If you’ve been in Linux ecosystem for a while, the term OVS or Open vSwitch should ring a bell. In Virtualization and Cloud Computing environments such as OpenStack, Open vSwitch is a key component in Networking functions. Access to external networks and general Inter-VM communications has OVS layer if the component was chosen at installation time.
Open vSwitch, or abbreviated OVS, is an advance, and open source multilayer-virtual switch. It is created for serious production use with support for standard protocols and management interfaces (e.g NetFlow, LACP, sFlow, IPFIX, RSPAN, CLI, and 802.1ag). Open vSwitch is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V. It has has many features when compared to the standard Linux software bridges.
Open vSwitch has support for the following features:
- Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors
- LACP (IEEE 802.1AX-2008)
- Standard 802.1Q VLAN model with trunking
- Multicast snooping
- IETF Auto-Attach SPBM and rudimentary required LLDP support
- BFD and 802.1ag link monitoring
- STP (IEEE 802.1D-1998) and RSTP (IEEE 802.1D-2004)
- Fine-grained QoS control
- Support for HFSC qdisc
- Per VM interface traffic policing
- NIC bonding with source-MAC load balancing, active backup, and L4 hashing
- OpenFlow protocol support (including many extensions for virtualization)
- IPv6 support
- Multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support)
- Remote configuration protocol with C and Python bindings
- Kernel and user-space forwarding engine options
- Multi-table forwarding pipeline with flow-caching engine
- Forwarding layer abstraction to ease porting to new software and hardware platforms
In this article, we shall perform an installation of Open vSwitch on Rocky Linux 8 / AlmaLinux 8. A demonstration on its basic usage will also be performed, through creation of Virtual Machine on KVM virtualization stack. if you’re doing the install on a Virtual Machine, you can skip our test scenario.
Install Open vSwitch on Rocky Linux 8|AlmaLinux 8
There are two installation options forOpen vSwitch on Rocky Linux 8 / AlmaLinux 8:
- Install Open vSwitch on Rocky Linux 8 / AlmaLinux 8 from source – Manually building the package from source code
- Use RDO (OpenStack repos) to install Open vSwitch on Rocky Linux 8 / AlmaLinux 8
We’ll go with the latter as it’s straightforward and easy to update the packages after installation. RDO is a community of people using and deploying OpenStack on CentOS, Fedora, and Red Hat Enterprise Linux. Rocky Linux 8 and AlmaLinux 8 being based on Red Hat, the repositories should work just fine.
Step 1 – Add RDO Repository toRocky Linux 8|AlmaLinux 8
RDO RPM repositories are not available in Rocky Linux 8 / AlmaLinux 8 by default, we need to add the repos manually then perform Open vSwitch thereafter.
The latest release of OpenStack as of writing this article is Xena. If you desire to use older repos, it can be done so.
Run the commands below to add RDO OpenStack repository in your system:
sudo dnf install -y https://repos.fedorapeople.org/repos/openstack/openstack-yoga/rdo-release-yoga-1.el8.noarch.rpm
Confirm that the installation is successful. You should get an output similar this:
Dependencies resolved.
======================================================================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================================================================
Installing:
rdo-release noarch yoga-1.el8 @commandline 16 k
Transaction Summary
======================================================================================================================================================================================================
Install 1 Package
Total size: 16 k
Installed size: 12 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : rdo-release-yoga-1.el8.noarch 1/1
Verifying : rdo-release-yoga-1.el8.noarch 1/1
Installed:
rdo-release-yoga-1.el8.noarch
Complete!
RDO repositories are configured in the /etc/yum.repos.d
directory.
$ ls -lh /etc/yum.repos.d/rdo*
-rw-r--r--. 1 root root 338 Oct 13 17:16 /etc/yum.repos.d/rdo-release.repo
-rw-r--r--. 1 root root 3.7K Oct 13 17:16 /etc/yum.repos.d/rdo-testing.repo
Step 2 – Install Open vSwitch on Rocky Linux 8|AlmaLinux 8
Installation of Open vSwitch on Rocky Linux 8 / AlmaLinux 8 can now be done from the RDO repositories we just added. Run the commands below to install openvswitch and libibverbs dependency package.
sudo yum install openvswitch libibverbs
All needed pre-deps will be done for you by installer from RDO and OS repositories. There is no dependency installation outside available repositories.
