[ovs.git] / INSTALL.userspace.md

Using Open vSwitch without kernel support
=========================================

Open vSwitch can operate, at a cost in performance, entirely in
userspace, without assistance from a kernel module.  This file
explains how to install Open vSwitch in such a mode.

The userspace-only mode of Open vSwitch is considered experimental.
It has not been thoroughly tested.

This version of Open vSwitch should be built manually with `configure`
and `make`.  Debian packaging for Open vSwitch is also included, but
it has not been recently tested, and so Debian packages are not a
recommended way to use this version of Open vSwitch.

Building and Installing
-----------------------

The requirements and procedure for building, installing, and
configuring Open vSwitch are the same as those given in [INSTALL.md].
You may omit configuring, building, and installing the kernel module,
and the related requirements.

On Linux, the userspace switch additionally requires the kernel
TUN/TAP driver to be available, either built into the kernel or loaded
as a module.  If you are not sure, check for a directory named
/sys/class/misc/tun.  If it does not exist, then attempt to load the
module with `modprobe tun`.

The tun device must also exist as `/dev/net/tun`.  If it does not exist,
then create /dev/net (if necessary) with `mkdir /dev/net`, then create
`/dev/net/tun` with `mknod /dev/net/tun c 10 200`.

On FreeBSD and NetBSD, the userspace switch additionally requires the
kernel tap(4) driver to be available, either built into the kernel or
loaded as a module.

Using the Userspace Datapath with ovs-vswitchd
----------------------------------------------

To use ovs-vswitchd in userspace mode, create a bridge with datapath_type
"netdev" in the configuration database.  For example:

    ovs-vsctl add-br br0
    ovs-vsctl set bridge br0 datapath_type=netdev
    ovs-vsctl add-port br0 eth0
    ovs-vsctl add-port br0 eth1
    ovs-vsctl add-port br0 eth2

ovs-vswitchd will create a TAP device as the bridge's local interface,
named the same as the bridge, as well as for each configured internal
interface.

Currently, on FreeBSD, the functionality required for in-band control
support is not implemented.  To avoid related errors, you can disable
the in-band support with the following command.

    ovs-vsctl set bridge br0 other_config:disable-in-band=true

Firewall Rules
--------------

On Linux, when a physical interface is in use by the userspace
datapath, packets received on the interface still also pass into the
kernel TCP/IP stack.  This can cause surprising and incorrect
behavior.  You can use "iptables" to avoid this behavior, by using it
to drop received packets.  For example, to drop packets received on
eth0:

    iptables -A INPUT -i eth0 -j DROP
    iptables -A FORWARD -i eth0 -j DROP

Other settings
--------------

On NetBSD, depending on your network topology and applications, the
following configuration might help.  See sysctl(7).

    sysctl -w net.inet.ip.checkinterface=1

Bug Reporting
-------------

Please report problems to bugs@openvswitch.org.

[INSTALL.md]:INSTALL.md
Commit	Line	Data
542cc9bb TG	1	Using Open vSwitch without kernel support
542cc9bb TG	2	=========================================
d377243b BP	3
	4	Open vSwitch can operate, at a cost in performance, entirely in
	5	userspace, without assistance from a kernel module. This file
	6	explains how to install Open vSwitch in such a mode.
	7
	8	The userspace-only mode of Open vSwitch is considered experimental.
	9	It has not been thoroughly tested.
	10
542cc9bb TG	11	This version of Open vSwitch should be built manually with `configure`
542cc9bb TG	12	and `make`. Debian packaging for Open vSwitch is also included, but
d377243b BP	13	it has not been recently tested, and so Debian packages are not a
	14	recommended way to use this version of Open vSwitch.
	15
	16	Building and Installing
	17	-----------------------
	18
	19	The requirements and procedure for building, installing, and
9feb1017	20	configuring Open vSwitch are the same as those given in [INSTALL.md].
d377243b BP	21	You may omit configuring, building, and installing the kernel module,
	22	and the related requirements.
	23
	24	On Linux, the userspace switch additionally requires the kernel
	25	TUN/TAP driver to be available, either built into the kernel or loaded
	26	as a module. If you are not sure, check for a directory named
	27	/sys/class/misc/tun. If it does not exist, then attempt to load the
542cc9bb	28	module with `modprobe tun`.
d377243b	29
542cc9bb TG	30	The tun device must also exist as `/dev/net/tun`. If it does not exist,
	31	then create /dev/net (if necessary) with `mkdir /dev/net`, then create
	32	`/dev/net/tun` with `mknod /dev/net/tun c 10 200`.
d377243b	33
a09d302a YT	34	On FreeBSD and NetBSD, the userspace switch additionally requires the
	35	kernel tap(4) driver to be available, either built into the kernel or
	36	loaded as a module.
f6eb6b20	37
e3e9370b BP	38	Using the Userspace Datapath with ovs-vswitchd
e3e9370b BP	39	----------------------------------------------
d377243b	40
e5334dad JG	41	To use ovs-vswitchd in userspace mode, create a bridge with datapath_type
e5334dad JG	42	"netdev" in the configuration database. For example:
d377243b	43
e5334dad JG	44	ovs-vsctl add-br br0
	45	ovs-vsctl set bridge br0 datapath_type=netdev
	46	ovs-vsctl add-port br0 eth0
	47	ovs-vsctl add-port br0 eth1
	48	ovs-vsctl add-port br0 eth2
d377243b BP	49
d377243b BP	50	ovs-vswitchd will create a TAP device as the bridge's local interface,
e5334dad JG	51	named the same as the bridge, as well as for each configured internal
e5334dad JG	52	interface.
d377243b	53
d00409c5 YT	54	Currently, on FreeBSD, the functionality required for in-band control
	55	support is not implemented. To avoid related errors, you can disable
	56	the in-band support with the following command.
a09d302a YT	57
	58	ovs-vsctl set bridge br0 other_config:disable-in-band=true
	59
f4ef9534 BP	60	Firewall Rules
	61	--------------
	62
	63	On Linux, when a physical interface is in use by the userspace
	64	datapath, packets received on the interface still also pass into the
	65	kernel TCP/IP stack. This can cause surprising and incorrect
	66	behavior. You can use "iptables" to avoid this behavior, by using it
	67	to drop received packets. For example, to drop packets received on
	68	eth0:
	69
	70	iptables -A INPUT -i eth0 -j DROP
	71	iptables -A FORWARD -i eth0 -j DROP
	72
a09d302a YT	73	Other settings
	74	--------------
	75
	76	On NetBSD, depending on your network topology and applications, the
	77	following configuration might help. See sysctl(7).
	78
f293a803	79	sysctl -w net.inet.ip.checkinterface=1
a09d302a	80
d377243b BP	81	Bug Reporting
	82	-------------
	83
	84	Please report problems to bugs@openvswitch.org.
9feb1017 TG	85
9feb1017 TG	86	[INSTALL.md]:INSTALL.md