evsadm - Creates and manages Elastic Virtual Switches (EVSes) and its resources, namely, IP networks (IPnets) and Virtual Ports (VPorts).
evsadm
evsadm set-prop -p <prop>=[<val>[,...]] evsadm show-prop [[-c] -o <field>[,...]] [-p <prop>[,...]]
evsadm set-controlprop [-h host] -p {<prop>=[<val>[,...]]}[,...] evsadm set-controlprop [-h host] -p uplink-port=<val>[,vlan-range=[<val>[,...]]] [,vxlan-range=[<val>[,...]]][,flat=yes|no] evsadm show-controlprop [[-c] -o <field>[,...]] [-p <prop>[,...]]
evsadm create-evs [-T <tenantname>] [-p {<prop>=<val>[,...]}[,..]] <evsname> evsadm delete-evs [-T <tenantname>] <evsname> evsadm show-evs [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [<evsname>]
evsadm add-ipnet [-T <tenantname>] -p subnet=<val>[{,<prop>=<val>[,...]}[,...]] <evsname>/<ipnetname> evsadm remove-ipnet [-T <tenantname>] <evsname>/<ipnetname> evsadm show-ipnet [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [[<evsname>/][ipnetname]]
evsadm add-vport [-T <tenantname>] [-p {<prop>=val[,...]}[,...]] <evsname>/<vportname> evsadm remove-vport [-T <tenantname>] <evsname>/<vportname> evsadm reset-vport [-T <tenantname>] <evsname>/<vportname> evsadm show-vport [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [[<evsname>/][<vportname>]]
evsadm set-evsprop [-T <tenantname>] -p <prop>=[<val>[,...]] <evsname> evsadm show-evsprop [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [-p <prop>[,...]] [evsname]
evsadm set-vportprop [-T <tenantname>] -p <prop>=[<val>[,...]] <evsname>/<vportname> evsadm show-vportprop [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [-p <prop>[,...]] [[evsname/][vportname]]
evsadm set-ipnetprop [-T <tenantname>] -p <prop>=<val> <evsname>/<ipnetname> evsadm show-ipnetprop [-f {<fname>=<val>[,...]}[,...]] [[-c] -o <field>[,...]] [-p <prop>[,...]] [[evsname/][ipnetname]]
evsadm help [subcommand-name]
The evsadm command provides a set of subcommands to:
manage EVS
manage IP Network associated with EVS
manage virtual ports associated with EVS
An Elastic Virtual Switch (EVS) is a virtual switch that spans one or more servers (physical machines). It represents an isolated L2 segment, and the L2 segment is implemented as Flat (untagged), VLAN or VXLAN. An EVS provides network connectivity between the Virtual Machines connected to it. There are two main resources associated with an EVS: IPnet and VPort.
An IP network represents a block of either IPv4 or IPv6 addresses (that is, subnet) along with a default router for the block. Only one IPnet can be associated with an EVS. All the zones/VNICs that connect to the EVS, through a VPort, will get an IP address from the IPnet associated with the EVS.
A VPort represents the point of attachment between the VNIC and an EVS. It encapsulates various network configuration parameters such as, SLAs (maxbw, cos, and priority), IP address, and MAC address. This configuration is inherited by the VNIC when it connects to the VPort.
Provides functionality for the configuration and administration of an EVS and all the resources associated with it. One controller should be used to manage all the EVSes in the network. The controller has properties associated with it that captures information that is necessary for implementing L2 segments across physical machines, and these properties can be administered through the set-controlprop subcommand. EVS Controller is implemented as a RAD module and exports RAD interfaces that are used by EVS clients.
This is the entity that communicates with the EVS Controller to define L2 network topologies and the IP addresses used on those networks. So, evsadm(1m) is an EVS Manager.
Through evsadm, using EVS, IPnet, and VPorts, one can define L2 network topologies and the IP addresses used on those networks. Then, use dladm(1M) to connect the VNICs to these topologies or zonecfg(1M) to connect the VNIC anets (therefore, zones) to these topologies. dladm(1m) and zonecfg(1m) form the clients of EVS controller, and they pull the information from the controller to retrieve VPort properties. (evsadm(1m) was used to push the configuration into the controller to begin with). Note that both native and kernel zones are supported.
