[ovs.git] / debian / openvswitch-switch.README.Debian

Debian network scripts integration
----------------------------------
This package lets a user to optionally configure Open vSwitch bridges
and ports from /etc/network/interfaces. Please refer to the interfaces(5)
manpage for more details regarding /etc/network/interfaces.

The stanzas that configure the OVS bridges should begin with "allow-ovs"
followed by name of the bridge. Here is an example.
allow-ovs br0

The stanzas that configure the OVS ports should begin with
"allow-${bridge-name}" followed by name of the port. Here is an example.
allow-br0 eth0

The following OVS specific "command" options are supported:

    - ovs_type: This can either be OVSBridge, OVSPort, OVSIntPort, OVSBond,
      OVSPatchPort or OVSTunnel depending on whether you configure a bridge,
      port, an internal port, a bond, a patch port or a tunnel. This is a
      required option.

    - ovs_ports: This option specifies all the ports that belong to a bridge.

    - ovs_bridge: This options specifies a bridge to which a port belongs.
      This is a required option for a port.

    - ovs_bonds: This option specifies the list of physical interfaces to be
      bonded together.

    - ovs_patch_peer: For "OVSPatchPort" interfaces, this field specifies
      the patch's peer on the other bridge.

    - ovs_tunnel_type: For "OVSTunnel" interfaces, the type of the tunnel.
      For example, "gre", "vxlan", etc.

    - ovs_tunnel_options: For "OVSTunnel" interfaces, this field should be
      used to specify the tunnel options like remote_ip, key, etc.

    - ovs_options: This option lets you add extra arguments to a ovs-vsctl
      command. See examples.

    - ovs_extra: This option lets you run additional ovs-vsctl commands,
      separated by "--" (double dash). Variables can be part of the "ovs_extra"
      option. You can provide all the standard environmental variables
      described in the interfaces(5) man page. You can also pass shell
      commands.

More implementation specific details can be seen in the examples.

Examples:
--------
ex 1: A standalone bridge.

allow-ovs br0
iface br0 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge

ex 2: A bridge with one port.

allow-ovs br0
iface br0 inet dhcp
    ovs_type OVSBridge
    ovs_ports eth0

allow-br0 eth0
iface eth0 inet manual
    ovs_bridge br0
    ovs_type OVSPort

ex 3: A bridge with multiple physical ports.

allow-ovs br0
iface br0 inet dhcp
    ovs_type OVSBridge
    ovs_ports eth0 eth1

allow-br0 eth0
iface eth0 inet manual
    ovs_bridge br0
    ovs_type OVSPort

allow-br0 eth1
iface eth1 inet manual
    ovs_bridge br0
    ovs_type OVSPort

ex 4: A bridge with an OVS internal port.

allow-ovs br1
iface br1 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge
    ovs_ports vlan100

allow-br1 vlan100
iface vlan100 inet manual
    ovs_bridge br1
    ovs_type OVSIntPort
    ovs_options tag=100
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)

ex 5: Bonding.

allow-ovs br2
iface br2 inet static
    address 192.170.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge
    ovs_ports bond0

allow-br2 bond0
iface bond0 inet manual
    ovs_bridge br2
    ovs_type OVSBond
    ovs_bonds eth2 eth3
    ovs_options bond_mode=balance-tcp lacp=active

ex 6: Patch ports.

allow-ovs br0
iface br0 inet manual
    ovs_type OVSBridge
    ovs_ports patch0

allow-br0 patch0
iface patch0 inet manual
    ovs_bridge br0
    ovs_type OVSPatchPort
    ovs_patch_peer patch1

allow-ovs br1
iface br1 inet manual
    ovs_type OVSBridge
    ovs_ports patch1

allow-br1 patch1
iface patch1 inet manual
    ovs_bridge br1
    ovs_type OVSPatchPort
    ovs_patch_peer patch0

ex 7: Tunnel.

