Differences

This shows you the differences between two versions of the page.

--- linux:generic:qemu [2013/05/26 09:02] – add Open vSwitch stybla
+++ linux:generic:qemu [2013/06/08 09:20] (current) – [VDE2] add couple FIXME - connect two switches, monitoring traffic stybla
@@ Line 14: / Line 14: @@
 ===== Networking =====
+Quite nice summary of QEMU networking at [[http://wiki.qemu.org/Documentation/Networking|QEMU wiki]].
+Beware, though, it doesn't describe everything. However, it describes and clarifies QEMU "VLANs"
+which are usually confused for 802.1q. I originally wanted to describe it here, but since it's
+described elsewhere, I won't.
 ==== VDE2 ====
-FIXME 8-)
+  * Project site: [[http://www.virtualsquare.org/]]
+  * Project site: [[https://sourceforge.net/projects/vde/|VDE at SF.net]]
+> VDE is an ethernet compliant virtual network that can be spawned over a set of physical
+> computer over the Internet. VDE is part of virtualsquare project.
+I think VDE is fairly simple to setup and use and sufficient for regular use. I haven't tried
+to connect multiple VDE switches together yet.
+=== Configuration ===
+VDE doesn't require any special configuration for basic networking. However, here is a list
+of noteworthy things about VDE:
+  * QEMU has to be compiled with VDE support, resp. ''--enable-vde''
+  * VDE can be configured either via RC script on start up or via ''vdeterm''
+  * VDE has to be configured every time it starts up
+  * main documentation(?) incl. ''vdeterm'' documentation is [[http://wiki.virtualsquare.org/wiki/index.php/VDE|here]]
+  * you might need ''tunctl''[[https://sourceforge.net/projects/tunctl/|link]] and ''socat''
+To start up VDE switch with Host's ''tap'' interface (on port#1) attached and configuration read from rc script:
+<code>
+vde_switch \
+-s /var/run/vde2/vde.virswitch0 \
+--mgmt /var/run/vde2/vde.virswitch0.sock \
+--mgmtmode 660 \
+-p /var/run/vde2//vde.virswitch0.pid \
+-t virswitch0 \
+-f /etc/vde2/vswitches/virswitch0.rc1
+</code>
+As for rc script, you just put the same commands as you would via ''vdeterm''.
+=== Hooking up with QEMU ===
+This fairly simple:
+<code>
+[other QEMU parameters]
+-netdev vde,id=hostnet0,sock=PATH_TO_VDE_SOCK
+-device virtio-net-pci,netdev=hostnet0,id=net0,mac=RANDOM_VM_MAC,multifunction=on
+</code>
+And if you want to hook up your VM on specific port. This is quite useful when VLANs are used:
+<code>
+[other QEMU parameters]
+-netdev vde,id=hostnet0,sock=PATH_TO_VDE_SOCK,port=VDE_PORT_NUM
+-device virtio-net-pci,netdev=hostnet0,id=net0,mac=RANDOM_VM_MAC,multifunction=on
+</code>
+=== VLANs ===
+VLANs with VDE are easy and a bit tricky at the same time. What I really like is they remind
+me VLANs in non-Cisco hardware - simple, easy, clean.
+You can configure VLANs in two ways. Either via ''vdeterm'' or via RC script. Actually, I'd say
+these two go hand in hand where former is good for testing and latter for a "stable" operational state.
+I'm not going over ''vdeterm'' commands here. You can(and should) read documentation by yourself
+and I see no reason to parrot it here.
