VXLAN overlay networks with Open vSwitch.
ฝัง
- เผยแพร่เมื่อ 2 ต.ค. 2024
- VXLAN overlay networks with Open vSwitch.
Twitter: @davidmahler
LinkedIn: / davidmahler
Demonstration of configuring a VXLAN tunnel manually using Open vSwitch. Connecting VMs together through the tunnel, allowing logical separation of tenant traffic from each other and from the physical underlay network. Emulated with mininet (mininet.org)
Links:
Me
/ davidmahler
Intro to Cloud Overlay Networks: • Introduction to Cloud ...
Intro to OpenFlow: • Introduction to OpenFlow
Intro to Open vSwitch: • OpenFlow flow entries ...
Intro to Mininet: • Introduction to Mininet
Open vSwitch
openvswitch.org
Brent Salisbury (Network Static Blog):
networkstatic.n...
Derek Chamorro (The Random Security Guy Blog):
www.therandomse...
IETF Network Virtualization Overlays working group
datatracker.ie...
VXLAN IETF draft:
datatracker.ie...
Commands used:
Build tunnel (from SERVER1 shown):
ovs-vsctl add-port s1 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.2.20 option:key=flow ofport_request=10
Flow entries (from SERVER1 shown)
table=1,tun_id=100,dl_dst=00:00:00:00:00:01,actions=output:1
table=1,tun_id=200,dl_dst=00:00:00:00:00:01,actions=output:2
table=1,tun_id=100,dl_dst=00:00:00:00:00:02,actions=output:10
table=1,tun_id=200,dl_dst=00:00:00:00:00:02,actions=output:10
table=1,tun_id=100,arp,nw_dst=10.0.0.1,actions=output:1
table=1,tun_id=200,arp,nw_dst=10.0.0.1,actions=output:2
table=1,tun_id=100,arp,nw_dst=10.0.0.2,actions=output:10
table=1,tun_id=200,arp,nw_dst=10.0.0.2,actions=output:10
table=1,priority=100,actions=drop
Great work David... able to understand many things within few minutes... I could understand the hard work behind it... God bless you...
+Suriyanath Seralathan Thanks so much for the feedback!
Hello David,
Thanks for another nice video....
Actually I am trying the same topology in real scenario except one VM per host.
My setup details are as below:
2 Linux hosts with Ubuntu 12.04 LTS with Xen hypervisor
OVS 1.9.3 installed in both hosts
Host1:
VM1-10.0.0.1
OVS version 1.9.3
Interface Xenbr0 bridged to eth0 of host1
Xenbr0(pc1)-192.168.1.10
Host2:
VM2-10.0.0.2
OVS version 1.9.3
Interface Xenbr0 bridged to eth0 of host2
Xenbr0(pc2)-192.168.2.20
I have used a Linux PC to act as a router in-between the 2 hosts…
Kindly could you provide me the configuration you used for the vxlan tunneling and the OVS setup..
Any help would be appreciated……
Hi - I have the commands for one side in the video description (might have to hit more). The other side is similar but also seen just after the 8min mark or so....
David Mahler
Hi, Thank you for your reply.
I am actually doing my Thesis in live migration of VM's over WAN using VXLAN approach.
I would need the configuration commands for the bridging interfaces S1,S2 and VTEP to be able to set up my test bed on Linux systems. Also, I have a VM interface named Xenbr0 which I dont understand how to relate to the OVS bridges S1 and S2.
Any help would be greatly appreciated.
Email id: cse414@gmail.com
If I want to make overlay network for more than two VM's, what would be next hop? For two VM, it is clear..next hop just each other. Can you clarify what if I want to make overlay network for 10 VMs?
This video is such a life saver lol. I was in need of a quick and dirty vxlan solution, came back to this because I couldn't remember the syntax for populating flows.
Hey Jon! Hope all is well - eagerly awaiting your next video ;-).
th-cam.com/channels/q38rzWCvF-vAXbFchugzXA.html
Thank you sir, and soon. Very soon!
you use this command "ovs-vsctl add-port s1 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.2.20 option:key=flow ofport_request=10" to add vxlan tunnel on open Vswitch, if i am using kvm switch what should be the command?
Thank,
Hi David, I’d like you to help me with VxLAN configurations on Ubuntu using Linux bridge/openvswitch.
I need to create an overlay network (10.10.10.0/24) on two different subnets (192.168.1.0/24 & 172.16.1.0/24) and the configuration should be permanent.
Also, VMs with IP addresses within the overlay network should be able to access the internet and the underlaying subnets.
Many thanks in advance.
Ibrahim.
