What is Open vSwitch?

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.  It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag).  In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V. See full feature list here

Why Open vSwitch ?

https://github.com/openvswitch/ovs/blob/master/Documentation/intro/why-ovs.rst

OVN:

http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.html

                                         CMS

                                          |

                                          |

                              +-----------|-----------+

                              |           |           |

                              |     OVN/CMS Plugin    |

                              |           |           |

                              |           |           |

                              |   OVN Northbound DB   |

                              |           |           |

                              |           |           |

                              |       ovn-northd      |

                              |           |           |

                              +-----------|-----------+

                                          |

                                          |

                                +-------------------+

                                | OVN Southbound DB |

                                +-------------------+

                                          |

                                          |

                       +------------------+------------------+

                       |                  |                  |

         HV           |                  |    HV n          |

       +---------------|---------------+  .  +---------------|---------------+

       |               |               |  .  |               |               |

       |        ovn-controller         |  .  |        ovn-controller         |

       |         |          |          |  .  |         |          |          |

       |         |          |          |     |         |          |          |

       |  ovs-vswitchd   ovsdb-server  |     |  ovs-vswitchd   ovsdb-server  |

       |                               |     |                               |

       +-------------------------------+     +-------------------------------+

在继续之前,做好先理解一下 namespace:

[cloud][sdn] network namespace

下面两篇中文介绍,内容相似,写的都不咋样。

http://fishcried.com/2016-02-09/openvswitch-ops-guide/

https://blog.kghost.info/2014/11/19/openvswitch-internal/

这个偏实践指导,写的好:

https://www.ibm.com/developerworks/cn/cloud/library/1401_zhaoyi_openswitch/

从源码编译:

文档:https://docs.openvswitch.org/en/latest/intro/install/general/

需要注意是否支持内核模块的编译,有所不同。

[root@D128 thirdparty]# git clone https://github.com/openvswitch/ovs.git

[root@D128 ovs]# git checkout v2.7.0

[root@D128 ovs]#  yum install autoconf automake libtool

[root@D128 ovs]# ./boot.sh

[root@D128 ovs]# ./configure --prefix=/root/BUILD_ovs/

[root@D128 ovs]# make

[root@D128 ovs]# make install

上边是没编译内核模块的。。。

再编个内核模块吧!!

[root@D128 ovs]# yum install kernel-devel-$(uname -r)

[root@D128 ovs]# ./configure --prefix=/root/BUILD_ovs/ --with-linux=/lib/modules/$(uname -r)/build

[root@D128 ovs]# uname -a

Linux D128 3.10.-.el7.x86_64 # SMP Tue Aug  :: UTC  x86_64 x86_64 x86_64 GNU/Linux

kernel版本太旧,编不过。降版本到v2.6.0

[root@D128 ovs]# git checkout v2.6.0

Previous HEAD position was c298ef7... Set release date for 2.7..

HEAD is now at 7a0f907... Set release date for 2.6..

[root@D128 ovs]# git branch

* (detached from v2.6.0)

  master

[root@D128 ovs]#

还是编不过。如果想编译通过必须要找对彼此兼容的版本。算了直接用centos自带的ko(反正是学习了解阶段,但愿能兼容跑起来)。。。

[root@D128 ovs]# modprobe openvswitch

[root@D128 ovs]# lsmod|grep openvswitch

openvswitch

nf_nat_ipv6               openvswitch

nf_nat_ipv4               openvswitch

nf_defrag_ipv6            openvswitch,nf_conntrack_ipv6

nf_nat                    openvswitch,nf_nat_ipv4,nf_nat_ipv6

nf_conntrack             openvswitch,nf_nat,nf_nat_ipv4,nf_nat_ipv6,nf_conntrack_ipv4,nf_conntrack_ipv6

libcrc32c                 xfs,openvswitch,nf_nat,nf_conntrack

[root@D128 ovs]#

运行:

[root@D128 ovs]# export PATH=$PATH:/root/BUILD_ovs/share/openvswitch/scripts/

[root@D128 ~]# ovs-ctl --system-id=random start

Starting ovsdb-server                                      [  OK  ]

Configuring Open vSwitch system IDs                        [  OK  ]

Starting ovs-vswitchd                                      [  OK  ]

Enabling remote OVSDB managers                             [  OK  ]

[root@D128 ~]#

数据库应该已经建立了默认的,并且都初始化了。

测试:

[root@D128 BUILD_ovs]# ip link

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN mode DEFAULT qlen

    link/loopback ::::: brd :::::

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP mode DEFAULT qlen

    link/ether :0c::2f:cf: brd ff:ff:ff:ff:ff:ff

[root@D128 BUILD_ovs]# ./bin/ovs-vsctl add-br br0

[root@D128 BUILD_ovs]# ip link

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN mode DEFAULT qlen

    link/loopback ::::: brd :::::

