0

I'm trying to configure an OVS router. I want to achieve that, by adding flows on the OVS router, the devices connected with switch ports (port 2-5) can access to the internet, if the internet cable is inserted into the WAN port (port 1).

My VLAN configuration in file /etc/config/network of the OVS router is: 

eth1.1: 0t, 2
eth1.2: 0t, 3
eth1.3: 0t, 4
eth1.4: 0t, 5
eth1.5: 1, 6

The output of ovs-vsctl show is:

root@OpenWrt:~# ovs-vsctl show
84d9ab2f-a3e6-46e3-874f-156ef975d673
Bridge "br0"
    Controller "tcp:<an IP address>"
        is_connected: true
    fail_mode: standalone
    Port "eth1.4"
        Interface "eth1.4"
    Port "eth1.2"
        Interface "eth1.2"
    Port "eth1.1"
        Interface "eth1.1"
    Port "br0"
        Interface "br0"
            type: internal
    Port "eth1.3"
        Interface "eth1.3"

The truncated output of ifconfig is:

br0: 192.168.3.1 
eth0: 192.168.0.105 (There is another home router)
eth1, eth1.1-1.4

As the subnet provides IP prefix of 192.168.3.* and the router itself is assigned IP of 192.168.0., I wonder if it's helpful to add a flow to forward packets from 192.168.3. to 192.168.0.104.

So is it correct if I suppose, a machine with IP 192.168.3.10, for example, it wants to make query to google, the path should be 192.168.3.10->192.168.0.105->192.168.0.1(home router)->outside?

This is to build a flow based on Layer3. But I'm wondering if I can build flows between VLANs? According to my configuration, WAN port is port1, belongs to VLAN 5. Do you think is viable to add flows bidirectionally from VLAN 1 (machine connected) to VLAN 5 and from VLAN 5 to VLAN 1? If so, is there any examples I can flow please?

Another detail. The output of ifconfig shows eth0 interface was assigned IP 192.168.0.105, which means it's connected with my home router (192.168.0.1). So do I need to forward packets between these to IP addresses?

I really appreciate any help.

YU Liu
  • 45
  • 3
  • 10

2 Answers2

1

The following commands add two rules to send packet from VLAN 5 and port 5 to port 1 with VLAN 1 and vice versa:

ovs-ofctl add-flow br0 in_port=5,dl_vlan=5,actions=mod_vlan_vid:1,output:1
ovs-ofctl add-flow br0 in_port=1,dl_vlan=1,actions=mod_vlan_vid:5,output:5
pchaigno
  • 11,313
  • 2
  • 29
  • 54
  • Thank you so much for your response. As I mentioned, port1 is in VLAN5, port 5 should belong to VLAN 4. So I tried: `ovs-ofctl add-flow br0 in_port=5,dl_vlan=4,actions=mod_vlan_vid:5,output:1` and `ovs-ofctl add-flow br0 in_port=1,dl_vlan=5,actions=mod_vlan_vid:4,output:5` while it didn't work. As my OVS router has IP 192.168.3.1, which is connected with a home router 192.168.0.1, my machine wired with the OVS router has IP 192.168.3.10. If I just forward the packets with the above packets, do you think I also need to forward packets from 192.168.3.* to 192.168.0.* Thank you so much. – YU Liu Dec 25 '17 at 21:15
-1

I have solved this problem. Following is the solution.

The main idea is to build a linux bridge connected with OVS bridge, when I need the VLANs to be able talking with outside internet. I can use brctl to operate linux bridge. Firstly I tried:

brctl addbr br-lan
brctl addif br-lan br0

Then all the machine can access to the internet. But unfortunately, only for couple minutes. After that, the router collapsed. I could not access to the OVS router anymore unless I reset it. That could be caused by the incorrect bridge configuration. I tried many ways and finally this one works:

brctl addbr br-lan
ifconfig br-lan 192.168.3.1
brctl addif br-lan br0
ifconfig br0 0.0.0.0

I considered linux bridge br-lan should be originally connected with eth0 (wan). And as I know, br0 could means 'local', with IP address 192.168.3.1. All VLANs talk with this IP address. If I move 'local' to linux bridge which connected with wan port, it should work.

Thanks for everybody who viewed and tried to help me!

YU Liu
  • 45
  • 3
  • 10