]>
Commit | Line | Data |
---|---|---|
b81411b7 JP |
1 | Using Open vSwitch as a Simple OpenFlow Switch |
2 | ============================================== | |
3 | ||
4 | Open vSwitch uses OpenFlow as its preferred method of remote flow table | |
4cff83cb JP |
5 | configuration. This is the simplest method of using it with an OpenFlow |
6 | controller. All that is required is to follow the instructions in | |
7 | INSTALL.Linux and add the bridge.<name>.controller set of parameters to the | |
8 | ovs-vswitchd(8) configuration file as described in ovs-vswitchd.conf(5). | |
9 | We recommend using OpenFlow in this manner. However, it is also possible to | |
10 | use Open vSwitch as a simple OpenFlow switch like that provided by the | |
11 | OpenFlow reference implementation [1]. The remainder of this file describes | |
12 | how to user it in that manner. | |
b81411b7 JP |
13 | |
14 | What is OpenFlow? | |
15 | ----------------- | |
16 | ||
17 | OpenFlow is a flow-based switch specification designed to enable | |
18 | researchers to run experiments in live networks. OpenFlow is based on a | |
19 | simple Ethernet flow switch that exposes a standardized interface for | |
20 | adding and removing flow entries. | |
21 | ||
22 | An OpenFlow switch consists of three parts: (1) A "flow table" in | |
23 | which each flow entry is associated with an action telling the switch | |
24 | how to process the flow, (2) a "secure channel" that connects the switch | |
25 | to a remote process (a controller), allowing commands and packets to | |
26 | be sent between the controller and the switch, and (3) an OpenFlow | |
27 | protocol implementation, providing an open and standard way for a | |
28 | controller to talk to the switch. | |
29 | ||
30 | An OpenFlow switch can thus serve as a simple datapath element that | |
31 | forwards packets between ports according to flow actions defined by | |
32 | the controller using OpenFlow commands. Example actions are: | |
33 | ||
34 | - Forward this flow's packets to the given port(s) | |
35 | - Drop this flow's packets | |
36 | - Encapsulate and forward this flow's packets to the controller. | |
37 | ||
38 | The OpenFlow switch is defined in detail in the OpenFlow switch | |
39 | Specification [2]. | |
40 | ||
41 | Installation Procedure | |
42 | ---------------------- | |
43 | ||
44 | The procedure below explains how to use the Open vSwitch as a simple | |
45 | OpenFlow switch. | |
46 | ||
47 | 1. Build and install the Open vSwitch kernel modules and userspace | |
48 | programs as described in INSTALL.Linux. | |
49 | ||
50 | It is important to run "make install", because some Open vSwitch | |
51 | programs expect to find files in locations selected at installation | |
52 | time. | |
53 | ||
54 | 2. Load the openvswitch kernel module (which was built in step 1), e.g.: | |
55 | ||
56 | % insmod datapath/linux-2.6/openvswitch_mod.ko | |
57 | ||
58 | This kernel module cannot be loaded if the Linux bridge module is | |
59 | already loaded. Thus, you may need to remove any existing bridges | |
60 | and unload the bridge module with "rmmod bridge" before you can do | |
61 | this. | |
62 | ||
63 | 3. Create a datapath instance. The command below creates a datapath | |
64 | identified as dp0 (see ovs-dpctl(8) for more detailed usage | |
65 | information). | |
66 | ||
67 | # ovs-dpctl add-dp dp0 | |
68 | ||
69 | Creating datapath dp0 creates a new network device, also named dp0. | |
70 | This network device, called the datapath's "local port", will be | |
4cff83cb JP |
71 | bridged to the physical switch ports by ovs-openflowd(8). It is |
72 | optionally used for in-band control as described in step 5. | |
b81411b7 JP |
73 | |
74 | 4. Use ovs-dpctl to attach the datapath to physical interfaces on the | |
75 | machine. Say, for example, you want to create a trivial 2-port | |
76 | switch using interfaces eth1 and eth2, you would issue the following | |
77 | commands: | |
78 | ||
79 | # ovs-dpctl add-if dp0 eth1 | |
80 | # ovs-dpctl add-if dp0 eth2 | |
81 | ||
82 | You can verify that the interfaces were successfully added by asking | |
83 | ovs-dpctl to print the current status of datapath dp0: | |
84 | ||
85 | # ovs-dpctl show dp0 | |
86 | ||
4cff83cb JP |
87 | 5. Arrange so that the switch can reach the controller over the network. |
88 | This can be done in two ways. The switch may be configured for | |
89 | out-of-band control, which means it uses a network separate from the | |
90 | data traffic that it controls. Alternatively, the switch may be | |
91 | configured to contact the controller over one of the network devices | |
92 | under its control. In-band control is often more convenient than | |
93 | out-of-band, because it is not necessary to maintain two independent | |
94 | networks. | |
b81411b7 JP |
95 | |
96 | - If you are using out-of-band control, at this point make sure | |
97 | that the switch machine can reach the controller over the | |
98 | network. | |
99 | ||
100 | - If you are using in-band control, then at this point you must | |
101 | configure the dp0 network device created in step 3. This | |
102 | device is not yet bridged to any physical network (because | |
103 | ovs-openflowd does that, and it is not yet running), so the next | |
104 | step depends on whether connectivity is required to configure | |
105 | the device's IP address: | |
106 | ||
107 | * If the switch has a static IP address, you may configure | |
108 | its IP address now, e.g.: | |
109 | ||
110 | # ifconfig dp0 192.168.1.1 | |
111 | ||
112 | * If the switch does not have a static IP address, e.g. its | |
113 | IP address is obtained dynamically via DHCP, then proceed | |
4cff83cb JP |
114 | to the next step. The DHCP client will not be able to |
115 | contact the DHCP server until the secure channel has | |
116 | started. The address will be obtained in step 7. | |
b81411b7 JP |
117 | |
118 | - If you are using in-band control with controller discovery, no | |
119 | configuration is required at this point. You may proceed to | |
4cff83cb | 120 | the next step. |
b81411b7 JP |
121 | |
122 | 6. Run ovs-openflowd to start the secure channel connecting the datapath to | |
123 | a remote controller. If the controller is running on host | |
124 | 192.168.1.2 port 6633 (the default port), the ovs-openflowd invocation | |
125 | would look like this: | |
126 | ||
127 | # ovs-openflowd dp0 tcp:192.168.1.2 | |
128 | ||
129 | - If you are using in-band control with controller discovery, omit | |
130 | the second argument to the ovs-openflowd command. | |
131 | ||
132 | - If you are using out-of-band control, add --out-of-band to the | |
133 | command line. | |
134 | ||
135 | Using the "tcp:<controller_ip>" argument causes the switch to connect | |
136 | in an insecure manner. Please see INSTALL.SSL for a description of | |
137 | how to connect securely using SSL. | |
138 | ||
139 | 7. If you are using in-band control with manual configuration, and the | |
140 | switch obtains its IP address dynamically, then you may now obtain | |
141 | the switch's IP address, e.g. by invoking a DHCP client. The | |
142 | secure channel will only be able to connect to the controller after | |
143 | an IP address has been obtained. | |
144 | ||
145 | 8. The secure channel should connect to the controller within a few | |
146 | seconds. It may take a little longer if controller discovery is in | |
147 | use, because the switch must then also obtain its own IP address | |
148 | and the controller's location via DHCP. | |
149 | ||
150 | References | |
151 | ---------- | |
152 | ||
153 | [1] OpenFlow Reference Implementation. | |
154 | <http://www.openflowswitch.org/wp/downloads/> | |
155 | ||
156 | [2] OpenFlow Switch Specification. | |
157 | <http://openflowswitch.org/documents/openflow-spec-latest.pdf> |