Any host that wants its VNICs or its Zone's VNIC anet resource to be part of an EVS. Existing tools, dladm(1M), and zonecfg(1M) have been modified to specify that the VNICs need to be part of an EVS.
Tenants are used for namespace management. EVS and its resources defined within a tenant are not visible outside that tenant's namespace. It acts as a container to hold all the tenant's resources together.
Each evsadm subcommand operates on one of the above mentioned objects. The mapping is as shown below.
|
An EVS, IPnet, and a VPort is identified by a name. The name cannot exceed more than 127 characters, and should be a combination of alphanumeric characters, along with '.' and '_'.
In addition, these names may also contain special delimiter characters '-'. These names indicate that the resources were created outside of evsadm. It contains a prefix (identifying the creator) followed by a '-' and a traditional resource name. For example sys-vport0, where, `sys' here means that the resource was created by system. This ensures that resources created using evsadm will never have naming conflicts. Accordingly, evsadm cannot be used to create resources that contain a '-'.
The evsadm command can run on any machine that can communicate with the machine running the EVS controller. It works along with a EVS controller to execute all the evsadm subcommands. Before using evsadm, one has to specify a hostname or the IP address of the EVS Controller. This can be done by setting the 'controller' property through 'set-prop' subcommand.
# evsadm set-prop -p controller=ssh://[username@]evs-controller.example.com # evsadm show-prop NAME VALUE DEFAULT controller ssh://[username@]evs-controller.example.com --
Where, the optional 'username' is an user assigned with Elastic Virtual Switch Administration RBAC profile (See prof_attr(4)). To simplify configuration, a user called 'evsuser' who has all the authroizations and privileges to perform EVS operations will be created when you install the mandatory EVS IPS package (service/network/evs). If you want to use the shipped 'evsuser', then you would set the controller property to:
# evsadm set-prop -p controller=ssh://evsuser@evs-controller.example.com
As you can see SSH is used to communicate with EVS controller. To make the communication non-interactive, you must setup SSH authentication with pre-shared public keys between the hosts (that is, the host where vsadm will be executed, and the EVS controller).
# evsadm set-prop -p controller=unix://
Each subcommand of evsadm has options associated with it, and these options are described in the context of each subcommand below. Many of the subcommands have the following as a common option:
Specifies the name of the tenant in whose namespace the subcommand operation should apply. If not specified, then operation is assumed to be in the default tenant sys-global.
The user must have Elastic Virtual Switch Administration rights profile to execute the following subcommands:
create-evs delete-evs show-evs set-evsprop show-evsprop add-ipnet remove-ipnet show-ipnet set-ipnetprop show-ipnetprop add-vport remove-vport show-vport set-vportprop show-vportprop reset-vport set-prop set-controlprop
An user with Elastic Virtual Switch Observability rights profile can execute the following observability subcommands:
show-evs show-evsprop show-ipnet show-ipnetprop show-vport show-vportprop show-prop show-controlprop
The following subcommands are supported:
Sets the values of a property for the host where the command is executed. The only supported property is 'controller'. Currently, this property only supports rad(1M) SSH and UNIX URI schemes. See EXAMPLES, below, for more information.
Name of the property to be set to the specified values. Only one property can be set at a time. Note that if <val> is not provided, the property will be reset to it's default value.
Show the current values of one or more properties for the current host. The only supported property is 'controller', and it specifies the EVS controller to connect to.
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the property
Permission of the property. It is either rw or r-.
Value of the property
Default value of the property
Display using a stable machine-parseable format. The –o option is required with –c. See Parseable Output Format, below.
Modifies the EVS controller's property to the value specified by the user. For the list of Controller properties and their possible values see the, Controller Properties section below. These properties can be retrieved using show-controlprop subcommand.
While setting an uplink-port property, one can optionally specify vlan-range, vxlan-range, or flat. If vlan-range is specified, then it means that the corresponding uplink-port will support those VLAN IDs. If vxlan-range is specified, then it means that the corresponding uplink-port will support those VXLAN IDs. If flat is specified, then it means that the corresponding uplink-port will support flat network type. If an EVS Node has multiple uplink ports, then vlan-range, vxlan-range, and flat facilitates in uniquely identifying a single uplink-port to create VNICs for that EVS Node. Please refer to EXAMPLES section for more information.
To reset property values, set the property with an empty value.
