Diagrama

Instalación de OpenVSwtich

Instalar los paquetes necesarios:

# aptitude install openvswitch-brcompat openvswitch-common openvswitch-datapath-dkms openvswitch-switch

Debido a que "bridging" y "bonding" no funcionan juntos de la forma tradicional. Se instala un nuevo modulo (brcompat_mod) para la compatibilidad. Es necesario NO cargar el modulo bridge, para ello desinstalamos el modulo bridge del kernel, y creamos el fichero /etc/modprobe.d/bridge.conf

Desinstalar modulo bridge: (Si se tienen interfaces bridge, al desinstalar el modulo, quedan sin operar).

# modprobe -r bridge

Crear el fichero /etc/modprobe.d/bridge.conf

blacklist bridge

Instalar modulo bridge de openswitch con compatibilidad para bonding (brcompat_mod).

# modprobe brcompat_mod

Configuración

Debian GNU/Linux

Crear bridge:

# ovs-vsctl add-br xenbr0

Crear bonding dentro del bridge.

# ovs-vsctl add-bond xenbr0 bond0 eth1 eth2 eth3

Aplicar LACP al bonding:

# ovs-vsctl -- set port bond0 bond_mode=balance-tcp lacp=active

Activar interface bridge:

# ifup xenbr0

Switch HP 5406

Aplicar comandos en el switch para crear el bonding utilizando LACP.

# conf terminal
(config)# trunk A2-A4 Trk1 LACP
(config)# vlan 10
(vlan-10)# untagged Trk1
(vlan-10)# exit
# show lacp
# show trunks

Monitoreo

Ver puertos de los bridges:

# ovs-vsctl show

Ver interface bond0:

# ovs-appctl bond/show bond0

Ver LACP:

# ovs-appctl lacp/show

Configuración persistente

OpenVSwitch

OpenVSwitch guarda la persistencia de sus interfaces en un fichero base de datos.

Por tal razón es seguro reiniciar el servidor, y los cambios están ahí para cuando vuelva a iniciar.

/etc/network/interfaces

Para este caso, la interface eth0 sera de administración, la dejamos fuera de OpenVSwitch.

Las interfaces eth1, eth2 y eth3 participaran del bonding (bond0) en OpenVSwitch.

# The loopback network interface
auto lo
iface lo inet loopback


# Interface eth0 administracion del servidor
allow-hotplug eth0
iface eth0 inet static
	address 10.0.10.10
        netmask 255.255.255.0
	network 10.0.10.0
	broadcast 10.0.10.255
        gateway 10.0.10.1
	dns-nameservers 10.10.20.20
	dns-search salud.gob.sv


# Interfaces del bonding (LACP) para OpenVSwitch.
allow-ovs eth1
auto eth1
iface eth1 inet manual

allow-ovs eth2
auto eth2
iface eth2 inet manual

allow-ovs eth3
auto eth3
iface eth3 inet manual


# Interface bridge para Xen
allow-hotplug xenbr0
allow-ovs xenbr0
iface xenbr0 inet static
       address 10.10.10.11
       netmask 255.255.255.0
       broadcast 10.10.10.255
       gateway 10.10.10.1

Integración OpenVSwtich Xen

Agregar scripts de openvswitch en /etc/xen/scripts/

Script network-openvswitch

/etc/xen/scripts/network-openvswitch

#!/bin/bash
#============================================================================
# Default Xen network start/stop script.
# Xend calls a network script when it starts.
# The script name to use is defined in ${XEN_CONFIG_DIR}/xend-config.sxp
# in the network-script field.
#
# This script creates a virtual switch (default ${netdev}) and adds a
# device (defaults to eth0) to it.  The interface that this Open vSwitch
# is created on should not have a working IP address and will be used as
# a switch for Xen domU's.
#
# Usage:
# network-openvswitch (start|stop|status) {VAR=VAL}*
#
# Vars:
# bridge     The bridge to use (default xenvs0).
# netdev     The interface to add to the bridge (default eth0).
#
# start:
# Creates the bridge as bridge
# Enslaves netdev to bridge
#
# stop:
# Removes netdev from the bridge
# Deletes bridge
#
# status:
# Print addresses, interfaces
#
#============================================================================

dir=$(dirname "$0")
. "$dir/logging.sh"
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"
. "$dir/locking.sh"

findCommand "$@"
evalVariables "$@"

netdev=${netdev:-eth0}
bridge=${bridge:-ovs0}

addr=`ip addr show dev ${netdev} | egrep '^ *inet' | sed -e 's/ *inet
//' -e 's/ .*//'`
if [ -n "$addr" ]; then
    echo "Invalid device: ${netdev} is up and has a valid IP address!" >&2
    exit 1
fi

show_status () {
    local dev=$1
    local bridge=$2

    echo '============================================================'
    echo 'vSwitch interfaces'
    ovs-vsctl list-ifaces ${bridge}
    echo ' '
    echo 'vSwitch ports'
    ovs-vsctl list-ports ${bridge}
    echo '============================================================'
}

op_start () {
    if [ "${bridge}" = "null" ] ; then
        return
    fi

    ifconfig "${netdev}" down
    ifconfig "${netdev}" 0.0.0.0 up
    ovs-vsctl -- --may-exist add-br ${bridge}
    ifconfig "${bridge}" 0.0.0.0 up
    ovs-vsctl -- --may-exist add-port ${bridge} ${netdev}

    # Remove any stale ports from last time virtual switch was running
    for port in $(ovs-vsctl list-ports ${bridge})
    do
        if [ "${port}" != "${netdev}" ]
        then
            ifconfig "${port}" down
            ovs-vsctl del-port ${port}
        fi
    done
}

op_stop () {
    if [ "${bridge}" = "null" ]; then
        return
    fi

    # Remove all ports from virtual switch
    for port in $(ovs-vsctl list-ports ${bridge})
    do
        ifconfig "${port}" down
        ovs-vsctl del-port ${port}
    done

    ifconfig "${bridge}" down
    ovs-vsctl -- --if-exists del-br ${bridge}
}

case "$command" in
    start)
        op_start
        ;;

    stop)
        op_stop
        ;;

    status)
        show_status ${netdev} ${bridge}
        ;;

    *)
        echo "Unknown command: $command" >&2
        echo 'Valid commands are: start, stop, status' >&2
        exit 1
esac

Script vif-openvswitch

/etc/xen/scripts/vif-openvswitch

#!/bin/bash
#============================================================================
# ${XEN_SCRIPT_DIR}/vif-openvswitch
#
# Script for configuring a vif using Open vSwitch.
#
# Usage:
# vif-openvswitch (add|remove|online|offline)
#
# Environment vars:
# vif         vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# bridge  bridge to add the vif to (optional).  Defaults to searching for the
#         bridge itself.
#
# up:
# Enslaves the vif interface to the bridge.
#
# down:
# Removes the vif interface from the bridge.
#============================================================================

dir=$(dirname "$0")
. "$dir/vif-common.sh"

bridge=${bridge:-}
bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")

if [ -z "${bridge}" ]
then
  bridge=$(ovs-vsctl listbr | cut -d "
" -f 1)

  if [ -z "${bridge}" ]
  then
    fatal "Could not find bridge and none was specified"
  fi
fi

tag=${tag:-}

# Domain on VLAN tagged bridge?
RET=0
ovs-vsctl list-br | grep -c ${bridge} 1>/dev/null 2>&1 || RET=1
if [ $RET -eq 1 ]
then
  if [[ $bridge =~ \.[[:digit:]]{1,4}$ ]]
  then
    tag=$(echo ${bridge} | cut -d "." -f 2)
    bridge=$(echo ${bridge} | cut -d "." -f 1)
  else
    fatal "Could not find bridge device ${bridge}"
  fi
fi

RET=0
ovs-vsctl list-br | grep -c ${bridge} 1>/dev/null 2>&1 || RET=1
if [ $RET -eq 1 ]
then
  fatal "Could not find bridge device ${bridge}"
fi

if [ -z "${tag}" ]
then
  log debug "Successful vif-openvswitch $command for ${vif}, bridge ${bridge}."
else
  log debug "Successful vif-openvswitch $command for ${vif}, bridge
${bridge}, tag ${tag}."
fi

case "$command" in
  online)
    ifconfig "${vif}" 0.0.0.0 up
    if [ -z $tag ]
    then
      ovs-vsctl -- --may-exist add-port ${bridge} ${vif}
    else
      ovs-vsctl -- --may-exist add-port ${bridge} ${vif} tag=${tag}
    fi
    ;;

    offline)
      ovs-vsctl -- --if-exists del-port ${bridge} ${vif}
      ifconfig "$vif" 0.0.0.0 down
      ;;

    add)
      ;;
esac

if [ "$command" == "online" ]
then
  success
fi

Sustituir vif-script

Sustituir vif-script en /etc/xen/xend-config.sxp de vif-bridge a vif-openvswitch:

#(vif-script vif-bridge)
(vif-script vif-openvswitch)