]> git.proxmox.com Git - ovs.git/blob - INSTALL
datapath: Remove vlan compat support
[ovs.git] / INSTALL
1 How to Install Open vSwitch on Linux, FreeBSD and NetBSD
2 ========================================================
3
4 This document describes how to build and install Open vSwitch on a
5 generic Linux, FreeBSD, or NetBSD host. For specifics around installation
6 on a specific platform, please see one of these files:
7
8 - INSTALL.Debian
9 - INSTALL.Fedora
10 - INSTALL.RHEL
11 - INSTALL.XenServer
12
13 Build Requirements
14 ------------------
15
16 To compile the userspace programs in the Open vSwitch distribution,
17 you will need the following software:
18
19 - GNU make.
20
21 - A C compiler, such as:
22
23 * GCC 4.x.
24
25 * Clang. Clang 3.4 and later provide useful static semantic
26 analysis and thread-safety checks. For Ubuntu, there are
27 nightly built packages available on clang's website.
28
29 - libssl, from OpenSSL, is optional but recommended if you plan to
30 connect the Open vSwitch to an OpenFlow controller. libssl is
31 required to establish confidentiality and authenticity in the
32 connections from an Open vSwitch to an OpenFlow controller. If
33 libssl is installed, then Open vSwitch will automatically build
34 with support for it.
35
36 To compile the kernel module on Linux, you must also install the
37 following. If you cannot build or install the kernel module, you may
38 use the userspace-only implementation, at a cost in performance. The
39 userspace implementation may also lack some features. Refer to
40 INSTALL.userspace for more information.
41
42 - A supported Linux kernel version. Please refer to README for a
43 list of supported versions.
44
45 The Open vSwitch datapath requires bridging support
46 (CONFIG_BRIDGE) to be built as a kernel module. (This is common
47 in kernels provided by Linux distributions.) The bridge module
48 must not be loaded or in use. If the bridge module is running
49 (check with "lsmod | grep bridge"), you must remove it ("rmmod
50 bridge") before starting the datapath.
51
52 For optional support of ingress policing, you must enable kernel
53 configuration options NET_CLS_BASIC, NET_SCH_INGRESS, and
54 NET_ACT_POLICE, either built-in or as modules. (NET_CLS_POLICE is
55 obsolete and not needed.)
56
57 To use GRE tunneling on Linux 2.6.37 or newer, kernel support
58 for GRE must be compiled in or available as a module
59 (CONFIG_NET_IPGRE_DEMUX).
60
61 To configure HTB or HFSC quality of service with Open vSwitch,
62 you must enable the respective configuration options.
63
64 To use Open vSwitch support for TAP devices, you must enable
65 CONFIG_TUN.
66
67 - To build a kernel module, you need the same version of GCC that
68 was used to build that kernel.
69
70 - A kernel build directory corresponding to the Linux kernel image
71 the module is to run on. Under Debian and Ubuntu, for example,
72 each linux-image package containing a kernel binary has a
73 corresponding linux-headers package with the required build
74 infrastructure.
75
76 If you are working from a Git tree or snapshot (instead of from a
77 distribution tarball), or if you modify the Open vSwitch build system
78 or the database schema, you will also need the following software:
79
80 - Autoconf version 2.64 or later.
81
82 - Automake version 1.10 or later.
83
84 - Python 2.x, for x >= 4.
85
86 If you modify the ovsdbmonitor tool, then you will also need the
87 following:
88
89 - pyuic4 from PyQt4 (http://www.riverbankcomputing.co.uk).
90
91 To run the unit tests, you also need:
92
93 - Perl. Version 5.10.1 is known to work. Earlier versions should
94 also work.
95
96 If you modify the vswitchd database schema, then the E-R diagram in
97 the ovs-vswitchd.conf.db(5) manpage will be updated properly only if
98 you have the following:
99
100 - "dot" from graphviz (http://www.graphviz.org/).
101
102 - Perl. Version 5.10.1 is known to work. Earlier versions should
103 also work.
104
105 - Python 2.x, for x >= 4.
106
107 If you are going to extensively modify Open vSwitch, please consider
108 installing the following to obtain better warnings:
109
110 - "sparse" version 0.4.4 or later
111 (http://www.kernel.org/pub/software/devel/sparse/dist/).
112
113 - GNU make.
114
115 - clang, version 3.4 or later
116
117 Also, you may find the ovs-dev script found in utilities/ovs-dev.py useful.
118
119 Installation Requirements
120 -------------------------
121
122 The machine on which Open vSwitch is to be installed must have the
123 following software:
124
125 - libc compatible with the libc used for build.
126
127 - libssl compatible with the libssl used for build, if OpenSSL was
128 used for the build.
129
130 - On Linux, the same kernel version configured as part of the build.
131
132 - For optional support of ingress policing on Linux, the "tc" program
133 from iproute2 (part of all major distributions and available at
134 http://www.linux-foundation.org/en/Net:Iproute2).
135
136 On Linux you should ensure that /dev/urandom exists. To support TAP
137 devices, you must also ensure that /dev/net/tun exists.
138
139 To run the ovsdbmonitor tool, the machine must also have the following
140 software:
141
142 - Python 2.x, for x >= 4.
143
144 - Python Twisted Conch.
145
146 - Python JSON.
147
148 - PySide or PyQt4.
149
150 - Python Zope interface module.
151
152 (On Debian "lenny" the above can be installed with "apt-get install
153 python-json python-qt4 python-zopeinterface python-twisted-conch".)
154
155 Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD
156 =================================================================
157
158 Once you have installed all the prerequisites listed above in the Base
159 Prerequisites section, follow the procedure below to build.
160
161 1. If you pulled the sources directly from an Open vSwitch Git tree,
162 run boot.sh in the top source directory:
163
164 % ./boot.sh
165
166 2. In the top source directory, configure the package by running the
167 configure script. You can usually invoke configure without any
168 arguments:
169
170 % ./configure
171
172 By default all files are installed under /usr/local. If you want
173 to install into, e.g., /usr and /var instead of /usr/local and
174 /usr/local/var, add options as shown here:
175
176 % ./configure --prefix=/usr --localstatedir=/var
177
178 To use a specific C compiler for compiling Open vSwitch user
179 programs, also specify it on the configure command line, like so:
180
181 % ./configure CC=gcc-4.2
182
183 To use 'clang' compiler:
184
185 % ./configure CC=clang
186
187 To build the Linux kernel module, so that you can run the
188 kernel-based switch, pass the location of the kernel build
189 directory on --with-linux. For example, to build for a running
190 instance of Linux:
191
192 % ./configure --with-linux=/lib/modules/`uname -r`/build
193
194 If you wish to build the kernel module for an architecture other
195 than the architecture of the machine used for the build, you may
196 specify the kernel architecture string using the KARCH variable
197 when invoking the configure script. For example, to build for MIPS
198 with Linux:
199
200 % ./configure --with-linux=/path/to/linux KARCH=mips
201
202 The configure script accepts a number of other options and honors
203 additional environment variables. For a full list, invoke
204 configure with the --help option.
205
206 3. Run GNU make in the top source directory, e.g.:
207
208 % make
209
210 or if GNU make is installed as "gmake":
211
212 % gmake
213
214 For improved warnings if you installed "sparse" (see
215 "Prerequisites"), add C=1 to the command line.
216
217 4. Consider running the testsuite. Refer to "Running the Testsuite"
218 below, for instructions.
219
220 5. Become root by running "su" or another program.
221
222 6. Run "make install" to install the executables and manpages into the
223 running system, by default under /usr/local.
224
225 7. If you built kernel modules, you may install and load them, e.g.:
226
227 % make modules_install
228 % /sbin/modprobe openvswitch
229
230 To verify that the modules have been loaded, run "/sbin/lsmod" and
231 check that openvswitch is listed.
232
233 If the "modprobe" operation fails, look at the last few kernel log
234 messages (e.g. with "dmesg | tail"):
235
236 - The message "openvswitch: exports duplicate symbol
237 br_should_route_hook (owned by bridge)" means that the bridge
238 module is loaded. Run "/sbin/rmmod bridge" to remove it.
239
240 If "/sbin/rmmod bridge" fails with "ERROR: Module bridge does
241 not exist in /proc/modules", then the bridge is compiled into
242 the kernel, rather than as a module. Open vSwitch does not
243 support this configuration (see "Build Requirements", above).
244
245 - The message "openvswitch: exports duplicate symbol
246 dp_ioctl_hook (owned by ofdatapath)" means that the ofdatapath
247 module from the OpenFlow reference implementation is loaded.
248 Run "/sbin/rmmod ofdatapath" to remove it. (You might have to
249 delete any existing datapaths beforehand, using the "dpctl"
250 program included with the OpenFlow reference implementation.
251 "ovs-dpctl" will not work.)
252
253 - Otherwise, the most likely problem is that Open vSwitch was
254 built for a kernel different from the one into which you are
255 trying to load it. Run "modinfo" on openvswitch.ko and on
256 a module built for the running kernel, e.g.:
257
258 % /sbin/modinfo openvswitch.ko
259 % /sbin/modinfo /lib/modules/`uname -r`/kernel/net/bridge/bridge.ko
260
261 Compare the "vermagic" lines output by the two commands. If
262 they differ, then Open vSwitch was built for the wrong kernel.
263
264 - If you decide to report a bug or ask a question related to
265 module loading, please include the output from the "dmesg" and
266 "modinfo" commands mentioned above.
267
268 There is an optional module parameter to openvswitch.ko called
269 vlan_tso that enables TCP segmentation offload over VLANs on NICs
270 that support it. Many drivers do not expose support for TSO on VLANs
271 in a way that Open vSwitch can use but there is no way to detect
272 whether this is the case. If you know that your particular driver can
273 handle it (for example by testing sending large TCP packets over VLANs)
274 then passing in a value of 1 may improve performance. Modules built for
275 Linux kernels 2.6.37 and later, as well as specially patched versions
276 of earlier kernels, do not need this and do not have this parameter. If
277 you do not understand what this means or do not know if your driver
278 will work, do not set this.
279
280 8. Initialize the configuration database using ovsdb-tool, e.g.:
281
282 % mkdir -p /usr/local/etc/openvswitch
283 % ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
284
285 Startup
286 =======
287
288 Before starting ovs-vswitchd itself, you need to start its
289 configuration database, ovsdb-server. Each machine on which Open
290 vSwitch is installed should run its own copy of ovsdb-server.
291 Configure it to use the database you created during step 7 of
292 installation, above, to listen on a Unix domain socket, to connect to
293 any managers specified in the database itself, and to use the SSL
294 configuration in the database:
295
296 % ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
297 --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
298 --private-key=db:Open_vSwitch,SSL,private_key \
299 --certificate=db:Open_vSwitch,SSL,certificate \
300 --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
301 --pidfile --detach
302
303 (If you built Open vSwitch without SSL support, then omit
304 --private-key, --certificate, and --bootstrap-ca-cert.)
305
306 Then initialize the database using ovs-vsctl. This is only
307 necessary the first time after you create the database with
308 ovsdb-tool (but running it at any time is harmless):
309
310 % ovs-vsctl --no-wait init
311
312 Then start the main Open vSwitch daemon, telling it to connect to the
313 same Unix domain socket:
314
315 % ovs-vswitchd --pidfile --detach
316
317 Now you may use ovs-vsctl to set up bridges and other Open vSwitch
318 features. For example, to create a bridge named br0 and add ports
319 eth0 and vif1.0 to it:
320
321 % ovs-vsctl add-br br0
322 % ovs-vsctl add-port br0 eth0
323 % ovs-vsctl add-port br0 vif1.0
324
325 Please refer to ovs-vsctl(8) for more details.
326
327 Upgrading
328 =========
329
330 When you upgrade Open vSwitch from one version to another, you should
331 also upgrade the database schema:
332
333 1. Stop the Open vSwitch daemons, e.g.:
334
335 % kill `cd /usr/local/var/run/openvswitch && cat ovsdb-server.pid ovs-vswitchd.pid`
336
337 2. Install the new Open vSwitch release.
338
339 3. Upgrade the database, in one of the following two ways:
340
341 - If there is no important data in your database, then you may
342 delete the database file and recreate it with ovsdb-tool,
343 following the instructions under "Building and Installing Open
344 vSwitch for Linux, FreeBSD or NetBSD".
345
346 - If you want to preserve the contents of your database, back it
347 up first, then use "ovsdb-tool convert" to upgrade it, e.g.:
348
349 % ovsdb-tool convert /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
350
351 4. Start the Open vSwitch daemons as described under "Building and
352 Installing Open vSwitch for Linux, FreeBSD or NetBSD" above.
353
354 Hot Upgrading
355 =============
356 Upgrading Open vSwitch from one version to the next version with minimum
357 disruption of traffic going through the system that is using that Open vSwitch
358 needs some considerations:
359
360 1. If the upgrade only involves upgrading the userspace utilities and daemons
361 of Open vSwitch, make sure that the new userspace version is compatible with
362 the previously loaded kernel module.
