[ovs-discuss] OpenVswitch

Chris Boley ilgtech75 at gmail.com
Sat Feb 24 20:52:58 UTC 2018 

I wanted to set up OVS to support a couple of interfaces belonging to an
IPS VM.
First, I'm only just learning about OVS so please forgive any dumb
questions I might submit due to my not understanding how this software
behaves.

I have in the past brought up a libvirt based VM and bridged a physical
host interface to the eth0 belonging to the virtual machine like this:

auto br1               # eth0 on the IPSVM is tied to this bridge

iface br1 inet manual
bridge_ports eno2
post-up ifconfig eno2 mtu 1520
post-up ifconfig eno2 promisc
post-up ethtool -G eno2 rx 4096
post-up ethtool -K eno2 rx off tx off sg off tso off ufo off gso off gro
off lro off rxvlan off txvlan off ntuple off rxhash off
post-up ethtool -N eno2 rx-flow-hash udp4 sdfn
post-up ethtool -N eno2 rx-flow-hash udp6 sdfn
post-up ethtool -C eno2 rx-usecs 1 rx-frames 0
post-up ethtool -C eno2 adaptive-rx off
bridge_stp off
bridge_maxwait 0
post-down brctl delbr br1

========================================



Now for the main part of the question.
In:     ovs-vsctl add-port vbridge0 eno2

What's the stanza look like to give it all the ethtool options and ifconfig
options that I put on eno2 via the bridge commands as shown above?
Is there a way to add "ovs-vsctl set interface <insert options here>" to
create an equivalent config?

Or would I simply bring up the interface manually via
/etc/network/interfaces

Like:
auto eno2
iface eno2 inet manual
post-up ifconfig $IFACE up
post-up ifconfig $IFACE mtu 1520
post-up ifconfig $IFACE promisc
post-up ethtool -G $IFACE rx 4096
post-up ethtool -K $IFACE rx off tx off sg off tso off ufo off gso off gro
off lro off rxvlan off txvlan off ntuple off rxhash off
post-up ethtool -N $IFACE rx-flow-hash udp4 sdfn
post-up ethtool -N $IFACE rx-flow-hash udp6 sdfn
post-up ethtool -C $IFACE rx-usecs 1 rx-frames 0
post-up ethtool -C $IFACE adaptive-rx off
bridge_stp off
bridge_maxwait 0
pre-down ifconfig $IFACE down

Then:  ovs-vsctl add-port vbridge0 eno2   #and it would maintain all the
attributes I brought it up with manually?


I've always operated under the pretense that when a bridge grabs an
interface, the interface becomes a slave to the bridge and has to assume
all of the bridges default settings.

So I'm thinking that bringing up eno2 manually with all those settings and
adding the port eno2 after the fact would be a waste of time. I was
thinking I would have to get OVS to set the attributes to the interface as
it would be master over the slaved interface en02.


Clear as mudd? I'm hoping what I wrote made sense.
I have concern about all the NIC attributes because IPS systems really only
perform correctly if all these attributes are applied to the interface. If
you don't tune the interface this way, you'll miss things you're trying to
detect with the IPS system.

Thanks!
CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180224/903213a4/attachment.html>

More information about the discuss mailing list