+Here is a simple and short RC script/set of ''vdeterm'' commands:
+<code>
+port/setnumports 32
+port/sethub 0
+vlan/create 100
+port/create 1
+port/allocatable 1 0
+port/create 2
+port/allocatable 2 0
+vlan/add 100 2
+port/create 3
+port/allocatable 3 0
+port/setvlan 3 4095
+vlan/add 100 3
+port/create 4
+port/allocatable 4 0
+port/setvlan 4 100
+</code>
+And here is explanation(matches commands +/-):
+  - switch has 32 ports
+  - it's a switch, not a hub
+  - create VLAN 100
+  - create port #1 which:
+    - can be allocated only if ',port=1' is passed to QEMU
+    - accepts untagged traffic, resp. traffic with VLAN#0
+  - create port #2 which:
+    - can be allocated only if ',port=2' is passed to QEMU
+    - add port to VLAN#100(must be tagged by the sender)
+    - accepts untagged traffic, resp. traffic with VLAN#0
+  - create port #3 which:
+    - can be allocated only if ',port=3' is passed to QEMU
+    - doesn't accept untagged traffic, resp. traffic with VLAN#0
+    - add port to VLAN#100(must be tagged by the sender)
+  - create port #4 which:
+    - can be allocated only if ',port=4' is passed to QEMU
+    - all incoming untagged traffic is tagged with VLAN#100
+Some more notes:
+  * how-to delete VLAN#0 or remove ports from VLAN#0
+    * you can't, because it's used for untagged traffic
+    * however you can 'port/setvlan PORT_NO 4095' to ignore all untagged traffic(as discussed at [[https://sourceforge.net/mailarchive/message.php?msg_id=30585925|SF.net VDE mailing list]])
+    * or 'port/setvlan PORT_NO VLAN_NO' to set default VLAN for untagged traffic
+    * **NOTE:** there is a bug, at least in VDE2-2.3.2, which will cause ''vde_switch'' to crash. Bugfix is in SVN.
+      - 'port/setvlan PORT_NO 4095'
+      - attach QEMU VM specifically to 'PORT_NO'
+      - your ''vde_switch'' has crashed
+  * 'port/allocatable'
+    * seems to be thing you want when running VLANs
+    * you really don't want your VM to be auto-binded to random port with "unexpected" port settings, eg. incorrect VLAN
+  * FIXME connect two VDE switches
+    * # dpipe vde_plug /tmp/vde1 = vde_plug /tmp/vde2 & ;
+    * however, why would you use # dpipe; since you can use the very same TAP interface?
+    * could you use OpenVPN(tap interface)? and wouldn't it be better?
+  * FIXME [[http://wiki.virtualsquare.org/wiki/index.php/VDE_Basic_Networking#2._Monitor_traffic|monitoring traffic]] - I haven't tried it
@@ Line 111: / Line 244: @@
 Possible values for ''vlan_mode'' setting:
-  * ''access'' - ``An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN."
+  * ''access'' - for VM without knowledge of any VLANs; ``An access port can have only one VLAN configured on the interface; it can carry traffic for only one VLAN."
-  * ''trunk'' - ``A trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets."
+  * ''trunk'' - for connecting switches and routers(?), resp. wherever you need tagged and untagged traffic; ``A trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets."
-  * ''native-tagged'' - tagged VLAN; equivalent seems to be ''tag=VLAN_ID'' (?)
+  * ''native-tagged'' - seems to allow only tagged packets(tagged on VM), untagged traffic seems to be dropped; equivalent seems to be ''tag=VLAN_ID'' (?)
-  * ''native-untagged'' - untagged VLAN, resp. tag all traffic VM->port with ''VLAN_ID'' (?)
+  * ''native-untagged'' - all untagged traffic is tagged as VLAN ID X on the switch, tagged VLANs(tagged on VM) are passed on
-What I haven't figured out yet:
-  * multiple tagged VLANs, default VLAN for untagged traffic
-  * multiple tagged VLANs, no untagged traffic allowed
 <code>
@@ Line 131: / Line 260: @@
 # tagged VLAN 100 and 200
 ovs-ctl add-port br0 tap1 trunk=100,200
+# multiple tagged VLANs(tagging done on VM), default VLAN for untagged traffic is 100
+ovs-ctl set port tap1 tag=100 vlan_mode=native-untagged
 </code>
-=== Links ===
+===== Links =====
   * [[http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/|Open vSwitch VLAN Cookbook]]
   * [[http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD|Open vSwitch FAQ - up-to-date version]]
   * [[http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/]]
+  * [[http://wiki.virtualsquare.org/wiki/index.php/Main_Page]]
+  * [[http://backreference.org/2010/03/26/tuntap-interface-tutorial/]]
+  * [[http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge]]
+  * [[http://doc.opensuse.org/products/draft/SLES/SLES-kvm_sd_draft/cha.qemu.running.html]]
+  * [[http://www.inetdoc.net/travaux_pratiques/interco.ospf.q/interco.ospf.vm.html]]