StefanoLaguardia.eu

Configure OpenVSwitch and libvirt to enable trunking (802.1q) between KVM Guests

The goal of this article is to cover a complete configuration of OpenVSwitch and KVM networking to have ports of the virtual switch allowing trunking toward the KVM guests. The reason to do that is to give the opportunity to arrange topologies between routers running as KVM guests connected using trunks instead of physical (virtual) links. In this way, using a single port on the virtual routers, you can create sub-interfaces within the same vlan to have connectivity only between routers that have that particular sub-interface/vlan.

Everything I am going to do is on a Debian GNU/Linux Host that has already installed OpenVSwitch and KVM (on Internet there is a lot of documentation to cover these topics). We will dedicate our attention on the creation of a virtual switch with OVS and on the configuration of KVM networking.

ToDO:

1) as a first step we will create a new virtual switch that we are going to call “ovswitch0”. From a root terminal type:

ovs-vsctl add-br ovswitch0

2) Second step is to create 2 files that will take care of linking and bringing up/down the (future) kvm guests interfaces as soon as the guests themselves will be powered on/off. The 2 files will be placed in the directory /etc/openvswitch and they will be named ovs-ifup and ovs-ifdown:

–>  ovs-ifup content:

#!/bin/sh

switch=’ovswitch0′
/sbin/ifconfig $1 0.0.0.0 up
ovs-vsctl add-port ${switch} $1

–> ovs-ifdown content:

#!/bin/sh

switch=’ovswitch0′
/sbin/ifconfig $1 0.0.0.0 down
ovs-vsctl del-port ${switch} $1

3) we will now create a network template that will be used with KVM to then configure the interfaces to support 802.1q encapsulation. We will call this file “ovs-kvm-trunks.xml” and we will put the following content :

<network>
 <name>ovs-kvm-vlans</name>
 <forward mode=’bridge’/>
 <bridge name=’ovswitch0’/>
 <virtualport type=’openvswitch’/>
 <portgroup name=’vlan-all’ default=’yes’>
   <vlan trunk=’yes’>
    <tag id=’2’/>
    <tag id=’3’/>
    <<..>>
    <tag id=’50’/>
  </vlan>
 </portgroup>
</network>

You are supposed to add all the tag id values that you want to use later on with the KVM guests. After the file is saved we can use virsh to define this new network:

virsh net-define ovs-kvm-trunks.xml
virsh net-start ovs-kvm-trunks.xml
virsh net-autostart ovs-kvm-trunks.xml

You can now go ahead and create a new KVM guest or modify one or more that you already have. In case you don’t have yet a KVM Guest configured, I suggest to use virt-manager to create a new virtual-machine, paying attention to select th option to customize configuration before install in case you want to have more than 1 Network Interface. In this way you’ll simplify the editing of the virtual machine later on:

virt-manager customize before install

Once you click on “finish” you will be given the opportunity to modify your hardware. As I said before I suggest you to create as many network interfaces you think you will need to use at a later stage.

If you finished to create the virtual machine, you can no move to to edit the network interfaces. Again from root terminal type:

virsh edit <name_of_virtual_machine>

Search for the part of the configuration that involves the interfaces and change it to have the following:

<interface type=’network’>
      <mac address=’52:54:00:XX:XX:XX’/>
      <source network=’ovs-kvm-vlans’ portgroup=’vlan-all’/>
      <model type=’virtio’/>
      <address type=’pci’ domain=’0x0000′ bus=’0x00′ slot=’0x03′ function=’0x0’/>
    </interface>

Of course you have to do it for each and every interface you want to use then as a trunk. You can then save the configuration file of the virtual machine and start it. Once it will be booted you can check that new interfaces are added in OpenVSwitch with command:

ovs-vsctl show

Moreover you will be now able to configure the port of the guests as trunks and have connectivity between them. This is an example from my PC:
routers with encapsulation

Hope it helps.

Comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.