1 Using Open vSwitch as a Simple OpenFlow Switch
2 ==============================================
4 Open vSwitch uses OpenFlow as its preferred method of remote flow table
5 configuration. Running ovs-vswitchd(8) with the bridge.<name>.controller
6 set of parameters as described in ovs-vswitchd.conf(5) will cause it to
7 connect to the specified controller using OpenFlow. We recommend using
8 OpenFlow in this manner, however, it is also possible to use Open vSwitch
9 as a simple OpenFlow switch like that provided by the OpenFlow reference
15 OpenFlow is a flow-based switch specification designed to enable
16 researchers to run experiments in live networks. OpenFlow is based on a
17 simple Ethernet flow switch that exposes a standardized interface for
18 adding and removing flow entries.
20 An OpenFlow switch consists of three parts: (1) A "flow table" in
21 which each flow entry is associated with an action telling the switch
22 how to process the flow, (2) a "secure channel" that connects the switch
23 to a remote process (a controller), allowing commands and packets to
24 be sent between the controller and the switch, and (3) an OpenFlow
25 protocol implementation, providing an open and standard way for a
26 controller to talk to the switch.
28 An OpenFlow switch can thus serve as a simple datapath element that
29 forwards packets between ports according to flow actions defined by
30 the controller using OpenFlow commands. Example actions are:
32 - Forward this flow's packets to the given port(s)
33 - Drop this flow's packets
34 - Encapsulate and forward this flow's packets to the controller.
36 The OpenFlow switch is defined in detail in the OpenFlow switch
39 Installation Procedure
40 ----------------------
42 The procedure below explains how to use the Open vSwitch as a simple
45 1. Build and install the Open vSwitch kernel modules and userspace
46 programs as described in INSTALL.Linux.
48 It is important to run "make install", because some Open vSwitch
49 programs expect to find files in locations selected at installation
52 2. Load the openvswitch kernel module (which was built in step 1), e.g.:
54 % insmod datapath/linux-2.6/openvswitch_mod.ko
56 This kernel module cannot be loaded if the Linux bridge module is
57 already loaded. Thus, you may need to remove any existing bridges
58 and unload the bridge module with "rmmod bridge" before you can do
61 3. Create a datapath instance. The command below creates a datapath
62 identified as dp0 (see ovs-dpctl(8) for more detailed usage
65 # ovs-dpctl add-dp dp0
67 Creating datapath dp0 creates a new network device, also named dp0.
68 This network device, called the datapath's "local port", will be
69 bridged to the physical switch ports by ovs-openflowd(8), for use in
72 4. Use ovs-dpctl to attach the datapath to physical interfaces on the
73 machine. Say, for example, you want to create a trivial 2-port
74 switch using interfaces eth1 and eth2, you would issue the following
77 # ovs-dpctl add-if dp0 eth1
78 # ovs-dpctl add-if dp0 eth2
80 You can verify that the interfaces were successfully added by asking
81 ovs-dpctl to print the current status of datapath dp0:
85 5. Arrange so that the switch can reach the controller over the
88 - If you are using out-of-band control, at this point make sure
89 that the switch machine can reach the controller over the
92 - If you are using in-band control, then at this point you must
93 configure the dp0 network device created in step 3. This
94 device is not yet bridged to any physical network (because
95 ovs-openflowd does that, and it is not yet running), so the next
96 step depends on whether connectivity is required to configure
97 the device's IP address:
99 * If the switch has a static IP address, you may configure
100 its IP address now, e.g.:
102 # ifconfig dp0 192.168.1.1
104 * If the switch does not have a static IP address, e.g. its
105 IP address is obtained dynamically via DHCP, then proceed
106 to step 4. The DHCP client will not be able to contact
107 the DHCP server until the secure channel has started up.
109 - If you are using in-band control with controller discovery, no
110 configuration is required at this point. You may proceed to
113 6. Run ovs-openflowd to start the secure channel connecting the datapath to
114 a remote controller. If the controller is running on host
115 192.168.1.2 port 6633 (the default port), the ovs-openflowd invocation
116 would look like this:
118 # ovs-openflowd dp0 tcp:192.168.1.2
120 - If you are using in-band control with controller discovery, omit
121 the second argument to the ovs-openflowd command.
123 - If you are using out-of-band control, add --out-of-band to the
126 Using the "tcp:<controller_ip>" argument causes the switch to connect
127 in an insecure manner. Please see INSTALL.SSL for a description of
128 how to connect securely using SSL.
130 7. If you are using in-band control with manual configuration, and the
131 switch obtains its IP address dynamically, then you may now obtain
132 the switch's IP address, e.g. by invoking a DHCP client. The
133 secure channel will only be able to connect to the controller after
134 an IP address has been obtained.
136 8. The secure channel should connect to the controller within a few
137 seconds. It may take a little longer if controller discovery is in
138 use, because the switch must then also obtain its own IP address
139 and the controller's location via DHCP.
144 [1] OpenFlow Reference Implementation.
145 <http://www.openflowswitch.org/wp/downloads/>
147 [2] OpenFlow Switch Specification.
148 <http://openflowswitch.org/documents/openflow-spec-latest.pdf>