this slide is created for understand open vswitch more easily. so I tried to make it practical. if you just follow up this scenario, then you will get some knowledge about OVS. In this document, I mainly use only two command "ip" and "ovs-vsctl" to show you the ability of these commands.

1. RED HAT ENTERPISE LINUX1
Understanding Open Vswitch
Open Stack
YONG-KI, KIM
ykim@redhat.com
Red Hat Korea

2. RED HAT ENTERPISE LINUX2
Session Objective
Open Vswitch
1. role of OVS in Open Stack
2. Working process of OVS
3. Various IP Interfaces – TAP, TUN, veth-Pair

3. RED HAT ENTERPISE LINUX3
Base Network Knowledge
TCP/IP Model
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5
Layer 6
Layer 7

4. RED HAT ENTERPISE LINUX4
TCP/IP
Switch covers TCP/IP but Bridge works on only L2
L2: Mac based communication
- bridge, L2 Switch
L3: IP based communication
- router, L3 Switch
L4: TCP Port based communication
- L4 Switch, Load Balancer

5. RED HAT ENTERPISE LINUX5
Network Diagram – host alone
Basic Network topology
eth0
External
Internal
eth1
VM1
eth0
OVS
VM2
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
172.16.0.1

6. RED HAT ENTERPISE LINUX6
Network Diagram - tunneling
Basic Network topology
eth0
External
Internal
eth1
VM1
eth0
OVS
VM2
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
eth0
eth1
VM3
eth0
OVS
VM4
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.2/24)
br-int/internal
vtap1
vtap2
Host2
172.16.0.1 172.16.0.2

7. RED HAT ENTERPISE LINUX7
Network Diagram – complete picture
Basic Network topology
eth0
External
Internal
eth1
VM1
eth0
OVS
VM2
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
eth0
eth1
VM3
eth0
OVS
VM4
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.2/24)
br-int/internal
vtap1
vtap2
Host2
br-tun
veth1 veth0
172.16.0.1
br-tun
/internal eth1
br-tun
veth1
eth1
veth0
172.16.0.2
br-tun
/internal

8. RED HAT ENTERPISE LINUX8
OVS how to – OVS Service
1. OVS start
eth0
eth1
OVS
IP stack
(192.168.0.1/24)
Host1
host1#systemctl stop firewalld; setenforce 0
host1#service openvswitch start
[root@yhost2 ~]# ovs-vsctl show
da8683f3-e1c1-4c9a-9587-2e3e860f9f82
ovs_version: "2.3.2"
172.16.0.1

9. RED HAT ENTERPISE LINUX9
OVS how to - br
2. Create Bridge
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
Host1
host1#ovs-vsctl add-br br-int
host1#ip link set dev br-int up
[root@yhost2 ~]# ovs-vsctl show
da8683f3-e1c1-4c9a-9587-2e3e860f9f82
Bridge br-int
Port br-int
Interface br-int
type: internal
ovs_version: "2.3.2"
172.16.0.1

10. RED HAT ENTERPISE LINUX10
OVS how to – br-internal
3. assign IP addr to br-int
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
Host1
host1#ip addr add 192.168.0.100/24 dev br-int
[root@yhost2 ~]# ovs-vsctl show
da8683f3-e1c1-4c9a-9587-2e3e860f9f82
Bridge br-int
Port br-int
Interface br-int
type: internal
ovs_version: "2.3.2"
172.16.0.1

11. RED HAT ENTERPISE LINUX11
OVS how to
4. Create tap device – vtap1, vtap2
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
host1#ip tuntap add mode tap vtap{1,2}
host1#ovs-vsctl add-port br-int vtap1 –- add-port br-int vtap2
host1#ip link set dev vtap{1,2} up
[root@yhost2 ~]# ovs-vsctl show
da8683f3-e1c1-4c9a-9587-2e3e860f9f82
Bridge br-int
Port “vtap1”
Interface “vtap1”
Port “vtap2”
Interface “vtap2”
Port br-int
Interface br-int
type: internal
ovs_version: "2.3.2"
vtap1
vtap2
172.16.0.1