allow-ovs br1
iface br1 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge
    ovs_ports gre1

allow-br1 gre1
iface gre1 inet manual
    ovs_bridge br1
    ovs_type OVSTunnel
    ovs_tunnel_type gre
    ovs_tunnel_options options:remote_ip=182.168.1.2 options:key=1

ex 8: Create and destroy bridges.

ifup --allow=ovs $list_of_bridges
ifdown --allow=ovs $list_of_bridges

ex 9: Bond + Bridge + VLAN + MTU

allow-bond0 eth2
iface eth2 inet manual
    ovs_type OVSPort
    ovs_bonds bond0
    ovs_mtu 9000

# Interface eth3
#auto eth3
allow-bond0 eth3
iface eth3 inet manual
    ovs_type OVSPort
    ovs_bonds bond0
    ovs_mtu 9000

# Interface bond0
auto bond0
allow-br-ex bond0
iface bond0 inet manual
    ovs_bridge br-ex 
    ovs_type OVSBond
    ovs_bonds eth2 eth3
    ovs_options bond_mode=balance-tcp lacp=active other_config:lacp-time=fast
    ovs_mtu 9000
    up ifup eth2
    up ifup eth3
    up ovs-vsctl set Interface ${IFACE} mtu_request=${IF_OVS_MTU}

# Interface vlan81
auto vlan871
allow-br-ex vlan81
iface vlan81 inet static
    ovs_type OVSIntPort
    ovs_bridge br-ex
    ovs_options tag=81
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
    ovs_mtu 9000
    address 192.168.100.2
    network 192.168.100.0
    netmask 255.255.255.0
    broadcast 192.168.100.255
    gateway 192.168.100.1

# Interface br-ex
auto br-ex
allow-ovs br-ex
iface br-ex inet manual
        ovs_type OVSBridge
        ovs_ports bond0 vlan81
        ovs_mtu 9000


Notes on dependencies:
---------------------

openvswitch-switch depends on $network, $named $remote_fs and $syslog to start.
This creates some startup dependency issues.

* Since openvswitch utilities are placed in /usr and /usr can be mounted
through NFS, openvswitch has to start after it.  But if a user uses openvswitch
for all his networking needs and hence to mount NFS, there will be a deadlock.
So, if /usr is mounted through NFS and openvswitch is used for all networking,
the administrator should figure out a way to mount NFS before starting OVS.
One way to do this is in initramfs.

* Since openvswitch starts after $network, $remote_fs and $syslog, any startup
script that depends on openvswitch but starts before it, needs to be changed
to depend on openvswitch-switch too.

* Ideally, an admin should not add openvswitch bridges in the 'auto'
section of the 'interfaces' file.  This is because, when ifupdown starts
working on bridges listed in 'auto', openvswitch has not yet started.

But, if the admin wants to go down this route and adds openvswitch bridges
in the 'auto' section, openvswitch-switch will forcefully be started when
ifupdown kicks in. In a case like this, the admin needs to make sure that /usr
has already been mounted and that a remote $syslog (if used) is ready to
receive openvswitch logs.