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP mode DEFAULT qlen

    link/ether :0c::2f:cf: brd ff:ff:ff:ff:ff:ff

3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000

    link/ether 92:e5:c6:d2:ec:a2 brd ff:ff:ff:ff:ff:ff

4: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000

    link/ether be:e8:bd:df:ff:41 brd ff:ff:ff:ff:ff:ff

[root@D128 BUILD_ovs]# ./bin/ovs-vsctl add-port br0 ens33

[root@D128 BUILD_ovs]# brctl show

bridge name    bridge id        STP enabled    interfaces

[root@D128 BUILD_ovs]#

ovs-vsctl add-br 增加的这俩个设备是什么?

我写了个脚本去判断:

[root@D128 ~]# cat ip_link_show_type.sh

#! /bin/bash

TYPE=" vlan veth vcan dummy ifb macvlan macvtap bridge bond ipoib ip6tnl ipip sit vxlan gre gretap ip6gre ip6gretap vti nlmon bond_slave geneve bridge_slave macsec"

for T in $TYPE

do

    echo $T

    ip link show type $T

done

竟然不属于这里边任意一个类型。。。。

虽然没有正面回答,但是看一下下面这个问题的答案,就能很好的理解了:

同时,也讲解了KVM的tap设备怎么可OVS协作,以及需要注意什么。

https://github.com/openvswitch/ovs/blob/master/Documentation/faq/issues.rst

Q: I created a tap device tap0, configured an IP address on it, and added it to a bridge, like this:

大概就是说,OVS的bridge和OVS的internal port是OVS单独实现的两种特殊设备。

报错:

[root@D128 BUILD_ovs]# ./bin/ovs-vsctl add-port br0 p0

ovs-vsctl: Error detected while setting up 'p0': could not open network device p0 (No such device).  See ovs-vswitchd log for details.

ovs-vsctl: The default log directory is "/root/BUILD_ovs/var/log/openvswitch".

[root@D128 BUILD_ovs]#

要这样:

https://github.com/openvswitch/ovs-issues/issues/110

The port‘s name should be a exist interface use ifconfig to see, such as eth0. If you just want to use a virtual port name to make a test you should 
specify the port's type like ovs-vsctl add-port br0 port0 -- set Interface port0 type=internal or ovs-vsctl set Interface port0 type=internal
[root@D128 BUILD_ovs]# ./bin/ovs-vsctl add-port br0 port0 -- set Interface port0 type=internal

[root@D128 BUILD_ovs]# ip link

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN mode DEFAULT qlen

    link/loopback ::::: brd :::::

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP mode DEFAULT qlen

    link/ether :0c::2f:cf: brd ff:ff:ff:ff:ff:ff

: ovs-system: <BROADCAST,MULTICAST> mtu  qdisc noop state DOWN mode DEFAULT qlen

    link/ether :e5:c6:d2:ec:a2 brd ff:ff:ff:ff:ff:ff

: br0: <BROADCAST,MULTICAST> mtu  qdisc noop state DOWN mode DEFAULT qlen

    link/ether be:e8:bd:df:ff: brd ff:ff:ff:ff:ff:ff

: port0: <BROADCAST,MULTICAST> mtu  qdisc noop state DOWN mode DEFAULT qlen

    link/ether f6:cb:c2::fc:e0 brd ff:ff:ff:ff:ff:ff

[root@D128 BUILD_ovs]# ./bin/ovs-vsctl show

528b5679-22e8-484b-947b-4499959dc341

    Bridge "br0"

        Port "port0"

            Interface "port0"

                type: internal

        Port "br0"

            Interface "br0"

                type: internal

    ovs_version: "2.7.0"

[root@D128 BUILD_ovs]#

查看br0,port0这两个设备。

[root@D128 BUILD_ovs]# ethtool -i br0

driver: openvswitch

version:

firmware-version:

expansion-rom-version:

bus-info:

supports-statistics: no

supports-test: no

supports-eeprom-access: no

supports-register-dump: no

supports-priv-flags: no

[root@D128 BUILD_ovs]# ethtool -i port0

driver: openvswitch

version:

firmware-version:

expansion-rom-version:

bus-info:

supports-statistics: no

supports-test: no

supports-eeprom-access: no

supports-register-dump: no

supports-priv-flags: no

[root@D128 BUILD_ovs]#

增加namespace

[root@D128 BUILD_ovs]# ip netns add ns0

[root@D128 BUILD_ovs]# ip link set port0 netns ns0
[root@D128 BUILD_ovs]# ip netns exec ns0 ip addr add 192.168.1.100/ dev port0

