I wanted to set up OVS to support a couple of interfaces belonging to an IPS VM. First, I'm only just learning about OVS so please forgive any dumb questions I might submit due to my not understanding how this software behaves.
I have in the past brought up a libvirt based VM and bridged a physical host interface to the eth0 belonging to the virtual machine like this: auto br1 # eth0 on the IPSVM is tied to this bridge iface br1 inet manual bridge_ports eno2 post-up ifconfig eno2 mtu 1520 post-up ifconfig eno2 promisc post-up ethtool -G eno2 rx 4096 post-up ethtool -K eno2 rx off tx off sg off tso off ufo off gso off gro off lro off rxvlan off txvlan off ntuple off rxhash off post-up ethtool -N eno2 rx-flow-hash udp4 sdfn post-up ethtool -N eno2 rx-flow-hash udp6 sdfn post-up ethtool -C eno2 rx-usecs 1 rx-frames 0 post-up ethtool -C eno2 adaptive-rx off bridge_stp off bridge_maxwait 0 post-down brctl delbr br1 ======================================== Now for the main part of the question. In: ovs-vsctl add-port vbridge0 eno2 What's the stanza look like to give it all the ethtool options and ifconfig options that I put on eno2 via the bridge commands as shown above? Is there a way to add "ovs-vsctl set interface <insert options here>" to create an equivalent config? Or would I simply bring up the interface manually via /etc/network/interfaces Like: auto eno2 iface eno2 inet manual post-up ifconfig $IFACE up post-up ifconfig $IFACE mtu 1520 post-up ifconfig $IFACE promisc post-up ethtool -G $IFACE rx 4096 post-up ethtool -K $IFACE rx off tx off sg off tso off ufo off gso off gro off lro off rxvlan off txvlan off ntuple off rxhash off post-up ethtool -N $IFACE rx-flow-hash udp4 sdfn post-up ethtool -N $IFACE rx-flow-hash udp6 sdfn post-up ethtool -C $IFACE rx-usecs 1 rx-frames 0 post-up ethtool -C $IFACE adaptive-rx off bridge_stp off bridge_maxwait 0 pre-down ifconfig $IFACE down Then: ovs-vsctl add-port vbridge0 eno2 #and it would maintain all the attributes I brought it up with manually? I've always operated under the pretense that when a bridge grabs an interface, the interface becomes a slave to the bridge and has to assume all of the bridges default settings. So I'm thinking that bringing up eno2 manually with all those settings and adding the port eno2 after the fact would be a waste of time. I was thinking I would have to get OVS to set the attributes to the interface as it would be master over the slaved interface en02. Clear as mudd? I'm hoping what I wrote made sense. I have concern about all the NIC attributes because IPS systems really only perform correctly if all these attributes are applied to the interface. If you don't tune the interface this way, you'll miss things you're trying to detect with the IPS system. Thanks! CB
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
