outputs#ovs-ofctlshowOVSbr2 here]. 50 50 {{{ 51 ovs-vsctl show51 sudo ovs-vsctl show 52 52 }}} 53 53 See the output [wiki:HowTo/ConfigureOVSWithLayer3Routing/outputs#ovs-vsctlshow here]. 54 54 55 5. Assign the IP addresses to the OVS bridges, and add routing entries (clean up ones if needed).55 5. Assign the IP addresses to the OVS bridges, and add routing entries. 56 56 {{{ 57 ifconfig OVSbr1 10.10.10.1/24 up58 ifconfig OVSbr2 10.10.11.1/24 up57 sudo ifconfig OVSbr1 10.10.10.1/24 up 58 sudo ifconfig OVSbr2 10.10.11.1/24 up 59 59 }}} 60 60 These will insert the corresponding routes automatically for you, and you can verify it via: … … 66 66 Alternatively, you could do: 67 67 {{{ 68 ifconfig OVSbr1 10.10.10.1 up69 ifconfig OVSbr2 10.10.11.1 up70 route add -net 10.10.10.0 netmask 255.255.255.0 dev OVSbr171 route add -net 10.10.11.0 netmask 255.255.255.0 dev OVSbr268 sudo ifconfig OVSbr1 10.10.10.1 up 69 sudo ifconfig OVSbr2 10.10.11.1 up 70 sudo route add -net 10.10.10.0 netmask 255.255.255.0 dev OVSbr1 71 sudo route add -net 10.10.11.0 netmask 255.255.255.0 dev OVSbr2 72 72 route -n 73 73 }}} … … 77 77 Let's do an example of how a packet would traverse our network from 10.10.10.2 to 10.10.11.2. 78 78 79 10.10.10.2 sends the packet with destination 10.10.11.2. The packet arrives at eth1. There is an OpenFlow flow in place on OVSbr1 between eth1 and it's LOCAL port, so the packet will match this flow and be sent out the LOCAL port of OVSbr1 (i.e. port 65534). The packet is then received by the local machine's network stack. It has a destination IP of 10.10.11.2, so the routing table we have established will send the packet to the OVSbr2 network interface. OVSbr2 will receive this packet from the local network stack via it's LOCAL port (i.e. port 65534). There is an OpenFlow flow in place on OVS2 between OVS2's LOCAL port and eth2, so this packet will match that flow and be sent out eth2. From there, it will arrive at 10.10.11.2. The same process will occur in reverse. This assumes though that you insert the flows between the physical interfaces (eth1 and eth2) and the OVS LOCALports. That's the key to handing packet to and receiving packets from the local OS.79 `10.10.10.2` sends the packet with destination `10.10.11.2`. The packet arrives at `eth1`. There is an OpenFlow flow in place on `OVSbr1` between `eth1` and it's `LOCAL` port, so the packet will match this flow and be sent out the `LOCAL` port of `OVSbr1` (i.e. port `65534`). The packet is then received by the local machine's network stack. It has a destination IP of `10.10.11.2`, so the routing table we have established will send the packet to the `OVSbr2` network interface. `OVSbr2` will receive this packet from the local network stack via it's `LOCAL` port (i.e. port `65534`). There is an OpenFlow flow in place on `OVS2` between `OVS2`'s `LOCAL` port and `eth2`, so this packet will match that flow and be sent out through `eth2`. From there, it will arrive at `10.10.11.2`. The same process will occur in reverse. This assumes though that you insert the flows between the physical interfaces (`eth1` and `eth2`) and the OVS `LOCAL` ports. That's the key to handing packet to and receiving packets from the local OS. 80 80 81 81 7. If you want to insert these flows with OVS itself, you can do something like the following: 82 82 {{{ 83 ovs-ofctl add-flow OVSbr1 in_port=port_number_of_eth1,actions=LOCAL84 ovs-ofctl add-flow OVSbr1 in_port=LOCAL,actions=output:port_number_of_eth185 ovs-ofctl add-flow OVSbr2 in_port=port_number_of_eth2,actions=LOCAL86 ovs-ofctl add-flow OVSbr2 in_port=LOCAL,actions=output:port_number_of_eth283 sudo ovs-ofctl add-flow OVSbr1 in_port=port_number_of_eth1,actions=LOCAL 84 sudo ovs-ofctl add-flow OVSbr1 in_port=LOCAL,actions=output:port_number_of_eth1 85 sudo ovs-ofctl add-flow OVSbr2 in_port=port_number_of_eth2,actions=LOCAL 86 sudo ovs-ofctl add-flow OVSbr2 in_port=LOCAL,actions=output:port_number_of_eth2 87 87 }}} 88 You can determine port_number_of_eth1via:88 You can determine `port_number_of_eth1` via: 89 89 {{{ 90 ovs-ofctl show OVSbr190 sudo ovs-ofctl show OVSbr1 91 91 }}} 92 According to the output [wiki:HowTo/ConfigureOVSWithLayer3Routing/outputs#ovs-ofctlshowOVSbr1 here], the port number of eth1is 1.92 According to the output [wiki:HowTo/ConfigureOVSWithLayer3Routing/outputs#ovs-ofctlshowOVSbr1 here], the port number of `eth1` is 1. 93 93 94 94 8. If you want to insert these flows via your controller, you will need to either specify port 65534 explicitly or use whatever convention your controller uses to specify the LOCAL port of a bridge. 95 95 Remember to set your controller to all OVS bridges you want to control: 96 96 {{{ 97 ovs-vsctl set-controller OVSbr1 tcp:127.0.0.1:6653 ptcp:6634:127.0.0.198 ovs-vsctl set-controller OVSbr2 tcp:127.0.0.1:6653 ptcp:6634:127.0.0.197 sudo ovs-vsctl set-controller OVSbr1 tcp:127.0.0.1:6653 ptcp:6634:127.0.0.1 98 sudo ovs-vsctl set-controller OVSbr2 tcp:127.0.0.1:6653 ptcp:6634:127.0.0.1 99 99 }}} 100 100 … … 102 102 {{{ 103 103 cat /proc/sys/net/ipv4/ip_forward 104 echo 1 > /proc/sys/net/ipv4/ip_forward104 sudo echo 1 > /proc/sys/net/ipv4/ip_forward 105 105 }}} 106 106