The Openvswitch of virtual network

Openvswitch abbreviation OvS, official website (http://openvswitch.org/) OvS is a high-quality, multi-layer virtual switching software, that is, virtual switch.

Openvswitch's See Related components:

OVS-VSWITCHD: Implements switch's daemon functionality, including a Linux kernel module that supports streaming switching, enabling the switching function

Ovsdb-vswtich:openvswitch database, provides OVS-VSWITCHD with Run configuration information, that is, to save OVS-VSWITCHD configuration information, such as VLAN, port and other information

Ovs-vsctl: Querying and updating OVS-VSWITCHD configuration, which is used to modify or query Ovsdb-vswitch information

There are some components that are not introduced here.

Next we will do an experiment, using the GRE channel to build a multi-host virtual network, the Environment centos6.7 topology diagram as follows

1) Modify the kernel parameters (must first modify the kernel parameters, if the network name space is configured in the configuration kernel parameters, the kernel parameters will not take effect)

Net.ipv4.ip_forward = 1 \ \ Enable the kernel forwarding feature

net.ipv4.conf.default.rp_filter = 0 \ \ shutdown route validation

/etc/init.d/iptables stop \ \ Shuts down the firewall

Setenforce 0 \ Shut down SELinux

2) Prepare Yum source

[openswitch]

name= openswitch baseurl=https: //repos .fedorapeople.org /openstack/EOL/openstack-icehouse/epel-6/ enabled=1 gpgcheck=0Yum install openvswitch \ Two hosts are installed to start Openvswitch:service openvswitch startyum update iproute \ \ Updates Iproute softwareIP netns add A1 \ \ Create A1 network namespaceIP netns add B1 \ \ Create B1 network namespaceIP netns show \ \ View created play two namespacesovs-vsctl add-br br1 \ \ Use Openvswitch to create BR1 bridge deviceovs-vsctl add-br br2 \ \ Use Openvswitch to create BR2 bridge deviceovs-vsctl add-br br3 \ \ Use Openvswitch to create BR3 bridge deviceOvs-vsctl show \ \ View the created bridge deviceIP link Add name a1.1 type Veth peer name a1.2 \ \ Create a pair of ports for connecting A1 network namespace with Br2 Bridge deviceIP link set a1.1 up \ \ Activates a1.1 portIP link set a1.2 up \ \ Activates a1.2 portIP link Add name b1.1 type Veth peer name b1.2 \ \ Create a pair of ports for connecting B1 network namespace with Br3 Bridge deviceIP link set b1.2 up \ \ Activates b1.2 portIP link set b1.1 up \ \ Activates b1.1 portIP link Add name b12.1 type Veth peer name b12.2 \ \ Create a pair of ports for connecting Br2 and BR1 Bridge devicesIP link set b12.1 up \ \ Activates b12.1 portIP link set b12.2 up \ \ Activates b12.2 portIP link Add name b13.1 type Veth peer name b13.2 \ \ Create a pair of ports for connecting Br3 and BR1 Bridge devicesIP link set b13.1 up \ \ Activates b13.1 portIP link set b13.2 up \ \ Activates b13.2 portIP link Add name b23.1 type Veth peer name b23.2 \ \ Create a pair of ports for connecting Br2 and Br3 Bridge devicesIP link set b23.1 up \ \ Activates b23.1 portIP link set b23.2 up \ \ Activates b23.2 portovs-vsctl add-port br2 a1.1 \ \ Add the a1.1 port to the Br2 bridge deviceIP link set a1.2 netns A1 \ \ Adds the a1.2 port to the A1 network namespace, note that a1.2 is not displayed locally after it is added to the network namespaceovs-vsctl add-port Br3 b1.1 \ \ Add the b1.1 port to the Br3 bridge deviceIP link set b1.2 netns B1 \ \ Adds the b1.2 port to the B1 network namespaceovs-vsctl add-port br2 b23.2 \ \ Add the b23.2 port to the Br2 bridge deviceovs-vsctl add-port Br3 b23.1 \ \ Add b23.1 to the Br3 bridge deviceIP netns exec A1 IP link set a1.2 upIP netns exec A1 IP addr add 192.168.10.1/24 dev a1.2IP netns exec A1 ifconfig \ \ View the configured IP address IP netns exec B1 IP link set b1.2 upIP netns exec B1 IP addr add 192.168.10.2/24 dev b1.2IP netns exec B1 ifconfig \ \ View the configured IP addressIP netns exec B1 ping 192.168.10.1 \ \ In the B1 network namespace can ping the A1 network namespace 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64  time =2.66 msIP netns exec A1 ping 192.168.10.2 \ \ In the A1 network namespace can ping the B1 network namespace 64 bytes from 192.168.10.2: icmp_seq=1 ttl=64  time =1.52 msovs-vsctl add-port br1 b12.2 \ \ Add b12.2 port to BR1 Bridge deviceovs-vsctl add-port br1 b13.2 \ \ Add b13.2 port to BR1 Bridge deviceovs-vsctl add-port br2 b12.1 \ \ Add b12.1 port to Br2 bridge deviceovs-vsctl add-port Br3 b13.1 \ \ Add b13.1 port to Br3 Bridge device Ovs-vsctl set bridge BR1 stp_enable=true \ \ To prevent BR1, BR2, Br3 bridge devices from generating loops, open STP protocolOvs-vsctl set bridge Br2 stp_enable=true \ \ To prevent BR1, BR2, Br3 bridge devices from generating loops, open STP protocolOvs-vsctl set bridge Br3 stp_enable=true \ \ To prevent BR1, BR2, Br3 bridge devices from generating loops, open STP protocoladd a port for GRE encapsulation on the BR1 Bridge device of the Ovs-vsctl add-port BR1 GRE \ \ HostOvs-vsctl set Interface GRE type=gre options:remote_ip=192.168.204.132The above steps are done on the NODE4 and the last step is changed to 192.168.204.131testing the connectivity of network namespaces between two host hosts　　 [[email protected] ~] # ip netns exec B1 ping 192.168.10.10 64 bytes from 192.168.10.10: icmp_seq=1 ttl=64  time =3.59 ms　　 [[email protected] ~] # ip netns exec A2 ping 192.168.10.1　　 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64  time =6.75 ms　　 在node4宿主机上 ping   node3宿主机上的网络名称空间，在node3宿主机上抓包分析 [[email protected] ~] # tcpdump -nn  -i eth1 10:15:38.768203 IP 10.10.10.1 > 10.10.10.2: GREv0, length 56: STP 802.1d, Config, Flags [none], bridge- id  8000.a2:49:24:81:6e:46.8001, length 35through the above data forwarding, you will find that the data is GRE forwarded [[email protected] ~] # ip netns exec A1 tcpdump -nn  icmp    -i a1.2 10:18:29.352487 IP 192.168.10.10 > 192.168.10.1: ICMP  echo  request,  id  7211,  seq  1, length 64using Vxlan Channel to build a multi-host virtualization network, the Environment centos6.7 topology diagram as followsThe steps are the same as GRE but the last step becomes ovs-vsctl set Interface Vxlan type=vxlan options:remote_ip=192.168.204.131 在node4宿主机上 ping   node3宿主机上的网络名称空间，在node3宿主机上抓包分析 [[email protected] ~] # tcpdump -nn -i eth110:34:12.799191 IP 10.10.10.1.58588 > 10.10.10.2.4789:udp, Lengththrough the above data analysis, we can find that the Vxlan uses the UDP packet data packet to connect the virtual network of two hosts before

The Openvswitch of virtual network