[ovs-discuss] Connecting Two Physical Raspberry Pi Open vSwitch
Damiano Verzulli
damiano at verzulli.it
Thu Jan 11 20:44:35 UTC 2018
On 07/01/2018 16:57, Fakity Fakfak wrote:
> [...]
> Is it okay for me to setup the ip address of br0 on two different RPi to be
> the same?
> [...]
Obviously not. [*]
Let me add the following:
=> the two bridges that you defined (and "connected" each-other) are
perfectly working regardless of the IP address that you (can, but are not
obliged to) assign the such two bridges (remember: bridges are Layer-2
entities while an IP address is a Layer-3 one; they work at different
layers; so they are very different [and mostly "unrelated"] "things");
=> IP addresses for the bridges are needed _ONLY_ when you want to reach
them.... via IP. This can be avoided if you managed OVS-utilities "locally"
from the RPis. But as soon as you want to "talk" to OVS via IP... you need
a proper working IP configuration;
=> as the OpenFlow (pox) controller will need to talk to both OVS
instances, this imply you need a proper working IP configuration.
Also, as an additional (but initially complex to fully understand) hint:
=> the IP networking that you need to put in place in order, for "pox", to
control the two OVS instances... _SHOULD_ be _TOTALLY_ unrelated with
respect to the Ethernet/IP traffic flowing along the interfaces that your
OVS bridges will use to switch "user" traffic. So you should create:
- a "management" network reserved for the traffic to/from "pox" and "OVSs"
(POC, RPiA, RPiB);
- a "user" network reserved for "normal" user traffic.
In other words: the hosts connected to normal ports (A, B, C, D, F, G)
should _NOT_ be able to reach the two OVS instances (RPiA, RPiB) nor POX.
I'm sure that as soon as you'll spend some time carefully thinking to such
a requirement, you'll understand yourself the benefits that such a
segmentation provides in terms of a (slightly increased) network security :-)
HTH :-)
Bye,
DV
[*] Sorry but.... the fact that you're asking this very question.... means
that you should get a bit deeper with basic "IP networking" :-) ...before
getting to OVS :-)
--
Damiano Verzulli
e-mail: damiano at verzulli.it
---
possible?ok:while(!possible){open_mindedness++}
---
"Technical people tend to fall into two categories: Specialists
and Generalists. The Specialist learns more and more about a
narrower and narrower field, until he eventually, in the limit,
knows everything about nothing. The Generalist learns less and
less about a wider and wider field, until eventually he knows
nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180111/95b36c44/attachment-0001.sig>
More information about the discuss
mailing list