VXLAN overlay networks with Open vSwitch.
Рет қаралды 93,468
10 жыл бұрынVXLAN overlay networks with Open vSwitch.
Twitter: @davidmahler
LinkedIn: / davidmahler
Demonstration of configuring a VXLAN tunnel manually using Open vSwitch. Connecting VMs together through the tunnel, allowing logical separation of tenant traffic from each other and from the physical underlay network. Emulated with mininet (mininet.org)
Links:
Me
/ davidmahler
Intro to Cloud Overlay Networks: • Introduction to Cloud ...
Intro to OpenFlow: • Introduction to OpenFlow
Intro to Open vSwitch: • OpenFlow flow entries ...
Intro to Mininet: • Introduction to Mininet
Open vSwitch
openvswitch.org
Brent Salisbury (Network Static Blog):
networkstatic.net/setting-over...
Derek Chamorro (The Random Security Guy Blog):
www.therandomsecurityguy.com/v...
IETF Network Virtualization Overlays working group
datatracker.ietf.org/wg/nvo3/...
VXLAN IETF draft:
datatracker.ietf.org/wg/nvo3/...
Commands used:
Build tunnel (from SERVER1 shown):
ovs-vsctl add-port s1 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.2.20 option:key=flow ofport_request=10
Flow entries (from SERVER1 shown)
table=1,tun_id=100,dl_dst=00:00:00:00:00:01,actions=output:1
table=1,tun_id=200,dl_dst=00:00:00:00:00:01,actions=output:2
table=1,tun_id=100,dl_dst=00:00:00:00:00:02,actions=output:10
table=1,tun_id=200,dl_dst=00:00:00:00:00:02,actions=output:10
table=1,tun_id=100,arp,nw_dst=10.0.0.1,actions=output:1
table=1,tun_id=200,arp,nw_dst=10.0.0.1,actions=output:2
table=1,tun_id=100,arp,nw_dst=10.0.0.2,actions=output:10
table=1,tun_id=200,arp,nw_dst=10.0.0.2,actions=output:10
table=1,priority=100,actions=drop
@kwabenaapprey5909 8 жыл бұрын
Excellent video David! Thanks for taking the time to put this video together and making it available for those new to VXLAN such as myself.
@DavidMahler 8 жыл бұрын
+Kwabena Apprey You're welcome!
@suriyanath 8 жыл бұрын
Great work David... able to understand many things within few minutes... I could understand the hard work behind it... God bless you...
@DavidMahler 8 жыл бұрын
+Suriyanath Seralathan Thanks so much for the feedback!
@rpf23543 7 жыл бұрын
great explanation, I really like how nicely and detailed you introduce the setup, before you start with the actual test. Thanks a lot for the effort!
@DavidMahler 7 жыл бұрын
Thanks for the feedback! ...and for commenting again!!
@amazotron3471 9 жыл бұрын
As an SDN newbie, this has been very helpful. Thank you!
@DavidMahler 9 жыл бұрын
Allan Clarke You're welcome!
@JonMajorCCIE47884 8 жыл бұрын
This video is such a life saver lol. I was in need of a quick and dirty vxlan solution, came back to this because I couldn't remember the syntax for populating flows.
@DavidMahler 8 жыл бұрын
Hey Jon! Hope all is well - eagerly awaiting your next video ;-). kzfaq.info/love/q38rzWCvF-vAXbFchugzXA
@JonMajorCCIE47884 8 жыл бұрын
Thank you sir, and soon. Very soon!
@stampeder1686 7 жыл бұрын
Now we need another of your great videos on using VxLAN over BGP.
@DavidMahler 7 жыл бұрын
Thanks Glenn. That is something I should look at further, I've done VXLAN in a DC only so far and no BGP.
@infoinfo5566 8 жыл бұрын
I like the videos, all the videos were very helpful. I watched all of your videos in one day, since my experience is mostly in traditional type of networking surprisingly it was very easy to follow, and make sense of how to track packet flow, from one end to another across variety types of typologies. I can not imagine someone understanding all of this without solid foundation to networking.
@DavidMahler 8 жыл бұрын
Wow, all of them in one day? That's awesome, you must be tired of my voice ;-). You're right, most require some networking knowledge.
@sugiantoso 9 жыл бұрын
Thank you for the effort!
@NetworkStatic 8 жыл бұрын
Fantastic Video, great presentation!
@DavidMahler 8 жыл бұрын
+Brent Salisbury Thanks that means a lot coming from one of if not the best networking blogger out there. Major props for networkstatic.net/
@katywu1 9 жыл бұрын
Great stuff David
@DavidMahler 9 жыл бұрын
katywu1 Thanks!
@patadia 7 жыл бұрын
Hey David, you have inspired me to setup my on army of mininets (mininenions) :).
