[ovs-discuss] Monitor Switch to Controller Traffic

Brian Perry bperry at ucdavis.edu
Tue Mar 24 03:40:55 UTC 2020


Hi,

I built two topologies using OvS and Virtualbox so that I can see how a
controller interacts with the switch (br0). Here are the commands used to
build the two environments:
Environment 1 - Use OvS Commands to Manage the Switch's Flow Tables
ovs-vsctl add-br br0
ovs-vsctl add-port br0 p1 -- set interface p1 type=internal
ovs-vsctl add-port br0 p2 -- set interface p2 type=internal
ifconfig br0 up
ifconfic p1 up
ifconfic p2 up

Environment 2 - Remote Controller Running on the Host OS
ovs-vsctl add-br br0
ovs-vsctl add-port br0 p1 -- set interface p1 type=internal
ovs-vsctl add-port br0 p2 -- set interface p2 type=internal
ovs-vsctl set-controller br0 tcp:127.0.0.1:6633
ifconfig br0 10.0.0.1/24
ifconfig br0 up
ifconfic p1 up
ifconfic p2 up

Environment 3 - Remote Controller Running on a Guest OS
# For reference only.
ovs-vsctl add-br br0
ovs-vsctl add-port br0 p1 -- set interface p1 type=internal
ovs-vsctl add-port br0 p2 -- set interface p2 type=internal
ovs-vsctl set-controller br0 tcp:192.168.56.2:6633
ifconfig br0 192.168.56.3/24
ifconfig br0 up
ifconfic p1 up
ifconfic p2 up

Where Virtualbox has two guest Linux OS's all with their own "Bridge
Adapter" network interface of either p1 or p2 for both environments. In
Environment 3 there is a third Virtualbox guest Linux OS executing the
controller application, which uses a  "Host-only" network interface of
192.168.56.1/24. Environment 3 is used as a reference for a question I have
about OvS switches, which is asked after discussing Environment 2's results.

Environment 1 Results:
When running Wireshark on the loopback interface and the br0 interface I
was unable to find any OpenFlow messages when using flow table commands
like:
ovs-ofctl dump-flows br0

Looking through various documentation eventually lead me to a website that
states that the ovs-ofctl command is using a Unix domain socket to
communicate with the switch (
https://github.com/mininet/openflow-tutorial/wiki/Learn-Development-Tools#accessing-remote-ovs-instances-or-the-stanford-reference-switch)
. And I also found out that Wireshark can't capture Unix domain socket
traffic because it isn't a network interface (
https://www.wireshark.org/lists/ethereal-users/200202/msg00259.html).

Is it possible to have the ovs-ofctl commands go through an interface so I
can see the OpenFlow messages on Wireshark?

Environment 2 Results:
When running Wireshark on the loopback interface and the br0 interface I
saw the OpenFlow messages being sent to and from the loopback address
127.0.0.1. While I initially thought the messages would be addressed from
br0 (192.168.56.3) to the controller (127.0.0.1). After thinking about it
some more, I understand why the switch br0 and the controller are both
addressed 127.0.0.1. Because the switch and controller are two processes
that are on the same Host OS communicating with each other.

But I was wondering if it is possible to configure the switch so that the
OpenFlow message packets address br0 as 192.168.56.3 and the controller as
127.0.0.1?

I also had a problem trying to ping br0's address (10.0.0.1) when inside
one of the guest OS's. Where the guest OS had an IP address of 10.0.0.2.
Which leads me to my third question, is it possible to ping br0 (10.0.0.1)
from a guest OS? I do realize that is an odd question, because switches are
supposed to be transparent to the end hosts.

Based on Wireshark's results mentioned above, br0's IP address is not used
in the control plane and can not be used by an end host to ping the switch
in the data plane. Which leads me to my final question, when would you
assign an IP address to a switch? Currently I can only think of two
situations, when one of the switch's interfaces is connected to a physical
interface (e.g. eth0) or the controller can't be accessed on the loopback
interface (e.g. Environment 3).

Thanks for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200323/72d4d650/attachment-0001.html>


More information about the discuss mailing list