 -- Ben Pfaff <pfaffben@debian.org>, Fri, 23 Dec 2016 09:45:56 -0800
Commit	Line	Data
9a25910a TL	1	Debian network scripts integration
	2	----------------------------------
	3	This package lets a user to optionally configure Open vSwitch bridges
	4	and ports from /etc/network/interfaces. Please refer to the interfaces(5)
	5	manpage for more details regarding /etc/network/interfaces.
	6
	7	The stanzas that configure the OVS bridges should begin with "allow-ovs"
	8	followed by name of the bridge. Here is an example.
	9	allow-ovs br0
	10
	11	The stanzas that configure the OVS ports should begin with
	12	"allow-${bridge-name}" followed by name of the port. Here is an example.
	13	allow-br0 eth0
	14
	15	The following OVS specific "command" options are supported:
	16
	17	- ovs_type: This can either be OVSBridge, OVSPort, OVSIntPort, OVSBond,
	18	OVSPatchPort or OVSTunnel depending on whether you configure a bridge,
	19	port, an internal port, a bond, a patch port or a tunnel. This is a
	20	required option.
	21
	22	- ovs_ports: This option specifies all the ports that belong to a bridge.
	23
	24	- ovs_bridge: This options specifies a bridge to which a port belongs.
	25	This is a required option for a port.
	26
	27	- ovs_bonds: This option specifies the list of physical interfaces to be
	28	bonded together.
	29
	30	- ovs_patch_peer: For "OVSPatchPort" interfaces, this field specifies
	31	the patch's peer on the other bridge.
	32
	33	- ovs_tunnel_type: For "OVSTunnel" interfaces, the type of the tunnel.
	34	For example, "gre", "vxlan", etc.
	35
	36	- ovs_tunnel_options: For "OVSTunnel" interfaces, this field should be
	37	used to specify the tunnel options like remote_ip, key, etc.
	38
	39	- ovs_options: This option lets you add extra arguments to a ovs-vsctl
	40	command. See examples.
	41
	42	- ovs_extra: This option lets you run additional ovs-vsctl commands,
	43	separated by "--" (double dash). Variables can be part of the "ovs_extra"
	44	option. You can provide all the standard environmental variables
	45	described in the interfaces(5) man page. You can also pass shell
	46	commands.
	47
	48	More implementation specific details can be seen in the examples.
	49
	50	Examples:
	51	--------
	52	ex 1: A standalone bridge.
	53
	54	allow-ovs br0
	55	iface br0 inet static
	56	address 192.168.1.1
	57	netmask 255.255.255.0
	58	ovs_type OVSBridge
	59
	60	ex 2: A bridge with one port.
	61
	62	allow-ovs br0
	63	iface br0 inet dhcp
	64	ovs_type OVSBridge
65	ovs_ports eth0
66
67	allow-br0 eth0
68	iface eth0 inet manual
69	ovs_bridge br0
70	ovs_type OVSPort
71
72	ex 3: A bridge with multiple physical ports.
73
74	allow-ovs br0
75	iface br0 inet dhcp
76	ovs_type OVSBridge
77	ovs_ports eth0 eth1
78
79	allow-br0 eth0
80	iface eth0 inet manual
81	ovs_bridge br0
82	ovs_type OVSPort
83
84	allow-br0 eth1
85	iface eth1 inet manual
86	ovs_bridge br0
87	ovs_type OVSPort
88
89	ex 4: A bridge with an OVS internal port.
90
91	allow-ovs br1
92	iface br1 inet static
93	address 192.168.1.1
94	netmask 255.255.255.0
95	ovs_type OVSBridge
96	ovs_ports vlan100
97
98	allow-br1 vlan100
99	iface vlan100 inet manual
100	ovs_bridge br1
101	ovs_type OVSIntPort
102	ovs_options tag=100
103	ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)
104
105	ex 5: Bonding.
106
107	allow-ovs br2
108	iface br2 inet static
109	address 192.170.1.1
110	netmask 255.255.255.0
111	ovs_type OVSBridge
112	ovs_ports bond0
113
114	allow-br2 bond0
115	iface bond0 inet manual
116	ovs_bridge br2
117	ovs_type OVSBond
118	ovs_bonds eth2 eth3
119	ovs_options bond_mode=balance-tcp lacp=active
120
121	ex 6: Patch ports.