Transaction Summary
======================================================================================================================================================================================================
Install 9 Packages
Total download size: 16 M
Installed size: 48 M
Is this ok [y/N]: y
Accept the importation of all required GPG keys when you get the prompts.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 22 MB/s | 16 MB 00:00
CentOS-8 - NFV OpenvSwitch 1.0 MB/s | 1.0 kB 00:00
Importing GPG key 0x9D2A76A7:
Userid : "CentOS NFV SIG (https://wiki.centos.org/SpecialInterestGroup/NFV) <[email protected]>"
Fingerprint: 3515 4228 1749 01BE FA8E 69A6 2146 5E28 9D2A 76A7
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV
Is this ok [y/N]: y
Key imported successfully
OpenStack Yoga Repository 1.0 MB/s | 1.0 kB 00:00
Importing GPG key 0x764429E6:
Userid : "CentOS Cloud SIG (http://wiki.centos.org/SpecialInterestGroup/Cloud) <[email protected]>"
Fingerprint: 736A F511 6D9C 40E2 AF6B 074B F9B9 FEE7 7644 29E6
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
Is this ok [y/N]: y
Package details can be checked using rpm
command with -qi
options:
$ rpm -qi rdo-openvswitch
Name : rdo-openvswitch
Epoch : 1
Version : 2.15
Release : 2.el8
Architecture: noarch
Install Date: Mon Sep 5 15:46:29 2022
Group : System Environment/Daemons
Size : 0
License : Public domain
Signature : RSA/SHA256, Tue Jul 20 16:31:17 2021, Key ID f9b9fee7764429e6
Source RPM : rdo-openvswitch-2.15-2.el8.src.rpm
Build Date : Tue Jun 8 15:52:32 2021
Build Host : x86-06.rdu2.centos.org
Relocations : (not relocatable)
Packager : CBS <[email protected]>
Vendor : CentOS
URL : http://www.openvswitch.org
Summary : Wrapper rpm to allow installing OVS with new versioning schemes
Description :
Wrapper rpm for the base openvswitch package
Once the packages are installed you can disable repositories used:
sudo dnf config-manager --set-disabled centos-rabbitmq-38 ceph-pacific openstack-yoga centos-nfv-openvswitch
Updating Open vSwitch
To update the packages first enable disabled repositories:
sudo dnf config-manager --set-enabled centos-rabbitmq-38 ceph-pacific openstack-yoga centos-nfv-openvswitch
sudo dnf update openvswitch libibverbs
Step 3 – Start openvswitch service
After installation we should start openvswitch service manually. On Red Hat based systems, service management is your full responsibility.
$ sudo systemctl enable --now openvswitch
Created symlink /etc/systemd/system/multi-user.target.wants/openvswitch.service → /usr/lib/systemd/system/openvswitch.service.
Check service status using systemctl
command:
$ systemctl status openvswitch
● openvswitch.service - Open vSwitch
Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; enabled; vendor preset: disabled)
Active: active (exited) since Sat 2022-01-08 22:54:50 CET; 16s ago
Process: 67524 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 67524 (code=exited, status=0/SUCCESS)
Jan 08 22:54:50 ovirt-node-01.hirebestengineers.com systemd[1]: Starting Open vSwitch...
Jan 08 22:54:50 ovirt-node-01.hirebestengineers.com systemd[1]: Started Open vSwitch.
The ovs-vsctl
utility is provided for querying and configuring ovs-vswitchd. It provides a high-level interface to the configuration of Open vSwitch configuration database.
To check OVS version, run the following command
$ ovs-vsctl show
748c9a24-9d53-401b-b1c7-41bb233f2fa5
ovs_version: "2.15.6"
To print a brief help message to the console, use:
$ ovs-vsctl --help
Step 4 – Create and configure OVS bridge
In a typical network configuration utilizing OVS, a bridge created will have direct attachment to a dedicated network interface in the host system. This restricts the bridge and the attached guests to using only that host interface.
For demonstration purposes, we shall create a software bridge not attached or bound to any specific host interface. With this, TCP/IP stack in the host system can handle the routing of outbound traffic to the appropriate interface based on the destination IP or subnet.
Enable IP routing in Kernel
Before we create a bridge, let’s enable IP routing by setting kernel parameters at runtime using sysctl
.
sudo tee /etc/sysctl.d/iprouting.conf<<EOF
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF
Apply the configurations:
sudo sysctl --system
Confirm new settings:
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
$ sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
Create OVS bridge
Next step is creation of an OVS bridge. We’ll name itovs-br0. To persist network configuration, we create a file in network scripts folder. It has contents shared in code section below.
$ sudo vim /etc/sysconfig/network-scripts/ifcfg-ovs-br0
DEVICE=ovs-br0
BOOTPROTO=none
ONBOOT=yes
TYPE=OVSBridge
DEVICETYPE=ovs
USERCTL=yes
PEERDNS=yes
IPV6INIT=no
IPADDR=192.168.70.1
PREFIX=24
Where:
- TYPE is set to OVSBridge
- DEVICETYPE is set to ovs
- The name of bridge is ovs-br0
- IP address assigned is 192.168.70.1/24
Bring up the OVS bridge with ifup command:
$ sudo ifup ovs-br0
$ ip link show dev ovs-br0
5: ovs-br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether a2:a9:f2:6d:7f:4f brd ff:ff:ff:ff:ff:ff
Here is the IP address information as we configured.
