Openv switchの使い方とか

1

Open vSwitchの使い方とか

2

自己紹介
• 菊田宏(きくたこう)
• 某社研究開発職
• Twitter : @kotto_hihihi
→ほぼROM
• Open vSwitchを触り始めたキッカケ
→OpenFlowスイッチを探していたら見つけた

3

今日話すこと
• Open vSwitchの概要
• Open vSwitchの基本的な使い方
▫ 各コンポーネントの関係性
• Open vSwitchのデータ構造

4

Open vSwitchとは
• OSSの仮想スイッチ
• Linux標準のbridgeと互換性あり
• 開発者の大半はNicira社の人
• ハードにポーティングすることを意識している

5

Open vSwitchで何ができる？
• 転送機能：Bridge, VLAN, STP, LACP, GRE, GRE over IPsec,
CAPWAP
• 管理機能：NetFlow, sFlow
• 制御機能：OpenFlow1.0, 1.1, 1.2

6

Open vSwitchの歴史？
• 2010/03/15 v1.0.0リリース
▫ OpenFlow1.0.0に対応
▫ GRE対応
→1.0.1まで
• 2011/04/05 v1.1.0リリース
▫ QoS対応
▫ Bonding対応
▫ OpenFlowのベンダ拡張(NXM)対応
→1.1.2まで
• 2011/08/03 v1.2.0リリース
▫ とても性能が良くなったらしい
→1.2.2まで
• 2011/12/09 v1.3.0リリース
▫ FlowTableが255個に(OpenFlow1.1.0の機能が使える？)
▫ STPに対応
▫ NXM機能拡張
• 2012/01/30 v1.4.0リリース
▫ NXM機能拡張

• ※0.9以前のドキュメントが見つけることができませんでした…

7

Open vSwitchインストール
前提：Ubuntu 10.04 server amd64
• パッケージインストール
いろんなところでSSL対応したい場合はlibsslを入れる
# apt-get install make pkg-config gcc autoconf libtool

• Open vSwitchのインストール
# wget http://openvswitch.org/releases/openvswitch-1.4.0.tar.gz
# tar zxvf openvswitch-1.4.0.tar.gz
# cd openvswitch-1.4.0
# ./boot.sh
# ./configure --with-linux=/lib/modules/`uname -r`/build
# make
# make install
# insmod datapath/linux/openvswitch_mod.ko

• ovsdbの作成
# mkdir -p /usr/local/etc/openvswitch
# ovsdb-tool create /usr/local/etc/openvswitch/conf.db ¥
vswitchd/vswitch.ovsschema

8

Open vSwitch起動
• ovsdb-server起動
SSL対応したい場合はlibsslを入れる
# ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock ¥
--remote=db:Open_vSwitch,manager_options ¥
--pidfile --detach

• vswitchdの起動
# ovs-vsctl --no-wait init
# ovs-vswitchd --pidfile --detach

9

基本的な使い方
• Bridge作成
# ovs-vsctl add-br br0
# ovs-vsctl add-port br0 eth1
# ovs-vsctl add-port br0 eth2

• 設定の確認
# ovs-vsctl list-br
br0
# ovs-vsctl list-ports br0
eth1
br0
eth2
eth1 eth2

10.0.0.1/24 10.0.0.2/24

10

Open vSwitch設定の流れ
① ovs-vsctlコマンドがovsdb-serverに設定情報を送信する
② ovsdb-serverがovs-vswitchdに設定情報を送信する
③ ovs-vswitchdがopenvswitch_modを設定する
④ ovs-vswitchdがovsdb-serverに設定結果を送信する
⑤ ovsdb-serverがovsdbに設定情報、設定結果を登録する
→設定情報は①と②の間に書き込んでいるかもしれない
⑥ ovsdb-serverがovs-vsctlコマンドに設定結果を送信する
設定情報はovsdbで持つ。
ovsdbの実態はovsdb-toolで
ovs-vsctl 作成したconf.dbファイル。
① ⑥
JSON-RPC
②
ovs-vswitchd ovsdb-server ⑤ ovsdb
④
③

