本博客主要介绍
Openvswitch常用命令
进程/目录介绍
- 进程
[root@xiexianbin_cn ~]# ps -ef|grep openvswitch
root 39034 39033 0 04:34 ? 00:00:00 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor
root 39056 39055 0 04:34 ? 00:00:00 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor
- 相关目录,查看详细信息:
rpm -qal openvswitch- /etc/openvswitch
- /var/log/openvswitch
ovs-vsctl 相关命令
基础命令
Open vSwitch commands:
init initialize database, if not yet initialized
show print overview of database contents
emer-reset reset configuration to clean state
bridge help
Bridge commands:
add-br BRIDGE create a new bridge named BRIDGE
add-br BRIDGE PARENT VLAN create new fake BRIDGE in PARENT on VLAN
del-br BRIDGE delete BRIDGE and all of its ports
list-br print the names of all the bridges
br-exists BRIDGE exit 2 if BRIDGE does not exist
br-to-vlan BRIDGE print the VLAN which BRIDGE is on
br-to-parent BRIDGE print the parent of BRIDGE
br-set-external-id BRIDGE KEY VALUE set KEY on BRIDGE to VALUE
br-set-external-id BRIDGE KEY unset KEY on BRIDGE
br-get-external-id BRIDGE KEY print value of KEY on BRIDGE
br-get-external-id BRIDGE list key-value pairs on BRIDGE
add-br
创建新的网桥(或称为交换机,以下说的网桥均同此意):
[root@xiexianbin_cn ~]# ovs-vsctl show
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
ovs_version: "2.11.7"
[root@xiexianbin_cn ~]# ovs-vsctl add-br br0 # 创建网桥,名称为 br0
[root@xiexianbin_cn ~]# ovs-vsctl show # 查看网桥
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
Bridge br0
Port br0
Interface br0
type: internal
ovs_version: "2.11.7"
[root@xiexianbin_cn ~]# ifconfig br0 # 使用ifconfig查看网桥
br0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 12:3b:18:dc:85:41 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
当创建了一个网桥后:
- 此时网络功能不受影响,但会产生一个
虚拟网卡,名字就是网桥的名称(br0),ovs通过类似的虚拟网卡实现接下来的网桥(交换机)功能 - 有了
网桥以后,还需要为该网桥增加端口(port),端口相当于物理网卡,当网卡加入到这个网桥后,其工作方式就和普通交换机的一个端口的工作方式类似
del-br
[root@xiexianbin_cn ~]# ovs-vsctl del-br br0 # 删除网桥 br0
ovs-vsctl --if-exists del-br br0
show bridge
[root@xiexianbin_cn ~]# ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00000050563b4958
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(ens33): addr:00:50:56:3b:49:58
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
3(eth0): addr:ce:91:af:cb:6a:09
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
LOCAL(br0): addr:00:50:56:3b:49:58
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
STP (Spanning Tree Protocol)
开启 STP
ovs-vsctl set bridge br0 stp_enable=true
关闭 STP
ovs-vsctl set bridge br0 stp_enable=false
查询 STP 配置信息
ovs-vsctl get bridge br0 stp_enable
设置 Priority
ovs−vsctl set bridge br0 other_config:stp-priority=0x7800
设置 Cost
ovs−vsctl set port eth0 other_config:stp-path-cost=10
移除 STP 设置
ovs−vsctl clear bridge br0 other_config
Openflow Version
支持 OpenFlow Version 1.3
ovs-vsctl set bridge br0 protocols=OpenFlow13
支持 OpenFlow Version 1.3 1.2
ovs-vsctl set bridge br0 protocols=OpenFlow12,OpenFlow13
移除 OpenFlow 支持设置
ovs-vsctl clear bridge br0 protocols
port help
Port commands (a bond is considered to be a single port):
list-ports BRIDGE print the names of all the ports on BRIDGE
add-port BRIDGE PORT add network device PORT to BRIDGE
add-bond BRIDGE PORT IFACE... add bonded port PORT in BRIDGE from IFACES
del-port [BRIDGE] PORT delete PORT (which may be bonded) from BRIDGE
port-to-br PORT print name of bridge that contains PORT
add-prot
[root@xiexianbin_cn ~]# ovs-vsctl add-port br0 ens33
del-prot
[root@xiexianbin_cn ~]# ovs-vsctl del-port br0 ens33
SPAN
详细设置
ovs-vsctl add-port br0 eth0
ovs-vsctl add-port br0 eth1
ovs-vsctl add-port br0 tap0 \
-- --id=@p get port tap0 \
-- --id=@m create mirror name=m0 select-all=true output-port=@p \
