Running Open vSwitch in Network Namespace with In-Band Controller
April 3, 2014 4 Comments
In a previous post, I started the experiment on running Open vSwitch in a network namespace. I had three scenarios I was trying to accomplish.
- OVS in each network namespace running in standalone mode (standard L2 learning switch not under SDN control).
- OVS in each network namespace running in secure mode with a local SDN controller for each switch
- OVS in each network namespace running in secure mode with a remote in-band SDN controller
In the last post I walked through the first two scenarios but I mentioned I was stuck getting the in-band controller scenario to work. Turns out that the problem I was having was just a simple IP MASK misconfiguration. I had kept thinking of the internal bridge interface (s1 and s2) as being like layer 3 Loopback interface on a router and putting a /32 prefix on them. I realized recently that these are actually an SVI/VLAN interface. Not sure why I got those mixed up. So once I used the correct IP prefix to match the subnet of the network, all worked as planned. So the following are the steps I took to get the last scenario to work.
This script(createBrSdn) creates the bridge in secure mode and adds the ports. Set the controller IP address to the host that will run the controller. In my case, the controller will be running on host h1 which has an IP address of 10.0.0.1/8.
#!/bin/bash echo Configure OVS for $1 ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock add-br $1 ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock add-port $1 $1-eth0 ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock add-port $1 $1-eth1 ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock set-fail-mode $1 secure ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock set-controller $1 tcp:10.0.0.1:6633 ovs-vsctl --db=unix:/tmp/mininet-$1/db.sock show
With the script setup, I followed the same instruction I had before but also set the IP address for each of the internal bridge interfaces. So first step was to start the Mininet script and then open XTerms to h1, s1, and s2.
In the xterm for h1 controller:
controller -v ptcp:6633
In the xterm for S1:
startOvsDb s1 startOvs s1 createBrSdn s1 ifconfig s1 inet 10.0.0.100/8
In the xterm for S2:
startOvsDb s2 startOvs s2 createBrSdn s2 ifconfig s2 inet 10.0.0.101/8
Once that was all setup, I could easily get the two hosts to ping each other.
mininet> h1 ping -c 2 h2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=2.52 ms 64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=1.50 ms --- 10.0.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 1.502/2.015/2.529/0.515 ms
I’m glad all this finally worked out. I think I might now try and wrap all this into a Mininet custom switch class so people can try their own experiments at using in-band conntroller.
This post ‘Running Open vSwitch in Network Namespace with In-Band Controller’ first appeared on https://gregorygee.wordpress.com/.
Tech and Trains 
Pingback: Running Open vSwitch in Network Namespace | Tech and Trains
I was following your useful work and I would like to apply it to a centralized out-of-band SDN network with Mininet.
I was wondering how to add multiple links from the controller (which is hosted on one host as you suggested on your in-band approach) to the switches.
But I tested and Mininet just allows me to add one link between the controller/ host to one switch. If I add a link successively times :
net.addLink (hController,s1)
net.addLink (hController,s2)
Mininet only adds the first connection but not the second one.
I tested by disabling the link between s2 and the controller and check that pingall command works (and is not because the hardtime or idletime has not expired yet).
for me, It seems that mininet only considers that s1 is the only switch connected to the network and thus when I disconnect the link between s1 and the controller the ping does not work.
Did you have to deal with such an issue?
I believe the second link did get created. In Mininet currently, if you attach multiple links to a host, only one of the links will get an IP address assigned to it. For the other links, you will have to manually configure an IP address on them.
Thank you for your useful post. my question to you is; Is it possible to see hidden flows for example by following commands ? I could not check the hidden flows by this commands:
ovs-appctl –db=unix:/tmp/mininet-s1/db.sock bridge/dump_flows s1
OR
ovs-appctl bridge/dump_flows s1
I think ovs-appctl module should be isolated in switch network namespace beside ovs-vsctl module. and what about ovs-ofctl module? what is your recommendation?
Thank you in advance