Using Open vSwitch as a Simple OpenFlow Switch
==============================================
-Open vSwitch uses OpenFlow as its preferred method of remote flow table
-configuration. Running ovs-vswitchd(8) with the bridge.<name>.controller
-set of parameters as described in ovs-vswitchd.conf(5) will cause it to
-connect to the specified controller using OpenFlow. We recommend using
-OpenFlow in this manner, however, it is also possible to use Open vSwitch
-as a simple OpenFlow switch like that provided by the OpenFlow reference
-implementation [1].
+Open vSwitch uses OpenFlow as its preferred method of remote flow
+table configuration. This is the simplest method of using it with an
+OpenFlow controller. The ovs-vsctl "set-controller" command can also
+be used in conjunction with ovs-vswitchd to set the controller for one
+or more bridges. We recommend using OpenFlow in this manner and in this
+case you should not run ovs-openflowd. Directions for setting up
+ovs-vswitchd can be found in INSTALL.Linux.
+
+However, it is also possible to use Open vSwitch as a simple OpenFlow
+switch like that provided by the OpenFlow reference implementation
+[1]. The remainder of this file describes how to use it in that
+manner.
What is OpenFlow?
-----------------
% insmod datapath/linux-2.6/openvswitch_mod.ko
- This kernel module cannot be loaded if the Linux bridge module is
- already loaded. Thus, you may need to remove any existing bridges
- and unload the bridge module with "rmmod bridge" before you can do
- this.
+ If your Linux kernel is earlier than 2.6.36, this kernel module
+ cannot be loaded if the Linux bridge module is already loaded.
+ Thus, you may need to remove any existing bridges and unload the
+ bridge module with "rmmod bridge" before you can do this.
3. Create a datapath instance. The command below creates a datapath
identified as dp0 (see ovs-dpctl(8) for more detailed usage
Creating datapath dp0 creates a new network device, also named dp0.
This network device, called the datapath's "local port", will be
- bridged to the physical switch ports by ovs-openflowd(8), for use in
- in-band control.
+ bridged to the physical switch ports by ovs-openflowd(8). It is
+ optionally used for in-band control as described in step 5.
4. Use ovs-dpctl to attach the datapath to physical interfaces on the
machine. Say, for example, you want to create a trivial 2-port
# ovs-dpctl show dp0
-5. Arrange so that the switch can reach the controller over the
- network.
+5. Arrange so that the switch can reach the controller over the network.
+ This can be done in two ways. The switch may be configured for
+ out-of-band control, which means it uses a network separate from the
+ data traffic that it controls. Alternatively, the switch may be
+ configured to contact the controller over one of the network devices
+ under its control. In-band control is often more convenient than
+ out-of-band, because it is not necessary to maintain two independent
+ networks.
- If you are using out-of-band control, at this point make sure
that the switch machine can reach the controller over the
* If the switch does not have a static IP address, e.g. its
IP address is obtained dynamically via DHCP, then proceed
- to step 4. The DHCP client will not be able to contact
- the DHCP server until the secure channel has started up.
-
- - If you are using in-band control with controller discovery, no
- configuration is required at this point. You may proceed to
- step 4.
+ to the next step. The DHCP client will not be able to
+ contact the DHCP server until the secure channel has
+ started. The address will be obtained in step 7.
6. Run ovs-openflowd to start the secure channel connecting the datapath to
a remote controller. If the controller is running on host
# ovs-openflowd dp0 tcp:192.168.1.2
- - If you are using in-band control with controller discovery, omit
- the second argument to the ovs-openflowd command.
-
- If you are using out-of-band control, add --out-of-band to the
command line.
in an insecure manner. Please see INSTALL.SSL for a description of
how to connect securely using SSL.
-7. If you are using in-band control with manual configuration, and the
- switch obtains its IP address dynamically, then you may now obtain
- the switch's IP address, e.g. by invoking a DHCP client. The
- secure channel will only be able to connect to the controller after
- an IP address has been obtained.
+7. If you are using in-band control, and the switch obtains its IP address
+ dynamically, then you may now obtain the switch's IP address, e.g. by
+ invoking a DHCP client. The secure channel will only be able to connect
+ to the controller after an IP address has been obtained.
8. The secure channel should connect to the controller within a few
- seconds. It may take a little longer if controller discovery is in
- use, because the switch must then also obtain its own IP address
- and the controller's location via DHCP.
+ seconds.
References
----------