How to Install Open vSwitch on Linux, FreeBSD and NetBSD      ========================================================This document describes how to build and install Open vSwitch on ageneric Linux, FreeBSD, or NetBSD host. For specifics around installationon a specific platform, please see one of these files:    - INSTALL.Debian    - INSTALL.Fedora    - INSTALL.RHEL    - INSTALL.XenServerBuild Requirements------------------To compile the userspace programs in the Open vSwitch distribution,you will need the following software:    - GNU make.    - A C compiler, such as:        * GCC 4.x.        * Clang.  Clang 3.4 and later provide useful static semantic          analysis and thread-safety checks.  For Ubuntu, there are          nightly built packages available on clang's website.    - libssl, from OpenSSL, is optional but recommended if you plan to      connect the Open vSwitch to an OpenFlow controller.  libssl is      required to establish confidentiality and authenticity in the      connections from an Open vSwitch to an OpenFlow controller.  If      libssl is installed, then Open vSwitch will automatically build      with support for it.To compile the kernel module on Linux, you must also install thefollowing.  If you cannot build or install the kernel module, you mayuse the userspace-only implementation, at a cost in performance.  Theuserspace implementation may also lack some features.  Refer toINSTALL.userspace for more information.    - A supported Linux kernel version.  Please refer to README for a      list of supported versions.      The Open vSwitch datapath requires bridging support      (CONFIG_BRIDGE) to be built as a kernel module.  (This is common      in kernels provided by Linux distributions.)  The bridge module      must not be loaded or in use.  If the bridge module is running      (check with "lsmod | grep bridge"), you must remove it ("rmmod      bridge") before starting the datapath.      For optional support of ingress policing, you must enable kernel      configuration options NET_CLS_BASIC, NET_SCH_INGRESS, and      NET_ACT_POLICE, either built-in or as modules.  (NET_CLS_POLICE is      obsolete and not needed.)      To use GRE tunneling on Linux 2.6.37 or newer, kernel support      for GRE must be compiled in or available as a module      (CONFIG_NET_IPGRE_DEMUX).      To configure HTB or HFSC quality of service with Open vSwitch,      you must enable the respective configuration options.      To use Open vSwitch support for TAP devices, you must enable      CONFIG_TUN.    - To build a kernel module, you need the same version of GCC that      was used to build that kernel.    - A kernel build directory corresponding to the Linux kernel image      the module is to run on.  Under Debian and Ubuntu, for example,      each linux-image package containing a kernel binary has a      corresponding linux-headers package with the required build      infrastructure.If you are working from a Git tree or snapshot (instead of from adistribution tarball), or if you modify the Open vSwitch build systemor the database schema, you will also need the following software:    - Autoconf version 2.64 or later.    - Automake version 1.10 or later.    - Python 2.x, for x >= 4.If you modify the ovsdbmonitor tool, then you will also need thefollowing:    - pyuic4 from PyQt4 (http://www.riverbankcomputing.co.uk).To run the unit tests, you also need:    - Perl.  Version 5.10.1 is known to work.  Earlier versions should      also work.The ovs-vswitchd.conf.db(5) manpage will include an E-R diagram, informats other than plain text, only if you have the following:    - "dot" from graphviz (http://www.graphviz.org/).    - Perl.  Version 5.10.1 is known to work.  Earlier versions should      also work.    - Python 2.x, for x >= 4.If you are going to extensively modify Open vSwitch, please considerinstalling the following to obtain better warnings:    - "sparse" version 0.4.4 or later      (http://www.kernel.org/pub/software/devel/sparse/dist/).    - GNU make.    - clang, version 3.4 or laterAlso, you may find the ovs-dev script found in utilities/ovs-dev.py useful.Installation Requirements-------------------------The machine on which Open vSwitch is to be installed must have thefollowing software:    - libc compatible with the libc used for build.    - libssl compatible with the libssl used for build, if OpenSSL was      used for the build.    - On Linux, the same kernel version configured as part of the build.    - For optional support of ingress policing on Linux, the "tc" program      from iproute2 (part of all major distributions and available at      http://www.linux-foundation.org/en/Net:Iproute2).On Linux you should ensure that /dev/urandom exists.  To support TAPdevices, you must also ensure that /dev/net/tun exists.To run the ovsdbmonitor tool, the machine must also have the followingsoftware:    - Python 2.x, for x >= 4.    - Python Twisted Conch.    - Python JSON.    - PySide or PyQt4.    - Python Zope interface module.(On Debian "lenny" the above can be installed with "apt-get installpython-json python-qt4 python-zopeinterface python-twisted-conch".)Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD=================================================================Once you have installed all the prerequisites listed above in the BasePrerequisites section, follow the procedure below to build.1. If you pulled the sources directly from an Open vSwitch Git tree,   run boot.sh in the top source directory:      % ./boot.sh2. In the top source directory, configure the package by running the   configure script.  You can usually invoke configure without any   arguments:      % ./configure   By default all files are installed under /usr/local.  