Open vSwitch Networks¶
This guide describes how to use the Open vSwitch network drives. They provide network isolation using VLANs by tagging ports and basic network filtering using OpenFlow. Other traffic attributes that may be configured through Open vSwitch are not modified.
The VLAN id will be the same for every interface in a given network, calculated automatically by OpenNebula. It may also be forced by specifying an
VLAN_ID parameter in the Virtual Network template.
This driver is not compatible with Security Groups.
The VLAN_ID is calculated according to this configuration option of
# VLAN_IDS: VLAN ID pool for the automatic VLAN_ID assigment. This pool # is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver # will try first to allocate VLAN_IDS[START] + VNET_ID # start: First VLAN_ID to use # reserved: Comma separated list of VLAN_IDs or ranges. Two numbers # separated by a colon indicate a range. VLAN_IDS = [ START = "2", RESERVED = "0, 1, 4095" ]
By modifying that parameter you can reserve some VLANs so they aren’t assigned to a Virtual Network. You can also define the first VLAN_ID. When a new isolated network is created, OpenNebula will find a free VLAN_ID from the VLAN pool. This pool is global, and it’s also shared with the 802.1Q VLAN network mode.
The following configuration attributes can be adjusted in
|arp_cache_poisoning||Enable ARP Cache Poisoning Prevention Rules (effective only if Virtual Network IP/MAC spoofing filters are enabled).|
|keep_empty_bridge||Set to true to preserve bridges with no virtual interfaces left.|
|ovs_bridge_conf||Hash Options for Open vSwitch bridge creation|
Remember to run
onehost sync to deploy the file to all the nodes.
Defining an Open vSwitch Network¶
To create an Open vSwitch network, include the following information:
|PHYDEV||Name of the physical network device that will be attached to the bridge||NO|
|BRIDGE||Name of the Open vSwitch bridge to use||YES|
|VLAN_ID||The VLAN ID. If this attribute is not defined a VLAN ID will be generated if AUTOMATIC_VLAN_ID is set to YES.||NO|
|AUTOMATIC_VLAN_ID||If VLAN_ID has been defined, this attribute is ignored. Set to YES if you want OpenNebula to generate an automatic VLAN ID.||NO|
The following example defines an Open vSwitch network
NAME = "ovswitch_net" VN_MAD = "ovswitch" BRIDGE = vbr1 VLAN_ID = 50 # optional ...
Multiple VLANs (VLAN trunking)¶
VLAN trunking is also supported by adding the following tag to the
NIC element in the VM template or to the virtual network template:
VLAN_TAGGED_ID: Specify a range of VLANs to tag, for example: