Network management with LXD and OpenVSwitch in Ubuntu 18.04

Just some quick notes about my homelab setup of LXD 3.0 with OpenVSwitch (OVS) in Ubuntu 18.04.

Why use OVS in a small homelab environment? Because it’s the most used SDN stack in the world, and you should learn it instead of relying on the traditional Linux bridges, especially if you are into virtualization/containerization or networking stuff.
Ever heard of whitebox switches? They are going to be the dominant platform in the hyperscaler datacenters… and maybe, also in the enterprise market.

A big warning: this is not a “best practices” configuration, the one with overlay switch and tunnel switch as shown in this great article, but I’m still working on that and this simpler one should be ok for some non-enterprise playground.

As of today (today is the first day of Ubuntu 18.04!) Netplan does not directly support OVS, so don’t even try to use it; I hope they will fix it soon, but for now just don’t configure your OVS NIC with Netplan and please fallback to traditional configuration scripts. Or even to manual startup, they are servers and they are meant to be always on anyway… or not? (Thinking of MaaS)

I strongly suggest you to use a machine with multiple NICs, it will make anything a lot easier because you would not be kicked away from the network when adding your only NIC to the OVS bridge.

Just to begin, install OVS with apt install openvswitch-common openvswitch-switch and check the status of ovs-vswitchd.service and  ovsdb-server.service. Don’t forget to enable the ability of kernel to forward packets with the usual echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.conf, followed by sysctl -p /etc/sysctl.conf to reload the config.

After that, do not create any switch in the initial lxd init configuration. Just create an OVS switch in LXD with the command lxc network create ovs-1 bridge.driver=openvswitch. It will automatically be added both to the LXD network profiles and to the OVS configuration, that you can check with ovs-vsctl show. That’s cool! Now it’s time to bind the physical interface to our ovs-1 switch; remember that this will KILL any connection established on the NIC that you choose, so be careful.

After choosing your NIC to bind (list them with the ip link command), type ovs-vsctl add-port ovs-1 eno4; eno4 is my fourth NIC, of course. Now it’s time to apply the network profile we just created to the default profile (but you can choose another one, of course) with lxc network attach-profile ovs-1 default eth0. This way, the first NIC of your LXD container will be a veth port on the OVS switch ovs-1. Start a container in LXD with lxc launch ubuntu:18.04 and check if you got everything right with ovs-ofctl show ovs-1; some veth-stuff should appear. Now, log into your container and play with it’s network configuration: it should appear like it’s on the same L2 switch of the physical NIC eno4.

What you can do now? Easy VLAN tagging, for example: ovs-vsctl set port vethM3WY7X tag=200. Don’t forget to set the switch port physically connected with eno4 as a trunk for the VLAN tag that you choose.
You can also create NIC aliases and bind different OVS switches with different tags to the in the very same NIC, but I have not experimented that yet.