OVS Bridge Connectivity using GRE Tunneling - sdn

Okay so I'm trying to connect two OVS Bridges in separate hosts using GRE Tunneling. A VM is connected to each of the two OVS Bridges.
The problem is that I don't want to add eth0 to the bridges and don't want to give an IP Address to the bridges. The VM's have been given static IP's.
I've tries using multiple online tutorials. But what they all do is add eth0 to the bridges or etc which is of no use to me.

You do not have to add eth0 to the bridge.
You also do not have to give your bridge an IP, just set it to inet manual (or an equivalent in your config).
Could you please provide your current config? It would make much easier to give an advice.

Related

Pica8 SDN whiteswitch ping from mangement console to host port

I am connecting my controller PC to a Pica8 white switch via the Management port. I can SSH into the switch and ping the controller PC, however I cant ping the hosts through the standard ports. I have created a bridge of the first four ports and have successfully pinged from host to host after I installed a flow that allowed it.
My question is, is there some kind of mechanism separating the controller port from all of the data ports, I would think I should be able to ping from the switch to the hosts.
I'm not sure this answers your question, but before pinging the management port I believe you need to set an IP for it via the console port.
I use minicom per the instructions located here. However, I am using the RJ45 to DB9 adapter cable -> USB Serial port connection. That looks like so.
Unfortunately, that creates a problem with minicom, since the instructions tell you to simply power up the switch and observe the received data. There is actually a little more to it than that. You have to configure minicom's serial port. Fortunately, there is a tech blog that I found very helpful. If you follow the provided instructions, it will walk you through changing ports. Once you modify the port that minicom is listening on (For me it is Port /dev/ttyUSB0), you should be able to configure your management port.

VLAN configuration using openvswitch

I am working on a project where we create multiple vms on a host machine. There are multiple hosts of this kind. These hosts are connected to a single LAN and the VMs are created using KVM. Qemu and libvirt are used alongwith. There is a requirement where I need to create multiple VLANs such that some VMs on a host can be a part of one VLAN and the rest could be a part of another VLAN. These VLANs are also spread across multiple hosts.
I was trying to achieve this using openvswitch but failed to succeed. I have followed many solutions available online but I am left in a confused state. Please help me.
I am not clear if openvswitch creates the VLANs or we need to create the VLANs at our end and openvswitch just helps in configuring those with the VMS?
If openvswitch creates the VLANs then what is the way to go?All the configuration that I have tried gives me an error or does not behave as expected. Please point me to the right direction.
Read the section Setting VLAN tag from libvirt.org.
According to OpenVSwitch network type, you can directly specify VLAN tags via element <vlan> to a port from an OpenVSwitch bridge, and libvirt will manage the VLAN tags for your VM network.
Steps:
configure OpenVSwitch bridge for your virtual machine by following the guide How to Use Open vSwitch with Libvirt
add a new element <vlan> to your virtual machine network by specifying vlan id.

best method port forwarding/tunelling

I'd like to use a server between two machines (with no static IP). The only IP known to me is the server's IP address. I'd like to build/use a system that listens to 2 different ports within the server and whatever is received from localhost:portA is sent to localhost:portB and vise versa. Consequently, both machines (with java apps) can communicate through the server in the middle.
Please what is the best solution to do this. I'm working on linux system and I thought of using an SSH java API (hudson / ganymed-ssh-2) to build a port forwarding server application.
Some issue:
1) determining the size of the data transmitted to buffer read or not to forward it to the other port.
2)The speed of reading/writing bytes.
If you can use ssh protocol you can tunnel local or remote ports (this need support on server side). You can also think about an OpenSSH VPN (take a look on ssh -w option, this will create a real VPN (TUN/TAP device is required). ).
You can use the the ssh program. Take a look at the -L and -R options specifically.

SOCAT to redirect UDP don't work!

