Using openvswitch to communicate between two different hosts on different machines

This blog is about understanding how one can leverage the linux network-namespaces to act as different machines to test network functionality. Main idea is to discuss about how one can communicate between two network-namespaces on two different hosts using openvswitch.

First, we will discuss about network namespaces. Network namespace is logically another copy of the machine’s network stack, which has its own routes, firewall rules, and network devices. To test the network functionality, instead of having a virtual machine with all the unnecessary features, one can use network-namespaces to quickly test different network environments. It is lightweight, allows you to run multiple namespaces on a single machine and is easy to manage.

 

 

Problem statement:-

Create a network topology as mentioned in below diagram where two different machines has network namespaces created and use openvswitch to communicate among the two namespaces.

 

Solution:-

To achieve this topology, we will first need two machines A and B which are connected to each-other using physical switch. You can also have two virtual machines connected using a virtual switch.

 

Next, create two network namespaces named h1 and h2 on the machines respectively.

ip netns add h1  (on machine A)
ip netns add h2  (on machine B)
ip netns list    (can be executed on both machines)

 

Now we have two namespaces created on the machine A and B.

 

 

Next, we will add an openvswitch on both the machines.

ovs-vsctl add-br s1     (on both the machines)
ovs-vsctl show

 

 

 

Next, we need to create two patch-cables and use them to connect openvswitch to network namespaces.

First one will be used to connect h1 namespace to bridge s1 and second one would be used to connect namespace h2 to bridge s1.

 

Creating patch-cables:-

ip link add h1-eth0 type veth peer name s1-eth1    (on machine A)
ip link add h2-eth0 type veth peer name s1-eth2    (on machine B)
ip link show

 

Adding one end of patch-cable to namespaces:-

ip link set h1-eth0 netns h1    (on machine A)
ip link set h2-eth0 netns h2    (on machine B)

 

Connecting the other end of patch-cable to openvswitch:-

ovs-vsctl add-port s1 s1-eth1     (on machine A)
ovs-vsctl add-port s1 s1-eth2     (on machine B)

 

Now, the setup is at state depicted in diagram below:-

 

Next, we need to assign ip-addresses to the network namespaces. This can be achieved by using the below commands:-

ip netns exec h1 ifconfig h1-eth0 10.0.0.1    (on machine A)
ip netns exec h2 ifconfig h2-eth0 10.0.0.2    (on machine B)

 

We can also add a controller for openvswitch. In this post, we are not going to use any controller for openvswitch. Here, the switch will behave like a normal hub.

 

We need to add an interface to openvswitch which is then connected to the physical port. For this, we are using eth1 of the machines to send and receive packets.

ifconfig eth1 0.0.0.0         (on both the machines)
ovs-vsctl add-port s1 eth1    (on both the machines)

 

Now, we have the setup similar to the one we had decided to create. You can communicate from network namespace h1 on machine A with network namespace h2 on machine B via eth1.

 

ip netns exec h1 ping 10.0.0.2   (on machine A)
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=4.98 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.990 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.104 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.375 ms

 

 

One can create various complex topologies using namespaces, can run multiple networks within a single machine and can test various complex scenarios.

 

I hope this post helps someone. Mininet is on example of custom wrapper program which uses these commands internally to create network-topologies as specified by the user.