The previous article discusses an installation of Openswitch OPX on VirtualBox using lvm tool. We have extracted Openswitch OPX VDI disk from VirtualBoxVM and run the disk with Qemu. The image has been subsequently customized using the after install script in order to run it inside GNS3. Finally, we have tested the image within a simple GNS3 lab that proves its functionality. This article goes further and we are going to test VLANs bridging using Linux native commands.
Picture 1 - Network Topology
The lab consists of three Openswitch OPX 2.3.2 instances powered by Qemu hypervisor. The device OPX-Distrib1 is multilayer switch that is responsible for routing between VLANs 10,20,30,40 and 50. The VLANs 10-40 are end-users VLANs and the VLAN50 is used for management. The switches OPX-Access1 and OPX-Access2 are L2 switches with the port e101-001-0 configured as the trunk ports. End users are connected to the access ports e101-002-0 and e101-003-0 on both access switches.
Note: Customized Openswitch OPX 2.3.3 vdi disk can be downloaded in Download section. Login name is opxUser and the password is not set.
1. End User Computers and Management PC Configuration
In order to save memory of host, I use Core Linux 6.3 Qemu instances for host simulation. They are configured with 128MB RAM . Just copy the commands below to PC10-PC40 and enter the PC number (10, 20...) All IP settings will take in effect and become persistent.
Commands for configuration PC10-PC40 are here. The management station PC-MGMT can be configured with these commands.
2. OPX-Access1 Configuration
OPX-Access1 is a layer 2 (L2) switch. It means that if users in a particular VLAN need to talk with users in a different VLAN, the switch must forward the traffic via uplink port to the upper layer distribution switch OPX-Distrib1. In our case, the port e101-001-0 is configured as a trunk port because it carries traffic from VLANs 10,20,50.
We need root privileges to make configuration changes. Just copy the commands to the switch CLI.
$ sudo su
Configure the hostname and add the hostname to the local DNS file.
hostname OPX-Access1
echo "OPX-Access1" > /etc/hostname
echo "127.0.1.1 OPX-Access1" >> /etc/hosts
In this step, we are going to create bridges. The OPX software supports Layer 2 VLAN bridging by modeling each VLAN as a separate Linux bridge instance. Its represents a two step task. Firstly, we create the bridge and secondly we assign the tagged port to a particular bridge.
brctl addbr br10
brctl addbr br20
brctl addbr br50
Bring the interfaces up. Interfaces e101-001 - e101-032-0 are shutdowned by default.
ip link set dev br10 up
ip link set dev br20 up
ip link set dev br50 up
ip link set dev e101-001-0 up
ip link set dev e101-002-0 up
ip link set dev e101-003-0 up
ip link set dev eth0 up
Create a tagged interface (trunk port) and bring it up. We will add the tagged interfaces e101-001-0.10, e101-001-0.20, and e101-001-0.50 to their particular bridges later.
ip link add link e101-001-0 name e101-001-0.10 type vlan id 10
ip link add link e101-001-0 name e101-001-0.20 type vlan id 20
ip link add link e101-001-0 name e101-001-0.50 type vlan id 50
Bring the new tagged interfaces up.
ip link set dev e101-001-0.10 up
ip link set dev e101-001-0.20 up
ip link set dev e101-001-0.50 up
Add tagged virtual link to VLAN10 (br10), VLAN 20 (br20), VLAN50 (br50). The OPX software determines the VLAN ID associated with each bridge instance using the VLAN ID of the first tagged member port assigned to the bridge instance.
brctl addif br10 e101-001-0.10
brctl addif br20 e101-001-0.20
brctl addif br50 e101-001-0.50
Add untagged interfaces (access ports) to their bridges (VLANs). Thanks to the presence of a tagged port in a bridge, Openswitch knows how to tag end-user VLANs traffic when it forwards it to the distribution switch via trunk port e101-001-0.
brctl addif br10 e101-002-0
brctl addif br20 e101-003-0
brctl addif br50 eth0
Assign IP address 192.168.50.1/24 to br50.
ip addr add dev br50 192.168.50.1/24
Check the bridge configuration with the command below.
$ brctl show
Picture 2 - OPX-Access1 Bridge Members
In order to save configuration, copy the command above to /etc/rc.local. Please, read a previous article for reference. The content of the file rc.local for OPX-Access1 is here.
3. OPX-Distrib1 Configuration
The distribution switch OPX-Distrib1 is responsible for routing between all VLANs (subnets). It represents a default gateway for all subnets with the IP address 192.168.xx.254/24. Assign the hostname OPX-Distrib1 to the switch according to the example, we have showed for OPX-Access1 switch. Then copy the content of the rc.local file (after the keyword done) to the OPX-distrib1 CLI.
Picture 3 - OPX-Distrib1 Bridge Members
In order to check a routing table of the switch we will use the route command to inspect Linux kernel table. Alternatively, we can check the content of the table with Quagga routing suite integrated shell (vtysh command).
$ sudo su
# vtysh
Picture 4 - Inspecting Routing Table of OPX-Distrib1 with Quagga Shell
Here is the content of rclocal of OPX-Distrib1 switch.
4. OPX-Access2 Configuration
Configuration of the device OPX-Access2 is similar to the configuration of OPX-Access1 switch. For this reason, I only attach rc.local file.
Picture 5 - OPX-Access2 Bridge Members
5. Testing
Connect to console of management PC and test connectivity between PC-MGMT and computers in end-user VLANs with ping command.
$ for i in 10 20 30 40 50; do ping 192.168.$i.1 -c 1; done
Picture 6 - Testing Connectivity Between VLANs
End.
This is a very important guide. I was meaning to do it myself, but it's good that you got to it. Well done!