One can set the controller's properties from any of the EVS components as long as the controller is accessible from that component.
The property being set is applicable only to the specified host
Name of the controller property to be set to the specified values on the EVS controller. If the property takes multiple values, then the values should be specified with a comma as the delimiter. Only one property can be specified at a time. Note that if <val> is not provided, the property will be reset to it's default value.
If the property being set is uplink-port, then one can specify additional metadata through vlan-range, vxlan-range, and flat.
Show the current values of one or more properties for the controller. If no properties are specified, then all available Controller properties are displayed. For list of Controller properties see the, Controller Properties section below.
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of controller property
Permission of controller property
Value of controller property
Default value of controller property
If the value is '--', then the property applies to all the hosts, or is of global scope. Otherwise, it specifies that the property is applicable to that particular host.
Represents a comma separated range of VLAN IDs that will be served by the corresponding uplink-port. This field will have value only for uplink-port and for the rest of the properties '--' will be shown.
Represents a comma separated range of VXLAN IDs that will be served by the corresponding uplink-port. This field will have value only for uplink-port or vxlan-addr and for the rest of the properties '--' will be shown.
Specifies if a given uplink-port supports Flat (untagged) network type. The displayed values will be yes or no.
Display using a stable machine-parseable format. The –o option is required with –c. See the, Parseable Output Format section below.
Create an EVS with name evsname. If a tenant name is specified, then the EVS is created within the namespace of that tenant otherwise it will be created in the default tenant sys-global.
See the CONCEPTS section above for more information on –T option.
A comma-separated list of EVS properties to set to the specified values on the EVS being created. Please see, EVS Properties section below for more information on the supported properties.
Deletes the specified EVS. This operation fails if any one of the VPort is in use. A VPort is in use if it has a VNIC connected to it. If none of the VPorts are in use, then this operation will delete all the VPorts and IPnets associated with the EVS. The STATUS field in show-evs output displays whether an EVS is busy or idle.
See the CONCEPTS section above for more information on –T option.
Show EVS information either for all the EVSes managed by the EVS controller or for the specified EVS.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters the EVS by tenant name
Filters the EVS by EVS name
Filters the EVS by host name
Filters the EVS by ipnet name
Filters the EVS by vport name
An EVS represents an isolated L2 segment. To implement or realize this, Flat (untagged), VLAN or VXLAN will be used. This option provides that information through following fields.
Name of the EVS
Name of the tenant that owns the EVS
Type of L2 network
VLAN ID used to implement the EVS
VXLAN segment ID used to implement the EVS
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the EVS
Name of the tenant that owns the EVS
Whether EVS is idle or busy. EVS is busy if it has atleast one VPort that has VNIC connected to it.
Number of virtual ports associated with the EVS.
The list of IP networks associated with the EVS. Currently only one IP network can be associated with an EVS.
The list of hosts that the EVS spans across.
Display using a stable machine-parseable format. The –o option is required with –c. See Parseable Output Format, below.
Add an ipnet with name ipnetname for the given EVS evsname. If tenant name is specified, then the ipnet will be associated with the EVS evsname in tenant tenantname namespace.
See the CONCEPTS section above for more information on –T option.
A comma-separated list of IPnet properties to set to the specified values on the EVS being created. Please see IPnet Properties section below for more information on the supported properties. Note that 'subnet' is a required property and operation fails if it's not specified.
Removes the specified ipnet ipnetname from an EVS evsname. This operation fails if any one of the VPorts is in use. A VPort is in use if it has a VNIC connected to it.
See the CONCEPTS section above for more information on –T option.
Show IPnet information either for all the IPnets managed by the EVS controller or for the specified IPnet.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters the ipnet by tenant name
Filters the ipnet by EVS name
Filters the ipnet by ipnet name
Filters the ipnet by host name
IPnets can be filtered by their property names. So, all IPnet properties are valid filters. For the list of IPnet properties, see the IPnet Properties section below.
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the ipnet along with name of the EVS with which it is associated. It's of the form evsname/ipnetname.
Name of the ipnet
Name of the EVS
The name of the tenant that owns the EVS.
Represents the subnet (either IPv4 or IPv6) for this IPnet.
Start address of the IP address range.
End address of the IP address range.
The IP address of the default router for the given ipnet.
A comma-separated list of available IP addresses that can be assigned to VPort.
