]>
Commit | Line | Data |
---|---|---|
b81411b7 JP |
1 | Using Open vSwitch as a Simple OpenFlow Switch |
2 | ============================================== | |
3 | ||
3b12adda BP |
4 | Open vSwitch uses OpenFlow as its preferred method of remote flow |
5 | table configuration. This is the simplest method of using it with an | |
ac7f2d4b JG |
6 | OpenFlow controller. The ovs-vsctl "set-controller" command can also |
7 | be used in conjunction with ovs-vswitchd to set the controller for one | |
8 | or more bridges. We recommend using OpenFlow in this manner and in this | |
9 | case you should not run ovs-openflowd. Directions for setting up | |
10 | ovs-vswitchd can be found in INSTALL.Linux. | |
3b12adda BP |
11 | |
12 | However, it is also possible to use Open vSwitch as a simple OpenFlow | |
13 | switch like that provided by the OpenFlow reference implementation | |
14 | [1]. The remainder of this file describes how to use it in that | |
15 | manner. | |
b81411b7 JP |
16 | |
17 | What is OpenFlow? | |
18 | ----------------- | |
19 | ||
20 | OpenFlow is a flow-based switch specification designed to enable | |
21 | researchers to run experiments in live networks. OpenFlow is based on a | |
22 | simple Ethernet flow switch that exposes a standardized interface for | |
23 | adding and removing flow entries. | |
24 | ||
25 | An OpenFlow switch consists of three parts: (1) A "flow table" in | |
26 | which each flow entry is associated with an action telling the switch | |
27 | how to process the flow, (2) a "secure channel" that connects the switch | |
28 | to a remote process (a controller), allowing commands and packets to | |
29 | be sent between the controller and the switch, and (3) an OpenFlow | |
30 | protocol implementation, providing an open and standard way for a | |
31 | controller to talk to the switch. | |
32 | ||
33 | An OpenFlow switch can thus serve as a simple datapath element that | |
34 | forwards packets between ports according to flow actions defined by | |
35 | the controller using OpenFlow commands. Example actions are: | |
36 | ||
37 | - Forward this flow's packets to the given port(s) | |
38 | - Drop this flow's packets | |
39 | - Encapsulate and forward this flow's packets to the controller. | |
40 | ||
41 | The OpenFlow switch is defined in detail in the OpenFlow switch | |
42 | Specification [2]. | |
43 | ||
44 | Installation Procedure | |
45 | ---------------------- | |
46 | ||
47 | The procedure below explains how to use the Open vSwitch as a simple | |
48 | OpenFlow switch. | |
49 | ||
50 | 1. Build and install the Open vSwitch kernel modules and userspace | |
51 | programs as described in INSTALL.Linux. | |
52 | ||
53 | It is important to run "make install", because some Open vSwitch | |
54 | programs expect to find files in locations selected at installation | |
55 | time. | |
56 | ||
57 | 2. Load the openvswitch kernel module (which was built in step 1), e.g.: | |
58 | ||
59 | % insmod datapath/linux-2.6/openvswitch_mod.ko | |
60 | ||
c9d3af4e BP |
61 | If your Linux kernel is earlier than 2.6.36, this kernel module |
62 | cannot be loaded if the Linux bridge module is already loaded. | |
63 | Thus, you may need to remove any existing bridges and unload the | |
64 | bridge module with "rmmod bridge" before you can do this. | |
b81411b7 JP |
65 | |
66 | 3. Create a datapath instance. The command below creates a datapath | |
67 | identified as dp0 (see ovs-dpctl(8) for more detailed usage | |
68 | information). | |
69 | ||
70 | # ovs-dpctl add-dp dp0 | |
71 | ||
72 | Creating datapath dp0 creates a new network device, also named dp0. | |
73 | This network device, called the datapath's "local port", will be | |
4cff83cb JP |
74 | bridged to the physical switch ports by ovs-openflowd(8). It is |
75 | optionally used for in-band control as described in step 5. | |
b81411b7 JP |
76 | |
77 | 4. Use ovs-dpctl to attach the datapath to physical interfaces on the | |
78 | machine. Say, for example, you want to create a trivial 2-port | |
79 | switch using interfaces eth1 and eth2, you would issue the following | |
80 | commands: | |
81 | ||
82 | # ovs-dpctl add-if dp0 eth1 | |
83 | # ovs-dpctl add-if dp0 eth2 | |
84 | ||
85 | You can verify that the interfaces were successfully added by asking | |
86 | ovs-dpctl to print the current status of datapath dp0: | |
87 | ||
88 | # ovs-dpctl show dp0 | |
89 | ||
4cff83cb JP |
90 | 5. Arrange so that the switch can reach the controller over the network. |
91 | This can be done in two ways. The switch may be configured for | |
92 | out-of-band control, which means it uses a network separate from the | |
93 | data traffic that it controls. Alternatively, the switch may be | |
94 | configured to contact the controller over one of the network devices | |
95 | under its control. In-band control is often more convenient than | |
96 | out-of-band, because it is not necessary to maintain two independent | |
97 | networks. | |
b81411b7 JP |
98 | |
99 | - If you are using out-of-band control, at this point make sure | |
100 | that the switch machine can reach the controller over the | |
101 | network. | |
102 | ||
103 | - If you are using in-band control, then at this point you must | |
104 | configure the dp0 network device created in step 3. This | |
105 | device is not yet bridged to any physical network (because | |
106 | ovs-openflowd does that, and it is not yet running), so the next | |
107 | step depends on whether connectivity is required to configure | |
108 | the device's IP address: | |
109 | ||
110 | * If the switch has a static IP address, you may configure | |
111 | its IP address now, e.g.: | |
112 | ||
113 | # ifconfig dp0 192.168.1.1 | |
114 | ||
115 | * If the switch does not have a static IP address, e.g. its | |
116 | IP address is obtained dynamically via DHCP, then proceed | |
4cff83cb JP |
117 | to the next step. The DHCP client will not be able to |
118 | contact the DHCP server until the secure channel has | |
119 | started. The address will be obtained in step 7. | |
b81411b7 | 120 | |
b81411b7 JP |
121 | 6. Run ovs-openflowd to start the secure channel connecting the datapath to |
122 | a remote controller. If the controller is running on host | |
123 | 192.168.1.2 port 6633 (the default port), the ovs-openflowd invocation | |
124 | would look like this: | |
125 | ||
126 | # ovs-openflowd dp0 tcp:192.168.1.2 | |
127 | ||
b81411b7 JP |
128 | - If you are using out-of-band control, add --out-of-band to the |
129 | command line. | |
130 | ||
131 | Using the "tcp:<controller_ip>" argument causes the switch to connect | |
132 | in an insecure manner. Please see INSTALL.SSL for a description of | |
133 | how to connect securely using SSL. | |
134 | ||
195c8086 BP |
135 | 7. If you are using in-band control, and the switch obtains its IP address |
136 | dynamically, then you may now obtain the switch's IP address, e.g. by | |
137 | invoking a DHCP client. The secure channel will only be able to connect | |
138 | to the controller after an IP address has been obtained. | |
b81411b7 JP |
139 | |
140 | 8. The secure channel should connect to the controller within a few | |
195c8086 | 141 | seconds. |
b81411b7 JP |
142 | |
143 | References | |
144 | ---------- | |
145 | ||
146 | [1] OpenFlow Reference Implementation. | |
147 | <http://www.openflowswitch.org/wp/downloads/> | |
148 | ||
149 | [2] OpenFlow Switch Specification. | |
150 | <http://openflowswitch.org/documents/openflow-spec-latest.pdf> |