Hello David Mahler. I hope my message finds you in good health. Iam a student and I needed some help regarding vxlan tunneling. My scenario is that I have two seperate openstack clouds and I want to establish vxlan tunneling from an instance in one cloud to an instance in another cloud. Thanks alot
Thank you for nice video. I want to connect lxc containers on several computers with vxlan, with dynamically created route to lxc containers. Also I need vxlan link encryption. Please help with it.
Thanks..
I want to setup a topology and set a vxlan tunnel between two different network one on public ip and other have private ip. How can I achieved this? thanks
As an SDN newbie, this has been very helpful. Thank you!
Allan Clarke You're welcome!
Hello +david Mahler,
I tried to implement your topology in mininet, but when I give flows by "sh ovs-ofctl server1 flows.txt" in server1
It given me error message "Invalid Ethernet address", which is destination host mac address.
So, could you please help me with the same.
Hello. Can you provide the exact python script for vxlan.py? :)
Thanks David for awesome video and explation. How is this concept different from VXLAN EVPN?
Thanks for the wonderful explanation , Is it possible to cover the actual emulation of three VM's along with the topology explanation ?
Could you please post the text of your vxlan.py custom topology? I am trying to learn from example with regard to scripting custom topo's
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is almost the same I believe, just need to update IPs
This video is really useful but I don't know what is flow.txt?
This is a great tutorial. Is it possible to achieve this without having to specify MAC or IP addresses in the flows? Is it possible to simply indicate that anything connected on openflow port 1 is on VNI 100 and anything on openflow port 2 is on VNI 200 and then allow MAC learning to proceed as usual as if it were a standard switch? Essentially, if I left out the bottom half of your flows.txt document would it still work? Thanks!
Thanks, I *think* so, I'd have to lab it up.
Can I technically add a port number to the remote_ip while adding the vtep to the switch?
Hi David, I tried the same setup. But I was not able to ping one mininet host from another. Although I could see the packets with vxlan headers from one machine reaching the physical interface of other machine. Not sure what happens post that. How should I debug this?
Could you share the python script for mininet simulation?
Thanks for the explanation
Just a short question.
Once the packet arrive to the other server (the one who has the destination ip address), how is this then forwarded to the Openvswitch,and specifically to the vtep port ? . I mean, there just the information about the IP, What if there are multiple OVS at the remote node .
Thanks again
the VTEP is on an OVS instance. If there are multiple OVS bridges that's fine - they need to be connected together of course to get from the one with the VTEP to another - and forwarding can be normal L2 forwarding or openflow rules on the OVS instances
Thank you for this excellent video! It is really helpful for beginners.
I want to try exact same thing you did. Is it possible for you to post custom topology file - vxlan.py file?
Hi Jong-Hak. Thanks for the comment - please see my reply to Zafar a few months ago.....(probably have to hit "read more" to expand my comment).
Hi David,
Very good video post, thanks. Looking forward for some videos like in SDN, NFV and OVS which will be helpfull for beginers.
Thanks..
OK, thanks!
Thank you for the effort!
I like the videos, all the videos were very helpful. I watched all of your videos in one day, since my experience is mostly in traditional type of networking surprisingly it was very easy to follow, and make sense of how to track packet flow, from one end to another across variety types of typologies. I can not imagine someone understanding all of this without solid foundation to networking.
Wow, all of them in one day? That's awesome, you must be tired of my voice ;-). You're right, most require some networking knowledge.
In this case, can blue 1 communicate red 1?
would the vxlan tunnel support doubletagged vlans or is this just for untagged traffic, as i understand it the payload doesnt matter as long as its layer2.
I don't see why not.
Thanks David for this amazing video. I have one question. If i don't know what IPs are assigned to VMs than how will i configure ARP flows?
docs.openvswitch.org/en/latest/faq/issues/ find your answer here.
How would the config looks like it you add another server (SERVER3 192.168.3.30) and add new tenant VM blue3,red3, plus green3 ?
can the tun_id be automated ?
can all of the flow config be automated ?
what if you move a VM to another server ?
that's if. :)
Hi Ryan check out this post from Brent Salisbury's blog which I reference:
networkstatic.net/setting-overlays-open-vswitch/
Hi David, Thank you so much for your great videos. Would you please share the script codes for this video also? Thanks
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is close
Hey +David Mahler ,
How to connect server1 mininet (vm1) to Router (vm3), and server 2 mininet (vm2) to Router (vm3 )??
