1 How to Install Open vSwitch on Linux
2 ====================================
4 This document describes how to build and install Open vSwitch on a
5 generic Linux host. If you want to install Open vSwitch on a Citrix
6 XenServer version 5.5.0, see INSTALL.XenServer instead.
8 This version of Open vSwitch should be built manually with "configure"
9 and "make". Debian packaging for Open vSwitch is also included, but
10 they have not been recently tested, and so Debian packages are not a
11 recommended way to use this version of Open vSwitch.
16 To compile the userspace programs in the Open vSwitch distribution,
17 you will need the following software:
19 - A make program, e.g. GNU make. BSD make should also work.
21 - The GNU C compiler. We generally test with version 4.1, 4.2, or
24 - libssl, from OpenSSL, is optional but recommended if you plan to
25 connect the Open vSwitch to an OpenFlow controller. libssl is
26 required to establish confidentiality and authenticity in the
27 connections from an Open vSwitch to an OpenFlow controller. If
28 libssl is installed, then Open vSwitch will automatically build
31 To compile the kernel module, you must also install the following. If
32 you cannot build or install the kernel module, you may use the
33 userspace-only implementation, at a cost in performance. The
34 userspace implementation may also lack some features. Refer to
35 INSTALL.userspace for more information.
37 - A supported Linux kernel version. Please refer to README for a
38 list of supported versions.
40 The Open vSwitch datapath requires bridging support
41 (CONFIG_BRIDGE) to be built as a kernel module. (This is common
42 in kernels provided by Linux distributions.) The bridge module
43 must not be loaded or in use. If the bridge module is running
44 (check with "lsmod | grep bridge"), you must remove it ("rmmod
45 bridge") before starting the datapath.
47 For optional support of ingress policing, you must enable kernel
48 configuration options NET_CLS_ACT, NET_CLS_U32, NET_SCH_INGRESS,
49 and NET_ACT_POLICE, either built-in or as modules.
50 (NET_CLS_POLICE is obsolete and not needed.)
52 If GRE tunneling is being used it is recommended that the kernel
53 be compiled with IPv6 support (CONFIG_IPV6). This allows for
54 special handling (such as path MTU discovery) of IPv6 packets.
56 To use Open vSwitch support for TAP devices, you must enable
59 - To build a kernel module, you need the same version of GCC that
60 was used to build that kernel.
62 - A kernel build directory corresponding to the Linux kernel image
63 the module is to run on. Under Debian and Ubuntu, for example,
64 each linux-image package containing a kernel binary has a
65 corresponding linux-headers package with the required build
68 If you are working from a Git tree or snapshot (instead of from a
69 distribution tarball), or if you modify the Open vSwitch build system,
70 you will also need the following software:
72 - Autoconf version 2.64 or later.
74 - Automake version 1.10 or later.
76 - pkg-config. We test with version 0.22.
78 - Python 2.x, for x >= 4.
80 If you modify the ovsdbmonitor tool, then you will also need the
83 - pyuic4 from PyQt4 (http://www.riverbankcomputing.co.uk).
85 If you modify the vswitchd database schema, then the E-R diagram in
86 the ovs-vswitchd.conf.db(5) manpage will be updated properly only if
87 you have the following:
89 - "dot" from graphviz (http://www.graphviz.org/).
91 Installation Requirements
92 -------------------------
94 The machine on which Open vSwitch is to be installed must have the
97 - libc compatible with the libc used for build.
99 - libssl compatible with the libssl used for build, if OpenSSL was
102 - The Linux kernel version configured as part of the build.
104 - For optional support of ingress policing, the "tc" program from
105 iproute2 (part of all major distributions and available at
106 http://www.linux-foundation.org/en/Net:Iproute2).
108 - For debugging purposes, Open vSwitch expects that "tcpdump" is
109 installed as /usr/sbin/tcpdump. If tcpdump is not installed, or
110 if it is installed in a different location, then some Open
111 vSwitch log messages will not be as detailed.
113 You should ensure that /dev/urandom exists. To support TAP devices,
114 you must also ensure that /dev/net/tun exists.
116 To run the ovsdmonitor tool, the machine must also have the following
119 - Python 2.x, for x >= 4.
121 - Python Twisted Conch.
127 - Python Zope interface module.
129 (On Debian "lenny" the above can be installed with "apt-get install
130 python-json python-qt4 python-zopeinterface python-twisted-conch".)