Display using a stable machine-parseable format. The –o option is required with –c. See Parseable Output Format, below.
Add a VPort with name vportname for the given EVS evsname. If tenant name is specified, then the VPort will be associated with the EVS evsname in tenant tenantname namespace.
When a VPort is created, it will be assigned a random MAC address and an IP address from the ipnet address range. Therefore, it's absolutely necessary to associate an IPnet with an EVS before adding VPorts to it.
Note that it is not necessary to add a VPort to an EVS. When a VNIC is being created, it's just sufficient to give the EVS name to connect the VNIC to. In such cases, the controller will generate a system VPort (identified by the prefix 'sys-' in VPort name), and it inherits the EVS properties.
The advantage of explicitly creating a VPort is that you can specify the desired properties for that VPort while creating one, and you can also modify them after creation. On the other hand one can neither specify nor modify the properties of system VPorts.
See the CONCEPTS section above for more information on –T option.
A comma-separated list of VPort properties to set to the specified values on the VPort being created. Please see Virtual Port Properties section below for more information on the supported properties.
Removes the specified VPort. When a VPort is removed, the IP address and the MAC address associated with the VPort is released.
Note that if there is a VNIC associated with this VPort, then the removal of the VPort fails.
See the CONCEPTS section above for more information on –T option.
Resets the specified VPort. When a VPort is associated with a VNIC which actually does not exist, you can release this VPort by reseting it. A system VPort will be deleted on reset.
See the CONCEPTS section above for more information on –T option.
Show VPort information either for all the VPorts managed by the EVS controller or for the specified VPort.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters the VPort by tenant name
Filters the VPort by EVS name
Filters the VPort by VPort name
Filters the VPort by host name
VPorts can be filtered by their property names. So, all VPort properties are valid filters. For list of VPort properties see the VPort Properties section below.
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the VPort along with name of the EVS with which it is associated. It's of the form evsname/vportname.
Name of the VPort
Name of the EVS
Name of the tenant that owns the EVS
Whether VPort is used or free. A VPort is used if it has a VNIC associated with it. Otherwise it's free.
Name of the VNIC associated with the VPort.
The host that has the VNIC associated with the VPort.
Display using a stable machine-parseable format. The –o option is required with –c. See Parseable Output Format, below.
Sets the values of a property on the specified evsname. For the list of EVS properties and their possible values please see the EVS Properties section below. These properties can be retrieved using show-evsprop subcommand.
See the CONCEPTS section above for more information on –T option.
Name of the property to set to the specified values. Note that if <val> is not provided, the property will be reset to its default value.
Show the current values of one or more properties, either for all EVS or for the specified EVS. If no properties are specified, then all available EVS properties are displayed. For list of EVS properties see the EVS Properties section below.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters the EVS by tenant name
Filters the EVS by EVS name
Filters the EVS by host name
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the EVS
Name of the tenant that owns the EVS
Name of the EVS property
The read/write permissions of the property. The value shown is one of r- or rw.
The current property value. If the value is not set, it is shown as '--'. If it is unknown, the value is shown as '?'.
The effective property value chosen by the system. The system selects the VPort property in the following order:
The current VPort property value
The current EVS property value
The default VPort property value
The default value of the property. If the property has no default value, '--' is shown.
A comma-separated list of the values the pro- perty can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown or unbounded, '--' is shown.
Sets the values of a property on the specified vportname. For the list of VPort properties and their possible values see the Virtual Port Properties section below. These properties can be retrieved using show-vportprop subcommand.
If the VPort has a VNIC connected to it, then setting the property on that VPort results in change of VNIC's property as well.
Note that changing the property of system VPort is not allowed. For more information on system VPort see add-vport subcommand.
See the CONCEPTS section above for more information on –T option.
Name of the property to set to the specified values. Note that if <val> is not provided, the property will be reset to its default value.
Show the current values of one or more properties, either for all VPorts or for the specified VPort. If no properties are specified, then all available VPort properties are displayed. For list of VPort properties see the Virtual Port Properties section below.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters VPort by tenant name
Filters VPort by EVS name
Filters VPort by VPort name
Filters VPort by host name
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the VPort along with name of the EVS with which it is associated. It's of the form evsname/vportname.
Name of the VPort
Name of the EVS
Name of the tenant that owns the EVS
Name of the VPort property
The read/write permissions of the property. The value shown is one of r- or rw.
