Getting Started OpenFlow OpenvSwitch Tutorial Lab : Setup
I wrote a Python OpenFlow installation app to automate an OpenFlow KVM and Open vSwitch setup found at:
OpenFlow, OpenvSwitch and KVM SDN Lab Installation App →
Getting Started OpenFlow OpenvSwitch Tutorial Lab – Setup:
This is an OpenFlow Tutorial using OpenvSwitch and Floodlight controller but any other controller or switch can be used. I have had some requests on some scenarios so I put this together. Adding a few more flexible components. Getting to know all of these packages like KVM, OpenvSwitch are going to be pretty big in the future ecosystem orchestrations.
The video doesn’t have any sound, I am tight on time, sorry. I think it should be pretty straightforward and the video may help if you get stuck. Probably a couple typos here and there I will try and catch over the weekend. We are lacking good lab material on these topics right now so maybe this will save a couple folks some time.
Prerequisites
The KVM requires an x86 machine with either Intel VT or AMD w/AMD-V support. Anything fairly new will have that support in the processor. There are a few older HW builds that support hardware assisted virtualization by enabling it in the bios. Pretty much Googling your machine for hardware virtualization will let you know. Qemu can be run on non VT HW but the machines will probably get brutalized by a few host VMs. When you are setting up the vSwitch either have an out of band or be on it physically. Be careful when you are adding multiple interfaces to bridges since you can spin up a bridging loop pretty quickly unless you have STP on. I recommend a test/dev network or mom’s basement network. If not BPDUguard is your friend 
This is done on a fresh install of 64-bit Ubuntu 12.04 (Precise).
Quick screencast. I highly recommend considering using a small Linux Kernel named linux-0.2.img.bz2 from Qemu if using a laptop or nested hypervisor.
Uninstall network-manager if running Ubuntu desktop. Not required but you will likely have to troubleshoot past it if you don’t. This will likely cut you off if remote.
System Preparation
(Optional remove network-manager. If you are on a laptop with wireless it might be easier to leave network-manager on mainly because Broadcoms Linux support sucks just shy of Nvidia’s.
$nano /etc/network/interfaces Add in your configuration to the file to your physical interface and save the file. Restart networking. If the configuration is off this will cut you off. $/etc/init.d/networking restart $route -n will display your default route if you are having connectivity issues. $apt-get update $apt-get dist-upgrade
Install OpenvSwitch
$apt-get purge network-manager $ apt-get install openvswitch-datapath-source bridge-utils $ module-assistant auto-install openvswitch-datapath $ apt-get install openvswitch-common Verify install $ovs-vsctl show ovs_version: “1.4.0+build0″ Processes should look something like this $ps -ea | grep ovs 26464 ? 00:00:00 ovsdb-server 26465 ? 00:00:00 ovsdb-server 26473 ? 00:00:00 ovs-vswitchd 26474 ? 00:00:00 ovs-vswitchd 26637 ? 00:00:00 ovs-controller $ /etc/init.d/openvswitch-switch restart
Add your bridge, think of this as a subnet if you aren’t familiar with the term.
Add a physical interface to your virtual bridge for connectivity off box. If you don’t script this part you will probably clip your connection as you zero out eth0 and apply it to br-int. You can pop the commands into a text file and make it executable with
chmod +x script.sh
$ ovs-vsctl add-br br-int $ ovs-vsctl add-port br-int eth0 $ ifconfig eth0 0 #Zero out your eth0 interface and slap it on the bridge interface #(warning will clip you unless you script it) $ifconfig br-int 192.168.1.208 netmask 255.255.255.0 #Change your default route $route add default gw 192.168.1.1 br-int and $route del default gw 192.168.1.1 eth0
Install FloodLight OpenFlow Controller and Attach OpenvSwitch
Install dependencies, apt-get for UB and yum for RH:
apt-get install build-essential default-jdk ant python-dev eclipse git
Clone the Github project and build the jar and start the controller:
$git clone git://github.com/floodlight/floodlight.git cd into the floodlight directory created. $cd floodlight Run ant to build a jar. It will be in the ~/floodlight/target directory. $ant Run the controller : $java -jar target/floodlight.jar By default it will binds to port 6633 and all ports e.g. 0.0.0.0/0.0.0.0:6633
Attach OpenvSwitch to the Controller
$ovs-vsctl set-controller br-int tcp:192.168.1.208:6633
In the FloodLight console you will see something like this:
[New I/O server worker #1-1] INFO n.f.core.internal.Controller - Switch handshake successful: OFSwitchImpl [/192.168.1.208:49519 DPID[00:00:ba:66:35:e8:38:48]]
The output of OVS ‘ovs-vsctl show’ looks something like this:
# ovs-vsctl show 70a40219-8725-46a8-b808-af75c642cac8 Bridge "br-int" Controller "tcp:192.168.1.208:6633" is_connected: true Port "eth0" Interface "eth0" Port "br-int" Interface "br-int" type: internal ovs_version: "1.4.0+build0"
Install KVM and Integrate into OVS
$apt-get install kvm uml-utilities
These two scripts bring up the KVM Tap interfaces into your bridge from the CLI. If you copy and paste below make sure the (‘) does not get formatted improperly. It should be yellow in nano. “switch=br-int” br-int is the name of your bridge in OVS.
$nano /etc/ovs-ifup (open and paste what is below)
#!/bin/sh
switch='br-int'
/sbin/ifconfig $1 0.0.0.0 up
ovs-vsctl add-port ${switch} $1
$nano /etc/ovs-ifdown (open and paste what is below)
#!/bin/sh
switch='br-int'
/sbin/ifconfig $1 0.0.0.0 down
ovs-vsctl del-port ${switch} $1
Make both files executable
chmod +x /etc/ovs-ifup /etc/ovs-ifdown
Boot the Guest Virtual Machines
- Host1
kvm -m 512 -net nic,macaddr=00:00:00:00:cc:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom ubuntu-12.04-desktop-amd64.iso
- Host2
kvm -m 512 -net nic,macaddr=00:11:22:CC:CC:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom ubuntu-12.04-desktop-amd64.iso
- Host3
kvm -m 512 -net nic,macaddr=22:22:22:00:cc:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom ubuntu-12.04-desktop-amd64.iso
Each one of those will begin loading from the ISO. I just click “Try Ubuntu” when they are booting and just run them from disk since really all we need are nodes that can test connectivity as we push static flows. If it is a more permanent test lab it would make since to install them to disk.
While those are spinning up let’s install curl.
$apt-get install curl
Figure 1. OVS Taps
One they are up assign IP addresses to them by clicking in the top left of the Ubuntu window and type in ‘terminal’ no parentheses. Then give them IPs if you want to statically assign them with ifconfig.
sudo ifconfig eth0 192.168.1.x netmask 255.255.255.0
Check out the rest of the tutorials in this series:
Getting Started OpenFlow OpenvSwitch Tutorial Lab – Setup
OpenFlow Starter Tutorial Lab #1
OpenFlow Starter Tutorial Lab #2
OpenFlow Starter Tutorial Lab #3
Thanks for stopping by.
Wow..great tutorial setup. I started on senior project about OF and OVS and always stuck about how set it up. You save my day. Thank you very much. Can I adopt this for senior project?
I mean to adopt the setting. It will be helpful if you can give me some idea. Thanks again! Really helpful articles in this site.
Hi roland, Please do take whatever is helpful. It’s all just piecing other peoples work together. Sharing what you do with it would be just as, or even more interesting!
Thanks,
-Brent
Hi Brent,
The question I want to ask is whether we can implement the shortest path scheme for ARP demo given for Openflow controller or is it given in any of the scripts?????
Hi Brent, Your posts are a great source of sanity when debugging ovs issues. I think had an issue with one of your steps:
$ ovs-vsctl add-br br0
$ ovs-vsctl add-port br-int eth0
If course, I could be wrong, but I had to add-br br-int instead of add-br br0, so that the second command would work. I checked your video, and you made this correction in the video.
Hope this is helpful.
Special Agent
Also I experimented with not adding a tap. Instead, I edited /etc/vmbuilder/libvirt and added:
Doing this, I no longer added taps. When I launch a new guest, vnet0 was automatically added to ovs bridge br-int.
Thanks a bunch Phil, good grief I had about 5 randoms mixes there. doh. Thats slick on the vmbuilder tweak. If you get a chance would you paste that conf? Thanks!!
one more thing what more can we do with openflow? does it need to write a script in python for that?
Hi Varum, Apologies for the delay on the comment. I need to get a plugin to better manage comments, I totally missed it. I would say scripting is going to be pretty handy for us in the early days or even like it is today for sysadmins and some of the more homegrown network management stuff since what we have today as far as tools is so weak most need to do something do it yourself for anything niche.
In the Floodlight directory under examples there is a Python script called cli.py that can do some things also. Murphy with the POX controller is putting some cool stuff together on this front also. I strongly feel it will help folks better understand what the concepts are as the basic tools start being available. I am working on a couple things that is midway on the list I hope to get out in the next couple of weeks that will be just basic python tools to make it a bit easier to do some learning labs. Let me know if there was anything more specific you were looking for.
regards,
-Brent
Hey there
I am trying to set up the lab following your tutorial. I have successfully done the 1st part of the lab but when I start with the second part of installing the kvm and running virtual host i get the following error :
“Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory”
I get this this error when I try spin up the host . please guide me through the same.
regards.
Hi Neha, Sounds the KVM kernel module is not loaded. You will need to get that up and running. Try ‘modprobe kvm-intel’ or ‘modprobe kvm-amd’ depending on your arch type (amd or intel).
