OpenFlow - Open vSwitch - ofport incrementing

G

Gera

New Member
Jun 5, 2019
4
0
1
45
Hi All,

I have been testing ovs with openflow on proxmox lately using faucet (faucet.nz) as the sdn controller. It works great, installation and configuration is simple and straightforward.

The issue I am running into is that Proxmox changes the ofport on ovs when for example the vm is reset.
When I first fire up a vm, it uses the next available ovs port, let's say 2. Then I can configure the sdn controller with vlan and security/nfv features for that port. When I reset the vm, it shows back up on port 3 which isn't configured in the sdn yet.

My question is simply if there is an easy way to tell proxmox to "fix" the ofport number. When using ovs manually, the port can be requested like this for example:
-- add-port vmbr1 veth-host1 -- set interface veth-host1 ofport_request=2
This guarantees me that unless the port is in use of course it will show up on 2.

Thank you for the help,
Gera

Also, i configure the controller as post-up which works reliably like this:
auto vmbr1
iface vmbr1 inet static
address 10.10.10.10
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports ens19
post-up ovs-vsctl -- set bridge ${IFACE} other-config:datapath-id=0000000000000002 -- set bridge ${IFACE} other-config:disable-in-band=true -- set bridge ${IFACE} fail_mode=secure -- set-controller ${IFACE} tcp:192.168.1.58:6653 tcp:192.168.1.58:6654​
 
Hi,

Gera said:
My question is simply if there is an easy way to tell proxmox to "fix" the ofport number.
Click to expand...
No there is no way to do this.
 
Currently, I think the only way is to hack
/usr/share/perl5/PVE/Network.pm

my $ovs_bridge_add_port = sub {
my ($bridge, $iface, $tag, $internal, $trunks) = @_;
$trunks =~ s/;/,/g if $trunks;
my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface";


I don't known if you can use the $vmid or $iface (tap<vmid>i<int>) for ofport_request ?


also, maybe without a hack, it's possible to use hook script at vm start
https://pve.proxmox.com/pve-docs/pve-admin-guide.html
 
Gera said:
Hi All,

I have been testing ovs with openflow on proxmox lately using faucet (faucet.nz) as the sdn controller. It works great, installation and configuration is simple and straightforward.

The issue I am running into is that Proxmox changes the ofport on ovs when for example the vm is reset.
When I first fire up a vm, it uses the next available ovs port, let's say 2. Then I can configure the sdn controller with vlan and security/nfv features for that port. When I reset the vm, it shows back up on port 3 which isn't configured in the sdn yet.

My question is simply if there is an easy way to tell proxmox to "fix" the ofport number. When using ovs manually, the port can be requested like this for example:
-- add-port vmbr1 veth-host1 -- set interface veth-host1 ofport_request=2
This guarantees me that unless the port is in use of course it will show up on 2.

Thank you for the help,
Gera

Also, i configure the controller as post-up which works reliably like this:
auto vmbr1
iface vmbr1 inet static
address 10.10.10.10
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports ens19
post-up ovs-vsctl -- set bridge ${IFACE} other-config:datapath-id=0000000000000002 -- set bridge ${IFACE} other-config:disable-in-band=true -- set bridge ${IFACE} fail_mode=secure -- set-controller ${IFACE} tcp:192.168.1.58:6653 tcp:192.168.1.58:6654​
Click to expand...
Hi
Do you think you could provide me with the document or weblink you used to do your setup. I would like to try faucet on my proxmox as well.
Regards
 
Hi,

honestly I played with it in a vm following their tutorials. They are really awesome and easy to understand. From there, proxmox is just another ovs to connect to from your controller ;)

Here is the link
docs.faucet.nz/en/latest/tutorials/index.html
 
Though the port numbers may be unstable, Proxmox does assign stable **interface names** of this form: tap<VMID>i<VM_IFACE_NUMBER>.

And the faucet configs can be written in terms of interface name, or OFP port number:
https://docs.faucet.nz/en/latest/configuration.html#interfaces --> "interface name or OFP port number"

So would it work to just use the interface name instead of an ofport number, when writing your faucet configs?
 
Hi,
I have read the doc, if I understand correctly, you need to defined ports in faucet dps: section


https://docs.faucet.nz/en/latest/configuration.html

Code: 
dps:
    sw1:
        dp_id: 0x1
        hardware: "Open vSwitch"
        interfaces:
            1:
                name: "h1"
                description: "host1 container"
                native_vlan: office
                acls_in: [access-port-protect]
            2:

So, you can use "tap<vmid>iX" for name, and then it should be possible to find the ofport here. (but this need hookscript at vm network interface start)


I'm currently working on a new sdn feature for proxmox, and was looking to implement faucet, but as far I understand, each time you create a new vm interface or change vlan, you need to change and reload faucet configuration, of each faucet controller ?
 
I don't normally post on older discussions so forgive that but my efforts and Google searches led me to this post which was very helpful as I'm trying to learn OVS and Proxmox.

I have not been able to get "interface names" usable in what are basically Ryu OpenFlow dps stanzas. the config kicks out an error no matter what I try (quoting, escaping,etc). I'll ask on the mailing list for Faucet once I make sure I'm not being dumb.

But I did get this to work in my tests and maybe it will save somebody else some time. Part of the config:

Code: 
 sw2:
       dp_id: 0x(my bridge mac)
       hardware: "Open vSwitch"
       interfaces:
            1:
                name: "enp0s25"
                tagged_vlans: [office]
            2:
                name: "mgmt"
                native_vlan: office
       interface_ranges:
           3-99:
               native_vlan: office

Your faucet.log will contain:
Code: 
Configuring VLAN office vid:XX tagged: Port 1 untagged: Port 2,Port 3,Port 4,Port 5,Port 6,Port 7,Port 8,Port 9...

The first two ports are the OVS physical port the test box is attached to and the vlan mgmt interface I made. (office is shorthand for a vlan tag)
3-99 I just decided as the interfaces get higher that is good enough for my experiments. Its probably unwise but I'm trying to learn.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom