How to install Open vSwitch and test connection of VMs over GRE
1. Build Open vSwitch packages
$ wget http://openvswitch.org/releases/openvswitch-1.4.0.tar.gz
$ cp openvswitch-1.4.0.tar.gz /path/to/rpmbuild_dir/SOURCES/
(On RHEL6, /path/to/rpmbuild_dir is $HOME/rpmbuild)
$ tar xvzf openvswitch-1.4.0.tar.gz
$ cd openvswitch-1.4.0
$ rpmbuild -bb rhel/openvswitch.spec
$ rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec
(If you would like to build on RHEL5.x, please read the INSTALL.RHEL in the source dir.)
The above commands produces the following packages in your RPMS dir.
openvswitch-1.4.0-1.x86_64.rpm
openvswitch-debuginfo-1.4.0-1.x86_64.rpm
kmod-openvswitch-1.4.0-1.el6.x86_64.rpm
Install these packages.
# rpm -ivh openvswitch-1.4.0-1.x86_64.rpm openvswitch-debuginfo-1.4.0-1.x86_64.rpm kmod-openvswitch-1.4.0-1.el6.x86_64.rpm
2. Initial setting
Enable Linux bridge device compatibility mode.
# vi /etc/sysconfig/openvswitch
Uncomment the line of "BRCOMPAT=yes".
--------------------------------------------------------------
...
# BRCOMPAT: If 'yes' compatibility mode will be enabled.
BRCOMPAT=yes
--------------------------------------------------------------
Start Open vSwitch services.
# service openvswitch start
Please confirm the following points.
* Default bridge device is removed
# lsmod | grep bridge
no output.
* /etc/openvswitch/conf.db is generated.
* ovsdb-server�Covs-vswitchd�Covs-brcompatd is running.
# ps -ef | grep ovsdb-server
# ps -ef | grep ovs-vswitchd
# ps -ef | grep ovs-brcompatd
** You may receive errors report '/sys/class/net/virbr0/bridge: No such file or directory', when you use brctl command. I'm not sure the reason. But the bridge seems to work properly.
Add a policy to pass GRE protocol in iptables.
'service openvswitch start' automatically adds a policy to pass GRE in iptables.
But, to ensure that the policy is always enabled, add the policy in your iptables rule file.
--------------------------------------------------------------
...
-A INPUT -p gre -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
...
--------------------------------------------------------------
3. Create an Open vSwitch and set a Openflow controller
# ovs-vsctl add-br br0
# ovs-vsctl set-controller br0 tcp:133.1.134.167
Confirm the vSwitch status.
# ovs-vsctl show
...
Bridge "br0"
Controller "tcp:133.1.134.167"
is_connected: true
Port "br0"
Interface "br0"
type: internal
...
If you find the lines, 'Controller "tcp:133.1.134.167"' and ' is_connected: true', it means that your Open vSwitch connects properly to the Openflow controller at Osaka University.
4. Create GRE connections between Open vSwitchs
# ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=133.1.134.167
Please let me know the global IP address of the host where the vSwitch is hosted.
From Osaka university, I will make a reverse GRE connection to your vSwitch.
5. Launch a VM and bridge to the Open vSwitch
The following is an example.
Launch a KVM based VM.
# /usr/libexec/qemu-kvm -no-kvm-pit-reinjection -hda centos_5_x86_64-kvm.img -boot c -m 512 -k ja -localtime -net nic,macaddr=54:52:00:12:34:10,model=virtio -net tap,ifname=tap10,script=qemu-ifup,downscript=qemu-ifdown -no-reboot -vnc :10 -serial pty -parallel none -monitor pty -daemonize
The MAC address must be an unique address in our project.
Osaka university members use 54:52:00:12:34:xx for the purpose of this feasibility test.
Please let me know the MAC address used for your VM.
The samples of qemu-ifup and qemu-ifdown scripts are the below.
This script bridges the tap device of KVM to the Open vSwitch(br0)
If you plan to use Xen, please edit your xen-bridge script.
qemu-ifup script:
-----------------------------------------------
#!/bin/sh
switch=br0
echo "Bringing up $1 for bridged mode..."
/sbin/ifconfig $1 0.0.0.0 promisc up
echo "Adding $1 to ${switch}..."
ovs-vsctl add-port ${switch} $1
-----------------------------------------------
qemu-ifdown script:
-----------------------------------------------
#!/bin/sh
switch=br0
echo "Removing $1 from ${switch}..."
ovs-vsctl del-port ${switch} $1
echo "Shutting down $1..."
/sbin/ifconfig $1 0.0.0.0 down
-----------------------------------------------
IP address of the VM:
Osaka members use 10.2.1.1-99
For the purpose of this feasibility test, please use following addresses.
10.2.1.100-199/24 for AIST members.
10.2.1.200-254/24 for UCSD members.
After launched your VM, please let me know the MAC address and IP address of your VM and IP address of your vSwitch.
I will make GRE connection from our vSwitch to your vSwitch, and add your VM in the same slice with Osaka university's VMs.
In this way, our VMs can establish an isolated virtual L2 network.
댓글