-- set bridge br0 mirrors=@m
将 br0 上 add-port {eth0,eth1} mirror 至 tap0
刪除
ovs-vsctl clear bridge br0 mirrors # Table
查 table ovs-ofctl dump-tables br0
GRE Tunnel
设置 GRE tunnel
ovs−vsctl add−port br0 ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.4
查询 GRE Tunnel
ovs-vsctl show
其他port操作
更改 ofport (openflow port number)为100:
ovs-vsctl add-port br0 eth0 -- set Interface eth0 ofport_request=100
设置 port 为 internal
ovs-vsctl set Interface eth0 type=internal
创建虚拟网卡并连接到物理网卡示例
- 创建一个
虚拟网卡ens33,并和物理网卡ens33绑定
[root@xiexianbin_cn ~]# ovs-vsctl add-port br0 ens33 # ens33为`物理网卡`,若当前采用该网卡连接,会出现网络中断
[root@xiexianbin_cn ~]# ovs-vsctl show
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
Bridge "br0"
Port "ens33"
Interface "ens33"
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.11.7"
首先,显示了一个名为br0的网桥,它有两个虚拟网卡,一个是ens33,一个是br0。这里要特别注意,网卡加入网桥以后,要按照网桥的工作标准工作,该端口就必须是以混杂模式工作,工作在链路层,处理2层的帧,所以这个port就不需要配置IP了
- 配置ens33
为了能通过ens33连接机器,修改ens33的配置文件/etc/sysconfig/network-scripts/ifcfg-ens33,如下:
DEVICE=ens33
ONBOOT=yes
TYPE=Ethernet
NM_CONTROLLED=no
BOOTPROTO=none
或
DEVICE=ens33
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br0
BOOTPROTO=none
重启ens33
ifdown ens33; ifup ens33
- 配置br0
为br0配置IP的方法是添加/etc/sysconfig/network-scripts/ifcfg-br0文件,如下:
NAME="br00"
DEVICE=br0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.179.150
NETMASK=255.255.255.0
GATEWAY=192.168.179.1
#DNS1=223.5.5.5
#DNS2=223.6.6.6
IPV6INIT=no
IPV6_AUTOCONF=no
启动br0
ifup br0
启动后,可以通过br0网卡的IP地址192.168.179.150访问机器。
- 查看网卡信息
现在可以通过br0的配置的ip地址访问机器,网卡信息如下:
[root@xiexianbin_cn ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::250:56ff:fe3b:4958 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:3b:49:58 txqueuelen 1000 (Ethernet)
RX packets 161618 bytes 177275823 (169.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 71251 bytes 32870277 (31.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@xiexianbin_cn ~]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.179.150 netmask 255.255.255.0 broadcast 192.168.179.255
inet6 fe80::250:56ff:fe3b:4958 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:3b:49:58 txqueuelen 1000 (Ethernet)
RX packets 458 bytes 51456 (50.2 KiB)
RX errors 0 dropped 323 overruns 0 frame 0
TX packets 293 bytes 45028 (43.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 创建虚拟网卡eth0,并分配IP地址
- 创建虚拟网卡
[root@xiexianbin_cn ~]# ip tuntap add mod tap eth0
ioctl(TUNSETIFF): Device or resource busy
[root@xiexianbin_cn ~]# ovs-vsctl add-port br0 eth0
[root@xiexianbin_cn ~]# ovs-vsctl show
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
Bridge "br0"
Port "eth0"
Interface "eth0"
Port "ens33"
Interface "ens33"
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.11.7"
- 添加网卡配置 /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
#BOOTPROTO="dhcp"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="ovs-eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.179.151
GATEWAY=192.168.179.1
NETMASK=255.255.255.0
- 启动
eth0
ifup eth0
- 启动后,可以通过
eth0网卡的IP地址192.168.179.151访问机器。网卡信息如下:
[root@xiexianbin_cn ~]# ifconfig eth0
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.179.151 netmask 255.255.255.0 broadcast 192.168.179.255
ether ce:91:af:cb:6a:09 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
OpenStack的典型结构图
前面已经说到,OpenvSwitch主要是用来在虚拟化环境中。OpenStack虚拟机之间一个虚拟机和外网之间的通信所用,如下是一个典型的结构图:
VM实例instance产生一个数据包并发送至实例内的虚拟网络接口VNIC,图中就是instance中的eth0- 这个数据包会传送到物理节点上的
VNIC接口,如图就是vnet接口 - 数据包从
vnetNIC出来,到达桥(虚拟交换机)br100上 - 数据包经过交换机的处理,从物理节点上的物理接口发出,如图中物理节点上的
eth0 - 数据包从
eth0出去的时候,是按照物理节点上的路由以及默认网关操作的,这个时候该数据包其实已经不受你的控制了
查表
ovs-vsctl list Bridge/Port/Interface/...