openvswitch_mod

11

少し脱線
設定済みのovsdbファイルをコピーすると同じ環境が作れる

ovsdbファイルをコピー

ovsdb-server,
ovsdb ovsdb ovsdb ovsdb ovs-vswitchdを起動

ovsdb-server ovsdb-server ovsdb-server ovsdb-server
コピー元と
ovs-vswitchd ovs-vswitchd ovs-vswitchd ovs-vswitchd 同じ環境になる

br0 br0 br0 br0

eth1 eth2 eth1 eth2 eth1 eth2 eth1 eth2

12

もう少しだけ脱線
ovs-vswitchdとovsdb-server間をTCP/IP or SSLで接続して、複数のOpen
vSwitchホストをovsdb専用ホストで集中管理することもできる

ovsdb ovsdb ovsdb ovsdb ovsdb

専用ホスト ovsdb-server ovsdb-server ovsdb-server ovsdb-server

ovs-vswitchd ovs-vswitchd ovs-vswitchd ovs-vswitchd

Open vSwitch br0 br0 br0 br0
ホスト群
eth1 eth2 eth1 eth2 eth1 eth2 eth1 eth2

13

libvirtとの連携
brctlコマンドを使うことができればよい
• bridge-utilsをインストールする
# apt-get install bridge-utils
• ovs-brcompatdを起動する
# cd openvswitch-1.4.0
# insmod openvswitch-1.4.0/datapath/linux/brcompat_mod.ko
# ovs-brcompatd --pidfile --detach

• brctlコマンドが使えるようになる
# brctl addbr br1
# brctl addif br1 eth1
# brctl addif br1 eth2

• brctlコマンドで設定した結果がovs-vsctlコマンドで確認できる
# ovs-vsctl list-br
br1
# ovs-vsctl list-ports br1
eth1
eth2

14

brctlコマンド利用時の設定の流れ
① brctlコマンドがbrcompat_modを設定する
② brcompat_modがovs-brcompatdに設定情報を通知する
③ ovs-brcompatdがovs-vsctlコマンドを実行する
④ 以降、ovs-vsctlコマンド利用時と同じ

brctl ovs-vsctl
③ ④ ⑨
①
JSON-RPC
⑤
ovs-brcompatd ovs-vswitchd ovsdb-server ⑧ ovsdb
⑦
② ⑥

brcompat_mod openvswitch_mod

15

OpenFlowスイッチとして使う
• 最初からOpenFlowのフローエントリベースで動作している
#ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=2058.998s, table=0, n_packets=183, n_bytes=29257, priority=0 actions=NORMAL

• フローエントリを削除すると通信できなくなる
#ovs-ofctl del-flows br0
#ovs-ofctl dump-flows br0

16

OpenFlowスイッチとして使う
• ovs-ofctlコマンドでフローエントリが書ける
# ovs-ofctl add-flow br0 ¥
in_port=1,dl_type=0x0800,nw_src=10.0.0.1,nw_dst=10.0.0.2,actions=output:2
# ovs-ofctl add-flow br0 ¥
in_port=2,dl_type=0x0800,nw_src=10.0.0.2,nw_dst=10.0.0.1,actions=output:1
→フィルタリングにも使える

• フローエントリを書くときに使えるfield
in_port, dl_vlan, dl_vlan_pcp, dl_src, dl_dst, dl_type, nw_src, nw_dst, nw_proto, nw_tos,
nw_ecn, nw_ttl, tp_src, tp_dst, icmp_type, icmp_code, table, vlan_tci, ip_frag, arp_sha,
arp_tha, ipv6_src, ipv6_dst, ipv6_label, nd_target, nd_sll, nd_tll, tun_id, regX

→OpenFlow 1.1, 1.2に9割対応しているらしい

17

ovs-ofctlでフローエントリ設定の流れ
① ovs-ofctlコマンドがovs-vswitchdに設定情報を送信する
② ovs-vswitchdがopenvswitch_modを設定する

brctl ovs-ofctl ovs-vsctl
①
JSON-RPC

ovs-brcompatd ovs-vswitchd ovsdb-server ovsdb
②

brcompat_mod openvswitch_mod

18

コントローラから制御する
• OpenFlowコントローラと接続する
# ovs-vsctl set-controller br0 tcp:172.0.0.10:6633