@DavidMahler 7 жыл бұрын
Ha, keep an eye on them!
@calltokumarg 9 жыл бұрын
Hi David, Very good video post, thanks. Looking forward for some videos like in SDN, NFV and OVS which will be helpfull for beginers. Thanks..
@DavidMahler 9 жыл бұрын
OK, thanks!
@avinashshankarpalli2130 6 жыл бұрын
Thanks David for awesome video and explation. How is this concept different from VXLAN EVPN?
@hashtagnerdz6745 10 жыл бұрын
Great Work !!
@DavidMahler 10 жыл бұрын
Thanks HashTag!
@martin0google 7 жыл бұрын
Thanks for the wonderful explanation , Is it possible to cover the actual emulation of three VM's along with the topology explanation ?
@KedarMendhurwar 9 жыл бұрын
nice work Dave :D
@DavidMahler 9 жыл бұрын
Kedar Mendhurwar Thanks Kedar.
@erezcohen9200 8 жыл бұрын
Very well done!
@DavidMahler 8 жыл бұрын
+Erez Cohen Thanks!
@srinivasvenumuddala5970 7 жыл бұрын
really very useful video!!!
@DavidMahler 7 жыл бұрын
Thanks!!!
@agostinhomaia9025 3 жыл бұрын
Awesome! Thank you.
@DavidMahler 3 жыл бұрын
ty!
@ThedrumMachine78 9 жыл бұрын
Hi David your videos are great! When are you planning to do some more? :)
@DavidMahler 9 жыл бұрын
Thanks Gabriel! I did just post one a couple of days ago. Introduction to SDN: kzfaq.info/get/bejne/es9zm9GmxLalqnU.html
@anuragraghuvanshi5952 7 жыл бұрын
Thanks for this knowledge!!! Query: do i need Router VM for this setup?
@DavidMahler 7 жыл бұрын
Hi, thanks for the comment. No, I just had it there to show L2 overlay on a L3 network (crossing the router and still have L2 adjacencies between the VMs)
@blockchain-dr-huang 10 жыл бұрын
Nice video.
@DavidMahler 10 жыл бұрын
Thank you Huawei
@KhayamGondal 9 жыл бұрын
Thanks David for this amazing video. I have one question. If i don't know what IPs are assigned to VMs than how will i configure ARP flows?
@amanpreetsingh6835 6 жыл бұрын
docs.openvswitch.org/en/latest/faq/issues/ find your answer here.
@saravananramesh7847 7 жыл бұрын
Can I technically add a port number to the remote_ip while adding the vtep to the switch?
@jianweimao4345 6 жыл бұрын
good job
@DavidMahler 6 жыл бұрын
Thanks!
@yangwang7971 7 жыл бұрын
thank you !
@DavidMahler 7 жыл бұрын
You're welcome!
@saravananramesh7847 7 жыл бұрын
Thanks for the amazing video :) Query: Why does my vxlan bridge break on manually adding the flows.txt?
@DavidMahler 7 жыл бұрын
You're welcome. Sorry I don't know.
@almazabd8175 9 жыл бұрын
Thank you for nice video. I want to connect lxc containers on several computers with vxlan, with dynamically created route to lxc containers. Also I need vxlan link encryption. Please help with it. Thanks..
@jonathanbrown2102 6 жыл бұрын
This is a great tutorial. Is it possible to achieve this without having to specify MAC or IP addresses in the flows? Is it possible to simply indicate that anything connected on openflow port 1 is on VNI 100 and anything on openflow port 2 is on VNI 200 and then allow MAC learning to proceed as usual as if it were a standard switch? Essentially, if I left out the bottom half of your flows.txt document would it still work? Thanks!
@DavidMahler 6 жыл бұрын
Thanks, I *think* so, I'd have to lab it up.
@zafarqos 10 жыл бұрын
Thanks for another nice video. So you used mininet on two VMs. Can you please guide to some link showing the setup on how can they communication with each other?
@DavidMahler 10 жыл бұрын
Hello Zafar, Thanks. The VMs just need to be able to reach each other. Then for Mininet (just for the demo) I used a custom topology like below as an example for "server1" from mininet.net import Mininet from mininet.node import Controller from mininet.cli import CLI from mininet.log import setLogLevel, info def server1(): "Create an empty network and add nodes to it." net = Mininet( controller=None ) info( '*** Adding hosts ' ) red1 = net.addHost( 'red1', ip='10.0.0.1', mac='00:00:00:00:00:01') blue1 = net.addHost( 'blue1', ip='10.0.0.1', mac='00:00:00:00:00:01') info( '*** Adding switch ' ) s1 = net.addSwitch( 's1' ) info( '*** Creating links ' ) net.addLink( red1, s1 ) net.addLink( blue1, s1 ) info( '*** Starting network ') net.start() info( '*** Running CLI ' ) CLI( net ) info( '*** Stopping network' ) net.stop() if __name__ == '__main__': setLogLevel( 'info' ) server1()
@ViktorGoldberg 9 жыл бұрын
David Mahler Thanks for your excellent work David! Just realized that KZfaq strips some underscores. I think in the last section if __name__ ... It should actually say: if ___name___ ... Cheers!
