The recently released Fedora 17 comes with improved support for open vswitch. It includes packages for installing open vswitch as well as libvirt support for managing open vswitch under KVM. Open vswitch is an interesting project providing a multilayer software switch that provides enterprise grade virtual switching technology and the emerging and popular openflow protocol for managing networks.
When it comes to virtualization open vswitch is attractive because it provides the ability for a single controller to manage your virtual network across all your servers. It is also very useful in easily allowing for live migration of virtual machines while maintaining network state such as firewall rules, addresses and open network connections for example. This makes it scalable to large virtual networks making it especially valuable in cloud computing which is why companies like openstack and Nicira ( which was recently acquired by vmware ) have decided to support open vswitch.
As of linux kernel 3.3 the open vswitch module has been included in the mainline kernel which speaks to its value. There are two main components to open vswitch; a control plane in userspace for making routing decisions and a data plane for forwarding packets. The kernel module is what is responsible for forwarding packets similar to the linux bridge module.
Virtual networking with KVM hypervisor has traditionally been done using linux bridging which performs well but is not designed for virtual networking and therefore poses some integration and management challenges. These challenges apply not only to KVM but other linux based hypervisors as well. Open vswitch now provides in kernel support for comparable packet forwarding performance as well as allowing for scaling across a large number of servers while providing ease of management through a central controller.
Fedora 17 now provides packages for installing the userspace components of open vswitch. To install open vswitch under Fedora 17 simply type the following command to install open vswitch.
# yum install openvswitch
The open vswitch kernel component is already shipped with Fedora 17 and you can use the following command to confirm that your kernel is configured for supporting open vswitch.
grep OPENVSWITCH /boot/config-`uname -r`
This is usually installed as a loadable module as shown from the snapshot below.
Fedora 17 also comes with a python based GUI tool for monitoring your open vswitch instances called ovsdbmonitor. To install just type the following command.
yum install ovsdbmonitor
Below is a snapshot of the main GUI window when its launched. You can launch by typing ovsdbmonitor at the command line or by Clicking on System Tools -> Open vSwitch DB Monitor. This will bring up the initial window introducing the monitor.
Acknowledge by clicking OK and the main monitor window will be launched as shown below.
I will take a closer look at using this tool in a follow up post.
Fedora 17 provide scripts which make it easy for getting openvswitch up and running. First thing you need to do is run the ovs-ctl start script which loads the required open vswitch kernel module and does some other initial startup routines such as creating your open vswitch database and running daemons.
Two daemon processes are usually started as shown from the ovs-ctl status command below:
Next create a bridge using the open vswitch command line control tool ovs-vsctl with the following command. The name of the bridge in my example is ovsbr0.
ovs-vsctl add-br ovsbr0
You can confirm it's created by issuing the following command.
At this point you can configure your KVM virtual machine to use your new open vswitch bridge. I'm going to show an example using virtual machines that use libvirt for management. The first way is to edit the libvirt xml file describing your virtual machine so that it looks like the following.
<interface type='bridge'> <mac address='52:54:00:71:b1:b6'/> <source bridge='ovsbr0'/> <virtualport type='openvswitch'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
The other way of doing this ( which is my preference ) is using a tool like virt-manager to modify your network settings. There's a hack though to setting your virtualport type to openvswitch if you use the virt-manager method. Edit your virt-manager machine so that your network device has settings like the following in order to set your virtual port type to openvswitch. Make sure and apply your setting so that it's written to your xml configuration file.
Now switch your source device type and specify your shared device to be your open vswitch bridge like shown below and make sure you apply the configuration again.
Your KVM virtual machine is now configured to use your open vswitch bridge. For access to your LAN you'll have to add your physical interface to your open vswitch bridge with a command similar to the following.
ovs-vsctl add-port ovsbr0 eth0
You are now bridged to your LAN and you should have connectivity from your virtual machine to your local network.
Fedora 17 makes it a lot less painful to not only get open vswitch up and running but also integrated with KVM. Another nice feature of Fedora 17 is that you don't have to worry about open vswitch kernel module compatibility with the older linux bridge module for your KVM virtual machines *if* you're using libvirt for managing your virtual machines. This is because the version of libvirt shipped with Fedora 17 has support for open vswitch. Obviously this post is very distro specific but I imagine it will be similar for other recent releases of other linux distros.
Give it a try post any comments or questions you have