Skip to content

Instantly share code, notes, and snippets.

@djoreilly

djoreilly/Open vSwitch Lab.md

Last active July 9, 2024 15:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save djoreilly/1cf74c684cf03da06ea6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save djoreilly/1cf74c684cf03da06ea6 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Darragh O'Reilly revised this gist Feb 13, 2015. 1 changed file with 22 additions and 21 deletions.
    43 changes: 22 additions & 21 deletions Open vSwitch Lab.md
    View file
    Original file line number Diff line number Diff line change
    @@ -11,7 +11,6 @@ Linux system with OVS installed.

    Use this script to add a bridge with ports for testing. The interfaces are moved into IP namespaces to isolate them from the main namespace and from each other.

    # cat add-port.sh
    #!/bin/bash

    if [ $# -ne 2 ]; then
    @@ -62,84 +61,85 @@ Then the bridge should look like:

    ##Test 1 - the NORMAL flow

    ###Test connectivity:
    ####Test connectivity:

    # ip netns exec ns1 ping -c1 10.0.0.2

    ###Show flows
    ####Show flows

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):
    cookie=0x0, duration=560.596s, table=0, n_packets=10, n_bytes=828, idle_age=551, priority=0 actions=NORMAL

    This flow gets created by default when you create a bridge.. The NORMAL flow causes the bridge to behave like a simple MAC learning switch. It applies to all ports because no in_port was specified and that is like a wildcard for all ports

    ###Show the mac table
    ####Show the mac table

    # ovs-appctl fdb/show br0
    port VLAN MAC Age
    1 0 00:00:00:00:00:01 9
    2 0 00:00:00:00:00:02 9


    ###Delete all flows
    ####Delete all flows

    # ovs-ofctl del-flows br0

    and ping again - it should fail this time.

    ###Re-add the NORMAL flow
    ####Re-add the NORMAL flow

    # ovs-ofctl add-flow br0 actions=NORMAL


    ##Test 2 - forwarding by port numbers

    ###Delete all flows
    ####Delete all flows

    # ovs-ofctl del-flows br0

    ###Find ofport numbers (OpenFlow port numbers)
    ####Find ofport numbers (OpenFlow port numbers)

    # ovs-ofctl show br0

    ###Add the flows
    ####Add the flows

    # ovs-ofctl add-flow br0 in_port=1,actions=output:2
    # ovs-ofctl add-flow br0 in_port=2,actions=output:1

    ###Test
    ####Test

    # ip netns exec ns1 ping -c1 10.0.0.2


    ###Test 3 - forward by destination mac address
    ####Test 3 - forward by destination mac address

    ###Delete all flows
    ####Delete all flows

    # ovs-ofctl del-flows br0

    ###Add the flows
    ####Add the flows

    # ovs-ofctl add-flow br0 dl_dst=00:00:00:00:00:01,actions=output:1
    # ovs-ofctl add-flow br0 dl_dst=00:00:00:00:00:02,actions=output:2
    # ovs-ofctl add-flow br0 dl_dst=ff:ff:ff:ff:ff:ff,actions=flood

    ###Test
    ####Test

    # ip netns exec ns1 ping -c1 10.0.0.2

    Use dump-flows and watch the packet counters. Wait several minutes for the ARP cache in the namespaces to expire or delete those entries, and ping again. That should cause the broadcast/flood flow to happen on next ping.



    ##OVS with an external OpenFlow controller

    ###Setup

    Install the Ryu controller from [here](https://github.com/osrg/ryu#quick-start)

    ###Start Ryu it with the sample simple mac learning module

    ####Start Ryu with the sample L2 learning module

    $ ryu-manager ryu/ryu/app/simple_switch.py
    loading app ryu/ryu/app/simple_switch.py
    @@ -148,33 +148,34 @@ Install the Ryu controller from [here](https://github.com/osrg/ryu#quick-start)
    instantiating app ryu.controller.ofp_handler of OFPHandler


    ###Point the test bridge at it
    ####Point the test bridge at it

    # ovs-vsctl set-controller br0 tcp:127.0.0.1:6633

    ###Check there are no flows yet
    ####Check there are no flows yet

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):

    ###Send some data
    ####Send some data

    # ip netns exec ns1 ping -c1 10.0.0.2


    ###Check that the controller added new flows
    ####Check that the controller added new flows

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):
    cookie=0x0, duration=5.808s, table=0, n_packets=1, n_bytes=42, idle_age=0, in_port=2,dl_dst=00:00:00:00:00:01 actions=output:1
    cookie=0x0, duration=0.808s, table=0, n_packets=0, n_bytes=0, idle_age=0, in_port=1,dl_dst=00:00:00:00:00:02 actions=output:2

    ###Check controller console for new log messages
    ####Check controller console for new log messages

    packet in 270705776096578 00:00:00:00:00:01 00:00:00:00:00:02 1
    packet in 270705776096578 00:00:00:00:00:02 00:00:00:00:00:01 2
    packet in 270705776096578 00:00:00:00:00:01 00:00:00:00:00:02 1


    ###Study and change the sample code
    ####Study and change the sample code

    See [here](http://ryu.readthedocs.org/en/latest/writing_ryu_app.html)
  2. Darragh O'Reilly renamed this gist Feb 13, 2015. 1 changed file with 0 additions and 0 deletions.
    0 Open vSwitch Lab → Open vSwitch Lab.md
    View file
    File renamed without changes.
  3. Darragh O'Reilly created this gist Feb 13, 2015.
    180 changes: 180 additions & 0 deletions Open vSwitch Lab
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,180 @@
    #Open vSwitch Lab

    Get started with Open vSwitch, flows and OpenFlow controllers.

    ##Pre-reqs

    Linux system with OVS installed.


    ##Setup

    Use this script to add a bridge with ports for testing. The interfaces are moved into IP namespaces to isolate them from the main namespace and from each other.

    # cat add-port.sh
    #!/bin/bash

    if [ $# -ne 2 ]; then
    echo "usage: $0 port_num ovs_br"
    exit 1
    fi

    set -xe

    port=p$1
    ns=ns$1
    br=$2
    mac=00:00:00:00:00:0$1
    ip=10.0.0.${1}/24

    ovs-vsctl --may-exist add-br $br
    ovs-vsctl add-port $br $port
    ovs-vsctl set Interface $port type=internal
    ip netns add $ns
    ip link set $port netns $ns
    ip netns exec $ns ip link set $port address $mac
    ip netns exec $ns ip address add $ip dev $port
    ip netns exec $ns sysctl -w net.ipv6.conf.${port}.disable_ipv6=1
    ip netns exec $ns ip link set $port up


    Call script like:

    # sh add-port.sh 1 br0
    # sh add-port.sh 2 br0


    Then the bridge should look like:

    # ovs-vsctl show
    e3784497-dc8f-432d-9a2c-923148962c73
    Bridge "br0"
    Port "p2"
    Interface "p2"
    type: internal
    Port "br0"
    Interface "br0"
    type: internal
    Port "p1"
    Interface "p1"
    type: internal


    ##Test 1 - the NORMAL flow

    ###Test connectivity:

    # ip netns exec ns1 ping -c1 10.0.0.2

    ###Show flows

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):
    cookie=0x0, duration=560.596s, table=0, n_packets=10, n_bytes=828, idle_age=551, priority=0 actions=NORMAL

    This flow gets created by default when you create a bridge.. The NORMAL flow causes the bridge to behave like a simple MAC learning switch. It applies to all ports because no in_port was specified and that is like a wildcard for all ports

    ###Show the mac table

    # ovs-appctl fdb/show br0
    port VLAN MAC Age
    1 0 00:00:00:00:00:01 9
    2 0 00:00:00:00:00:02 9


    ###Delete all flows

    # ovs-ofctl del-flows br0

    and ping again - it should fail this time.

    ###Re-add the NORMAL flow

    # ovs-ofctl add-flow br0 actions=NORMAL


    ##Test 2 - forwarding by port numbers

    ###Delete all flows

    # ovs-ofctl del-flows br0

    ###Find ofport numbers (OpenFlow port numbers)

    # ovs-ofctl show br0

    ###Add the flows

    # ovs-ofctl add-flow br0 in_port=1,actions=output:2
    # ovs-ofctl add-flow br0 in_port=2,actions=output:1

    ###Test

    # ip netns exec ns1 ping -c1 10.0.0.2


    ###Test 3 - forward by destination mac address

    ###Delete all flows

    # ovs-ofctl del-flows br0

    ###Add the flows

    # ovs-ofctl add-flow br0 dl_dst=00:00:00:00:00:01,actions=output:1
    # ovs-ofctl add-flow br0 dl_dst=00:00:00:00:00:02,actions=output:2
    # ovs-ofctl add-flow br0 dl_dst=ff:ff:ff:ff:ff:ff,actions=flood

    ###Test

    # ip netns exec ns1 ping -c1 10.0.0.2

    Use dump-flows and watch the packet counters. Wait several minutes for the ARP cache in the namespaces to expire or delete those entries, and ping again. That should cause the broadcast/flood flow to happen on next ping.


    ##OVS with an external OpenFlow controller

    ###Setup

    Install the Ryu controller from [here](https://github.com/osrg/ryu#quick-start)

    ###Start Ryu it with the sample simple mac learning module


    $ ryu-manager ryu/ryu/app/simple_switch.py
    loading app ryu/ryu/app/simple_switch.py
    loading app ryu.controller.ofp_handler
    instantiating app ryu/ryu/app/simple_switch.py of SimpleSwitch
    instantiating app ryu.controller.ofp_handler of OFPHandler


    ###Point the test bridge at it

    # ovs-vsctl set-controller br0 tcp:127.0.0.1:6633

    ###Check there are no flows yet

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):

    ###Send some data

    # ip netns exec ns1 ping -c1 10.0.0.2


    ###Check that the controller added new flows

    # ovs-ofctl dump-flows br0
    NXST_FLOW reply (xid=0x4):
    cookie=0x0, duration=5.808s, table=0, n_packets=1, n_bytes=42, idle_age=0, in_port=2,dl_dst=00:00:00:00:00:01 actions=output:1
    cookie=0x0, duration=0.808s, table=0, n_packets=0, n_bytes=0, idle_age=0, in_port=1,dl_dst=00:00:00:00:00:02 actions=output:2

    ###Check controller console for new log messages

    packet in 270705776096578 00:00:00:00:00:01 00:00:00:00:00:02 1
    packet in 270705776096578 00:00:00:00:00:02 00:00:00:00:00:01 2
    packet in 270705776096578 00:00:00:00:00:01 00:00:00:00:00:02 1


    ###Study and change the sample code
    See [here](http://ryu.readthedocs.org/en/latest/writing_ryu_app.html)