Primeros pasos con Open vSwitch

Podcast: Descargar (20.0MB)

Lo primero es instalar Open VSwitch

$ sudo apt-get install openvswitch-switch

Ahora procedemos a crear el bridge llamado mibridge

ovs-vsctl add-br mibridge

Ahora añadirmos el puerto eth0 al bridge recien creado

ovs-vsctl add-port mibridge eth0

Con el siguiente4 comando podemos ver los bridges definidos y los interfaces

root@Andromeda:~# ovs-vsctl show
474995f2-4f81-4e85-8aad-7b2312dbf2d2
Bridge «bridge1»
Port «bridge1»
Interface «bridge1»
type: internal
Port «vport1»
Interface «vport1»
Port «vport2»
Interface «vport2»
Port «enp0s25»
Interface «enp0s25»
ovs_version: «2.9.0»

Pero además de añadir interfaces físicos es interesante poder crear interfaces virtuales, ethernet virtuales, que son las llamadas tap. Después es muy importante acordarse de levantar el interfaz y de agregar al bridge si es que hace falta.

ip tuntap add mode tap vport1

ifconfig vport1 up

ovs-vsctl add-port mibridge vport1

Es muy interesante poder ver la tabla de ARP de un switch para poder ver en qué puerto está pinchada una máquina y cosas así, como en un switch normal.

root@Andromeda:~# ovs-appctl fdb/show mibridge
port VLAN MAC Age
3 0 48:2c:a0:6e:31:a4 192
3 0 b0:fc:0d:80:1f:a5 105
3 0 50:dc:e7:c9:62:8e 104
3 0 84:d6:d0:52:6f:9a 93
3 0 6c:ad:f8:95:65:ea 27
3 0 c8:02:10:b3:4c:a1 16
3 0 bc:ee:7b:a4:10:c5 8
3 0 00:90:a9:35:69:b0 7
3 0 d4:ca:6d:29:7d:8b 5
3 0 18:f0:e4:10:9b:f4 2
LOCAL 0 00:21:9b:29:27:89 1
1 0 08:00:27:b5:2d:19 1
3 0 94:6a:b0:9e:51:6b 1

Ahora, si queréis tener estadísticas de vuestro bridge podéis hacerlo con este comando

root@Andromeda:~# ovs-ofctl show mibridge
OFPT_FEATURES_REPLY (xid=0x2): dpid:000000219b292789
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(vport1): addr:6e:43:46:0e:a1:29
config: 0
state: 0
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
2(vport2): addr:4e:71:3b:6a:4f:f8
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
3(enp0s25): addr:00:21:9b:29:27:89
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
LOCAL(bridge1): addr:00:21:9b:29:27:89
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

Si lo que queréis son los contadores de paquetes

root@Andromeda:~# ovs-ofctl dump-flows bridge1
cookie=0x0, duration=3210.761s, table=0, n_packets=102142, n_bytes=169953833, priority=0 actions=NORMAL

Y otras opciones, ya mucho más completas por interfaces o por puertos

ovs-vsctl: unknown table «Interfaces»
root@Andromeda:~# ovs-vsctl list Interface
_uuid : 243ce6dc-6b25-4b40-aa27-61659344b9ad
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : full
error : []
external_ids : {}
ifindex : 9
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 0
link_speed : 10000000
link_state : down
lldp : {}
mac : []
mac_in_use : «4e:71:3b:6a:4f:f8»
mtu : 1500
mtu_request : []
name : «vport2″
ofport : 2
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=0, tx_dropped=0, tx_errors=0, tx_packets=0}
status : {driver_name=tun, driver_version=»1.6″, firmware_version=»»}
type : «»

_uuid : bd68148c-2596-4e00-8f20-4f7f76bdb56f
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : []
error : []
external_ids : {}
ifindex : 7
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 1
link_speed : []
link_state : up
lldp : {}
mac : []
mac_in_use : «00:21:9b:29:27:89»
mtu : 1500
mtu_request : []
name : «bridge1»
ofport : 65534
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=163684665, rx_crc_err=0, rx_dropped=1000, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=65116, tx_bytes=5036937, tx_dropped=0, tx_errors=0, tx_packets=34408}
status : {driver_name=openvswitch}
type : internal

_uuid : 955db9a1-4e58-4f32-af10-341e36759659
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : full
error : []
external_ids : {}
ifindex : 2
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 4
link_speed : 1000000000
link_state : up
lldp : {}
mac : []
mac_in_use : «00:21:9b:29:27:89»
mtu : 1500
mtu_request : []
name : «enp0s25″
ofport : 3
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=228252521, rx_crc_err=0, rx_dropped=30, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=202028, tx_bytes=7966009, tx_dropped=0, tx_errors=0, tx_packets=54941}
status : {driver_name=»e1000e», driver_version=»3.2.6-k», firmware_version=»1.8-5″}
type : «»

_uuid : c218f106-7568-43f9-94f9-afa2966be51d
admin_state : up
bfd : {}
bfd_status : {}
cfm_fault : []
cfm_fault_status : []
cfm_flap_count : []
cfm_health : []
cfm_mpid : []
cfm_remote_mpids : []
cfm_remote_opstate : []
duplex : full
error : []
external_ids : {}
ifindex : 8
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current : []
link_resets : 1
link_speed : 10000000
link_state : up
lldp : {}
mac : []
mac_in_use : «6e:43:46:0e:a1:29»
mtu : 1500
mtu_request : []
name : «vport1″
ofport : 1
ofport_request : []
options : {}
other_config : {}
statistics : {collisions=0, rx_bytes=0, rx_crc_err=0, rx_dropped=998, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=0, tx_bytes=0, tx_dropped=8504, tx_errors=0, tx_packets=0}
status : {driver_name=tun, driver_version=»1.6″, firmware_version=»»}
type : «»

 

root@Andromeda:~# ovs-vsctl list Ports
ovs-vsctl: unknown table «Ports»
root@Andromeda:~# ovs-vsctl list Port
_uuid : 684948f8-b3f0-42c7-87a5-47c3db0d6e85
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
cvlans : []
external_ids : {}
fake_bridge : false
interfaces : [243ce6dc-6b25-4b40-aa27-61659344b9ad]
lacp : []
mac : []
name : «vport2»
other_config : {}
protected : false
qos : []
rstp_statistics : {}
rstp_status : {}
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []

_uuid : 6d612854-c1cd-4626-8f6c-ce21ebc06b50
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
cvlans : []
external_ids : {}
fake_bridge : false
interfaces : [955db9a1-4e58-4f32-af10-341e36759659]
lacp : []
mac : []
name : «enp0s25»
other_config : {}
protected : false
qos : []
rstp_statistics : {}
rstp_status : {}
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []

_uuid : 3260eede-11cd-465b-b584-6526b36fa230
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
cvlans : []
external_ids : {}
fake_bridge : false
interfaces : [c218f106-7568-43f9-94f9-afa2966be51d]
lacp : []
mac : []
name : «vport1»
other_config : {}
protected : false
qos : []
rstp_statistics : {}
rstp_status : {}
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []

_uuid : 1ba138e3-3b7f-4cff-be0e-37bdd7ccbd89
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
cvlans : []
external_ids : {}
fake_bridge : false
interfaces : [bd68148c-2596-4e00-8f20-4f7f76bdb56f]
lacp : []
mac : []
name : «bridge1»
other_config : {}
protected : false
qos : []
rstp_statistics : {}
rstp_status : {}
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []