In a previous tutorial we showed how to install Openvswitch on Debian Linux. At the end of tutorial we created a script that loads openvswitch module in to the Linux kernel, starts and initializes configuration database and starts daemon ovs-vswitchd.
In this tutorial we will connect our Openvswitch to Cisco Catalyst 3550 switch via 802.1q trunk. Three VLANs - 10,11 and 100 will be created on both switches and Switch Virtual Interfaces - SVI configured for each VLAN. Our goal is to test if tagged VLAN traffic is successfully transferred between Openvswitch and Cisco 3550 switch. To test connectivity, we will simply ping IP address configured on SVI port from a neighbor switch.
Picture 1 - Openvswitch connected to Cisco Catalyst 3550
1. Openvswitch Configuration
a) Run a startup script
First, run a script start_openvswitch.sh that we created in this tutorial. The script takes care of loading kernel module, starting a configuration database and openvswitch daemon.
$ ./start_openvswitch.sh
Once you start the script it is probably a good idea to check if openvswitch module is loaded in Linux kernel.
$ lsmod | grep open
openvswitch 61107 0
gre 12475 1 openvswitch
libcrc32c 12394 1 openvswitch
b) Create bridge br0 and configure a trunk port
We will create bridge br0 and configure a network interface eth0 to become a trunk port. The trunk port is carrying only the traffic from/to VLAN 10,11 and 100.
$ sudo ovs-vsctl add-br br0
$ sudo ovs-vsctl add-port br0 eth0 trunks=10,11,100
c) Create SVI ports - VLAN interfaces
$ sudo ovs-vsctl add-port br0 vlan10 tag=10 -- set interface vlan10 type=internal
$ sudo ovs-vsctl add-port br0 vlan20 tag=11 -- set interface vlan11 type=internal
$ sudo ovs-vsctl add-port br0 vlan100 tag=100 -- set interface vlan100 type=internal
Note: Use command /sbin/ifconfig to check if VLAN interfaces has been created.
d) Check Openvswitch configuration
The following command displays Openvswitch configuration.
$ sudo ovs-vsctl show
2faa26b5-8fe8-4bae-ad7c-744443b93f0c
Bridge "br0"
Port "vlan11"
tag: 11
Interface "vlan11"
type: internal
Port "vlan100"
tag: 100
Interface "vlan100"
type: internal
Port "br0"
Interface "br0"
type: internal
Port "eth0"
trunks: [10, 11, 100]
Interface "eth0"
Port "vlan10"
tag: 10
Interface "vlan10"
type: internal
e) Assign IP addresses to VLAN interfaces
$ sudo /sbin/ifconfig vlan10 192.168.10.253 netmask 255.255.255.0 up
$ sudo /sbin/ifconfig vlan11 192.168.11.253 netmask 255.255.255.0 up
$ sudo /sbin/ifconfig vlan100 192.168.100.253 netmask 255.255.255.0 up
Once you configure IP addresses for all VLAN interfaces try to ping them to check if they are working
f) Add IP adresses of VLAN ports to the Opnevswitch startup script
Edit the script start_openvswitch.sh and put IP addressconfiguration of all VLAN interfaces at the end of the script. It will secure that IP address is assigned to particular VLAN interface once the script is started.
Then the script start_openvswitch.sh should looks like following:
#!/bin/bash
#Load the openvswitch module
sudo /sbin/modprobe openvswitch
#Start openvswitch database
sudo /usr/local/sbin/ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \
--private-key=db:Open_vSwitch,SSL,private_key \
--certificate=db:Open_vSwitch,SSL,certificate \
--bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
--pidfile --detach
#Initialize openvswitch database
sudo /usr/local/bin/ovs-vsctl --no-wait init
#Start openvswitch daemon
sudo ovs-vswitchd --pidfile --detach
#Configure IP addresses for VLAN interfaces
sudo /sbin/ifconfig vlan10 192.168.10.253 netmask 255.255.255.0 up
sudo /sbin/ifconfig vlan11 192.168.11.253 netmask 255.255.255.0 up
sudo /sbin/ifconfig vlan100 192.168.100.253 netmask 255.255.255.0 up
2. Cisco 3550 Configuration
Use Minicom or another terminal to configure Catalyst 3550 as following.
Switch#conf t
Switch(config)#hostname 3550-I
3550-I(config)#vlan 10
3550-I(config-vlan)#vlan 11
3550-I(config-vlan)#vlan 100
3550-I(config-vlan)#interface fa 0/1
3550-I(config-if)#description Link to Openvswitch
3550-I(config-if)#switchport trunk allowed vlan 10,11,100
3550-I(config-if)#switchport mode trunk
3550-I(config-if)#no shutdown
3550-I(config-if)#exit
3550-I(config)#interface vlan 10
3550-I(config-if)#ip address 192.168.10.254 255.255.255.0
3550-I(config-if)#no shutdown
3550-I(config-if)#interface vlan 11
3550-I(config-if)#ip address 192.168.11.254 255.255.255.00
3550-I(config-if)#no shutdown
3550-I(config-if)#int vlan 100
3550-I(config-if)#ip address 192.168.100.254 255.255.255.0
3550-I(config-if)#no shutdown
3550-I(config-if)#do write
3. 802.1q Trunk testing
You should be able to ping IP address of VLAN interfaces configured on Debian from Cisco 3550 and vice versa. Successful ping is shown on the picture below.
Picture 2 - Pinging Openvswitch SVI ports from Catalyst 3550
End.