Open Vswitch is an Open Source software switch designed specifically to be used in virtualized environments such as OpenStack or RHEV-H.  OVS (Open Vswitch) was designed to make it easier to manage, configure, and monitor virtual traffic within a virtualized environment.

Below, is Part 1 in what I suspect will be a multiple part series on configuring, viewing, and managing your virtualized network via OVS.

Viewing OVS Bridges

To view OVS Bridges configured on a system, use the command ovs-vsctl as shown below. On my test system, we have three configured bridges; br-ex, br-int, and br-tun.

# ovs-vsctl show
b5aa3cf4-d962-4cb2-b3b6-20f0b4858f59
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port “eth0”
Interface “eth0”
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}

Bridge br-int
fail_mode: secure
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal

Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: “2.4.0”

The output from the command above is rather verbose. If you prefer a more terse output you best try the command below. In this instance the only output is the name of our bridges.

# ovs-vsctl list-br
br-ex
br-int
br-tun

Nice – that was much easier on the eyes. Now lets poke around on a specific bridge and list its ports. We will use br-ex as our guinea pig.

# ovs-vsctl list-ports br-ex
eth0
phy-br-ex

Here we can see the br-ex has two ports, eth0 and phy-br-ex.

If you are looking for more verbose information on ports, you can list all your ports and gather a lot more info using the command below.

# ovs-vsctl list interface

_uuid : aa765210-cc63-4e30-ad99-f6c636455cc4
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : []
error : []
external_ids : {}
ifindex : 0

….

//A Quick Note on fail_mode

Fail mode can be set to either standalone or secure mode. The default is standalone.

• standalone: OVS will take responsibility for forwarding the packets if the controller fails
• secure: Only the controller is responsible for forwarding packets, and if the controller is down all packets are going to be dropped.

More information here.

 

Creating OVS Bridges

Ok, lets keep it simple. Here is how you create a simple bridge.  In this example our test bridge is called br-ex.

# ovs-vsctl add-br br-test

Now lets add an interface to this bridge. In this example we are adding

# ovs-vsctl add-port br-test eth0

Below are a few more cli examples.

By default when you add a port to a OVS switch its created as a trunk port.  Below is an example of how to change a port to an access port.

#ovs-vsctl add-port <bridge> <interface> tag=<VLAN NUM>

The cli example below is used to patch two or more bridges together by configuring the port as a patch port.

#ovs-vsctl set interface <interface> type=patch options:peer=<interface>

Since we are now moving on to another section, lets clean up after ourselves by deleting our test bridge

# ovs-vsctl del-br br-test

OpenFlow Monitoring and Administration with ovs-ofctl

ovs-ofctl, according to its man page, is a cli tool for monitoring and administering OpenFlow switches. Since an OVS switch is by definition, also a OpenFlow switch, you can use ovs-ofctl to show the current state or a switch or change its OpenFlow configuration. I’m still experimenting with ovs-ofctl, so I will only include a few simple examples.

The command below shows the OpenFlow features and ports of our bridge, br-ex.

# ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000001a4a751d01
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth0): addr:00:1a:4a:75:1d:01
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
3(phy-br-ex): addr:02:73:5a:05:5e:e5
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ex): addr:00:1a:4a:75:1d:01
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

The command below prints our our flow entries.

# ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=484653.940s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=2,in_port=3 actions=drop
cookie=0x0, duration=484654.354s, table=0, n_packets=2187717, n_bytes=145045427, idle_age=0, hard_age=65534, priority=1 actions=NORMAL

“Flow entries are the instructions that tell an openflow switch what to do with an incoming stream of packets. Flow entries are stored in the flow table of a switch and can be setup by the OpenFlow controller or by the admin manually”

 

We can use the command below to monitor flow statistics for each port on an OVS-bridge

# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=485561.813s, table=0, n_packets=1686914, n_bytes=109291027, idle_age=3, hard_age=65534, priority=2,in_port=1 actions=drop
cookie=0x0, duration=485562.191s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=1 actions=NORMAL
cookie=0x0, duration=485562.184s, table=23, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop

Alternatively, we filter out a specfic flow name, when we add the flow name to the command above. See example below.

# ovs-ofctl dump-flows br-int in_port=1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=485583.607s, table=0, n_packets=1686978, n_bytes=109295167, idle_age=0, hard_age=65534, priority=2,in_port=1 actions=drop

What fun.

 

References:

FAQ : openvswitch.org

OpenVswitch Cheat Sheet.