12. RED HAT ENTERPISE LINUX12
OVS how to – Config for VM with TAP
5. create VM and configure to use manual TAP device
virt-manager는 기본 mactap 제공하나 자율성이 떨어지기 때문에 manual tap 사용
1. vi /etc/libvirt/qemu/host1.xml
2. vi /etc/libvirt/qemu.conf (&& selinux disable)
3. service libvirtd restart
<?xml version="1.0" encoding="UTF-8"
standalone="no"?>
<interface type='ethernet'>
<mac address='26:c7:a9:96:a7:7a'/>
<target dev=vtap1'/>
<model type='virtio'/>
<script path='no'/>
<address type='pci'
domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
/etc/libvirt/qemu/host1.xml /etc/libvirt/qemu.conf
a) clear_emulator_capabilities = 0
b) user = "root"
c) group = "root"
d) cgroup_device_acl = [ "/dev/null",
"/dev/full", "/dev/zero", "/dev/random",
"/dev/urandom", "/dev/ptmx", "/dev/kvm",
"/dev/kqemu", "/dev/rtc", "/dev/hpet",
"/dev/net/tun", ]

13. RED HAT ENTERPISE LINUX13
OVS how to – VM IP
4. allocate IP addr to VM's eth0
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
vm1@host1#ip addr add 192.168.0.101/24 dev eth0
vm2@host1#ip addr add 192.168.0.102/24 dev eth0
VM1#ping 192.168.0.1
[success]
VM2#ping 192.168.0.1
[success]
vtap1
vtap2
VM1
eth0
VM2
eth0
192.168.0.101
192.168.0.102
172.16.0.1

14. RED HAT ENTERPISE LINUX14
OVS how to - Monitor
5. monitor ovs status
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
host1#ovs-vsctl show
host1#ovs-ofctl show br-int
host1#ovs-appctl fdb/show br-int
host1#ovs-ofctl show br-int
1(eth1): addr:00:1a:4a:36:66:10
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(vtap1): addr:96:34:e5:61:0a:ca
config: PORT_DOWN
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
3(vtap2): addr:f2:18:36:6c:d6:62
config: PORT_DOWN
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
LOCAL(br-int): addr:00:1a:4a:36:66:10
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal
miss_send_len=0
vtap1
vtap2
VM1
eth0
VM2
eth0
192.168.0.101
192.168.0.102
172.16.0.1

15. RED HAT ENTERPISE LINUX15
OVS how to – Test Connection
6. ping test between vm1 on host1 and vm2 host2
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
VM1# ping 192.168.0.102 [success]
VM1#ping 192.168.0.103 [failed]
vtap1
vtap2
VM1
eth0
VM2
eth0
192.168.0.101
192.168.0.102
eth0
eth1
OVS
br-int
IP stack
(192.168.0.2/24)
br-int/internal
vtap1
vtap2
Host1
vtap1
vtap2
VM3
eth0
VM4
eth0
192.168.0.103
192.168.0.104
172.16.0.1 172.16.0.2

16. RED HAT ENTERPISE LINUX16
OVS how to – Tun(VXLAN)
7. create vxlan TUN for connection between VM1 and MV3
eth0
eth1
OVS
br-int
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
host1# ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0
type=vxlan options:key=100 options:remote_ip=172.16.0.2]
host2#ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0
type=vxlan options:key=100 options:remote_ip=172.16.0.1
vtap1
vtap2
VM1
eth0
VM2
eth0
192.168.0.101
192.168.0.102
eth0
eth1
OVS
br-int
IP stack
(192.168.0.2/24)
br-int/internal
vtap1
vtap2
Host1
vtap1
vtap2
VM3
eth0
VM4
eth0
192.168.0.103
192.168.0.104
172.16.0.1 172.16.0.2
vxlan1
VNI=100
vxlan1
VNI=100

