Open vSwitch Release 2.16.0 Aug 16, 2021 Contents 1 Project 1 1.1 Community................................................1 1.2 Contributing...............................................1 1.3 Maintaining................................................1 1.4 Documentation..............................................2 1.5 Getting Help...............................................2 2 Getting Started 3 2.1 What Is Open vSwitch?.........................................4 2.1.1 Overview............................................4 2.1.2 What’s here?..........................................5 2.2 Why Open vSwitch?...........................................5 2.2.1 The mobility of state......................................6 2.2.2 Responding to network dynamics...............................6 2.2.3 Maintenance of logical tags...................................6 2.2.4 Hardware integration......................................6 2.2.5 Summary............................................7 2.3 Installing Open vSwitch.........................................7 2.3.1 Installation from Source....................................7 2.3.2 Installation from Packages................................... 50 2.3.3 Others.............................................. 58 3 Tutorials 63 3.1 OVS Faucet Tutorial........................................... 63 3.1.1 Setting Up OVS......................................... 63 3.1.2 Setting up Faucet........................................ 64 3.1.3 Overview............................................ 65 3.1.4 Switching............................................ 66 3.1.5 Routing............................................. 76 3.1.6 ACLs.............................................. 84 3.1.7 Finishing Up.......................................... 86 3.1.8 Further Directions........................................ 86 3.2 OVS IPsec Tutorial............................................ 86 3.2.1 Requirements.......................................... 86 3.2.2 Installing OVS and IPsec Packages............................... 87 3.2.3 Configuring IPsec tunnel.................................... 88 3.2.4 Troubleshooting......................................... 91 i 3.2.5 Bug Reporting......................................... 92 3.3 Open vSwitch Advanced Features.................................... 92 3.3.1 Getting Started......................................... 92 3.3.2 Using GDB........................................... 93 3.3.3 Motivation............................................ 94 3.3.4 Scenario............................................. 94 3.3.5 Setup.............................................. 95 3.3.6 Implementing Table 0: Admission control........................... 95 3.3.7 Testing Table 0......................................... 96 3.3.8 Implementing Table 1: VLAN Input Processing........................ 97 3.3.9 Testing Table 1......................................... 98 3.3.10 Implementing Table 2: MAC+VLAN Learning for Ingress Port................ 99 3.3.11 Testing Table 2......................................... 100 3.3.12 Implementing Table 3: Look Up Destination Port....................... 101 3.3.13 Testing Table 3......................................... 102 3.3.14 Implementing Table 4: Output Processing........................... 104 3.3.15 Testing Table 4......................................... 105 3.4 OVS Conntrack Tutorial......................................... 106 3.4.1 Definitions........................................... 106 3.4.2 Conntrack Related Fields.................................... 107 3.4.3 Sample Topology........................................ 108 3.4.4 Tool used to generate TCP segments.............................. 109 3.4.5 Matching TCP packets..................................... 109 3.4.6 Summary............................................ 113 4 How-to Guides 115 4.1 OVS................................................... 115 4.1.1 Open vSwitch with KVM.................................... 115 4.1.2 Encrypt Open vSwitch Tunnels with IPsec........................... 116 4.1.3 Open vSwitch with SELinux.................................. 119 4.1.4 Open vSwitch with Libvirt................................... 121 4.1.5 Open vSwitch with SSL.................................... 122 4.1.6 Using LISP tunneling...................................... 127 4.1.7 Connecting VMs Using Tunnels................................ 128 4.1.8 Connecting VMs Using Tunnels (Userspace)......................... 130 4.1.9 Isolating VM Traffic Using VLANs.............................. 134 4.1.10 Quality of Service (QoS) Rate Limiting............................ 136 4.1.11 How to Use the VTEP Emulator................................ 139 4.1.12 Monitoring VM Traffic Using sFlow.............................. 142 4.1.13 Using Open vSwitch with DPDK................................ 145 5 Deep Dive 183 5.1 OVS................................................... 183 5.1.1 Design Decisions In Open vSwitch............................... 183 5.1.2 Open vSwitch Datapath Development Guide.......................... 198 5.1.3 Fuzzing............................................. 202 5.1.4 Integration Guide for Centralized Control........................... 205 5.1.5 Porting Open vSwitch to New Software or Hardware..................... 208 5.1.6 OpenFlow Support in Open vSwitch.............................. 212 5.1.7 Bonding............................................. 216 5.1.8 Open vSwitch Networking Namespaces on Linux....................... 219 5.1.9 Scaling OVSDB Access With Relay.............................. 220 5.1.10 OVSDB Replication Implementation.............................. 221 5.1.11 DPDK Support......................................... 223 ii 5.1.12 OVS-on-Hyper-V Design.................................... 223 5.1.13 Language Bindings....................................... 230 5.1.14 Debugging with Record/Replay................................ 231 5.1.15 Testing............................................. 232 5.1.16 Tracing packets inside Open vSwitch.............................. 240 5.1.17 Userspace Datapath - TSO................................... 241 5.1.18 C IDL Compound Indexes................................... 243 5.1.19 Open vSwitch Extensions.................................... 246 6 Reference Guide 249 6.1 Man Pages................................................ 249 6.1.1 ovs-appctl............................................ 249 6.1.2 ovs-ctl.............................................. 253 6.1.3 ovs-l3ping............................................ 260 6.1.4 ovs-pki............................................. 262 6.1.5 ovs-sim............................................. 265 6.1.6 ovs-parse-backtrace....................................... 267 6.1.7 ovs-tcpdump.......................................... 267 6.1.8 ovs-tcpundump......................................... 268 6.1.9 ovs-test............................................. 269 6.1.10 ovs-vlan-test.......................................... 271 6.1.11 ovsdb-server........................................... 272 6.1.12 ovsdb.............................................. 280 6.1.13 ovsdb.............................................. 283 7 Open vSwitch Internals 295 7.1 Contributing to Open vSwitch...................................... 295 7.1.1 Submitting Patches....................................... 295 7.1.2 Backporting patches...................................... 301 7.1.3 Coding Style.......................................... 304 7.1.4 Windows Datapath Coding Style................................ 312 7.1.5 Documentation Style...................................... 315 7.1.6 Open vSwitch Library ABI Updates.............................. 321 7.2 Mailing Lists............................................... 322 7.2.1 ovs-announce.......................................... 322 7.2.2 ovs-discuss........................................... 323 7.2.3 ovs-dev............................................. 323 7.2.4 ovs-git.............................................. 323 7.2.5 ovs-build............................................ 323 7.2.6 bugs............................................... 323 7.2.7 security............................................. 323 7.3 Patchwork................................................ 323 7.3.1 git-pw.............................................. 323 7.3.2 pwclient............................................. 324 7.4 Release Process............................................. 324 7.4.1 Release Strategy........................................ 324 7.4.2 Release Numbering....................................... 325 7.4.3 Release Scheduling....................................... 325 7.4.4 How to Branch......................................... 326 7.4.5 How to Release......................................... 326 7.4.6 Contact............................................. 326 7.5 Reporting Bugs.............................................. 327 7.6 Security Process............................................. 327 7.6.1 What is a vulnerability?..................................... 328 iii 7.6.2 Step 1: Reception........................................ 328 7.6.3 Step 2: Assessment....................................... 328 7.6.4 Step 3a: Document....................................... 328 7.6.5 Step 3b: Fix........................................... 330 7.6.6 Step 4: Embargoed Disclosure................................. 330 7.6.7 Step 5: Public Disclosure.................................... 331 7.7 The Linux Foundation