1 How to Install Open vSwitch on Linux, FreeBSD and NetBSD
2 ========================================================
4 This document describes how to build and install Open vSwitch on a
5 generic Linux, FreeBSD, or NetBSD host. For specifics around installation
6 on a specific platform, please see one of these files:
18 To compile the userspace programs in the Open vSwitch distribution,
19 you will need the following software:
23 - A C compiler, such as:
27 * Clang. Clang 3.4 and later provide useful static semantic
28 analysis and thread-safety checks. For Ubuntu, there are
29 nightly built packages available on clang's website.
31 - libssl, from OpenSSL, is optional but recommended if you plan to
32 connect the Open vSwitch to an OpenFlow controller. libssl is
33 required to establish confidentiality and authenticity in the
34 connections from an Open vSwitch to an OpenFlow controller. If
35 libssl is installed, then Open vSwitch will automatically build
38 - Python 2.x, for x >= 4.
40 On Linux, you may choose to compile the kernel module that comes with
41 the Open vSwitch distribution or to use the kernel module built into
42 the Linux kernel (version 3.3 or later). See the FAQ question "What
43 features are not available in the Open vSwitch kernel datapath that
44 ships as part of the upstream Linux kernel?" for more information on
45 this trade-off. You may also use the userspace-only implementation,
46 at some cost in features and performance (see INSTALL.userspace for
47 details). To compile the kernel module on Linux, you must also
48 install the following:
50 - A supported Linux kernel version. Please refer to README for a
51 list of supported versions.
53 The Open vSwitch datapath requires bridging support
54 (CONFIG_BRIDGE) to be built as a kernel module. (This is common
55 in kernels provided by Linux distributions.) The bridge module
56 must not be loaded or in use. If the bridge module is running
57 (check with "lsmod | grep bridge"), you must remove it ("rmmod
58 bridge") before starting the datapath.
60 For optional support of ingress policing, you must enable kernel
61 configuration options NET_CLS_BASIC, NET_SCH_INGRESS, and
62 NET_ACT_POLICE, either built-in or as modules. (NET_CLS_POLICE is
63 obsolete and not needed.)
65 To use GRE tunneling on Linux 2.6.37 or newer, kernel support
66 for GRE must be compiled in or available as a module
67 (CONFIG_NET_IPGRE_DEMUX).
69 To configure HTB or HFSC quality of service with Open vSwitch,
70 you must enable the respective configuration options.
72 To use Open vSwitch support for TAP devices, you must enable
75 - To build a kernel module, you need the same version of GCC that
76 was used to build that kernel.
78 - A kernel build directory corresponding to the Linux kernel image
79 the module is to run on. Under Debian and Ubuntu, for example,
80 each linux-image package containing a kernel binary has a
81 corresponding linux-headers package with the required build
84 If you are working from a Git tree or snapshot (instead of from a
85 distribution tarball), or if you modify the Open vSwitch build system
86 or the database schema, you will also need the following software:
88 - Autoconf version 2.64 or later.
90 - Automake version 1.10 or later.
92 - libtool version 2.4 or later. (Older versions might work too.)
94 To run the unit tests, you also need:
96 - Perl. Version 5.10.1 is known to work. Earlier versions should
99 The ovs-vswitchd.conf.db(5) manpage will include an E-R diagram, in
100 formats other than plain text, only if you have the following:
102 - "dot" from graphviz (http://www.graphviz.org/).
104 - Perl. Version 5.10.1 is known to work. Earlier versions should
107 - Python 2.x, for x >= 4.
109 If you are going to extensively modify Open vSwitch, please consider
110 installing the following to obtain better warnings:
112 - "sparse" version 0.4.4 or later
113 (http://www.kernel.org/pub/software/devel/sparse/dist/).
117 - clang, version 3.4 or later
119 Also, you may find the ovs-dev script found in utilities/ovs-dev.py useful.
121 Installation Requirements
122 -------------------------
124 The machine on which Open vSwitch is to be installed must have the
127 - libc compatible with the libc used for build.
129 - libssl compatible with the libssl used for build, if OpenSSL was
132 - On Linux, the same kernel version configured as part of the build.
134 - For optional support of ingress policing on Linux, the "tc" program
135 from iproute2 (part of all major distributions and available at
136 http://www.linux-foundation.org/en/Net:Iproute2).
138 On Linux you should ensure that /dev/urandom exists. To support TAP
139 devices, you must also ensure that /dev/net/tun exists.
141 Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD
142 =================================================================
144 Once you have installed all the prerequisites listed above in the Base
145 Prerequisites section, follow the procedure below to build.
147 1. If you pulled the sources directly from an Open vSwitch Git tree,
148 run boot.sh in the top source directory:
152 2. In the top source directory, configure the package by running the
153 configure script. You can usually invoke configure without any
158 By default all files are installed under /usr/local. If you want
159 to install into, e.g., /usr and /var instead of /usr/local and
160 /usr/local/var, add options as shown here:
162 % ./configure --prefix=/usr --localstatedir=/var
164 To use a specific C compiler for compiling Open vSwitch user
165 programs, also specify it on the configure command line, like so:
167 % ./configure CC=gcc-4.2
169 To use 'clang' compiler:
171 % ./configure CC=clang
173 To build the Linux kernel module, so that you can run the
174 kernel-based switch, pass the location of the kernel build
175 directory on --with-linux. For example, to build for a running
178 % ./configure --with-linux=/lib/modules/`uname -r`/build
180 If --with-linux requests building for an unsupported version of
181 Linux, then "configure" will fail with an error message. Please
182 refer to the FAQ for advice in that case.
184 If you wish to build the kernel module for an architecture other
185 than the architecture of the machine used for the build, you may
186 specify the kernel architecture string using the KARCH variable
187 when invoking the configure script. For example, to build for MIPS
190 % ./configure --with-linux=/path/to/linux KARCH=mips
192 If you plan to do much Open vSwitch development, you might want to
193 add --enable-Werror, which adds the -Werror option to the compiler
194 command line, turning warnings into errors. That makes it
195 impossible to miss warnings generated by the build.
197 To build with gcov code coverage support, add --enable-coverage,
200 % ./configure --enable-coverage
202 The configure script accepts a number of other options and honors
203 additional environment variables. For a full list, invoke
204 configure with the --help option.
206 3. Run GNU make in the top source directory, e.g.:
210 or if GNU make is installed as "gmake":
214 For improved warnings if you installed "sparse" (see
215 "Prerequisites"), add C=1 to the command line.
217 4. Consider running the testsuite. Refer to "Running the Testsuite"
218 below, for instructions.
220 5. Become root by running "su" or another program.
222 6. Run "make install" to install the executables and manpages into the
223 running system, by default under /usr/local.
225 7. If you built kernel modules, you may install and load them, e.g.:
227 % make modules_install
228 % /sbin/modprobe openvswitch
230 To verify that the modules have been loaded, run "/sbin/lsmod" and
231 check that openvswitch is listed.
233 If the "modprobe" operation fails, look at the last few kernel log
234 messages (e.g. with "dmesg | tail"):
236 - The message "openvswitch: exports duplicate symbol
237 br_should_route_hook (owned by bridge)" means that the bridge
238 module is loaded. Run "/sbin/rmmod bridge" to remove it.
240 If "/sbin/rmmod bridge" fails with "ERROR: Module bridge does
241 not exist in /proc/modules", then the bridge is compiled into
242 the kernel, rather than as a module. Open vSwitch does not
243 support this configuration (see "Build Requirements", above).
245 - The message "openvswitch: exports duplicate symbol
246 dp_ioctl_hook (owned by ofdatapath)" means that the ofdatapath
247 module from the OpenFlow reference implementation is loaded.
248 Run "/sbin/rmmod ofdatapath" to remove it. (You might have to
249 delete any existing datapaths beforehand, using the "dpctl"
250 program included with the OpenFlow reference implementation.
251 "ovs-dpctl" will not work.)
253 - Otherwise, the most likely problem is that Open vSwitch was
254 built for a kernel different from the one into which you are
255 trying to load it. Run "modinfo" on openvswitch.ko and on
256 a module built for the running kernel, e.g.:
258 % /sbin/modinfo openvswitch.ko
259 % /sbin/modinfo /lib/modules/`uname -r`/kernel/net/bridge/bridge.ko
261 Compare the "vermagic" lines output by the two commands. If
262 they differ, then Open vSwitch was built for the wrong kernel.
264 - If you decide to report a bug or ask a question related to
265 module loading, please include the output from the "dmesg" and
266 "modinfo" commands mentioned above.
268 There is an optional module parameter to openvswitch.ko called
269 vlan_tso that enables TCP segmentation offload over VLANs on NICs
270 that support it. Many drivers do not expose support for TSO on VLANs
271 in a way that Open vSwitch can use but there is no way to detect
272 whether this is the case. If you know that your particular driver can
273 handle it (for example by testing sending large TCP packets over VLANs)
274 then passing in a value of 1 may improve performance. Modules built for
275 Linux kernels 2.6.37 and later, as well as specially patched versions
276 of earlier kernels, do not need this and do not have this parameter. If
277 you do not understand what this means or do not know if your driver
278 will work, do not set this.
280 8. Initialize the configuration database using ovsdb-tool, e.g.:
282 % mkdir -p /usr/local/etc/openvswitch
283 % ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
288 Before starting ovs-vswitchd itself, you need to start its
289 configuration database, ovsdb-server. Each machine on which Open
290 vSwitch is installed should run its own copy of ovsdb-server.
291 Configure it to use the database you created during installation (as
292 explained above), to listen on a Unix domain socket, to connect to any
293 managers specified in the database itself, and to use the SSL
294 configuration in the database:
296 % ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
297 --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
298 --private-key=db:Open_vSwitch,SSL,private_key \
299 --certificate=db:Open_vSwitch,SSL,certificate \
300 --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
303 (If you built Open vSwitch without SSL support, then omit
304 --private-key, --certificate, and --bootstrap-ca-cert.)
306 Then initialize the database using ovs-vsctl. This is only
307 necessary the first time after you create the database with
308 ovsdb-tool (but running it at any time is harmless):
310 % ovs-vsctl --no-wait init
312 Then start the main Open vSwitch daemon, telling it to connect to the
313 same Unix domain socket:
315 % ovs-vswitchd --pidfile --detach
317 Now you may use ovs-vsctl to set up bridges and other Open vSwitch
318 features. For example, to create a bridge named br0 and add ports
319 eth0 and vif1.0 to it:
321 % ovs-vsctl add-br br0
322 % ovs-vsctl add-port br0 eth0
323 % ovs-vsctl add-port br0 vif1.0
325 Please refer to ovs-vsctl(8) for more details.
330 When you upgrade Open vSwitch from one version to another, you should
331 also upgrade the database schema:
333 1. Stop the Open vSwitch daemons, e.g.:
335 % kill `cd /usr/local/var/run/openvswitch && cat ovsdb-server.pid ovs-vswitchd.pid`
337 2. Install the new Open vSwitch release.
339 3. Upgrade the database, in one of the following two ways:
341 - If there is no important data in your database, then you may
342 delete the database file and recreate it with ovsdb-tool,
343 following the instructions under "Building and Installing Open
344 vSwitch for Linux, FreeBSD or NetBSD".
346 - If you want to preserve the contents of your database, back it
347 up first, then use "ovsdb-tool convert" to upgrade it, e.g.:
349 % ovsdb-tool convert /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
351 4. Start the Open vSwitch daemons as described under "Building and
352 Installing Open vSwitch for Linux, FreeBSD or NetBSD" above.
356 Upgrading Open vSwitch from one version to the next version with minimum
357 disruption of traffic going through the system that is using that Open vSwitch
358 needs some considerations:
360 1. If the upgrade only involves upgrading the userspace utilities and daemons
361 of Open vSwitch, make sure that the new userspace version is compatible with
362 the previously loaded kernel module.
