Open vSwitch: Create TunTap Devices
Faiz Ahmed Farooqui
Open vSwitch (OVS) is a multi-layer software switch designed to enable massive network automation and programmability while providing support for standard management protocols.
Apart from its extensive feature set, one of the key advantages of OVS is its support for networking tunnelling protocols, a use case that is widely employed in software-defined networking (SDN) deployments.
In this regard, we will introduce you to the Tun/Tap network devices, which are a key feature of the Linux kernel and are used for creating network bridges. Specifically, this article will guide you on how to create TunTap devices using an Open vSwitch (OVS) bridge and allocate static IPs to the virtual ports.
Creating TunTap Devices
TunTap devices are software network interfaces provided by the Linux kernel. They can be created and managed just like physical network interfaces.
Create Bridge
ovs-vsctl add-br br0
Create Network Interface
ovs-vsctl add-port br0 vSwitch0
ovs-vstl set Interface vSwitch0 type=internal
We have two commands above, the first command adds vSwitch0 to the br0 bridge and the second command sets internal type to the vSwitch0 interface.
Add the Physical Network Interface to the Bridge
ovs-vsctl add-port br0 eno1
Traffic will now flow between the physical network interface and the Open vSwitch bridge. Remember to change eno1 with your Physical Network Interface.
Create TunTap device
ip tuntap add mode tap vport0
Attach TunTap to Bridge
ovs-vsctl add-port br0 vport0
You should now have a tap device called vport0 which is part of the br0 OVS bridge.
Allocating Static IP Addresses
Static IP addressing, as opposed to dynamic addressing, is when a device keeps the same IP address every time it connects to the network.
Assign Gateway IP to Bridge's Internal Switch
To assign a Gateway IP address to internal Switch, perform the following steps:
ip addr add 172.168.1.1/24 dev vSwitch0
/24 is a netmask.
Assign Static IP to TunTap device
To assign a static IP address to your newly created vport0 interface, perform the following steps:
Remove the current IP from the device (if any):
ip addr flush dev vport0
Now, you can assign a new IP address. The following command will assign IP 172.168.1.100 to vport0:
ip addr add 172.168.1.100 dev vport0
Up all the Interfaces and TunTaps
ip link set dev vSwitch0 up
ip link set dev vport0 up
These two commands will up all your interfaces. You can verify the same by running ifconfig command.
IP Forwarding & NAT Configuration
Enable IP Forwarding on the Host
IP forwarding is the ability for an operating system to accept incoming network packets on one interface, recognize that it is not meant for the system itself, but that it should be passed on to another network, and then forwards it accordingly.
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
Make NAT Configuration for Internt Access
You can use a NAT device to allow resources in private subnets to connect to the internet, other VPCs, or on-premises networks. These instances can communicate with services outside the VPC, but they cannot receive unsolicited connection requests.
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERAGE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i vSwitch0 -o eno1 -j ACCEPT
Traffic will now flow between the physical network interface and the Open vSwitch bridge. Remember to change eno1 with your Physical Network Interface.
Conclusion
This guide has walked you through the process of creating TunTap devices using OVS bridge and assigning static IPs to the virtual ports on Ubuntu 20.04.
With this knowledge, you can effectively set up and manage virtual network interfaces in your environment.
Please remember that, as with all things, practice furthers understanding. So, feel free to experiment with different configurations to fully comprehend the flexible nature of Open vSwitch.
Stay tuned for more insightful articles on advanced networking with Open vSwitch!
About Me ๐จโ๐ป
I'm Faiz A. Farooqui. Software Engineer from Bengaluru, India.
Find out more about me @ faizahmed.in
Subscribe to my newsletter
Read articles from Faiz Ahmed Farooqui directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Faiz Ahmed Farooqui
Faiz Ahmed Farooqui
Principal Technical Consultant at GeekyAnts. Bootstrapping our own Data Centre services. I lead the development and management of innovative software products and frameworks at GeekyAnts, leveraging a wide range of technologies including OpenStack, Postgres, MySQL, GraphQL, Docker, Redis, API Gateway, Dapr, NodeJS, NextJS, and Laravel (PHP). With over 9 years of hands-on experience, I specialize in agile software development, CI/CD implementation, security, scaling, design, architecture, and cloud infrastructure. My expertise extends to Metal as a Service (MaaS), Unattended OS Installation, OpenStack Cloud, Data Centre Automation & Management, and proficiency in utilizing tools like OpenNebula, Firecracker, FirecrackerContainerD, Qemu, and OpenVSwitch. I guide and mentor a team of engineers, ensuring we meet our goals while fostering strong relationships with internal and external stakeholders. I contribute to various open-source projects on GitHub and share industry and technology insights on my blog at blog.faizahmed.in. I hold an Engineer's Degree in Computer Science and Engineering from Raj Kumar Goel Engineering College and have multiple relevant certifications showcased on my LinkedIn skill badges.