In my previous article, I went through the steps of installing Open vSwitch for use within a Qemu/KVM solution in substitute of the usual Linux bridge utility.
OVS works differently from normal Linux networking in at least a couple of different ways. The first way is that a
single regular bridge in Linux is designed to handle a single VLAN, ie, one bridge per VLAN.
This is why one reason why I decided to forgo using the standard Linux bridge utilities. With OVS, an OVS bridge takes the
VLAN trunking in stride, and can bridge out trunk ports or regular access ports. A trunk port uses the command of
'ovs-vsctl add-port br1 tap0', whereas an access port connected to VLAN 101 would use 'ovs-vsctl add-port br1 tap0 tag=101'.
Both commands attach the tap0 interface to the bridge br1, the first as a trunk, the second as an access port.
The second difference relates to something which I'll loosely define as non-persisted network configuration versus
persisted network configuration. Using regular Linux bridging tools, the individual commands for bridging are
incorporated into the /etc/network/interfaces stanzas. These stanzas are run on power up and power down, and manually when
changing network interface state at the command line. The state of the network is not remembered from
session to session (ie, through reboots).
With OVS, things work a bit differently. Commands, as entered at the command line, not only update the
appropriate network state, but the requested network configuration is recorded into a database maintained by OVS.
Thus, when rebooting the physical machine, what existed prior to reboot, will be automatically re-created after reboot.
The punch line is that OVS configuration commands should not be entered into the /etc/network/interfaces file,
as the commands will be redundant, and may even cause problems on reboot if entered there.
For attaching bridge port 1 to eth1, the following commands are used:
ovs-vsctl add-br br1
ovs-vsctl add-port br1 eth1
Then the stanzas for /etc/network/interfaces are:
allow-hotplug eth1
iface eth1 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
auto br1
iface br1 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
auto eth1
Using the above, I see eth1 come up automatically, but br1 still needs a 'ifconfig br1 up'. Perhaps it is an affect of
when the OVS network services are started in relationship to when the /etc/network/interfaces file is evaluated.
Open vSwitch VLANs
has a good reference for configuring access ports.
How to Use Open vSwitch with KVM
deals with the special up/down files needed for Qemu/KVM.
In a nutshell, two files are required. The first, /etc/network/ovs-ifup which adds a tap interface to br1:
#!/bin/sh
switch='br1'
ovs-vsctl add-port ${switch} $1
/sbin/ifconfig $1 0.0.0.0 up
The second, /etc/network/ovs-ifdown removes the tap interface:
#!/bin/sh
switch='br1'
/sbin/ifconfig $1 0.0.0.0 down
ovs-vsctl del-port ${switch} $1
Be aware that the above represents two scenario: the physical source port is an access port or a trunk port. If the
physical port is an access port, then the access port traffic will be delivered to the guest, as expected. On the other hand,
if the physical is a trunk port, then all VLAN traffic on the physical port will be replicated to the guest machine's
network port, and the guest machine will need to know how to work with 802.1q tagged frames.
To deliver access ports to the guest from a trunked physical port, the following example represents delivering
VLAN as an access port to a guest machine. /etc/network/ovs-ifup:
#!/bin/sh
switch='br1'
/sbin/ifconfig $1 0.0.0.0 up
ovs-vsctl add-port ${switch} $1 tag=101
For /etc/network/ovs-ifdown:
#!/bin/sh
switch='br1'
/sbin/ifconfig $1 0.0.0.0 down
ovs-vsctl del-port ${switch} $1
Then the -net parameter like the following can be used when starting Qemu/KVM:
-net tap0,script=/etc/network/ovs-ifup,downscript=/etc/network/ovs-ifdown
A few other useful status commands:
ovs-dpctl show br1
ovs-ofctl show br1