Connecting LXC to Open vSwitch Using Libvirt
Published on 3 Dec 2013 · Filed in Tutorial · 658 words (estimated 4 minutes to read)In this post I’m going to expand a little bit on using libvirt to connect Linux containers (created using LXC) to Open vSwitch (OVS). I made brief mention of this in my post on using LXC with libvirt, but did not provide any details. This post aims to provide those details.
I’m assuming that you’re already familiar with LXC, OVS, and libvirt. If you aren’t familiar with these projects, I suggest you have a look back at other articles I’ve written about them in the past. One of the easiest ways to do that is to browse articles tagged LXC, tagged OVS, and/or tagged Libvirt. Further, I’m using Ubuntu 12.04 LTS in my environment, so if you’re using another Linux distribution please note that some commands and/or package names might be different.
The basic process for connecting a Linux container to OVS using libvirt looks something like this:
-
Create one or more virtual networks in libvirt to “front-end” OVS.
-
Create your container(s) using standard LXC user-space tools.
-
Create libvirt XML definitions for your container(s).
-
Start the container(s) using
virsh.
Steps 2, 3, and 4 were covered in my previous post on using LXC and libvirt, so I won’t repeat them here. Step 1 is the focus here. (If you are a long-time reader and/or well-versed with libvirt and OVS, there isn’t a great deal of new information here; I just wanted to present it in the context of LXC for the sake of completeness.)
To create a libvirt virtual network to front-end OVS, you need to create an XML definition that you can use with virsh to define the virtual network. Here’s an example XML definition (click here for an option to download this snippet):
<network>
<name>bridged</name>
<uuid>ff5f8075-31a7-4cc9-21bf-5c8d144f58f0</uuid>
<forward mode='bridge'/>
<bridge name='br-ex' />
<virtualport type='openvswitch'/>
<portgroup name='untagged' default='yes'>
</portgroup>
</network>
A few notes about this XML definition:
-
You normally wouldn’t include the UUID, as that is generated automatically by libvirt. If you were using this XML to create the virtual network from scratch, I would recommend just deleting the UUID line.
-
The network is named “bridged”, and points to the OVS bridge named
br-ex. In this particular case,br-exis a simple OVS bridge that contains a single physical interface. -
This particular virtual network only has a single portgroup configured for untagged traffic. If you wanted to provide a virtual network that supported multiple VLANs, you could add more portgroups with the VLAN tags as I describe in my post on using VLANs with OVS and libvirt. You’d then modify the container’s XML definition to point to the appropriate portgroup, and in this way you could easily support running multiple containers across multiple VLANs on a single host.
-
A libvirt virtual network can only point to a single bridge, so if you wanted to support both bridged (as shown here) as well as tunneled connectivity (perhaps as described in my post on LXC, OVS, and GRE tunnels), you would need to create a second XML definition that creates a separate virtual network. You could then modify the container’s XML definition to point to the new network you just created.
In the bullets above, I mentioned modifying the container’s XML definition. In particular, I’m referring to the <interface type='network'> portion of the container’s XML definition. To use a libvirt network for a container’s network connectivity, you’d specify <source network='bridged'/> (replacing “bridged” with whatever the name of your virtual network is; I’m using the name provided in the sample XML code above). For multiple interfaces in the container, simply supply multiple <interface type='network'> entries in the container’s XML definition, and configure the source network for each of them appropriately.
Hopefully this post provides some additional details and information on using libvirt to connect Linux containers to OVS. If you have any questions, or if you have more information to share on this topic, please feel free to speak up in the comments below. I encourage and welcome all courteous feedback!