122
123	allow-ovs br0
124	iface br0 inet manual
125	ovs_type OVSBridge
126	ovs_ports patch0
127
128	allow-br0 patch0
129	iface patch0 inet manual
130	ovs_bridge br0
131	ovs_type OVSPatchPort
132	ovs_patch_peer patch1
133
134	allow-ovs br1
135	iface br1 inet manual
136	ovs_type OVSBridge
137	ovs_ports patch1
138
139	allow-br1 patch1
140	iface patch1 inet manual
141	ovs_bridge br1
142	ovs_type OVSPatchPort
143	ovs_patch_peer patch0
144
145	ex 7: Tunnel.
146
147	allow-ovs br1
148	iface br1 inet static
149	address 192.168.1.1
150	netmask 255.255.255.0
151	ovs_type OVSBridge
152	ovs_ports gre1
153
154	allow-br1 gre1
155	iface gre1 inet manual
156	ovs_bridge br1
157	ovs_type OVSTunnel
158	ovs_tunnel_type gre
159	ovs_tunnel_options options:remote_ip=182.168.1.2 options:key=1
160
161	ex 8: Create and destroy bridges.
162
163	ifup --allow=ovs $list_of_bridges
164	ifdown --allow=ovs $list_of_bridges
165
166	ex 9: Bond + Bridge + VLAN + MTU
167
168	allow-bond0 eth2
169	iface eth2 inet manual
170	ovs_type OVSPort
171	ovs_bonds bond0
172	ovs_mtu 9000
173
174	# Interface eth3
175	#auto eth3
176	allow-bond0 eth3
177	iface eth3 inet manual
178	ovs_type OVSPort
179	ovs_bonds bond0
180	ovs_mtu 9000
181
182	# Interface bond0
183	auto bond0
184	allow-br-ex bond0
185	iface bond0 inet manual
186	ovs_bridge br-ex
187	ovs_type OVSBond
188	ovs_bonds eth2 eth3
189	ovs_options bond_mode=balance-tcp lacp=active other_config:lacp-time=fast
190	ovs_mtu 9000
191	up ifup eth2
192	up ifup eth3
193	up ovs-vsctl set Interface ${IFACE} mtu_request=${IF_OVS_MTU}
194
195	# Interface vlan81
196	auto vlan871
197	allow-br-ex vlan81
198	iface vlan81 inet static
199	ovs_type OVSIntPort
200	ovs_bridge br-ex
201	ovs_options tag=81
202	ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
203	ovs_mtu 9000
204	address 192.168.100.2
205	network 192.168.100.0
206	netmask 255.255.255.0
207	broadcast 192.168.100.255
208	gateway 192.168.100.1
209
210	# Interface br-ex
211	auto br-ex
212	allow-ovs br-ex
213	iface br-ex inet manual
214	ovs_type OVSBridge
215	ovs_ports bond0 vlan81
216	ovs_mtu 9000
217
218
219	Notes on dependencies:
220	---------------------
221
222	openvswitch-switch depends on $network, $named $remote_fs and $syslog to start.
223	This creates some startup dependency issues.
224
225	* Since openvswitch utilities are placed in /usr and /usr can be mounted
226	through NFS, openvswitch has to start after it. But if a user uses openvswitch
227	for all his networking needs and hence to mount NFS, there will be a deadlock.
228	So, if /usr is mounted through NFS and openvswitch is used for all networking,
229	the administrator should figure out a way to mount NFS before starting OVS.
230	One way to do this is in initramfs.
231
232	* Since openvswitch starts after $network, $remote_fs and $syslog, any startup
233	script that depends on openvswitch but starts before it, needs to be changed
234	to depend on openvswitch-switch too.
235
236	* Ideally, an admin should not add openvswitch bridges in the 'auto'
237	section of the 'interfaces' file. This is because, when ifupdown starts
238	working on bridges listed in 'auto', openvswitch has not yet started.
239
240	But, if the admin wants to go down this route and adds openvswitch bridges
241	in the 'auto' section, openvswitch-switch will forcefully be started when
242	ifupdown kicks in. In a case like this, the admin needs to make sure that /usr
243	has already been mounted and that a remote $syslog (if used) is ready to
244	receive openvswitch logs.
245
246	-- Ben Pfaff <pfaffben@debian.org>, Fri, 23 Dec 2016 09:45:56 -0800