Using Open vSwitch with ODP =========================== Open vSwitch can be used with the ODP project (http://www.opendataplane.org) The switch will function entirely in userspace. This file serves as a guide for building and installing Open vSwitch with ODP. The ODP mode is considered experimental, it has not been thoroughly tested. Building and Installing: ------------------------ ODP linux-generic platform: ============= Get the code: git clone http://git.linaro.org/git/lng/odp.git cd odp ./bootstrap.sh it is recommended to disable building shared library because then launching ovs with sudo becomes a real pain; you can install ODP anywhere you like ./configure --enable-debug --enable-shared=no --prefix= to get debug symbols you can ./configure --enable-debug CFLAGS="-g -O0" --enable-shared=no make make install OVS: ============= ./boot.sh ./configure [OPTIONS] The following configure options are relevant for ODP: --with-odp=[DIR | yes | no] Enable ODP support, library installed to default directories or DIR; default is no --with-odp-platform=[odp-platform] ODP platform to use; default is linux-generic --with-odp-debug=[yes | no] ODP debug flag; default is no When using static linking, platform dependencies should be added to the LIBS environment variable. In case of linux-generic by default it's LIBS="-lpcap -lcrypto" DPDK has built-in support in OVS, and ODP-DPDK reuse the relevant configure script option to set the DPDK dependencies. --with-dpdk=[DPDK install dir] should appear before the ODP command line options. By default it also needs the same LIBS as linux-generic. Then build: make Refer to INSTALL.userspace for general requirements of building userspace OVS. Note, you should run configure with CFLAGS=" -O3" if you want optimization turned on. Alternatively go to https://wiki.linaro.org/LNG/Engineering/OVSDPDKOnUbuntu which explains how to run OVS with DPDK. Similar steps should work with ODP. OVS Debian package: ============= You can pass the configure options via DATAPATH_CONFIGURE_OPTS: DATAPATH_CONFIGURE_OPTS="--with-odp= --with-odp-platform=" \ fakeroot debian/rules binary If you cross-compile, you need to: - specify "host" for configure - DEB_HOST_GNU_TYPE has to be set for dh_strip - DEB_HOST_ARCH has to be set for dh_gencontrol to correctly create the debian/contol files - dh_shlibdeps needs to find the libraries in LD_LIBRARY_PATH - probably a cross-compiled OpenSSL. That needs to be told to configure An example: LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/arm-linux-gnueabihf/lib:' \ DEB_HOST_GNU_TYPE=arm-linux-gnueabihf \ DEB_HOST_ARCH=armhf \ DATAPATH_CONFIGURE_OPTS="--with-odp= --with-odp-platform= \ --host=arm-linux-gnueabihf --with-openssl=" fakeroot debian/rules \ binary If you compile OpenSSL from upstream, probably you won't have the shlibs file, you can create one in /DEBIAN/shlibs: libcrypto 1.0.0 libcrypto1.0.0 (>= 1.0.1d) libssl 1.0.0 libssl1.0.0 (>= 1.0.1d) The default CFLAGS are "-g -O3", you can overwrite them by adding CFLAGS="" to DATAPATH_CONFIGURE_OPTS. You can influence the package build process through DEB_BUILD_OPTIONS: - set parallel compiling - skip unit tests, if you are just experimenting with compile - not stripping the debug symbols into a separate package, so you don't have to specify them separately to your debug tools See INSTALL.Debian for more. An example for the above options: DEB_BUILD_OPTIONS='parallel=8 nocheck nostrip' Using ODP with ovs-vswitchd: ---------------------------- Start ovsdb-server as discussed in INSTALL doc: Summary e.g.: First time only db creation (or clearing): mkdir -p /usr/local/etc/openvswitch mkdir -p /usr/local/var/run/openvswitch rm /usr/local/etc/openvswitch/conf.db cd $OVS_DIR ./ovsdb/ovsdb-tool create /usr/local/etc/openvswitch/conf.db \ ./vswitchd/vswitch.ovsschema start ovsdb-server cd $OVS_DIR export DB_SOCK=/usr/local/var/run/openvswitch/db.sock ./ovsdb/ovsdb-server --remote=punix:$DB_SOCK \ --remote=db:Open_vSwitch,Open_vSwitch,manager_options \ --private-key=db:Open_vSwitch,SSL,private_key \ --certificate=db:Open_vSwitch,SSL,certificate \ --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach First time after db creation, initialize: cd $OVS_DIR ./utilities/ovs-vsctl --no-wait init Enable ODP for OVS (you need to restart ovs-vswitchd after this setting, if it's running): ovs-vsctl --no-wait set Open_vSwitch . other_config:odp=true ovs-vsctl get Open_vSwitch . other_config:odp Disable it (you need to restart ovs-vswitchd): ovs-vsctl set Open_vSwitch . other_config:odp=false If your platform relies on startup parameters passed through ODP_PLATFORM_PARAMS, you can also set it (you need to restart ovs-vswitchd): ovs-vsctl --no-wait set Open_vSwitch . \ other_config:odp_platform_params="etc" ovs-vsctl get Open_vSwitch . other_config:odp_platform_params This setting is stored in Open_vSwitch table, which has one record for every ovs-vswitch instances. Currently you can't have more than one. Start vswitchd: e.g. ./vswitchd/ovs-vswitchd unix:$DB_SOCK --pidfile --detach To use ovs-vswitchd with ODP, create a bridge with datapath_type "netdev" in the configuration database. For example: ovs-vsctl add-br br0 ovs-vsctl set bridge br0 datapath_type=netdev Now you can add ODP ports. OVS expect ODP port name to start with odp followed by a colon and then the interface name. ovs-vsctl add-port br0 odp:eth0 -- set Interface odp:eth0 type=odp Simple test ----------- A simple test would be to add one ODP virtual port and one internal port. To make sure that packets arrived on the the ODP virtual port don't come through the Linux interface as well you need to remove the IP address from the Linux interface. Also set the interface to promisc mode, in case packets get rejected otherwise: ifconfig eth0 0 promisc Bring up the bridge internal port and assign some ip (DHCP should work too if present): ifconfig br0 up dhcp br0 Then run tests as usual, simple ping from another machine, iperf etc. Packets should arrive at the physical interface, then at the ODP virtual port then forwarded to the br0 internal port and then to the Linux stack. You can also set up two ODP virtual ports and let the machine run like a regular switch, without involving the Linux IP stack. Testing using flows ------------------- For testing you can setup flows from an ODP virtual port to another port, an internal port for example. Using an internal port is preferred, because no other packets will be involed, only what comes from the ODP port. First run ovs-ofctl to get the port ids: ovs-ofctl show br0 To remove all flows: ovs-ofctl del-flows br0 Then add a flow to direct packets comming at the ODP port to an internal port. ovs-ofctl add-flow br0 in_port=1,action=output:LOCAL Then you can use tcpdump / wireshark to sniff packets on the LOCAL port. You might need to bring the virtual interface up: ifconfig br0 up A simple test would be to use ping. In this case you should only see the ICMP requests showing up at the LOCAL port. Also delete the flow and check that packets are not forwarded anymore.