1. Installation

libvirt must be 0.10.1 or higer.

At this point (14 sep 2012) in Centos 6.3 has some problems compiling Open vSwitch. But in all previous versions it works just fine. Yet proven official rpm, you can do rpm and install for themselves, or compile from the sources using the path to the kernel source as a parameter to ./configure script. Also, if you are installing from source specify the path --prefix=/usr

~> wget http://openvswitch.org/releases/openvswitch-1.4.2.tar.gz
~> tar zxf openvswitch-1.4.2.tar.gz
~> cd openvswitch-1.4.2

Then you must specify the correct path to the kernel source and prefix
~> ./configure --prefix=/usr --with-linux=/usr/src/kernels/2.6.18-308.8.1.el5xen-x86_64/

In general it does not matter how you do it, it is highly expected that the HV have working tools and kernel modules.


2. List of scripts:

* ovs -- script start and stop Open vSwitch, usually located in /etc/init.d/

The following scripts are commonly used are located in the panel and /onapp/tools

* firewall -- VM firewall configuration script, which actually manipulate Open Flow rules.
* antispoofing -- configuration script for set antispoofing rules
* qos -- script to set the speed at interefeyse
* interface -- a script to [dis]connect the external interface to OVS, usually it is necessary in order to have a virtual machine Internet access
* init_new_ovs.sh -- initialize firstly installed switch

You need to copy this scripts to their appropriate directories by hands, as of I cant predict which version you will use. In future versions it will by fully automate.


3. The first start, the initialization

Before using the Switch its need to be initialized. It usually does init_new_ovs.sh, as the single command line parameter it is necessary to specify the database schema that comes with the current distribution. Example of use:

~> ./init_new_ovs.sh vswitchd/vswitch.ovsschema

What this script do:
* Create necessary directories
* Unloads modules of standard Linux bridge and adds them to the blacklist
* Load OVS modules
* Create a working database schema
* Start switch and makes first initialization
* Create default switch


4. In case you want to understand process of initialization. How it do by hands:

mkdir -p /etc/openvswitch
mkdir -p /var/run/openvswitch

*Before* the first use be sure to create a default database schema
ovsdb-tool create /etc/openvswitch/conf.db /root/openvswitch-1.4.2/vswitchd/vswitch.ovsschema

/etc/init.d/ovs start

After the first run be sure to initialize. Expected you install OVS with prefix /usr. If the socket is in non-standard location then you need to add an option to the correct location: --db=unix:/var/run/openvswitch/db.sock

ovs-vsctl --no-wait init

After all installed and look like working, you need a default Switch

ovs-vsctl add-br onapp-ovs0


5. Config file

In the config file /etc/onapp.conf you can specify interfaces that correspond to external VMs networks. Then, during boot time the script adds a default OPENFLOW rules. The script can be run from the console, all the settings are automatically saved in the config file /etc/onapp.conf:

/onapp/tools/interface --int eth2 --vlan 311 --del
/onapp/tools/interface --int eth2 --vlan 311 --add


6. If all goes well, then ater HV reboot, command ovs-ofctl dump-flows onapp-ovs0 will show output like this:

cookie = 0x0, duration = 18199.67s, table = 0, n_packets = 13,578, n_bytes = 814356, arp, dl_dst = 01:00:00:00:00:00 / 01:00:00:00:00:00 actions = ALL

This is default rule. If there is external network interfaces, then they will also have default rules.


7. Because OVS is still in the testing phase, it is necessary to consider it can produce results beyond expectations.


8. If something goes wrong, then this steps can halp to identify problem:

* make sure that the default OPENFLOW rules exist
* make sure that exist OPENFLOW rules for the desired virtual machine when the virtual machine starts, by default, it is assigned two rules to protect against different SPOOFING attacks. They must be for the current port of VM interfaces.
* Make sure that the external interface is connected to switches and corresponding OF rules configured for the current port.

This example command returns the number of port interface named eth2.311:

ovs-vsctl --db=unix:/var/run/openvswitch/db.sock -- get Interface eth2.311 ofport

