a) Policy Routing 2 networks & 2 NIC cards

Our goal for an openvswitch server was to have 2 NIC cards servicing 2 networks. The 2 NIC cards are eth0 and eth1. We have the 10.10.10.0 network connected to eth0 and the 10.1.1.0 network connected to eth1. We want to ensure that network traffic comes in and out the proper cards. To do this we set up a rule in the policy routing table to essentially build a second default route. So traffic in the 10.10.10.0 network uses the new “admin” table defined by the following script, and the 10.1.1.0 network uses the standard default route which goes to a router that is connected to the internet. This is the production network to be used by VM’s built using libvirt. Each network has a default router, the 10.1.1.0 network uses 10.1.1.1 and the 10.10.10.0 network uses 10.10.10.60, an internal linksys router.

We suggest you look at this website http://www.policyrouting.org/ , where we are able to some information on the topic.

To accomplish this did the following:

1) built the following script to populate /etc/iproute2/rt_tables and create a new policy routing table.

#!/bin/bash
#
# start with a rule show
ip rule show
#
# start with fixing the default route to go to 10.1.1.1
#
route delete default
ip route add default via 10.1.1.1
#
# add the admin entry in etc-iproute2-rt_tables
echo “1 admin” >> /etc/iproute2/rt_tables
# define the subnet
ip route add 10.10.10.0/24 dev eth0 src 10.10.10.66 table admin
#
# define the gateway
ip route add default via 10.10.10.60 dev eth0 table admin
#
# create new rule entries going in and out
ip rule add from 10.10.10.66/32 table admin
ip rule add to 10.10.10.66/32 table admin
# end with a rule show
ip rule show

2) then were built this script to set up the bridge, this removes the linux bridge and adds the openvswitch bridge and ports. Actually it removes the openvswitch switch is there is one as well, and rebuilds it and adds eth1 as a port and the port tap1 on VLAN 2 (tag=2) :

root@openvswitch:~/openvswitch# more 1-b*
#!/bin/bash
#
# start with a lsmod grep bridge to show the linux bridge is there
#
lsmod | grep bridge > /dev/null
if [ “$?” -eq 0 ]; then
echo “there is a linux bridge”
echo ” do you want to delete it? If so hit enter ”
read -p “Press [Enter] key to continue…”
rmmod bridge
if [ “$?” -eq 0 ]; then
lsmod | grep bridge > /dev/null
if [ “$?” -eq 0 ]; then
echo “there is a linux bridge”
else
echo “there is no linux bridge”
fi
fi
else
echo “there is no linux bridge”
fi
#
# next do a lsmod grep bridge to shwo the linux bridge is there
#
module-assistant auto-install openvswitch-datapath
#
echo “now we start openvswitch”
service openvswitch-switch start
#
echo “now we status openvswitch”
service openvswitch-switch status
#
#
ovs-vsctl del-br br0
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth1
ovs-vsctl add-port br0 tap1 tag=2
#
echo “now we status openvswitch”
service openvswitch-switch status
#
lsmod | grep brcom >> /dev/null
if [ “$?” -eq 0 ]; then
echo “there is a brcom bridge”
fi
#
ovs-vsctl show

So with the proper completion of these 2 scripts we get the following output:

root@openvswitch:~/openvswitch# service openvswitch-switch status
ovsdb-server is running with pid 5592
ovs-vswitchd is running with pid 5601
ovs-brcompatd is running with pid 5647
root@openvswitch:~/openvswitch# ovs-vsctl show
43fb1d86-a3f0-49a4-96a2-0026db6dd0f3
Bridge “br0”
Port “eth1”
Interface “eth1”
Port “tap1”
tag: 2
Interface “tap1”
Port “br0”
Interface “br0”
type: internal
ovs_version: “1.4.0+build0”
root@openvswitch:~/openvswitch# ip rule show
0: from all lookup local
32764: from all to 10.10.10.66 lookup admin
32765: from 10.10.10.66 lookup admin
32766: from all lookup main
32767: from all lookup default
root@openvswitch:~/openvswitch#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s