17. RED HAT ENTERPISE LINUX17
OVS how to - Monitor
8. current ovs status
host1#ovs-vsctl show
host1#ovs-ofctl ip a
[root@yhost1 ~]# ovs-vsctl show
84c282c9-b992-4673-a715-2d2e46f0c175
Bridge br-int
Port br-int
Interface br-int
type: internal
Port "vtap1"
Interface "vtap1"
Port "vtap2"
Interface "vtap2"
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {key="100",
remote_ip="172.16.0.2"}
ovs_version: "2.3.2"
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
link/ether 00:1a:4a:36:66:0d brd
ff:ff:ff:ff:ff:ff
inet 10.64.168.146/24
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
link/ether 00:1a:4a:36:66:0e brd
ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24
vtap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500
link/ether 16:07:a0:03:15:ac brd
ff:ff:ff:ff:ff:ff
vtap2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500
link/ether e2:05:f1:38:5d:21 brd
ff:ff:ff:ff:ff:ff
br-int: <BROADCAST,MULTICAST> mtu 1500
link/ether 46:8c:72:ee:f0:4b brd
ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 scope global br-int

18. RED HAT ENTERPISE LINUX18
OVS how to – veth pair
9. connection between bridges.
host1#ip link add veth0 type veth peer name veth1
host1# ovs-vsctl add-br br-tun
host1#ovs-vsctl add-port br-int veth0
host1#ovs-vsctl add-port br-tun veth1
host1#ovs-vsctl add-port eth1
host1#ip link set dev veth{0,1} up

19. RED HAT ENTERPISE LINUX19
OVS how to – veth pair
10. connection between bridges.
host1#ovs-vsctl show
host1# ip addr
[root@yhost1 ~]# ovs-vsctl show
84c282c9-b992-4673-a715-2d2e46f0c175
Bridge br-int
Port "veth0"
Interface "veth0"
Port br-int
Interface br-int
type: internal
Port "vtap1"
Interface "vtap1"
Port "vtap2"
Interface "vtap2"
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {key="100", remote_ip="172.16.0.2"}
Bridge br-tun
Port br-tun
Interface br-tun
type: internal
Port "veth1"
Interface "veth1"
Port "eth1"
Interface "eth1"
ovs_version: "2.3.2"

20. RED HAT ENTERPISE LINUX20
Network Diagram
Basic Network topology
eth0
External
Internal
eth1
VM1
eth0
OVS
VM2
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.1/24)
br-int/internal
vtap1
vtap2
Host1
eth0
eth1
VM3
eth0
OVS
VM4
eth0
br-int vtap1
vtap2
IP stack
(192.168.0.2/24)
br-int/internal
vtap1
vtap2
Host2
br-tun
veth1 veth0
172.16.0.1
br-tun
/internal eth1
br-tun
veth1
eth1
veth0
172.16.0.2
br-tun
/internal

21. RED HAT ENTERPISE LINUX21
ref: http://docs.ocselected.org/openstack-manuals/kilo/networking-guide/content/under_the_hood_openvswitch.html
Open Stack Neutron Architecture

22. RED HAT ENTERPISE LINUX22
ref: http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN
Docker Network w/ Open Vswitch

23. RED HAT ENTERPISE LINUX23
Ref - articles
reference articles
1. open stack neutron:
http://docs.ocselected.org/openstack-manuals/kilo/networking-
guide/content/under_the_hood_openvswitch.html
2. open vswitch tutorial video:
https://www.youtube.com/watch?v=rYW7kQRyUvA
3. docker on open vswitch (한글):
http://www.joinc.co.kr/modules/moniwiki/wiki.php/man/12/OpenVSwitch/VXLAN
4. ovs script
- refer to below slides