364 2. An upgrade of userspace daemons means that they have to be restarted.
365 Restarting the daemons means that the Openflow flows in the ovs-vswitchd daemon
366 will be lost. One way to restore the flows is to let the controller
367 re-populate it. Another way is to save the previous flows using a utility
368 like ovs-ofctl and then re-add them after the restart. Restoring the old flows
369 is accurate only if the new Open vSwitch interfaces retain the old 'ofport'
372 3. When the new userspace daemons get restarted, they automatically flush
373 the old flows setup in the kernel. This can be expensive if there are hundreds
374 of new flows that are entering the kernel but userspace daemons are busy
375 setting up new userspace flows from either the controller or an utility like
376 ovs-ofctl. Open vSwitch database provides an option to solve this problem
377 through the other_config:flow-restore-wait column of the Open_vSwitch table.
378 Refer to the ovs-vswitchd.conf.db(5) manpage for details.
380 4. If the upgrade also involves upgrading the kernel module, the old kernel
381 module needs to be unloaded and the new kernel module should be loaded. This
382 means that the kernel network devices belonging to Open vSwitch is recreated
383 and the kernel flows are lost. The downtime of the traffic can be reduced
384 if the userspace daemons are restarted immediately and the userspace flows
385 are restored as soon as possible.
387 The ovs-ctl utility's "restart" function only restarts the userspace daemons,
388 makes sure that the 'ofport' values remain consistent across restarts, restores
389 userspace flows using the ovs-ofctl utility and also uses the
390 other_config:flow-restore-wait column to keep the traffic downtime to the
391 minimum. The ovs-ctl utility's "force-reload-kmod" function does all of the
392 above, but also replaces the old kernel module with the new one. Open vSwitch
393 startup scripts for Debian, XenServer and RHEL use ovs-ctl's functions and it
394 is recommended that these functions be used for other software platforms too.
399 This section describe Open vSwitch's built-in support for various test
400 suites. You must configure and build Open vSwitch (steps 1 through 3
401 in "Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD"
402 above) before you run the tests described here. You do not need to
403 install Open vSwitch or to build or load the kernel module to run
404 these test suites. You do not need supervisor privilege to run these
410 Open vSwitch includes a suite of self-tests. Before you submit patches
411 upstream, we advise that you run the tests and ensure that they pass.
412 If you add new features to Open vSwitch, then adding tests for those
413 features will ensure your features don't break as developers modify
414 other areas of Open vSwitch.
416 Refer to "Testsuites" above for prerequisites.
418 To run all the unit tests in Open vSwitch, one at a time:
420 This takes under 5 minutes on a modern desktop system.
422 To run all the unit tests in Open vSwitch, up to 8 in parallel:
423 make check TESTSUITEFLAGS=-j8
424 This takes under a minute on a modern 4-core desktop system.
426 To see a list of all the available tests, run:
427 make check TESTSUITEFLAGS=--list
429 To run only a subset of tests, e.g. test 123 and tests 477 through 484:
430 make check TESTSUITEFLAGS='123 477-484'
431 (Tests do not have inter-dependencies, so you may run any subset.)
433 To run tests matching a keyword, e.g. "ovsdb":
434 make check TESTSUITEFLAGS='-k ovsdb'
436 To see a complete list of test options:
437 make check TESTSUITEFLAGS=--help
439 The results of a testing run are reported in tests/testsuite.log.
440 Please report test failures as bugs and include the testsuite.log in
443 If you have "valgrind" installed, then you can also run the testsuite
444 under valgrind by using "make check-valgrind" in place of "make
445 check". All the same options are available via TESTSUITEFLAGS. When
446 you do this, the "valgrind" results for test <N> are reported in files
447 named tests/testsuite.dir/<N>/valgrind.*. You may find that the
448 valgrind results are easier to interpret if you put "-q" in
449 ~/.valgrindrc, since that reduces the amount of output.