• OpenFlowコントローラが設定されるとL2SWとして動作するための
フローエントリが消える
# ovs-ofctl dump-flows br0

→以降、コントローラの制御で動作する。

コントローラ

ovs-vswitchd

br0

eth1 eth2

19

Open vSwitchのデータ構造
ovsdb-clientを使ってovsdbのデータ構造を見る

どんなDBがあるか？どんなtableがあるか？
# ovsdb-client list-dbs # ovsdb-client list-tables Open_vSwitch
Open_vSwitch Table
------------
Capability
SSL
Bridge
Controller
NetFlow
Port
Mirror
Queue
QoS
Interface
Open_vSwitch
sFlow
Manager

20

各tableのcolumnと設定可能な値の定義
# ovsdb-client list-columns Open_vSwitch Bridge
Column Type
------------- ------------------------------------------------------------------------------
status {"key":"string","max":"unlimited","min":0,"value":"string"}
fail_mode {"key":{"enum":["set",["secure","standalone"]],"type":"string"},"min":0}
other_config {"key":"string","max":"unlimited","min":0,"value":"string"}
_version "uuid"
name "string"
datapath_type "string"
netflow {"key":{"refTable":"NetFlow","type":"uuid"},"min":0}
ports {"key":{"refTable":"Port","type":"uuid"},"max":"unlimited","min":0}
external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}
flood_vlans {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}
_uuid "uuid"
controller {"key":{"refTable":"Controller","type":"uuid"},"max":"unlimited","min":0}
datapath_id {"key":"string","min":0}
stp_enable "boolean"
mirrors {"key":{"refTable":"Mirror","type":"uuid"},"max":"unlimited","min":0}
sflow {"key":{"refTable":"sFlow","type":"uuid"},"min":0}

21

Open_vSwitch
1 1 1 1

0,* 0,* 0,1 0,*

Manager Capability SSL Bridge
1 1 1 1
1

0,1 0,* 0,* 0,1

NetFlow Mirror Controller sFlow
1
0,* 0,*

Port
1 1 0,1
*
QoS
Interface 1
0,*

Queue

22

実際の設定はどうなっているか
ovs-vsctlコマンドで確認
# ovs-vsctl list bridge
_uuid : 333ad8b8-7486-40ab-9d29-5051144734c2
controller : [311d4af1-6d48-4b75-85ed-17e67a94cfb0]
datapath_id : "000000151769d908"
datapath_type : ""
external_ids : {}
fail_mode : []
flood_vlans : []
mirrors : []
name : "br0"
netflow : []
other_config : {}
ports : [65f57564-d408-42ac-84f7-7c6a4b433a5e, 86ecd3a9-7776-4567-83a3-ae19b9e4b46e,
f490bdfa-8424-475a-9949-d10e2d3b8820]
sflow : []
status : {}
stp_enable : false

23

ovsdbに直接設定
ovs-vsctlコマンドでfail_modeにsecureを設定してみる
# ovs-vsctl set Bridge br0 fail_mode=secure

# ovs-vsctl list Bridge
_uuid : 333ad8b8-7486-40ab-9d29-5051144734c2
controller : [34d55998-475b-47d4-aa72-a37cfa6d294a]
datapath_id : "000000151769d908"
datapath_type : ""
external_ids : {}
fail_mode : secure
flood_vlans : []
mirrors : []
name : "br0"
netflow : []
other_config : {}
ports : [65f57564-d408-42ac-84f7-7c6a4b433a5e, 86ecd3a9-7776-4567-83a3-ae19b9e4b46e,
f490bdfa-8424-475a-9949-d10e2d3b8820]
sflow : []
status : {}
stp_enable : false

24

まとめ
• Open vSwitchの基本的な使い方を紹介
• Open vSwitchを構成するコンポーネントの関係性を紹介
• Open vSwitchのデータ構造を紹介