If it is not found that way, you can try searching for it and loading it with insmod.
(as root)
$ updatedb &
$ locate kvm | grep ko
$ insmod /path/to/kvm-intel.ko
Here is an example:
openstack3:~# locate kvm | grep ko
/lib/modules/3.2.0-23-generic/kernel/arch/x86/kvm/kvm-amd.ko
/lib/modules/3.2.0-23-generic/kernel/arch/x86/kvm/kvm-intel.ko
/lib/modules/3.2.0-23-generic/kernel/arch/x86/kvm/kvm.ko
/lib/modules/3.2.0-25-generic/kernel/arch/x86/kvm/kvm-amd.ko
/lib/modules/3.2.0-25-generic/kernel/arch/x86/kvm/kvm-intel.ko
/lib/modules/3.2.0-25-generic/kernel/arch/x86/kvm/kvm.ko
insmod /lib/modules/3.2.0-23-generic/kernel/arch/x86/kvm/kvm-intel.ko
Output after that if accepted should be something like this:
openstack3:~# lsmod | grep kvm
kvm_intel 137721 0
kvm 415549 1 kvm_intel
I am a little worried you may be on older hardware that doesnt have hardware virtualization. If so the QEMU command will be what you will use.
Output as a ‘Y’ from this command may help.
cat /sys/module/kvm_intel/parameters/nested
or run
grep –color vmx /proc/cpuinfo
and the output should have VMX support highlighted.
Thanks,
-Brent
I have read a few post of yours regarding openvswitch. I must say I like your writing style. Thanks for sharing.
I am curios what other openflow controllers are out there that worth investing time in playing with?
I am new to openflow, I admit I don’t really grasp the concept but I think it could be used in virtualization environments side by side with KVM and OpenNebula to provide better security and to direct traffic from certain VMs to only a subset of VMs. Am I right?
Thanks
Hi Vanlentin, You are absolutely right. I think the big picture promise would be that we have this giant flat network and all tenancies are maintained by flow instantiation that determines programmatically who can and cant talk to each other via policy. I dont think it is too crazy, pretty sure thats the guys of the Nicira NVP product and upcoming ones from IBM/BigSwitch etc. Sorry for the slow reply been traveling a bit.
Thanks!
hi,
thank you very much for your tutorial. I’m new on openflow and linux.
every time i execute the comands of the tutorial my internet stops workiing, do you knnow why?
please help me.
Hi Patricio, When you add eth0 to the br-int interface you will drop your connection until you change your default route.
$route -n should point to br-int and your gateway instead of eth0 since you zeroed out your ip and moved it to br-int.
If you put this in a file and give it +x permissions and execute it it will prolly work for you.
chmod +x netmask 255.255.255.0 < ------- Insert your ip address br-int < ------your default gateway ie. 192.168.1.1
./
==================================
ovs-vsctl add-br br-int
ovs-vsctl add-port br-int eth0
ifconfig eth0 0
ifconfig br-int
route add default gw
===================================
From the post:
$ ovs-vsctl add-br br-int
Add a physical interface to your virtual bridge for connectivity off box. If you don’t script this part you will probably clip your connection as you zero out eth0 and apply it to br-int. You can pop the commands into a text file and make it executable with chmod +x,
$ ovs-vsctl add-port br-int eth0
$ ifconfig eth0 0
Zero out your eth0 interface and slap it on the bridge interface
(warning will clip you unless you script it)
$ifconfig br-int 192.168.1.208 netmask 255.255.255.0
Change your default route
$route add default gw 192.168.1.1 br-int
Thanks,
-Brent
Hi,
This command only bring up the Ubuntu guest VM from .iso file.
kvm -m 512 -net nic,macaddr=00:00:00:00:cc:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom ubuntu-12.04-desktop-amd64.iso
How to modify this command to start a VM from an existing image file (.img, .qcow2, .vmdk)?
I tried,
kvm -m 512 -net nic,macaddr=00:00:00:00:cc:10 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown vm1.qcow2
but it does not work. Please help. Thank you
Hi,
Thank you for the tutorial..It really helped a lot..But I am facing a problem while adding route using the command route add default gw 192.168.1.1 br-int, I get the SIOCADDRT: Invalid Argument error..And when I delete the route using the command route del default gw 192.168.1.1 eth0, I get SIOCADDRT: No Such Process error..Can you please help me..I am working on an academic Openflow project.
Thanks,
Hemant
Brent, can you provide the link to the next section ? This blog is the most helpful on SDN networking and appreciate your efforts.
I am trying to build a simple topology using openvswitches, and can see the flows on the floodlight controllers, but how do we manipulate these flows ? Is there a separate componant like flow visor which needs to be installed for manipulating flows ? Please suggest how to proceed.
