openvswitch
Contents
Create a vSwitch
1 ovs-vsctl add-br ovs-iso
Integration into libvirt
- virt-manager only offers only very simple options to configure libvirt networks.
- Bridges offer the possibility to connect VMs inside and with the host, but introduce a security risk because all packages are bridged to any interface that is participating. A interface in promiscuous mode will be capable of sniffing other VMs traffic. Thats where openvswitch comes into play as a compatible drop-in-replacement for conventional bridges.
temporary creation
1 root@infinitas ~ # virsh net-create net_ovs-iso.xml
2 Network ovs-iso created from net_ovs-iso.xml
3 root@infinitas ~ # virsh
4 Welcome to virsh, the virtualization interactive terminal.
5
6 Type: 'help' for help with commands
7 'quit' to quit
8
9 virsh # net-list --all
10 Name State Autostart Persistent
11 ----------------------------------------------------------
12 default inactive no yes
13 ovs-iso active no no
persistent creation
1 root@infinitas ~ # virsh
2 Welcome to virsh, the virtualization interactive terminal.
3
4 Type: 'help' for help with commands
5 'quit' to quit
6
7 virsh # net-list --all
8 Name State Autostart Persistent
9 ----------------------------------------------------------
10 default inactive no yes
11
12 virsh # net-define /root/net_ovs-iso.xml
13 Network ovs-iso defined from /root/net_ovs-iso.xml
14
15 virsh # net-list --all
16 Name State Autostart Persistent
17 ----------------------------------------------------------
18 default inactive no yes
19 ovs-iso inactive no yes
20
21 virsh # net-autostart ovs-iso
22 Network ovs-iso marked as autostarted
23
24 virsh # net-list --all
25 Name State Autostart Persistent
26 ----------------------------------------------------------
27 default inactive no yes
28 ovs-iso inactive yes yes
29
30 virsh # net-start ovs-iso
31 Network ovs-iso started
32
33 virsh # net-list --all
34 Name State Autostart Persistent
35 ----------------------------------------------------------
36 default inactive no yes
37 ovs-iso active yes yes
38
39 virsh #
40
deleting a network
- if persistent first undefine then destroy the network
1 virsh # net-list --all
2 Name State Autostart Persistent
3 ----------------------------------------------------------
4 default inactive no yes
5 ovs-iso inactive yes yes
6
7 virsh # net-start ovs-iso
8 Network ovs-iso started
9
10 virsh # net-undefine ovs-iso
11 Network ovs-iso has been undefined
12
13 virsh # net-list --all
14 Name State Autostart Persistent
15 ----------------------------------------------------------
16 default inactive no yes
17 ovs-iso active no no
18
19 virsh # net-destroy ovs-iso
20 Network ovs-iso destroyed
21
22 virsh # net-list --all
23 Name State Autostart Persistent
24 ----------------------------------------------------------
25 default inactive no yes
26
27 virsh #
28
Show Switch
- Our guest is configured as a member of the virtual network ovs-iso. I actually configured it from the drop-down menu in virt-manager but here is the excerpt from the virtual machine definition.
- Our guest attached to our openvswitch successfully.