During your demo are you using 4 th vm for mininet controller??
sanket raut Hi, I used virtual box and used internal networks to connect the 3 VMs in a line. The 'router' I believe I just had ubuntu with ip forwarding enabled between 2 interfaces (each interface connected to one of the other vms through VB internal network)
+sanket raut Hi Sanket, were you able to create the exact setup in VirtualBox?
Thanks for the amazing video :)
Query: Why does my vxlan bridge break on manually adding the flows.txt?
You're welcome. Sorry I don't know.
Excellent video David! Thanks for taking the time to put this video together and making it available for those new to VXLAN such as myself.
+Kwabena Apprey You're welcome!
Hey David, you have inspired me to setup my on army of mininets (mininenions) :).
Ha, keep an eye on them!
Thanks for another nice video. So you used mininet on two VMs. Can you please guide to some link showing the setup on how can they communication with each other?
Hello Zafar,
Thanks. The VMs just need to be able to reach each other. Then for Mininet (just for the demo) I used a custom topology like below as an example for "server1"
from mininet.net import Mininet
from mininet.node import Controller
from mininet.cli import CLI
from mininet.log import setLogLevel, info
def server1():
"Create an empty network and add nodes to it."
net = Mininet( controller=None )
info( '*** Adding hosts
' )
red1 = net.addHost( 'red1', ip='10.0.0.1', mac='00:00:00:00:00:01')
blue1 = net.addHost( 'blue1', ip='10.0.0.1', mac='00:00:00:00:00:01')
info( '*** Adding switch
' )
s1 = net.addSwitch( 's1' )
info( '*** Creating links
' )
net.addLink( red1, s1 )
net.addLink( blue1, s1 )
info( '*** Starting network
')
net.start()
info( '*** Running CLI
' )
CLI( net )
info( '*** Stopping network' )
net.stop()
if __name__ == '__main__':
setLogLevel( 'info' )
server1()
David Mahler Thanks for your excellent work David! Just realized that TH-cam strips some underscores. I think in the last section
if __name__
...
It should actually say:
if ___name___
...
Cheers!
Now we need another of your great videos on using VxLAN over BGP.
Thanks Glenn. That is something I should look at further, I've done VXLAN in a DC only so far and no BGP.
Thank you for this video, could you please do a tutorial video on Service Function Chaining with ODL and Mininet ?!
Thanks for the comment! You're welcome!
@@DavidMahler Could you approve linkedin invitation? I need your help with OpenvSwitch issue we are facing.
great explanation, I really like how nicely and detailed you introduce the setup, before you start with the actual test. Thanks a lot for the effort!
Thanks for the feedback! ...and for commenting again!!
Hi,
I am new to this.
Can anyone please tell me from where did we infer that red1 got OF port as 1?
You can try ovs-ofctl show to see mappings of OF port numbers to names you might see in "ip a" or "ifconfig". Also ovs-appctl show/fdb can show the mac address table which can help as well.
Thank you. :)
Hi David your videos are great! When are you planning to do some more? :)
Thanks Gabriel! I did just post one a couple of days ago. Introduction to SDN:
th-cam.com/video/DiChnu_PAzA/w-d-xo.html
Thanks for this knowledge!!!
Query: do i need Router VM for this setup?
Hi, thanks for the comment. No, I just had it there to show L2 overlay on a L3 network (crossing the router and still have L2 adjacencies between the VMs)
Hey David, can you please tell how you did 3 VMs setup and connect them ?
It's been a while, but if I recall correctly the 2 VMs acting as compute hosts had internal network ports in Virtual Box (say int1 and int2). The VM in the middle I just had to give in an interface in int1 and int2, set net.ipv4.ip_forward = 1, and set "gateway" IPs as needed on the interfaces - so it then acted like a basic router.
Is it not possible to emulate the above setup using mininet somehow ?
Very nice video. Can you please share the python script for creating network topology?
+Poornima N I looked through my old files try this ... gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 the IPs need to be updated
Thanks a lot David
+David Mahler, how to setup IP address 192.168.1.10 and 192.168.2.20 to switches s1 and s2?
would you pls show the detail of vxlan.py?
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is close, just need to update IPs I believe
seems the mac part is missing.
Fantastic Video, great presentation!
+Brent Salisbury Thanks that means a lot coming from one of if not the best networking blogger out there. Major props for networkstatic.net/
Awesome! Thank you.
ty!
really very useful video!!!
Thanks!!!
nice work Dave :D
Kedar Mendhurwar Thanks Kedar.
Very well done!
+Erez Cohen Thanks!
Great stuff David
katywu1 Thanks!
Great Work !!
Thanks HashTag!
Nice video.
Thank you Huawei
thank you !
You're welcome!
good job
Thanks!
thanks
+iphone apple yw