[root@D128 BUILD_ovs]# ip netns exec ns0 ifconfig port0 promisc up

查看:

[root@D128 BUILD_ovs]# ./bin/ovs-ofctl show br0

OFPT_FEATURES_REPLY (xid=0x2): dpid:0000bee8bddfff41

n_tables:, n_buffers:

capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP

actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst

 (port0): addr:::::0c:e1

     config:     PORT_DOWN

     state:      LINK_DOWN

     speed:  Mbps now,  Mbps max

 LOCAL(br0): addr:be:e8:bd:df:ff:

     config:     PORT_DOWN

     state:      LINK_DOWN

     speed:  Mbps now,  Mbps max

OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=

[root@D128 BUILD_ovs]# ./bin/ovs-dpctl show

system@ovs-system:

    lookups: hit: missed: lost:

    flows:

    masks: hit: total: hit/pkt:1.21

    port : ovs-system (internal)

    port : br0 (internal)

    port : port0 (internal)

[root@D128 BUILD_ovs]# 
[root@D128 BUILD_ovs]# ip addr add 192.168.1.101/ dev br0

[root@D128 BUILD_ovs]# ip link set br0 up

现在两个namespace可以通过br0 互通了。

增加一个of规则

[root@D128 BUILD_ovs]# ./bin/ovs-ofctl add-flow br0 "priority=1 idle_timeout=0, in_port=2,actions=mod_nw_src:9.181.137.1,normal"

[root@D128 BUILD_ovs]# ./bin/ovs-ofctl show br0

OFPT_FEATURES_REPLY (xid=0x2): dpid:0000bee8bddfff41

n_tables:, n_buffers:

capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP

actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst

 (port0): addr:::::0c:e1

     config:     PORT_DOWN

     state:      LINK_DOWN

     speed:  Mbps now,  Mbps max

 LOCAL(br0): addr:be:e8:bd:df:ff:

     config:

     state:

     speed:  Mbps now,  Mbps max

OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=

[root@D128 BUILD_ovs]# ./bin/ovs-

抓包可以看见,原地址已经被修改为9.181.137.1

[root@D128 BUILD_ovs]# tcpdump -i br0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on br0, link-type EN10MB (Ethernet), capture size  bytes

::00.988146 IP 9.181.137.1 > localhost: ICMP echo request, id , seq , length

::01.988227 IP 9.181.137.1 > localhost: ICMP echo request, id , seq , length

::02.988113 IP 9.181.137.1 > localhost: ICMP echo request, id , seq , length

::03.988133 IP 9.181.137.1 > localhost: ICMP echo request, id , seq , length

暂时先到这。作为一个初步了解。

--------------------------------------------------   update @ 2018-03-30 20:11 -----------------------------------

在OVS port上抓包。

把port流量镜像出来。

[root@vrouter-ovs ~]# ip link add dev mirror type dummy

[root@vrouter-ovs ~]# ip link set mirror up

[root@dr-lb ~]# ovs-vsctl add-port ovs-br0 mirror
[root@vrouter-ovs ~]# ovs-vsctl -- set Bridge br-tun mirror=@mi -- --id=@pmirror get Port mirror -- --id=@patch get Port tun-to-int -- --id=@mi create Mirror name=mymi select-dst-port=@patch select-src-port=@patch output-port=@pmirror

[root@vrouter-ovs ~]# tcpdump -i mirror -nn

查看和删除mirror

# ovs-vsctl list Mirror

# ovs-vsctl clear bridge ovsbr0 mirrors 
ovs-vsctl set Bridge ovs-br0 mirrors=@mi -- --id=@pmirror get Port mirror-br0 -- --id=@patch get port vxlanclient0 -- --id=@mi create Mirror name=mymi select-dst-port=@patch select-src-port=@patch output-port=@pmirror

[cloud][OVS][sdn] Open vSwitch 初步了解的更多相关文章

  1. [cloud][ovs][sdn] 安装 openvswitch-dpdk

    [cloud][OVS][sdn] Open vSwitch 初步了解 继之前的内容,安装基于dpdk的ovs https://docs.openvswitch.org/en/latest/intro ...

  2. [qemu][cloud][centos][ovs][sdn] centos7安装高版本的qemu 以及 virtio/vhost/vhost-user咋回事

    因为要搭建ovs-dpdk,所以需要vhost-user的qemu centos默认的qemu与qemu-kvm都不支持vhost-user,qemu最高版本是2.0.0, qemu-kvm最高版本是 ...

  3. SDN期末作业

    期末项目 代码仓库:传送门 视频:组长已经发送给朱老师 选题:负载均衡场景3 选题内容: 该拓扑是数据中心拓扑的一部分,其中h1是数据中心外的一台客户机,h2-h5是数据中心内的服务器,请根据该拓扑实 ...

