[ovs-discuss] Q: network(s) isolation

Alexey I. Froloff raorn at altlinux.org
Thu Apr 8 09:12:52 UTC 2010


On Thu, Apr 08, 2010 at 01:00:41AM -0700, Justin Pettit wrote:
> Hi, Alexey.  I'm a bit confused about what you're doing exactly.
I am a bit confused too, to be honest, but I think I am slowly
beginning to understand how Open vSwitch works.

> Would you be able to send me the vconfig and brctl commands
> that you're using now?  I'm not sure if this will help you at
> all, but on Monday, we added support to the ovs-vsctl command
> for declaring access ports.
Yes, I've seen it yesterday, now it's more clear.  Here's my
"scripts":

node_start_network(){
  # "internal network" interface
  local privIface="$1"; shift
  # virtual network id
  local VLAN="$1"; shift
  local bridge="vnetbr$VLAN"

  vconfig add "$privIface" "$VLAN"
  brctl addbr "$bridge"
  brctl addif "$bridge" "$privIface.$VLAN"

  ip link set "$bridge" up
  ip link set "$privIface.$VLAN" up

  printf '%s' "$bridge"
}

Output from node_start_network call is passed to libvirt domain
xml file.

router_start_network(){
  # "internal network" interface
  local privIface="$1"; shift
  # virtual network id
  local VLAN="$1"; shift
  # default gateway for this virtual network
  local IP="$1"; shift
  local bridge="vnetbr$VLAN"

  vconfig add "$privIface" "$VLAN"
  brctl addbr "$bridge"
  brctl stp "$bridge" on
  brctl setfd "$bridge" 2
  brctl sethello "$bridge" 2
  brctl addif "$bridge" "$privIface.$VLAN"

  ip link set "$bridge" up
  ip addr flush "$bridge"
  ip link set "$privIface.$VLAN" up

  ip addr add "$IP" dev "$bridge"
}

My guess, that with ovs-vswitchd this can be turned into:

node_start_network(){
  local privIface="$1"; shift
  local VLAN="$1"; shift
  local bridge="vnetbr$VLAN"

  ovs-vsctl add-br "$bridge"
  ovs-vsctl add-port "$bridge" "$privIface" "tag=$VLAN"

  ip link set "$bridge" up

  printf '%s' "$bridge"
}

router_start_network(){
  local privIface="$1"; shift
  local VLAN="$1"; shift
  local IP="$1"; shift
  local bridge="vnetbr$VLAN"

  ovs-vsctl add-br "$bridge"
  ovs-vsctl add-port "$bridge" "$privIface" "tag=$VLAN"

  ip link set "$bridge" up
  ip addr flush "$bridge"

  ip addr add "$IP" dev "$bridge"
}

Am I right?

> By the way, I don't think you'll need a controller for any of
> this.  You would only need that if you want to be able to
> dynamically adjust the traffic that is flowing through your
> network.  What you've described, seems pretty static at this
> point.
Once created, these "virtual networks" are pretty static, yes.
But I want to hide VLAN tags from my internal network.  We have a
limitation on what tags are passed through our switches and in
best case we can have 1000 VLANs maximum (CISCO is so CISCO).  I
was thinking about something like "distributed switch mode", if
this thing exists in Open vSwitch.

-- 
Regards,    --
Sir Raorn.   --- http://thousandsofhate.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20100408/3256af75/attachment.sig>


More information about the discuss mailing list