I'm trying to transmit data in UDP datagrams into a client in external location to a pc in my local lan.
But my network is over a ADSL modem sending to a pc with Slackware, this pc redirect packages into other pcs.
I'm using socat to redirect UDP:
socat -v udp-listen:1935,fork,reuseaddr udp:192.168.0.40:37000
In LAN the conection is fine, but external IPs don't work.
Somebody help?
I don't think socat is the culprit, however consider to use stone instead of socat, because using a fork() for each received packet is a bit weird. Stone is called in your case like this (I think):
stone -n -d -d -d -d 192.168.0.40:37000/udp 1935/udp
Now why external IPs perhaps do not work. Sadly your text does not tell much about your setup, so I have to guess:
It depends on your firewall/modem/router if it is able to forward UDP packets. Usually, if you initiate the UDP requests from the inside, the router will open a NAT connection, which often means, that not only the source IP of the packets change, but the source port as well. As UDP is connectionless, UDP NAT connections usually time out very quickly, say after 5 minutes, if no data is transferred on them.
If the UDP must be opened in the opposite direction (from Internet to Intranet), the router usually discards all the UDP packets coming in from Internet, because it does not know where to forward them to. A router cannot just choose some arbitrary machine, this would be a security hole. So in the "Internet connecting to a machine behind the router" you must open the UDP port on the router and let it forward to the right machine. In that case packets sent from your internal machine will get their source IP and the source port rewritten, the machine on the Internet always will see the packets as coming from your router. So except for the additional rule in the router this case is the same as the outgoing case.
Note that there are several different ways how to make NAT (symmetric, etc.) and several methods on how to open a port on the router (Config, UPnP, etc.) so the ways to poke some holes into it always depends on your hardware capabilities. This all cannot be answered here.
Some other ideas what might go wrong as well:
Some UDP protocols encode IP addresses within the payload. In that case it is not enough just to forward the packets, you must change the payload as well to correct the IP addresses exchanged to enable all machines to talk together. Such UDP protocols are badly designed, anyway, because you never should assume that two arbitrary machines can directly talk with each other, so all good protocols should support easy proxying.
Some ISPs filter certain UDP ports, for arbitrary reason. If you have problems talking from Internet to your DSL, try with two external machines directly connected to different ISPs. If these can talk via UDP check if you can talk from your Intranet to one of the external machines. If this still works, this means, that you can talk backwards as well, as usually UDP is not a directed protocol, but if there is some NAT involved you somehow must make sure that the communication ports stay open.
Mobile Internet plans often do not support P2P. This probably means, those plans do not support Internet at all, as IP, by definition, is P2P. What the ISPs really want to say with "no P2P" is (my guess), that connections from Internet to the mobile device are not supported. In that case you always must initiate a connection from the mobile device, so you cannot use push methods (Internet to Mobile), the mobile device always must pull (data from Internet). Some broadband/cable providers might do the same. Usually you can see this if your ISP hands out an IP in the 10.x.y.z range to you.
There might be another trick how to get the connection working:
Ask your ISP to get some IPv6. Perhaps use 6to4. With IPv6 you eliminate NAT completely, your local LAN then directly interconnects to the Internet on IPv6. Be sure to activate your firewall/iptables on your Intranet host on the IPv6 interface, else you might see Intruders very quickly.
HTH

UDP how can two computers on separate networks connect to each other?

How can two computers that are on separate networks connect to each other using UDP? I know that you can do this by setting up port forwarding but I services like Xbox Live don't work through that. How is this possible and is there a way to obtain an address to another computer on a separate network?
EDIT
Ok thanks for the help I am using objc so I ended up using asyncsocket and portmapper for doing router configuration.
http://code.google.com/p/cocoaasyncsocket/
http://www.codingmonkeys.de/portmap/
First, obtaining the public IP of a remote computer:
Use dynamic dns.
Make your own protocol and run a server to keep the list of users and IP.
Working out incoming UDP packets:
Use client/server communication instead of peer-to-peer.
Use UPnP protocol (i think xbox does this) to ask your router for a port. Not all routers support or have UPnP enabled.
Use TURN/STUN protocol. This protocol has been designed to bypass UDP nat. This requires an external server, but there are free servers available.
I think there are libraries for UPnP and STUN, but i can't tell you for sure.
LatinSuD are right, STUN is good solution - check out STUN protocol implementation for iOS https://github.com/soulfly/STUN-iOS