Configuring OVSDB with Netvisor ONE
The Netvisor ONE implementation of OVSDB provides a means of communication between SDN controllers and Pluribus switches. By leveraging OVSDB, Pluribus devices exchange control and network information with SDN controllers, thereby enabling VM traffic from the entities in a virtualized network to be forwarded to entities in a physical network and vice versa.
The OVSDB service runs in a container in Netvisor ONE. This service maintains a database schema that stores information regarding Pluribus devices and SDN controllers in various tables. The OVSDB schema also includes the MAC address information of the physical servers and virtual hosts. SDN Controllers such as Ericsson ODL (Open-Day Light) controller communicates with OVSDB for provisioning and configuration of the overlay network. The overlay network configuration involves creating tunnels between local and remote hardware and software VTEPs.
Any configuration change in Netvisor ONE updates the OVSDB schema which makes the SDN controller aware of the current configuration. A VTEP agent in Netvisor ONE closely tracks the configuration updates pushed into OVSDB by the SDN controller as well as the changes in Netvisor ONE. The VTEP agent then derives the required actions and executes the CLI commands needed to create VLANs and tunnels between local and remote VTEPs.
Follow the steps below to configure OVSDB using Netvisor ONE.
- Configure the vNET with private VLANs, VXLANs, and managed ports:
CLI (network-admin@switch) > vnet-create name vpod1 scope fabric vlan-type private num-private-vlans 100 managed-ports 12 vxlans 10000-10099
- Specify the VLANs reserved for the vNET by using the vnet-public-vlans-modify command. If you add managed ports to the vNET configuration, VLAN IDs from this range is assigned as public VLANs for the private VLANs.
CLI (network-admin@switch) > vnet-public-vlans-modify vlans 200-210
You can also define shared ports in a vNET configuration. Ideally, you can configure the border leaf ports that connect to the DC gateway as shared ports. If you add shared ports to the vNET configuration, specify a public VLAN range for the ports by using the command:
CLI (network-admin@switch) > vnet-modify name vpod1 public-vlans 300-310
For shared ports, private VLAN IDs should have the same range as that of public VLAN IDs configured in the vNET.
- Configure the underlay network:
CLI (network-admin@switch) > vrouter-create name vpod1-vr1 vnet vpod1 router-type hardware
CLI (network-admin@switch) > vrouter-interface-add vrouter-name vpod1-vr1 ip 192.168.50.2/24 vlan 50
- Create the SSL/TLS certificate for OVSDB if you want to create an SSL connection with the controller.
CLI (network-admin@switch) > cert-create country US state California city PA organization "Pluribus Networks Inc" organizational-unit Engineering common-name CN1 name cert1
Successfully generated self-signed certificate.
For detailed steps on how to configure and deploy TLS certificates for OVSDB, see Using OpenSSL TLS certificates for OVSDB and other Services.
- Create Open vSwitch configuration:
Use the openvswitch-create command to configure Open vSwitch. This command creates the OVS container and services.
|
openvswitch-create |
Create an OVS instance. |
|
name name-string |
Specify a name for the OVS instance. |
|
vnet vnet-name |
Specify the name of the vNET for OVS. |
|
tunnel-ip ip-address |
Specify the IP address for the tunnel. |
|
Specify any of the following options: |
|
|
dedicated-vnet-service|shared-vnet-service |
Specify if Open vSwitch is a dedicated or shared vNET service. |
|
shared-vnet-mgr vnet-manager name |
Specify the vNET manager to share with if this is a shared service. |
|
location fabric-node-name |
Specify the location of the service. |
|
storage-pool storage-pool-name |
Specify a storage pool to apply to the vNET. |
|
gateway ip-address |
Specify gateway IP address for service. |
|
cert-name cert-name-string |
Specify the certificate name for SSL connections |
|
ca-cert-name ca-cert-name-string |
Specify the CA Certificate name for SSL connections |
|
cert-location none|global|container |
Specify the Certificate location - global or within container. |
|
global-vtep|local-vtep |
Specify the hardware VTEP associated with Open vSwitch. |
|
bfd|no-bfd |
Specify if you want to enable BFD for OVSDB created tunnels. |
For example:
CLI (network-admin@switch) > openvswitch-create name ovs-1 vnet vpod1 tunnel-ip 192.168.0.10 cert-name cert1 ca-cert-name ca-cert1
- Create an OVSDB interface using the openvswitch-interface-add command.