25

(参考)Open_vSwitchテーブル構造
# ovsdb-client list-columns Open_vSwitch Open_vSwitch
Column Type
--------------- ------------------------------------------------------------------------------------------
_uuid "uuid"
system_type {"key":"string","min":0}
capabilities {"key":"string","max":"unlimited","min":0,"value":{"refTable":"Capability","type":"uuid"}}
system_version {"key":"string","min":0}
_version "uuid"
manager_options {"key":{"refTable":"Manager","type":"uuid"},"max":"unlimited","min":0}
statistics {"key":"string","max":"unlimited","min":0,"value":"string"}
cur_cfg "integer"
ssl {"key":{"refTable":"SSL","type":"uuid"},"min":0}
ovs_version {"key":"string","min":0}
next_cfg "integer"
db_version {"key":"string","min":0}
bridges {"key":{"refTable":"Bridge","type":"uuid"},"max":"unlimited","min":0}

26

(参考)Bridgeテーブル構造
# ovsdb-client list-columns Open_vSwitch Bridge
Column Type
------------- ------------------------------------------------------------------------------
fail_mode {"key":{"enum":["set",["secure","standalone"]],"type":"string"},"min":0}
_version "uuid"
name "string"
datapath_type "string"
netflow {"key":{"refTable":"NetFlow","type":"uuid"},"min":0}
ports {"key":{"refTable":"Port","type":"uuid"},"max":"unlimited","min":0}
flood_vlans {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}
_uuid "uuid"
controller {"key":{"refTable":"Controller","type":"uuid"},"max":"unlimited","min":0}
datapath_id {"key":"string","min":0}
stp_enable "boolean"
mirrors {"key":{"refTable":"Mirror","type":"uuid"},"max":"unlimited","min":0}
sflow {"key":{"refTable":"sFlow","type":"uuid"},"min":0}

27

(参考)Portテーブル構造
# ovsdb-client list-columns Open_vSwitch Port
Column Type
--------------- -------------------------------------------------------------------------------------------------------
bond_fake_iface "boolean"
bond_mode {"key":{"enum":["set",["active-backup","balance-slb","balance-tcp","stable"]],"type":"string"},"min":0}
_version "uuid"
interfaces {"key":{"refTable":"Interface","type":"uuid"},"max":"unlimited"}
name "string"
bond_updelay "integer"
vlan_mode {"key":{"enum":["set",["access","native-tagged","native-untagged","trunk"]],"type":"string"},"min":0}
lacp {"key":{"enum":["set",["active","off","passive"]],"type":"string"},"min":0}
mac {"key":"string","min":0}
_uuid "uuid"
trunks {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}
statistics {"key":"string","max":"unlimited","min":0,"value":"integer"}
fake_bridge "boolean"
tag {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"min":0}
bond_downdelay "integer"
qos {"key":{"refTable":"QoS","type":"uuid"},"min":0}

28

(参考)Interfaceテーブル構造
# ovsdb-client list-columns Open_vSwitch Interface
Column Type
---------------------- ----------------------------------------------------------------
link_resets {"key":"integer","min":0}
link_speed {"key":"integer","min":0}
duplex {"key":{"enum":["set",["full","half"]],"type":"string"},"min":0}
admin_state {"key":{"enum":["set",["down","up"]],"type":"string"},"min":0}
ofport {"key":"integer","min":0}
_version "uuid"
name "string"
link_state {"key":{"enum":["set",["down","up"]],"type":"string"},"min":0}
type "string"
mtu {"key":"integer","min":0}
mac {"key":"string","min":0}
cfm_mpid {"key":"integer","min":0}
cfm_fault {"key":"boolean","min":0}
_uuid "uuid"
options {"key":"string","max":"unlimited","min":0,"value":"string"}
ingress_policing_rate {"key":{"minInteger":0,"type":"integer"}}
cfm_remote_mpids {"key":"integer","max":"unlimited","min":0}
ingress_policing_burst {"key":{"minInteger":0,"type":"integer"}}
lacp_current {"key":"boolean","min":0}

29

(参考)QoSテーブル構造
# ovsdb-client list-columns Open_vSwitch QoS
Column Type
------------ ---------------------------------------------------------------------------------------------------------------
-----------------------
queues
{"key":{"maxInteger":4294967295,"minInteger":0,"type":"integer"},"max":"unlimited","min":0,"value":{
"refTable":"Queue","type":"uuid"}}
_uuid "uuid"
type "string"
_version "uuid"

30

(参考)Queueテーブル構造
# ovsdb-client list-columns Open_vSwitch Queue
Column Type
------------ -----------------------------------------------------------------
_uuid "uuid"
dscp {"key":{"maxInteger":63,"minInteger":0,"type":"integer"},"min":0}
_version "uuid"

31

(参考)Controllerテーブル構造
# ovsdb-client list-columns Open_vSwitch Controller
Column Type
---------------------- ---------------------------------------------------------------------------
_uuid "uuid"
local_netmask {"key":"string","min":0}
_version "uuid"
is_connected "boolean"
controller_burst_limit {"key":{"minInteger":25,"type":"integer"},"min":0}
max_backoff {"key":{"minInteger":1000,"type":"integer"},"min":0}
controller_rate_limit {"key":{"minInteger":100,"type":"integer"},"min":0}
local_ip {"key":"string","min":0}
local_gateway {"key":"string","min":0}
connection_mode {"key":{"enum":["set",["in-band","out-of-band"]],"type":"string"},"min":0}
inactivity_probe {"key":"integer","min":0}
target "string"
role {"key":{"enum":["set",["master","other","slave"]],"type":"string"},"min":0}

32

(参考)Managerテーブル構造
# ovsdb-client list-columns Open_vSwitch Manager
Column Type
---------------- --------------------------------------------------------------------------
_uuid "uuid"
max_backoff {"key":{"minInteger":1000,"type":"integer"},"min":0}
_version "uuid"
is_connected "boolean"
connection_mode {"key":{"enum":["set",["in-band","out-of-band"]],"type":"string"},"min":0}
inactivity_probe {"key":"integer","min":0}
target "string"

33

(参考)Capabilityテーブル構造
# ovsdb-client list-columns Open_vSwitch Capability
Column Type
-------- -----------------------------------------------------------
_uuid "uuid"
details {"key":"string","max":"unlimited","min":0,"value":"string"}
_version "uuid"

34

(参考)SSLテーブル構造
# ovsdb-client list-columns Open_vSwitch SSL
Column Type
----------------- -----------------------------------------------------------
certificate "string"
_uuid "uuid"
private_key "string"
ca_cert "string"
bootstrap_ca_cert "boolean"
_version "uuid"

35

(参考)Mirrorテーブル構造
# ovsdb-client list-columns Open_vSwitch Mirror
Column Type
--------------- ------------------------------------------------------------------------------------
_uuid "uuid"
select_vlan {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}
select_src_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"max":"unlimited","min":0}
_version "uuid"
select_all "boolean"
name "string"
select_dst_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"max":"unlimited","min":0}
output_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"min":0}
output_vlan {"key":{"maxInteger":4095,"minInteger":1,"type":"integer"},"min":0}

36

(参考)NetFlowテーブル構造
# ovsdb-client list-columns Open_vSwitch NetFlow
Column Type
------------------- ------------------------------------------------------------------
_uuid "uuid"
targets {"key":"string","max":"unlimited"}
add_id_to_interface "boolean"
_version "uuid"
active_timeout {"key":{"minInteger":-1,"type":"integer"}}
engine_id {"key":{"maxInteger":255,"minInteger":0,"type":"integer"},"min":0}
engine_type {"key":{"maxInteger":255,"minInteger":0,"type":"integer"},"min":0}

37

(参考)sFlowテーブル構造
# ovsdb-client list-columns Open_vSwitch sFlow
Column Type
------------ -----------------------------------------------------------
_uuid "uuid"
targets {"key":"string","max":"unlimited"}
agent {"key":"string","min":0}
header {"key":"integer","min":0}
_version "uuid"
sampling {"key":"integer","min":0}
polling {"key":"integer","min":0}

Openv switchの使い方とか

More Related Content

Openv switchの使い方とか