132 Building and Installing Open vSwitch for Linux
133 ==============================================
135 Once you have installed all the prerequisites listed above in the Base
136 Prerequisites section, follow the procedure below to build.
138 1. If you pulled the sources directly from an Open vSwitch Git tree,
139 run boot.sh in the top source directory:
143 2. In the top source directory, configure the package by running the
144 configure script. You can usually invoke configure without any
149 By default all files are installed under /usr/local. If you want
150 to install into, e.g., /usr and /var instead of /usr/local and
151 /usr/local/var, add options as shown here:
153 % ./configure --prefix=/usr --localstatedir=/var
155 To use a specific C compiler for compiling Open vSwitch user
156 programs, also specify it on the configure command line, like so:
158 % ./configure CC=gcc-4.2
160 To build the Linux kernel module, so that you can run the
161 kernel-based switch, pass the location of the kernel build
162 directory on --with-l26. For example, to build for a running
163 instance of Linux 2.6:
165 % ./configure --with-l26=/lib/modules/`uname -r`/build
167 If you wish to build the kernel module for an architecture other
168 than the architecture of the machine used for the build, you may
169 specify the kernel architecture string using the KARCH variable
170 when invoking the configure script. For example, to build for MIPS
173 % ./configure --with-l26=/path/to/linux-2.6 KARCH=mips
175 The configure script accepts a number of other options and honors
176 additional environment variables. For a full list, invoke
177 configure with the --help option.
179 3. Run make in the top source directory:
183 4. Become root by running "su" or another program.
185 5. Run "make install" to install the executables and manpages into the
186 running system, by default under /usr/local.
188 6. If you built kernel modules, you may load them with "insmod", e.g.:
190 % insmod datapath/linux-2.6/openvswitch_mod.ko
192 You may need to specify a full path to insmod, e.g. /sbin/insmod.
193 To verify that the modules have been loaded, run "/sbin/lsmod" and
194 check that openvswitch_mod is listed.
196 If the "insmod" operation fails, look at the last few kernel log
197 messages (e.g. with "dmesg | tail"):
199 - The message "openvswitch_mod: exports duplicate symbol
200 br_should_route_hook (owned by bridge)" means that the bridge
201 module is loaded. Run "/sbin/rmmod bridge" to remove it.
203 If "/sbin/rmmod bridge" fails with "ERROR: Module bridge does
204 not exist in /proc/modules", then the bridge is compiled into
205 the kernel, rather than as a module. Open vSwitch does not
206 support this configuration (see "Build Requirements", above).
208 - The message "openvswitch_mod: exports duplicate symbol
209 dp_ioctl_hook (owned by ofdatapath)" means that the ofdatapath
210 module from the OpenFlow reference implementation is loaded.
211 Run "/sbin/rmmod ofdatapath" to remove it. (You might have to
212 delete any existing datapaths beforehand, using the "dpctl"
213 program included with the OpenFlow reference implementation.
214 "ovs-dpctl" will not work.)
216 - Otherwise, the most likely problem is that Open vSwitch was
217 built for a kernel different from the one into which you are
218 trying to load it. Run "modinfo" on openvswitch_mod.ko and on
219 a module built for the running kernel, e.g.:
221 % /sbin/modinfo openvswitch_mod.ko
222 % /sbin/modinfo /lib/modules/`uname -r`/kernel/net/bridge/bridge.ko
224 Compare the "vermagic" lines output by the two commands. If
225 they differ, then Open vSwitch was built for the wrong kernel.
227 - If you decide to report a bug or ask a question related to
228 module loading, please include the output from the "dmesg" and
229 "modinfo" commands mentioned above.
231 7. Initialize the configuration database using ovsdb-tool, e.g.:
233 % ovsdb-tool create /usr/local/etc/ovs-vswitchd.conf.db vswitchd/vswitch.ovsschema
238 Before starting ovs-vswitchd itself, you need to start its
239 configuration database, ovsdb-server. Each machine on which Open
240 vSwitch is installed should run its own copy of ovsdb-server.
241 Configure it to use the database you created during step 7 of
242 installation, above, to listen on a Unix domain socket, to connect to
243 any managers specified in the database itself, and to use the SSL
244 configuration in the database:
246 % ovsdb-server /usr/local/etc/ovs-vswitchd.conf.db \
247 --remote=punix:/usr/local/var/run/openvswitch/db.sock \
248 --remote=db:Open_vSwitch,managers \
249 --private-key=db:SSL,private_key \
250 --certificate=db:SSL,certificate \
251 --bootstrap-ca-cert=db:SSL,ca_cert
253 Then initialize the database using ovs-vsctl. This is only
254 necessary the first time after you create the database with
255 ovsdb-tool (but running it at any time is harmless):
257 % ovs-vsctl --no-wait init
259 Then start the main Open vSwitch daemon, telling it to connect to the
260 same Unix domain socket:
262 % ovs-vswitchd unix:/usr/local/var/run/openvswitch/db.sock
264 Now you may use ovs-vsctl to set up bridges and other Open vSwitch
265 features. For example, to create a bridge named br0 and add ports
266 eth0 and vif1.0 to it:
268 % ovs-vsctl add-br br0
269 % ovs-vsctl add-port br0 eth0
270 % ovs-vsctl add-port br0 vif1.0
272 Please refer to ovs-vsctl(8) for more details.
277 Please report problems to bugs@openvswitch.org.