Open Vswitch and manipulating added ports

ilgtech

New Member
Joined
Feb 24, 2018
Messages
8
Reaction score
14
Credits
0
I wanted to set up OVS to support a couple of interfaces belonging to an IPS VM.
First, I'm only just learning about OVS so please forgive any dumb questions I might submit due to my not understanding how this software behaves.

I have in the past brought up a libvirt based VM and bridged a physical host interface to the eth0 belonging to the virtual machine like this:

auto br1 # eth0 on the IPSVM is tied to this bridge

iface br1 inet manual
bridge_ports eno2
post-up ifconfig eno2 mtu 1520
post-up ifconfig eno2 promisc
post-up ethtool -G eno2 rx 4096
post-up ethtool -K eno2 rx off tx off sg off tso off ufo off gso off gro off lro off rxvlan off txvlan off ntuple off rxhash off
post-up ethtool -N eno2 rx-flow-hash udp4 sdfn
post-up ethtool -N eno2 rx-flow-hash udp6 sdfn
post-up ethtool -C eno2 rx-usecs 1 rx-frames 0
post-up ethtool -C eno2 adaptive-rx off
bridge_stp off
bridge_maxwait 0
post-down brctl delbr br1

========================================

Now for the main part of the question.
In: ovs-vsctl add-port vbridge0 eno2

What's the stanza look like to give it all the ethtool options and ifconfig options that I put on eno2 via the bridge commands as shown above?
Is there a way to add "ovs-vsctl set interface <insert options here>" to create an equivalent config?

Or would I simply bring up the interface manually via /etc/network/interfaces

Like:
auto eno2
iface eno2 inet manual
post-up ifconfig $IFACE up
post-up ifconfig $IFACE mtu 1520
post-up ifconfig $IFACE promisc
post-up ethtool -G $IFACE rx 4096
post-up ethtool -K $IFACE rx off tx off sg off tso off ufo off gso off gro off lro off rxvlan off txvlan off ntuple off rxhash off
post-up ethtool -N $IFACE rx-flow-hash udp4 sdfn
post-up ethtool -N $IFACE rx-flow-hash udp6 sdfn
post-up ethtool -C $IFACE rx-usecs 1 rx-frames 0
post-up ethtool -C $IFACE adaptive-rx off
bridge_stp off
bridge_maxwait 0
pre-down ifconfig $IFACE down

Then: ovs-vsctl add-port vbridge0 eno2 #and it would maintain all the attributes I brought it up with manually?


I've always operated under the pretense that when a bridge grabs an interface, the interface becomes a slave to the bridge and has to assume all of the bridges default settings.

So I'm thinking that bringing up eno2 manually with all those settings and adding the port eno2 after the fact would be a waste of time. I was thinking I would have to get OVS to set the attributes to the interface as it would be master over the slaved interface en02.


Clear as mudd? I'm hoping what I wrote made sense.
I have concern about all the NIC attributes because IPS systems really only perform correctly if all these attributes are applied to the interface. If you don't tune the interface this way, you'll miss things you're trying to detect with the IPS system.

Thanks!
 


Wow, I love it when they solve their own problems :p

Hi @ilgtech and welcome to linux.org.

I am not strong in this area, but I will read and digest what you have written and bookmark those links for my personal knowledge base.

Enjoy your Linux

Chris Turner
wizardfromoz
 
Glad you found your solution.... way over my head! :confused::eek:

Welcome to the site! :D

Cheers
Thanks atanere, I have a background as an Infrastructure support Engineer with my specialization being focused in Network Engineering. I am also a linux enthusiast that likes to use my FOSS knowledge where it applies to networking. This time it happened to be centered around Software defined networking of libvirt based KVM guests. If I can help in some networking questions for a forum member I'd be happy to try.
 
Thanks atanere, I have a background as an Infrastructure support Engineer with my specialization being focused in Network Engineering. I am also a linux enthusiast that likes to use my FOSS knowledge where it applies to networking. This time it happened to be centered around Software defined networking of libvirt based KVM guests. If I can help in some networking questions for a forum member I'd be happy to try.

Expertise is always welcome! :D Please check in with us anytime!

You might take a look at this question while you're here. You may have a much better suggestion than I offered. Thanks!

Cheers
 
atenere or wizardfromoz, is there a section in here to paste tut's?

I just wrote out a VERY long winded tut to build out Open Vswitch and run KVM/Qemu Libvirt hypervisor happily together. I'd like to share.
 
Hi mate, Linux Tutorials are here -

https://www.linux.org/#linux-tutorials.122

Stan's (@atanere 's) just headed off for work, but our Admin @Rob will be able to advise, or one of our other staff.

If permissions are required, Rob will likely be the one to handle that.

I joined here last May and within a couple of weeks Rob had established that I was a loud-mouthed know-it-all ie suited to writing articles. So he gave me permissions to a Staging area under Articles and Tutorials.

I've taken a quick look at your pastebin work, looks impressive, and is beyond my pay grade, currentlyo_O

Good luck, and goodonyer for being prepared to get in and help out ;)

Wiz
 
Wiz, sorry..I'm a little bit embarrassed, that tut is a bit if a mess and could use polish and a spit shine... Overall, all I was trying to do was simply share the "cliff notes" version of what took me about 2 full weekends of searcing online source after online source.. It was a huge pain ..Just trying to save somebody else the headache.
 
No need to be embarrassed mate :)

Did you want to put it on hold for a bit and do some more work on it?

No deadlines, no timeframe, no pressure :D

... I think I've just summarised my feelings about Linux :cool:

Wiz
 

Members online


Latest posts

Top