It a good guide to let us try to use Open vSwitch, thank you very much!!
And I’m expecting the next section now!!
Hey guys, I need to fix some links. Here are 3 labs. I probably need to revisit them so apologies if a typo or two.
http://networkstatic.net/openflow-starter-tutorial-lab-1/
http://networkstatic.net/openflow-tutorial-lab-2/
http://networkstatic.net/openflow-tutorial-lab-3/
http://networkstatic.net/tutorial-to-build-a-floodlight-sdn-openflow-controller-module/
Once nice thing I have run across is a small Linux Kernel w/ a network stack image that is much better than using a full blown Linux Distro. Can be DLed at
http://wiki.qemu.org/download/linux-0.2.img.bz2
Thanks!
-Brent
Hello
I am new to Linux but I am trying to build OpenVswitch to work as a physical L2 switch, I add the eth0 and wlan0 to the bridge , and I deleted their ip addresses. I connect those interfaces to two computers.
Now those two computers can detect each other through the middle openvswitch computer , i can see their macs in each other arp table, but I couldnt make them ping each other.
any suggestion please?
Hi Brent,
This is a fantastic post and got me started on the technology from very little foundations. I have two queries though if you don’t mind:
1 – When I build the jar and start the controller i.e. $java -jar target/floodlight.jar I get a whole host of commands that seem to be never ending. Perhaps this is binding to all the ports but if I am to continue the tutorial I need to open a new terminal. This has run in the past for hours upon end. I am guessing this is incorrect?
2 – When I run the KVM creation command I can’t seem to intall Ubuntu as it says I’m not connected to the Internet and I don’t have enough free space (though I have lots of free space). When I manually try and created these VMs through Virtualbox, I can do so if I choose eth0 as the Bridged adapter, but the second I choose br-int as the bridged adapter the whole host hangs.
Anyone got any ideas?
Dear Sir,
I have problem in using git clone git://github.com/floodlight/floodlight.git command for installation of floodlight.
When i run it, my terminal shows error like:
Cloning into floodlight…
github.com[0: 207.97.227.239]: errno=Connection refused
fatal: unable to connect a socket (Connection refused)
Thanking You
Hi Brent,
A question, i have setup up NAT (masquerade) at linux ethernet interface. Now using openvswitch if i add this port to openflow bridge, tutorial says i’d have to remove the IP Address. Im wondering is there any possibility to let the routing/natting being done by linux iptables itself while just do the switching decision using openflow??
What would happen if i do not remove the IP Address and in openflow controller, just add flowmod to redirect packet to particular port and don’t change the headers etc.
Would this work, or i have to implement the whole NAT scenario in OFController???
Hello!
I’m working on a project to make a stress test on OpenFlow controller, can you help me with your knowledge.!!!!
My problem I do not know how to define the flow rules in the nox controller.
and how to put two nox controllers in a same network (to have a master and slave?)!!!! thank’s
Hi! ,
First of all I would like to thank you for these guides and for the time which you are spending in writing them. Just wondering if you have a simple guide how to install OpenVswitch on an ubuntu machine without KVM. Basically i am not very keen on Linux and i have a Pc with 4 NIc cards and want to convert it into a simple 1 switch, however i couldnt find any source to this, all posts relate to using KVM.
Many thanks for this
Etienne
Heya Etienne, thanks and I do have an older post with that.
Take a look at Installing Open vSwitch with KVM :
http://networkstatic.net/installing-open-vswitch-with-kvm/
I just took a quick look and it still looks to be valid. Let me know if you have issues with it and I will try and get back fairly quickly.
Cheers,
-Brent
Hi Brent! Thanks for your reply. Still have a question :/ That post shows how to install Open vSwitch using KVM (sorry i am no expert on Linux) right ? I would like to install the switch on a bare PC (without KVM thing) having 4 nic cards basically eth0 will be the uplink to the controller while eth1,eth2,eth3 will be the physical switch ports . Is this the manual which I must look into http://networkstatic.net/openvswitch-configure-from-packages-and-attaching-to-a-floodlight-openflow-controller/ ? There you explained how to install Open VSwitch using packages.
Sorry about this but i’m still a bit confused.
Thanks
Etienne
Ahh I got you. Yeah Open vSwitch is built to be compiled on Linux. I haven’t heard of a Windows port. That said, now is as good a time as any to learn Linux
I really do recommend everyone that deals with infrastructure understand basic Linux commands and architectures.
If you feel like giving it a shot this will get you started building a VM on your windows machine w/ VirtualBox
http://networkstatic.net/openvswitch-and-openflow-lab-preparation/
Cheers,
-Brent
Hi Brent, Many thanks for this ! and by the way.. nice blog
Thanks again…
Etienne
Certainly, glad to help Etienne. Drop by and let me know how the learning is going. Keep it up.
Regards,
-Brent