@kawish_alley 4 жыл бұрын
I want to setup a topology and set a vxlan tunnel between two different network one on public ip and other have private ip. How can I achieved this? thanks
@safourajanosepah5069 6 жыл бұрын
This video is really useful but I don't know what is flow.txt?
@jorgehumbertogomezvelasque6420 7 жыл бұрын
Thanks for the explanation Just a short question. Once the packet arrive to the other server (the one who has the destination ip address), how is this then forwarded to the Openvswitch,and specifically to the vtep port ? . I mean, there just the information about the IP, What if there are multiple OVS at the remote node . Thanks again
@DavidMahler 7 жыл бұрын
the VTEP is on an OVS instance. If there are multiple OVS bridges that's fine - they need to be connected together of course to get from the one with the VTEP to another - and forwarding can be normal L2 forwarding or openflow rules on the OVS instances
@Angelas20 4 жыл бұрын
If I want to make overlay network for more than two VM's, what would be next hop? For two VM, it is clear..next hop just each other. Can you clarify what if I want to make overlay network for 10 VMs?
@abdelmounaimbouroudi4640 5 жыл бұрын
Thank you for this video, could you please do a tutorial video on Service Function Chaining with ODL and Mininet ?!
@DavidMahler 5 жыл бұрын
Thanks for the comment! You're welcome!
@gedcib 3 жыл бұрын
@@DavidMahler Could you approve linkedin invitation? I need your help with OpenvSwitch issue we are facing.
@yasharpartovi4204 7 жыл бұрын
Hi David, Thank you so much for your great videos. Would you please share the script codes for this video also? Thanks
@DavidMahler 7 жыл бұрын
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is close
@svensubunitnillson1568 5 жыл бұрын
would the vxlan tunnel support doubletagged vlans or is this just for untagged traffic, as i understand it the payload doesnt matter as long as its layer2.
@DavidMahler 5 жыл бұрын
I don't see why not.
@videotonghop5692 8 жыл бұрын
thanks
@DavidMahler 8 жыл бұрын
+iphone apple yw
@chinvannak1076 5 жыл бұрын
you use this command "ovs-vsctl add-port s1 vtep -- set interface vtep type=vxlan option:remote_ip=192.168.2.20 option:key=flow ofport_request=10" to add vxlan tunnel on open Vswitch, if i am using kvm switch what should be the command? Thank,
@sanketraut 9 жыл бұрын
Hey +David Mahler , How to connect server1 mininet (vm1) to Router (vm3), and server 2 mininet (vm2) to Router (vm3 )?? During your demo are you using 4 th vm for mininet controller??
@DavidMahler 9 жыл бұрын
sanket raut Hi, I used virtual box and used internal networks to connect the 3 VMs in a line. The 'router' I believe I just had ubuntu with ip forwarding enabled between 2 interfaces (each interface connected to one of the other vms through VB internal network)
@poorniman84 8 жыл бұрын
+sanket raut Hi Sanket, were you able to create the exact setup in VirtualBox?
@chinvannak1076 5 жыл бұрын
In this case, can blue 1 communicate red 1?
@jong-hakchoe4913 9 жыл бұрын
Thank you for this excellent video! It is really helpful for beginners. I want to try exact same thing you did. Is it possible for you to post custom topology file - vxlan.py file?
@DavidMahler 9 жыл бұрын
Hi Jong-Hak. Thanks for the comment - please see my reply to Zafar a few months ago.....(probably have to hit "read more" to expand my comment).
@ibrahimmansour940 7 жыл бұрын
Hi David, I’d like you to help me with VxLAN configurations on Ubuntu using Linux bridge/openvswitch. I need to create an overlay network (10.10.10.0/24) on two different subnets (192.168.1.0/24 & 172.16.1.0/24) and the configuration should be permanent. Also, VMs with IP addresses within the overlay network should be able to access the internet and the underlaying subnets. Many thanks in advance. Ibrahim.
@shravansk 7 жыл бұрын
Hey David, can you please tell how you did 3 VMs setup and connect them ?
@DavidMahler 7 жыл бұрын
It's been a while, but if I recall correctly the 2 VMs acting as compute hosts had internal network ports in Virtual Box (say int1 and int2). The VM in the middle I just had to give in an interface in int1 and int2, set net.ipv4.ip_forward = 1, and set "gateway" IPs as needed on the interfaces - so it then acted like a basic router.