If you want   to install into, e.g., /usr and /var instead of /usr/local and   /usr/local/var, add options as shown here:      % ./configure --prefix=/usr --localstatedir=/var   To use a specific C compiler for compiling Open vSwitch user   programs, also specify it on the configure command line, like so:      % ./configure CC=gcc-4.2   To use 'clang' compiler:      % ./configure CC=clang   To build the Linux kernel module, so that you can run the   kernel-based switch, pass the location of the kernel build   directory on --with-linux.  For example, to build for a running   instance of Linux:      % ./configure --with-linux=/lib/modules/`uname -r`/build   If you wish to build the kernel module for an architecture other   than the architecture of the machine used for the build, you may   specify the kernel architecture string using the KARCH variable   when invoking the configure script.  For example, to build for MIPS   with Linux:      % ./configure --with-linux=/path/to/linux KARCH=mips   The configure script accepts a number of other options and honors   additional environment variables.  For a full list, invoke   configure with the --help option.3. Run GNU make in the top source directory, e.g.:      % make   or if GNU make is installed as "gmake":      % gmake   For improved warnings if you installed "sparse" (see   "Prerequisites"), add C=1 to the command line.4. Consider running the testsuite.  Refer to "Running the Testsuite"   below, for instructions.5. Become root by running "su" or another program.6. Run "make install" to install the executables and manpages into the   running system, by default under /usr/local.7. If you built kernel modules, you may install and load them, e.g.:      % make modules_install      % /sbin/modprobe openvswitch    To verify that the modules have been loaded, run "/sbin/lsmod" and   check that openvswitch is listed.   If the "modprobe" operation fails, look at the last few kernel log   messages (e.g. with "dmesg | tail"):      - The message "openvswitch: exports duplicate symbol        br_should_route_hook (owned by bridge)" means that the bridge        module is loaded.  Run "/sbin/rmmod bridge" to remove it.        If "/sbin/rmmod bridge" fails with "ERROR: Module bridge does        not exist in /proc/modules", then the bridge is compiled into        the kernel, rather than as a module.  Open vSwitch does not        support this configuration (see "Build Requirements", above).      - The message "openvswitch: exports duplicate symbol        dp_ioctl_hook (owned by ofdatapath)" means that the ofdatapath        module from the OpenFlow reference implementation is loaded.        Run "/sbin/rmmod ofdatapath" to remove it.  (You might have to        delete any existing datapaths beforehand, using the "dpctl"        program included with the OpenFlow reference implementation.        "ovs-dpctl" will not work.)      - Otherwise, the most likely problem is that Open vSwitch was        built for a kernel different from the one into which you are        trying to load it.  Run "modinfo" on openvswitch.ko and on        a module built for the running kernel, e.g.:           % /sbin/modinfo openvswitch.ko           % /sbin/modinfo /lib/modules/`uname -r`/kernel/net/bridge/bridge.ko        Compare the "vermagic" lines output by the two commands.  If        they differ, then Open vSwitch was built for the wrong kernel.      - If you decide to report a bug or ask a question related to        module loading, please include the output from the "dmesg" and        "modinfo" commands mentioned above.   There is an optional module parameter to openvswitch.ko called   vlan_tso that enables TCP segmentation offload over VLANs on NICs   that support it. Many drivers do not expose support for TSO on VLANs   in a way that Open vSwitch can use but there is no way to detect   whether this is the case. If you know that your particular driver can   handle it (for example by testing sending large TCP packets over VLANs)   then passing in a value of 1 may improve performance. Modules built for   Linux kernels 2.6.37 and later, as well as specially patched versions   of earlier kernels, do not need this and do not have this parameter. If   you do not understand what this means or do not know if your driver   will work, do not set this.8. Initialize the configuration database using ovsdb-tool, e.g.:      % mkdir -p /usr/local/etc/openvswitch      % ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschemaStartup=======Before starting ovs-vswitchd itself, you need to start itsconfiguration database, ovsdb-server.  Each machine on which OpenvSwitch is installed should run its own copy of ovsdb-server.Configure it to use the database you created during step 7 ofinstallation, above, to listen on a Unix domain socket, to connect toany managers specified in the database itself, and to use the SSLconfiguration in the database:      % ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock                      --remote=db:Open_vSwitch,Open_vSwitch,manager_options                      --private-key=db:Open_vSwitch,SSL,private_key                      --certificate=db:Open_vSwitch,SSL,certificate                      --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert                      --pidfile --detach(If you built Open vSwitch without SSL support, then omit--private-key, --certificate, and --bootstrap-ca-cert.)Then initialize the database using ovs-vsctl.  This is onlynecessary the first time after you create the database withovsdb-tool (but running it at any time is harmless):      % ovs-vsctl --no-wait initThen start the main Open vSwitch daemon, telling it to connect to thesame Unix domain socket:      % ovs-vswitchd --pidfile --detachNow you may use ovs-vsctl to set up bridges and other Open vSwitchfeatures.  