|
openvswitch-interface-add |
Add an interface to OVS. |
|
ovs-name name-string |
This parameter is not configurable. It assumes the name of the OVS service. |
|
Specify one or more of the following options: |
|
|
ip ip-address |
Specify the IP address for the interface. |
|
netmask netmask |
Specify the netmask. |
|
assignment none|static|dhcp|dhcpv6|autov6 |
Specify the method of IP address assignment. |
|
linklocal ip-address |
Specify the IPv6 Link Local address. |
|
vnet vnet-name |
Specify interface VLAN vNET. |
|
bd bridge-domain name |
Specify the bridge domain name. |
|
vlan vlan-id |
Specify the VLAN assigned to the interface. |
|
vlan-type public|private |
Specify the type of VLAN for the interface. |
|
if mgmt|data|span|span2|span3 |
Specify the interface type. |
|
alias-on alias-on-string |
Specify an alias if desired. |
|
exclusive|no-exclusive |
Specify if the interface is exclusive or not. |
|
nic-enable|nic-disable |
Specify to enable or disable the NIC. |
|
vrrp-id id |
Specify the ID assigned by VRRP. |
|
vrrp-primary vrrp-primary-string |
Specify the primary interface for VRRP. |
|
vrrp-priority 0..254 |
Specify the VRRP priority for the interface. |
|
vrrp-adv-int milliseconds |
Specify the VRRP advertisement interval in milliseconds. The range is 10 to 40950 with a default value of 1000. |
|
vrrp-preempt-mode disable|enable |
Used to allow/prevent high priority VRRP backup from becoming VRRP primary. |
|
secondary-macs secondary-macs-string |
Specify a secondary MAC address for the interface. |
|
if-nat-realm internal|external |
Specify the NAT interface realm. |
|
priority-tag|no-priority-tag |
Specify to add priority tag on forwarded traffic. |
For example:
CLI (network-admin@switch) > openvswitch-interface-add ovs-name ovs-1 ip 192.168.31.148 netmask 24 vlan 3001 vlan-type public
Configuring the interface as data or mgmt depends on if the SDN controller is located on the data network or the management network.
If the controller is on a Layer 3 network several hops away, use openvswitch-modify command to configure a gateway IP address.
CLI (network-admin@switch) > openvswitch-modify name ovs-1 gateway 192.168.31.1
- Add the hardware VTEP manager:
Use the openvswitch-hwvtep-manager-add command to configure the connection between OVSDB and the SDN controller.
|
openvswitch-hwvtep-manager-add |
Create a VTEP manager for OVSDB. |
|
name name-string |
This parameter is not configurable. The parameter assumes the name of the OVS service. |
|
Specify the following options: |
|
|
manager-type odl|nsx |
Specify the type of SDN controller. Note: Netvisor ONE only supports ODL controller currently. |
|
connection-method unix-socket|tcp||unix-socketlisten|tcp-listen|ssl|default |
Specify the connection method. |
|
ip ip-address |
Specify the IP address of the SDN controller. |
|
username username-string |
Specify the username. |
|
password password-string |
Specify the password. |
|
port port-number |
Specify the port number of the database. |
CLI (network-admin@switch) > opensvswitch-hwvtep-manager-add name ovs-1 manager-type odl connection-method ssl ip 10.10.10.1
When you execute the command above, the connection to the ODL controller is established. You can now define the tunnel networks for software and hardware VTEPs by using the following commands:
CLI (network-admin@switch) > vnet-tunnel-network-add name vpod1 network 192.168.1.0/24 description SWVTEPS
CLI (network-admin@switch) > vnet-tunnel-network-add name vpod1 network 192.168.0.0/24 description HWVTEPS
You can establish a connection between the ODL controller and OVSDB by using SSL, TCP, or unix-socket options.
Netvisor ONE features an error reporting mechanism to make the SDN controller aware of any error that occurs while orchestrating tunnels. If an error occurs while the ODL controller provisions tunnels between VTEPs, Netvisor ONE updates the OVSDB VTEP schema with the error, thereby notifying the ODL controller.