363
364 2. An upgrade of userspace daemons means that they have to be restarted.
365 Restarting the daemons means that the Openflow flows in the ovs-vswitchd daemon
366 will be lost. One way to restore the flows is to let the controller
367 re-populate it. Another way is to save the previous flows using a utility
368 like ovs-ofctl and then re-add them after the restart. Restoring the old flows
369 is accurate only if the new Open vSwitch interfaces retain the old 'ofport'
370 values.
371
372 3. When the new userspace daemons get restarted, they automatically flush
373 the old flows setup in the kernel. This can be expensive if there are hundreds
374 of new flows that are entering the kernel but userspace daemons are busy
375 setting up new userspace flows from either the controller or an utility like
376 ovs-ofctl. Open vSwitch database provides an option to solve this problem
377 through the other_config:flow-restore-wait column of the Open_vSwitch table.
378 Refer to the ovs-vswitchd.conf.db(5) manpage for details.
379
380 4. If the upgrade also involves upgrading the kernel module, the old kernel
381 module needs to be unloaded and the new kernel module should be loaded. This
382 means that the kernel network devices belonging to Open vSwitch is recreated
383 and the kernel flows are lost. The downtime of the traffic can be reduced
384 if the userspace daemons are restarted immediately and the userspace flows
385 are restored as soon as possible.
386
387 The ovs-ctl utility's "restart" function only restarts the userspace daemons,
388 makes sure that the 'ofport' values remain consistent across restarts, restores
389 userspace flows using the ovs-ofctl utility and also uses the
390 other_config:flow-restore-wait column to keep the traffic downtime to the
391 minimum. The ovs-ctl utility's "force-reload-kmod" function does all of the
392 above, but also replaces the old kernel module with the new one. Open vSwitch
393 startup scripts for Debian, XenServer and RHEL use ovs-ctl's functions and it
394 is recommended that these functions be used for other software platforms too.
395
396 Running the Testsuite
397 =====================
398
399 Open vSwitch includes a testsuite. Before you submit patches
400 upstream, we advise that you run the tests and ensure that they pass.
401 If you add new features to Open vSwitch, then adding tests for those
402 features will ensure your features don't break as developers modify
403 other areas of Open vSwitch.
404
405 You must configure and build Open vSwitch (steps 1 through 3 in
406 "Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD" above)
407 before you run the testsuite. You do not need to install Open vSwitch
408 or to build or load the kernel module to run the testsuite. You do
409 not need supervisor privilege to run the testsuite.
410
411 To run all the unit tests in Open vSwitch, one at a time:
412 make check
413 This takes under 5 minutes on a modern desktop system.
414
415 To run all the unit tests in Open vSwitch, up to 8 in parallel:
416 make check TESTSUITEFLAGS=-j8
417 This takes under a minute on a modern 4-core desktop system.
418
419 To see a list of all the available tests, run:
420 make check TESTSUITEFLAGS=--list
421
422 To run only a subset of tests, e.g. test 123 and tests 477 through 484:
423 make check TESTSUITEFLAGS='123 477-484'
424 (Tests do not have inter-dependencies, so you may run any subset.)
425
426 To run tests matching a keyword, e.g. "ovsdb":
427 make check TESTSUITEFLAGS='-k ovsdb'
428
429 To see a complete list of test options:
430 make check TESTSUITEFLAGS=--help
431
432 The results of a testing run are reported in tests/testsuite.log.
433 Please report test failures as bugs and include the testsuite.log in
434 your report.
435
436 If you have "valgrind" installed, then you can also run the testsuite
437 under valgrind by using "make check-valgrind" in place of "make
438 check". All the same options are available via TESTSUITEFLAGS. When
439 you do this, the "valgrind" results for test <N> are reported in files
440 named tests/testsuite.dir/<N>/valgrind.*. You may find that the
441 valgrind results are easier to interpret if you put "-q" in
442 ~/.valgrindrc, since that reduces the amount of output.
443
444 Sometimes a few tests may fail on some runs but not others. This is
445 usually a bug in the testsuite, not a bug in Open vSwitch itself. If
446 you find that a test fails intermittently, please report it, since the
447 developers may not have noticed.
448
449 Bug Reporting
450 -------------
451
452 Please report problems to bugs@openvswitch.org.