1 Using Open vSwitch as a Simple OpenFlow Switch
2 ==============================================
4 Open vSwitch uses OpenFlow as its preferred method of remote flow
5 table configuration. This is the simplest method of using it with an
6 OpenFlow controller. The ovs-vsctl "set-controller" command can also
7 be used in conjunction with ovs-vswitchd to set the controller for one
8 or more bridges. We recommend using OpenFlow in this manner and in this
9 case you should not run ovs-openflowd. Directions for setting up
10 ovs-vswitchd can be found in INSTALL.Linux.
12 However, it is also possible to use Open vSwitch as a simple OpenFlow
13 switch like that provided by the OpenFlow reference implementation
14 [1]. The remainder of this file describes how to use it in that
20 OpenFlow is a flow-based switch specification designed to enable
21 researchers to run experiments in live networks. OpenFlow is based on a
22 simple Ethernet flow switch that exposes a standardized interface for
23 adding and removing flow entries.
25 An OpenFlow switch consists of three parts: (1) A "flow table" in
26 which each flow entry is associated with an action telling the switch
27 how to process the flow, (2) a "secure channel" that connects the switch
28 to a remote process (a controller), allowing commands and packets to
29 be sent between the controller and the switch, and (3) an OpenFlow
30 protocol implementation, providing an open and standard way for a
31 controller to talk to the switch.
33 An OpenFlow switch can thus serve as a simple datapath element that
34 forwards packets between ports according to flow actions defined by
35 the controller using OpenFlow commands. Example actions are:
37 - Forward this flow's packets to the given port(s)
38 - Drop this flow's packets
39 - Encapsulate and forward this flow's packets to the controller.
41 The OpenFlow switch is defined in detail in the OpenFlow switch
44 Installation Procedure
45 ----------------------
47 The procedure below explains how to use the Open vSwitch as a simple
50 1. Build and install the Open vSwitch kernel modules and userspace
51 programs as described in INSTALL.Linux.
53 It is important to run "make install", because some Open vSwitch
54 programs expect to find files in locations selected at installation
57 2. Load the openvswitch kernel module (which was built in step 1), e.g.:
59 % insmod datapath/linux-2.6/openvswitch_mod.ko
61 If your Linux kernel is earlier than 2.6.36, this kernel module
62 cannot be loaded if the Linux bridge module is already loaded.
63 Thus, you may need to remove any existing bridges and unload the
64 bridge module with "rmmod bridge" before you can do this.
66 3. Create a datapath instance. The command below creates a datapath
67 identified as dp0 (see ovs-dpctl(8) for more detailed usage
70 # ovs-dpctl add-dp dp0
72 Creating datapath dp0 creates a new network device, also named dp0.
73 This network device, called the datapath's "local port", will be
74 bridged to the physical switch ports by ovs-openflowd(8). It is
75 optionally used for in-band control as described in step 5.
77 4. Use ovs-dpctl to attach the datapath to physical interfaces on the
78 machine. Say, for example, you want to create a trivial 2-port
79 switch using interfaces eth1 and eth2, you would issue the following
82 # ovs-dpctl add-if dp0 eth1
83 # ovs-dpctl add-if dp0 eth2
85 You can verify that the interfaces were successfully added by asking
86 ovs-dpctl to print the current status of datapath dp0:
90 5. Arrange so that the switch can reach the controller over the network.
91 This can be done in two ways. The switch may be configured for
92 out-of-band control, which means it uses a network separate from the
93 data traffic that it controls. Alternatively, the switch may be
94 configured to contact the controller over one of the network devices
95 under its control. In-band control is often more convenient than
96 out-of-band, because it is not necessary to maintain two independent
99 - If you are using out-of-band control, at this point make sure
100 that the switch machine can reach the controller over the
103 - If you are using in-band control, then at this point you must
104 configure the dp0 network device created in step 3. This
105 device is not yet bridged to any physical network (because
106 ovs-openflowd does that, and it is not yet running), so the next
107 step depends on whether connectivity is required to configure
108 the device's IP address:
110 * If the switch has a static IP address, you may configure
111 its IP address now, e.g.:
113 # ifconfig dp0 192.168.1.1
115 * If the switch does not have a static IP address, e.g. its
116 IP address is obtained dynamically via DHCP, then proceed
117 to the next step. The DHCP client will not be able to
118 contact the DHCP server until the secure channel has
119 started. The address will be obtained in step 7.
121 6. Run ovs-openflowd to start the secure channel connecting the datapath to
122 a remote controller. If the controller is running on host
123 192.168.1.2 port 6633 (the default port), the ovs-openflowd invocation
124 would look like this:
126 # ovs-openflowd dp0 tcp:192.168.1.2
128 - If you are using out-of-band control, add --out-of-band to the
131 Using the "tcp:<controller_ip>" argument causes the switch to connect
132 in an insecure manner. Please see INSTALL.SSL for a description of
133 how to connect securely using SSL.
135 7. If you are using in-band control, and the switch obtains its IP address
136 dynamically, then you may now obtain the switch's IP address, e.g. by
137 invoking a DHCP client. The secure channel will only be able to connect
138 to the controller after an IP address has been obtained.
140 8. The secure channel should connect to the controller within a few
146 [1] OpenFlow Reference Implementation.
147 <http://www.openflowswitch.org/wp/downloads/>
149 [2] OpenFlow Switch Specification.
150 <http://openflowswitch.org/documents/openflow-spec-latest.pdf>
git://git.onelab.eu / sliver-openvswitch.git / blob