  4. 从三个开源项目认识OpenFlow交换机 - OVS

    在SDN/NFV的网络革新技术浪潮的引领下,催生了诸多数据面开源方案的诞生.业界知名度较高的有OVS(Open vSwitch).FD.io (Fast Data I/O).ODP(Open Data ...

  5. SDN核心技术剖析和实战指南---读书笔记

    第一章 SDN定义如下: SDN是一种新兴的基于软件的网络架构及技术,其最大的特点在于具有松耦合的控制平面与数据平面.支持集中化的网络状态控制.实现底层网络设施对上层应用的透明. SDN和NFV: O ...

  6. 从SDN鼻祖Nicira到VMware NSX 网络虚拟化平台的简单探讨

    以前的大二层技术,一般是在物理网络底层使用IS-IS路由技术,再在此基础之上,实现数据中心网络的二层扩展,如公有的Trill.SPB技术和Cisco私有的OTV.Fabricpath技术:前沿一些的网 ...

  7. 传统二三层转发融合SDN Openflow协议的Hybrid交换机转发流程

    Hybrid 交换系统(以下简称Hybrid 交换机)是交换机融合了OVS(Openflow vswitch)原生代码,集传统和Openflow 技术于一体的转发系统.主要解决纯Openflow 基于 ...

  8. Open vSwitch FAQ (三)

    Quality of Service (QoS) Q: How do I configure Quality of Service (QoS)? A: Suppose that you want to ...

  9. ovs+dpdk numa感知特性验证

    0.介绍 本测试是为了验证这篇文章中提到的DPDK的NUMA感知特性. 简单来说,在ovs+dpdk+qemu的环境中,一个虚拟机牵涉到的内存共有三部分: DPDK为vHost User设备分配的De ...

随机推荐

  1. IOS开发之Storyboard应用

    制作一个Tab类型的应用 制作一个表格视图 原型表格单元 设计自定义的原型单元格 为原型单元格设置子类 故事版(Storyboard)是一个能够节省你很多设计手机App界面时间的新特性,下面,为了简明 ...

  2. Android Launcher分析和修改11——自定义分页指示器(paged_view_indicator)

    Android4.0的Launcher自带了一个简单的分页指示器,就是Hotseat上面那个线段,这个本质上是一个ImageView利用.9.png图片做,效果实在是不太美观,用测试人员的话,太丑了. ...

  3. [C#] 一款代码注释清理工具

    [C#] 一款代码注释清理工具   在程序开发过程中,很多时候我们都会在代码中进行注释,以便大家更容易理解或能更直观明白某个类或方法是用来做什么的,我们就会用注释 就以C#为列子,注释符大致为'//' ...

  4. Java知多少(21)this关键字详解

    this 关键字用来表示当前对象本身,或当前类的一个实例,通过 this 可以调用本对象的所有方法和属性.例如: public class Demo{ public int x = 10; publi ...

  5. java-信息安全(十二)-数字签名【Java证书体系实现】

    概述 信息安全基本概念 数字证书 数字证书就是互联网通讯中标志通讯各方身份信息的一串数字,提供了一种在Internet上验证通信实体身份的方式,数字证书不是数字身份证,而是身份认证机构盖在数字身份证上 ...

  6. 总结一下搭建简单Web服务器的一些方法

    使用nodejs+anywhere模块搭建静态文件服务器 anywhere随时随地将你的当前目录变成一个静态文件服务器的根目录. 安装npm install anywhere -g,然后进入任意目录在 ...

  7. 一篇文章带你看懂Cloudflare信息泄露事件

    版权声明:本文由贺嘉  原创文章,转载请注明出处: 文章原文链接:https://www.qcloud.com/community/article/753847001488039974 来源:腾云阁  ...

  8. 不可思议的颜色混合模式 mix-blend-mode (转)

    开本系列,谈谈一些有趣的 CSS 题目,题目类型天马行空,想到什么说什么,不仅为了拓宽一下解决问题的思路,更涉及一些容易忽视的 CSS 细节. 解题不考虑兼容性,题目天马行空,想到什么说什么,如果解题 ...

  9. Elasticsearch学习之配置小记

    基于 elasticsearch 1.4.4 版本.安装方式为RPM安装.所有涉及路径需根据实际情况来设置判断. 0x01 内存调整 调整ES内存分配有多种方式,建议调整 /etc/sysconfig ...

  10. JS中判断一个对象是否为null、undefined、0

    1.判断undefined: var tmp = undefined; if (typeof(tmp) == "undefined"){ alert("undefined ...