# demo
ovs-vsctl list bridge
ovs-vsctl list bridge br0
ovs-vsctl list port
ovs-vsctl list port br0
ovs-vsctl list interface
ovs-vsctl list interface br0
Controller
设置 Controller
ovs-vsctl set-controller br0 tcp:1.2.3.4:6633
设置 multi controller
ovs-vsctl set-controller br0 tcp:1.2.3.4:6633 tcp:5.6.7.8:6633
查询 Controller
ovs-vsctl show
如果有成功连到 controller 则提示 is_connected:true, 反之未连上:
ovs-vsctl get-controller br0
移除 Controller
ovs-vsctl del-controller br0
设置 Out-of-band 和 in-band
查询
ovs-vsctl get controller br0 connection-mode
Out-of-band
ovs-vsctl set controller br0 connection-mode=out-of-band
In-band (default)
ovs-vsctl set controller br0 connection-mode=in-band
移除 hidden flow
ovs-vsctl set bridge br0 other-config:disable-in-band=true
VLAN
设置 VLAN tag
ovs-vsctl add-port br0 vlan3 tag=3 -- set interface vlan3 type=internal
移除 VLAN
ovs-vsctl del-port br0 vlan3
查询 VLAN
ovs-vsctl show
ifconfig vlan3
设置 Vlan trunk
ovs-vsctl add-port br0 eth0 trunk=3,4,5,6
设置已 add 的 port 为 access port, vlan id 9
ovs-vsctl set port eth0 tag=9
ovs-ofctl add-flow 设置 vlan 100
ovs-ofctl add-flow br0 in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3
ovs-ofctl add-flow br0 in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3
ovs-ofctl add-flow 拿掉 vlan tag
ovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1
two_vlan example
ovs-ofctl add-flow pop-vlan
ovs-ofctl add-flow br0 in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1
Dump flows
Dumps OpenFlow flows 不含 hidden flows (常用)
ovs-ofctl dump-flows br0
Dumps OpenFlow flows 包含 hidden flows
bridge/dump-flows br0
Dump 特定 bridge 的 datapath flows 不論任何 type
dpif/dump-flows br0
Dump 在 Linux kernel 裡的 datapath flow table (常用)
ovs-dpctl dump-flows [dp]
Top like behavior for ovs-dpctl dump-flows
ovs-dpctl-top
Log
查询 log level list
vlog/list
设置 log level (以 stp 设置 file 为 dbg level 为例)
vlog/set stp:file:dbg
vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}
Fallback
Controller connection: false 的时候, 会自动调成 legacy switch mode
ovs-vsctl set-fail-mode br0 standalone
无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default)
ovs-vsctl set-fail-mode br0 secure
移除
ovs-vsctl del-fail-mode br0
查询
ovs-vsctl get-fail-mode br0
sFlow
查询
ovs-vsctl list sflow
新增
Set sFlow 缺
刪除
ovs-vsctl -- clear Bridge br0 sflow
NetFlow
查询
ovs-vsctl list netflow
新增
Set NetFlow 缺
刪除
ovs-vsctl -- clear Bridge br0 netflow
ssl
查询
ovs-vsctl get-ssl
设置
ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem
OpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl
刪除
ovs-vsctl del-ssl
Group Table
参考 hwchiu – Multipath routing with Group table at mininet http://hwchiu.logdown.com/posts/207387-multipath-routing-with-group-table-at-mininet
建立 Group id 及对应的 bucket
ovs-ofctl -O OpenFlow13 add-group br0 group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3
type 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/openflow/message-layer/groupmod/#GroupMod_1.3
使用 Group Table
ovs-ofctl -O OpenFlow13 add-flow br0 in_port=4,actions=group:5566
VXLAN
参考 rascov – Bridge Remote Mininets using VXLAN http://rascov.logdown.com/posts/230635-bridge-remote-networks-using-vxlan
建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9
VNI flow by flow
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9
设置 VXLAN tunnel id
ovs-ofctl add-flow br0 in_port=1,actions=set_field:5566->tun_id,output:2
ovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1
OVSDB Manager
参考 OVSDB Integration:Mininet OVSDB Tutorial https://wiki.opendaylight.org/view/OVSDB_Integration:Mininet_OVSDB_Tutorial
Active Listener 设置
ovs-vsctl set-manager tcp:1.2.3.4:6640
Passive Listener 设置
ovs-vsctl set-manager ptcp:6640
OpenFlow Trace
Generate pakcet trace
ofproto/trace br0 in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate
其它
查询 OpenvSwitch 版本
ovs-ofctl -V
查询指令历史记录
ovsdb-tool show-log [-mmm]
FAQ
ovs创建port报错
- 报错信息如下
[root@xiexianbin_cn ~]# ovs-vsctl add-port br0 eth0
ovs-vsctl: Error detected while setting up 'eth0': could not open network device eth0 (No such device). See ovs-vswitchd log for details.
ovs-vsctl: The default log directory is "/var/log/openvswitch".
[root@xiexianbin_cn ~]# ovs-vsctl show
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
Bridge "br0"
Port "eth0"
Interface "eth0"
error: "could not open network device eth0 (No such device)"
Port "ens33"
Interface "ens33"
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.11.7"
- 解决方式
使用ip tuntap add mod tap eth0创建虚拟设备
[root@xiexianbin_cn ~]# ovs-vsctl del-port br0 eth0
[root@xiexianbin_cn ~]# ip tuntap add mod tap eth0
ioctl(TUNSETIFF): Device or resource busy
[root@xiexianbin_cn ~]# ovs-vsctl add-port br0 eth0
[root@xiexianbin_cn ~]# ovs-vsctl show
9ec2a9f0-73cc-48ad-8395-719979a3f2a9
Bridge "br0"
Port "eth0"
Interface "eth0"
Port "ens33"
Interface "ens33"
Port "br0"
Interface "br0"
type: internal
ovs_version: "2.11.7"
专栏文章
最新评论
加载中...