24. RED HAT ENTERPISE LINUX24
Ref – ovs-host1.sh
KimYongKis-MacBook-Pro:20151013-Internal-OVS-training ykim$ cat ovs-host1.sh
#!/bin/sh
#define
vnet="192.168.0.1/24"
target_host="172.16.0.2"
tun_net="172.16.0.1/24"
#help
if [ -z "$1" ] || [ $1 == "help" ];then
echo "Help: $0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun"
echo ""
echo "How to use this scripts"
echo ""
echo "1st: clear"
echo "2nd: init, clear iptables and change selinux mode to permissive"
echo "3rd: br-int, create br-int bridge"
echo "4th: vtap, create vtap and start VMs"
echo "5th: vxlan, create vxlan tunnel"
echo "6th: br-tun, optional, create br-tun bridge"
echo "7th: veth-pair, optional, create veth-pair to connect between bridges(br-int and br-tun)"
echo "8th: en-br-tun, optional, insert eth1 to br-tun and assign ip address to br-tun"
echo ""
exit 1
fi
## clear
if [ $1 == "clear" ];then
echo "$1"
iptables -F
ip addr flush dev eth1
ovs-vsctl del-port br-int vtap1
ovs-vsctl del-port br-int vtap2
ovs-vsctl del-port br-int vxlan0
ovs-vsctl del-br br-int
ovs-vsctl del-br br-tun
virsh destroy cirros1
virsh destroy cirros2
ip tuntap del mode tap vtap1
ip tuntap del mode tap vtap2
ip link del veth0 type veth peer name veth1
ip link del virbr0
ip link del virbr0-nic
ovs-vsctl show

25. RED HAT ENTERPISE LINUX25
Ref – ovs-host1.sh (cont.)
## br-int
elif [ $1 == "br-int" ];then
echo $1
ovs-vsctl add-br br-int
ip addr add $vnet dev br-int
ip link set dev br-int up
ovs-vsctl show
## vtap
elif [ $1 == "vtap" ];then
echo $1
echo "vm 1 and vm2 starting"
ip tuntap add mode tap vtap1
ip tuntap add mode tap vtap2
virsh start cirros1
virsh start cirros2
sleep 5
ip link set dev vtap1 up
ip link set dev vtap2 up
ovs-vsctl add-port br-int vtap1
ovs-vsctl add-port br-int vtap2
ovs-vsctl show
## vxlan
elif [ $1 == "vxlan" ];then
echo $1
ovs-vsctl add-port br-int vxlan0 -- set interface vxlan0 type=vxlan options:key=100 options:remote_ip=$target_host
ovs-vsctl show
## br-tun
elif [ $1 == "br-tun" ];then
echo $1
ovs-vsctl add-br br-tun
ip link set dev br-tun up
ovs-vsctl show
## veth pair
elif [ $1 == "veth-pair" ];then
echo $1
ip link add veth0 type veth peer name veth1
ovs-vsctl add-port br-int veth0
ovs-vsctl add-port br-tun veth1
ip link set veth0 up
ip link set veth1 up
ovs-vsctl show

26. RED HAT ENTERPISE LINUX26
Ref – ovs-host1.sh (cont.)
## veth pair
elif [ $1 == "veth-pair" ];then
echo $1
ip link add veth0 type veth peer name veth1
ovs-vsctl add-port br-int veth0
ovs-vsctl add-port br-tun veth1
ip link set veth0 up
ip link set veth1 up
ovs-vsctl show
## en-br-tun
elif [ $1 == "en-br-tun" ];then
echo $1
ip addr flush dev eth1
ovs-vsctl add-port br-tun eth1
ip addr add $tun_net dev br-tun
ip link set br-tun up
ovs-vsctl show
## init
elif [ $1 == "init" ];then
echo $1
iptables -F
setenforce 0
ip addr add $tun_net dev eth1
ip link set eth1 up
else
echo "$0 clear|init|br-int|vtap|vxlan|br-tun|veth-pair|en-br-tun"
fi

27. RED HAT ENTERPISE LINUX27
End of Document