@shravansk 7 жыл бұрын
Is it not possible to emulate the above setup using mininet somehow ?
@mikescott3355 7 жыл бұрын
Could you please post the text of your vxlan.py custom topology? I am trying to learn from example with regard to scripting custom topo's
@DavidMahler 7 жыл бұрын
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is almost the same I believe, just need to update IPs
@sanketraut 9 жыл бұрын
Hello +david Mahler, I tried to implement your topology in mininet, but when I give flows by "sh ovs-ofctl server1 flows.txt" in server1 It given me error message "Invalid Ethernet address", which is destination host mac address. So, could you please help me with the same.
@anbarasanm9302 9 жыл бұрын
Hi David, I tried the same setup. But I was not able to ping one mininet host from another. Although I could see the packets with vxlan headers from one machine reaching the physical interface of other machine. Not sure what happens post that. How should I debug this?
@anbarasanm9302 9 жыл бұрын
Could you share the python script for mininet simulation?
@teripotter1 2 жыл бұрын
Hello David Mahler. I hope my message finds you in good health. Iam a student and I needed some help regarding vxlan tunneling. My scenario is that I have two seperate openstack clouds and I want to establish vxlan tunneling from an instance in one cloud to an instance in another cloud. Thanks alot
@ChandraSekhar-dq9iz 10 жыл бұрын
Hello David, Thanks for another nice video.... Actually I am trying the same topology in real scenario except one VM per host. My setup details are as below: 2 Linux hosts with Ubuntu 12.04 LTS with Xen hypervisor OVS 1.9.3 installed in both hosts Host1: VM1-10.0.0.1 OVS version 1.9.3 Interface Xenbr0 bridged to eth0 of host1 Xenbr0(pc1)-192.168.1.10 Host2: VM2-10.0.0.2 OVS version 1.9.3 Interface Xenbr0 bridged to eth0 of host2 Xenbr0(pc2)-192.168.2.20 I have used a Linux PC to act as a router in-between the 2 hosts… Kindly could you provide me the configuration you used for the vxlan tunneling and the OVS setup.. Any help would be appreciated……
@DavidMahler 10 жыл бұрын
Hi - I have the commands for one side in the video description (might have to hit more). The other side is similar but also seen just after the 8min mark or so....
@ChandraSekhar-dq9iz 10 жыл бұрын
David Mahler Hi, Thank you for your reply. I am actually doing my Thesis in live migration of VM's over WAN using VXLAN approach. I would need the configuration commands for the bridging interfaces S1,S2 and VTEP to be able to set up my test bed on Linux systems. Also, I have a VM interface named Xenbr0 which I dont understand how to relate to the OVS bridges S1 and S2. Any help would be greatly appreciated. Email id: cse414@gmail.com
@RyanDunbar1 10 жыл бұрын
How would the config looks like it you add another server (SERVER3 192.168.3.30) and add new tenant VM blue3,red3, plus green3 ? can the tun_id be automated ? can all of the flow config be automated ? what if you move a VM to another server ?
@RyanDunbar1 10 жыл бұрын
that's if. :)
@DavidMahler 10 жыл бұрын
Hi Ryan check out this post from Brent Salisbury's blog which I reference: networkstatic.net/setting-overlays-open-vswitch/
@poorniman84 8 жыл бұрын
Very nice video. Can you please share the python script for creating network topology?
@DavidMahler 8 жыл бұрын
+Poornima N I looked through my old files try this ... gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 the IPs need to be updated
@poorniman84 8 жыл бұрын
Thanks a lot David
@poorniman84 8 жыл бұрын
+David Mahler, how to setup IP address 192.168.1.10 and 192.168.2.20 to switches s1 and s2?
@etcpriority 7 жыл бұрын
Hi, I am new to this. Can anyone please tell me from where did we infer that red1 got OF port as 1?
@DavidMahler 7 жыл бұрын
You can try ovs-ofctl show to see mappings of OF port numbers to names you might see in "ip a" or "ifconfig". Also ovs-appctl show/fdb can show the mac address table which can help as well.
@etcpriority 7 жыл бұрын
Thank you. :)
@augustking964 8 жыл бұрын
would you pls show the detail of vxlan.py?
@DavidMahler 8 жыл бұрын
gist.github.com/anonymous/bad4b7d7dcb277958edf0a7a2ae67836 is close, just need to update IPs I believe
@anferneegui 5 жыл бұрын
seems the mac part is missing.
@erwinadrados4747 3 жыл бұрын
Hello. Can you provide the exact python script for vxlan.py? :)
Action C Mini
Рет қаралды 51 МЛН
Anton Putra
Рет қаралды 17 М.
Linux.conf.au 2012 -- Ballarat, Australia
Рет қаралды 41 М.
Action C Mini
Рет қаралды 51 МЛН