[ovs-discuss] Q: network(s) isolation

Justin Pettit jpettit at nicira.com
Thu Apr 8 08:00:41 UTC 2010


On Apr 7, 2010, at 6:32 AM, Alexey I. Froloff wrote:

> I have read the manuals, but I don't understand how to convert
> interfaces, vlans and bridges into Open vSwitsh ports.  My
> current workflow:
> 
> NODE and ROUTER have physical interfaces eth1, sharing same
> ethernet segment.  When I need to put new VM into virtual network
> I do following:
> 
> On NODE:
> 
> 1) create eth1.NETID VLAN interface
> 2) create netbrNETID bridge
> 3) add eth1.NETID into netbrNETID
> 4) pass netbrNETID to libvirt, so VM's tap interface is added
>    into this bridge
> 
> When adding more VMs into existing network steps 1-3 are skipped.
> 
> On ROUTER:
> 
> 1) create eth1.NETID VLAN interface
> 2) create netbrNETID bridge
> 3) add eth1.NETID into netbrNETID
> 4) assign IP address on netbrNETID interface, add NAT and
>    filtering rules to iptables
> 
> All this is done with vconfig and brctl commands.
> 
> Now I have ovsdb-server and ovs-vswitchd initialized and running.
> I guess, my next step is to run ovs-controller somewhere, so both
> ovs-vswitchd can see each other?  Can I have several controllers
> that operates as "cluster"?
> 
> How do I implement steps 1-3 on Open vSwitch without exposing
> VLAN tags into network?  Will
> 
> ovs-vsctl add-br netbrNETID -- add-port netbrNETID eth1 tag=NETID
> 
> do what I want, or do I need to use "fake bridge"?
> 
> I am using RHEL 5.4/5.5 (x86_64), libvirt and kvm (it's not
> XenServer).
> 

Hi, Alexey.  I'm a bit confused about what you're doing exactly.  Would you be able to send me the vconfig and brctl commands that you're using now?  I'm not sure if this will help you at all, but on Monday, we added support to the ovs-vsctl command for declaring access ports.  By default, ports are treated as trunk ports.  When they are added to the bridge, an optional "tag" may be provided to indicate that it is an access port. The syntax for just adding a (trunk) port is like this:

	add-port br0 vif1.1

To instead make the port be an access port for VLAN 9, the command looks like the following:

	add-port br0 vif1.1 tag=9

There's a few more details available in the ovs-vsctl man page:

	http://openvswitch.org/cgi-bin/ovsman.cgi?page=utilities%2Fovs-vsctl.8

If this helps you at all, you'll need to pull the latest sources and build.  If it doesn't seem relevant, then please send me those commands, and I'll look at them with fresher eyes in the morning.

By the way, I don't think you'll need a controller for any of this.  You would only need that if you want to be able to dynamically adjust the traffic that is flowing through your network.  What you've described, seems pretty static at this point.

--Justin






More information about the discuss mailing list