For example, to create a bridge named br0 and add portseth0 and vif1.0 to it:      % ovs-vsctl add-br br0      % ovs-vsctl add-port br0 eth0      % ovs-vsctl add-port br0 vif1.0Please refer to ovs-vsctl(8) for more details.Upgrading=========When you upgrade Open vSwitch from one version to another, you shouldalso upgrade the database schema:1. Stop the Open vSwitch daemons, e.g.:      % kill `cd /usr/local/var/run/openvswitch && cat ovsdb-server.pid ovs-vswitchd.pid`2. Install the new Open vSwitch release.3. Upgrade the database, in one of the following two ways:      - If there is no important data in your database, then you may        delete the database file and recreate it with ovsdb-tool,        following the instructions under "Building and Installing Open        vSwitch for Linux, FreeBSD or NetBSD".      - If you want to preserve the contents of your database, back it        up first, then use "ovsdb-tool convert" to upgrade it, e.g.:        % ovsdb-tool convert /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema4. Start the Open vSwitch daemons as described under "Building and   Installing Open vSwitch for Linux, FreeBSD or NetBSD" above.Hot Upgrading=============Upgrading Open vSwitch from one version to the next version with minimumdisruption of traffic going through the system that is using that Open vSwitchneeds some considerations:1. If the upgrade only involves upgrading the userspace utilities and daemonsof Open vSwitch, make sure that the new userspace version is compatible withthe previously loaded kernel module.2. An upgrade of userspace daemons means that they have to be restarted.Restarting the daemons means that the Openflow flows in the ovs-vswitchd daemonwill be lost.  One way to restore the flows is to let the controllerre-populate it.  Another way is to save the previous flows using a utilitylike ovs-ofctl and then re-add them after the restart. Restoring the old flowsis accurate only if the new Open vSwitch interfaces retain the old 'ofport'values.3. When the new userspace daemons get restarted, they automatically flushthe old flows setup in the kernel. This can be expensive if there are hundredsof new flows that are entering the kernel but userspace daemons are busysetting up new userspace flows from either the controller or an utility likeovs-ofctl. Open vSwitch database provides an option to solve this problemthrough the other_config:flow-restore-wait column of the Open_vSwitch table.Refer to the ovs-vswitchd.conf.db(5) manpage for details.4. If the upgrade also involves upgrading the kernel module, the old kernelmodule needs to be unloaded and the new kernel module should be loaded. Thismeans that the kernel network devices belonging to Open vSwitch is recreatedand the kernel flows are lost. The downtime of the traffic can be reducedif the userspace daemons are restarted immediately and the userspace flowsare restored as soon as possible.The ovs-ctl utility's "restart" function only restarts the userspace daemons,makes sure that the 'ofport' values remain consistent across restarts, restoresuserspace flows using the ovs-ofctl utility and also uses theother_config:flow-restore-wait column to keep the traffic downtime to theminimum. The ovs-ctl utility's "force-reload-kmod" function does all of theabove, but also replaces the old kernel module with the new one. Open vSwitchstartup scripts for Debian, XenServer and RHEL use ovs-ctl's functions and itis recommended that these functions be used for other software platforms too.Running the Testsuite=====================Open vSwitch includes a testsuite.  Before you submit patchesupstream, we advise that you run the tests and ensure that they pass.If you add new features to Open vSwitch, then adding tests for thosefeatures will ensure your features don't break as developers modifyother areas of Open vSwitch.You must configure and build Open vSwitch (steps 1 through 3 in"Building and Installing Open vSwitch for Linux, FreeBSD or NetBSD" above)before you run the testsuite.  You do not need to install Open vSwitchor to build or load the kernel module to run the testsuite.  You donot need supervisor privilege to run the testsuite.To run all the unit tests in Open vSwitch, one at a time:      make checkThis takes under 5 minutes on a modern desktop system.To run all the unit tests in Open vSwitch, up to 8 in parallel:      make check TESTSUITEFLAGS=-j8This takes under a minute on a modern 4-core desktop system.To see a list of all the available tests, run:      make check TESTSUITEFLAGS=--listTo run only a subset of tests, e.g. test 123 and tests 477 through 484:      make check TESTSUITEFLAGS='123 477-484'(Tests do not have inter-dependencies, so you may run any subset.)To run tests matching a keyword, e.g. "ovsdb":      make check TESTSUITEFLAGS='-k ovsdb'To see a complete list of test options:      make check TESTSUITEFLAGS=--helpThe results of a testing run are reported in tests/testsuite.log.Please report test failures as bugs and include the testsuite.log inyour report.If you have "valgrind" installed, then you can also run the testsuiteunder valgrind by using "make check-valgrind" in place of "makecheck".  All the same options are available via TESTSUITEFLAGS.  Whenyou do this, the "valgrind" results for test <N> are reported in filesnamed tests/testsuite.dir/<N>/valgrind.*.  You may find that thevalgrind results are easier to interpret if you put "-q" in~/.valgrindrc, since that reduces the amount of output.Sometimes a few tests may fail on some runs but not others.  This isusually a bug in the testsuite, not a bug in Open vSwitch itself.  Ifyou find that a test fails intermittently, please report it, since thedevelopers may not have noticed.Bug Reporting-------------Please report problems to bugs@openvswitch.org.