$ ip ad show dev ovs-br0
5: ovs-br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether a2:a9:f2:6d:7f:4f brd ff:ff:ff:ff:ff:ff
inet 192.168.70.1/24 brd 192.168.70.255 scope global ovs-br0
valid_lft forever preferred_lft forever
inet6 fe80::a0a9:f2ff:fe6d:7f4f/64 scope link
valid_lft forever preferred_lft forever
We can use iptables to route traffic through primary interface from net subnet used in the bridge.
sudo iptables -t nat -A POSTROUTING -o enp0s31f6 -s 192.168.70.0/24 -j MASQUERADE
To save the rules we can run the command below:
$ sudo /sbin/iptables-save > /etc/sysconfig/iptables
#To restore
$ sudo /sbin/iptables-save < /etc/sysconfig/iptables
If our bridge was bound to a physical interface, the configurations of the interface will look similar to below:
DEVICE=eth1
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=ovs-br0
Step 5 – Use a bridge on Linux Virtual Machines (KVM)
With the OVS bridge configured and ready for use, we can create a Test VM on KVM and verify it works.
Create VM Image:
$ sudo virt-builder centos-8.2 --format qcow2 \
--size 40G -o /var/lib/libvirt/images/centos8.qcow2
[ 1.0] Downloading: http://builder.libguestfs.org/centos-8.2.xz
######################################################################################################################################################################### 100.0%
[ 10.8] Planning how to build this image
[ 10.8] Uncompressing
[ 15.6] Resizing (using virt-resize) to expand the disk to 40.0G
[ 45.0] Opening the new disk
[ 50.0] Setting a random seed
[ 50.0] Setting passwords
virt-builder: Setting random password of root to 8Udxd5HbuAtfNIr6
[ 51.0] Finishing off
Output file: /var/lib/libvirt/images/centos8.qcow2
Create VM from the OS image created.
sudo virt-install \
--name centos8 \
--ram 2048 \
--vcpus 1 \
--disk path=/var/lib/libvirt/images/centos8.qcow2 \
--os-type linux \
--os-variant rhel8.0 \
--network=bridge:ovs-br0,model=virtio,virtualport_type=openvswitch \
--graphics none \
--serial pty \
--console pty \
--boot hd \
--import
Configure IP address information on the Virtual Machine:
$ vim /etc/sysconfig/network-scripts/ifcfg-enp1s0
NAME="enp1s0"
DEVICE="enp1s0"
ONBOOT="yes"
NETBOOT="yes"
BOOTPROTO="none"
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
DEFROUTE="yes"
IPADDR=192.168.70.2
PREFIX=24
GATEWAY=192.168.70.1
DNS1=8.8.8.8
Activate network interface on the Virtual Machine:
[root@localhost ~]# ifup enp1s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
Check IP address details
# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:36:ad:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.70.3/24 brd 192.168.70.255 scope global noprefixroute enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe36:ad26/64 scope link
valid_lft forever preferred_lft forever
Test access to internet
# ping -c 2 google.com
PING google.com (142.250.185.142) 56(84) bytes of data.
64 bytes from fra16s50-in-f14.1e100.net (142.250.185.142): icmp_seq=1 ttl=118 time=5.47 ms
64 bytes from fra16s50-in-f14.1e100.net (142.250.185.142): icmp_seq=2 ttl=118 time=5.55 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 5.465/5.507/5.549/0.042 ms
This confirms our OVS installation was successful. If you need to configure an existing KVM guest OS interface to use an Open vSwitch bridge, then edit XML stanza configuration file to include the following:
<interface type="bridge">
<source bridge="ovs-br0"/>
<virtualport type='openvswitch'/>
<model type="virtio"/>
<driver name="vhost"/>
</interface
When working with XML file locally, redefine guest VM using virsh commands:
sudo virsh undefine <kvm-guest-domain>
sudo virsh define <kvm-guest-domain-xml-file>
And lastly, restart the KVM guest for the changes to take effect.
sudo virsh destroy <kvm-guest-domain>
sudo virsh start <kvm-guest-domain>
Conclusion
In this article, we’ve been able to install Open vSwitch on Rocky Linux 8 / AlmaLinux 8. We hope our post assuaged Open vSwitch setup on your end. We are obliged by your continual support to provide good content and help you with any issue through our comments section.