451 Sometimes a few tests may fail on some runs but not others. This is
452 usually a bug in the testsuite, not a bug in Open vSwitch itself. If
453 you find that a test fails intermittently, please report it, since the
454 developers may not have noticed.
459 OFTest is an OpenFlow protocol testing suite. Open vSwitch includes a
460 Makefile target to run OFTest with Open vSwitch in "dummy mode". In
461 this mode of testing, no packets travel across physical or virtual
462 networks. Instead, Unix domain sockets stand in as simulated
463 networks. This simulation is imperfect, but it is much easier to set
464 up, does not require extra physical or virtual hardware, and does not
465 require supervisor privileges.
467 To run OFTest with Open vSwitch, first read and follow the
468 instructions under "Testsuites" above. Second, obtain a copy of
469 OFTest and install its prerequisites. You need a copy of OFTest that
470 includes commit 406614846c5 (make ovs-dummy platform work again).
471 This commit was merged into the OFTest repository on Feb 1, 2013, so
472 any copy of OFTest more recent than that should work. Testing OVS in
473 dummy mode does not require root privilege, so you may ignore that
476 Optionally, add the top-level OFTest directory (containing the "oft"
477 program) to your $PATH. This slightly simplifies running OFTest later.
479 To run OFTest in dummy mode, run the following command from your Open
480 vSwitch build directory:
481 make check-oftest OFT=<oft-binary>
482 where <oft-binary> is the absolute path to the "oft" program in
485 If you added "oft" to your $PATH, you may omit the OFT variable
488 By default, "check-oftest" passes "oft" just enough options to enable
489 dummy mode. You can use OFTFLAGS to pass additional options. For
490 example, to run just the basic.Echo test instead of all tests (the
491 default) and enable verbose logging:
492 make check-oftest OFT=<oft-binary> OFTFLAGS='--verbose -T basic.Echo'
494 If you use OFTest that does not include commit 4d1f3eb2c792 (oft:
495 change default port to 6653), merged into the OFTest repository in
496 October 2013, then you need to add an option to use the IETF-assigned
498 make check-oftest OFT=<oft-binary> OFTFLAGS='--port=6653'
500 Please interpret OFTest results cautiously. Open vSwitch can fail a
501 given test in OFTest for many reasons, including bugs in Open vSwitch,
502 bugs in OFTest, bugs in the "dummy mode" integration, and differing
503 interpretations of the OpenFlow standard and other standards.
505 Open vSwitch has not been validated against OFTest. Please do report
506 test failures that you believe to represent bugs in Open vSwitch.
507 Include the precise versions of Open vSwitch and OFTest in your bug
508 report, plus any other information needed to reproduce the problem.
513 Ryu is an OpenFlow controller written in Python that includes an
514 extensive OpenFlow testsuite. Open vSwitch includes a Makefile target
515 to run Ryu in "dummy mode". See "OFTest" above for an explanation of
518 To run Ryu tests with Open vSwitch, first read and follow the
519 instructions under "Testsuites" above. Second, obtain a copy of Ryu,
520 install its prerequisites, and build it. You do not need to install
521 Ryu (some of the tests do not get installed, so it does not help).
523 To run Ryu tests, run the following command from your Open vSwitch
525 make check-ryu RYUDIR=<ryu-source-dir>
526 where <ryu-source-dir> is the absolute path to the root of the Ryu
527 source distribution. The default <ryu-source-dir> is $srcdir/../ryu
528 where $srcdir is your Open vSwitch source directory, so if this
529 default is correct then you make simply run "make check-ryu".
531 Open vSwitch has not been validated against Ryu. Please do report
532 test failures that you believe to represent bugs in Open vSwitch.
533 Include the precise versions of Open vSwitch and Ryu in your bug
534 report, plus any other information needed to reproduce the problem.
539 Please report problems to bugs@openvswitch.org.