The current property value. If the value is not set, it is shown as '--'. If it is unknown, the value is shown as '?'.
The default value of the property. If the property has no default value, '--' is shown.
A comma-separated list of the values the pro- perty can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown or unbounded, '--' is shown.
Sets the values of a property on the specified ipnetname. For the list of IPnet properties and their possible values see the IP network Properties section below. These properties can be retrieved using show-ipnetprop subcommand.
See the CONCEPTS section above for more information on –T option.
Name of the property to set to the specified values. Note that if <val> is not provided, the property will be reset to its default value.
Shows the current values of one or more properties, either for all IPnets or for the specified IPnet. If no properties are specified, then all available IPnet properties are displayed. For list of IPnet properties see the IP Network Properties section below.
A comma-separated name-value pairs used to filter the output (Row selection). If multiple filters are specified, then the displayed output is a result of AND operation among the filters. If the filter value is multi-valued, then the displayed output is a result of OR operation among the filter values. The supported filters are:
Filters IPnet by tenant name
Filters IPnet by EVS name
Filters IPnet by IPnet name
Filters IPnet by host name
A case-insensitive, comma-separated list of output fields to display (Column selection). The field name must be one of the fields listed below, or the special value all to display all fields.
Name of the IPnet along with name of the EVS with which it is associated. It is of the form evsname/ipnetname
Name of the IPNET
Name of the EVS
Name of the tenant that owns the EVS
Name of the IPnet property
The read/write permissions of the property. The value shown is one of r- or rw
The current property value. If the value is not set, it is shown as '--'. If it is unknown, the value is shown as '?'
The default value of the property. If the property has no default value, '--' is shown
A comma-separated list of the values the property can have. If the values span a numeric range, min - max might be shown as shorthand. If the possible values are unknown or unbounded, '--' is shown.
Displays all the supported evsadm subcommands or usage for a given subcommand. If you invoke help for a specific subcommand, the command syntax is displayed. Using evsadm help without any argument displays all of the supported subcommands.
Many evsadm subcommands have an option that displays output in a machine-parseable format. The output format is one or more lines of colon (:) delimited fields. The fields displayed are specific to the subcommand used and are listed under the entry for the –o option for a given subcommand. Output includes only those fields requested by means of the –o option, in the order requested.
When you request multiple fields, any literal colon characters are escaped by a backslash (\) before being output. Similarly, literal backslash characters will also be escaped (\\). This escape format is parseable by using shell read(1) functions with the environment variable IFS=: (see EXAMPLES, below). Note that escaping is not done when you request only a single field.
These properties hold information that are essential for implementation of virtual switches or L2 segments across physical machines. For most properties, the scope or applicability is entire data center or global in nature. However, there are some properties, namely, uri, uplink-port and vxlan-addr, whose values can be overridden on a per-host basis.
Defines how an EVS will be implemented across physical machines. The possible values are "flat" (Untagged), "vlan", or "vxlan". By default the l2-type is "vlan". Note that, changing a l2-type will not effect those EVSes that were created prior to change. Only the EVSes created after the change will have new l2-type. This means that L2 segments based off Flat, VLAN and VXLAN can co-exist.
To realize Flat, all the VPorts of an EVS will be on the same network (which can also be shared with the hosts). The packets are are not tagged on such VPorts. All the VNICs (and thus VM instances) that connect to a flat l2-type EVS are created with VLAN ID set to 0. Such EVSes will be used to map directly to the existing physical networks.
To realize VLAN, all the VPorts of an EVS will be associated with the same VLAN ID. VLAN ID to use comes from the vlan-range property. This l2-type assumes that the physical network has been configured to send/receive packets on those VLANs or that a protocol like GVRP has been enabled in Oracle Solaris and on the switch fabric. Minimally, vlan-range and uplink-port must be specified. Otherwise, EVSes creation will fail.
To realize VXLAN, all the VPorts of an EVS will be associated with the same VXLAN ID. VXLAN ID to use comes from the vxlan-range property. Other VXLAN properties such as vxlan-addr, vxlan-group, vxlan-ipvers, and uplink-port influence how VXLAN will be created. Minimally, vxlan-range and either uplink-port or vxlan-addr must be specified. Otherwise EVSes creation will fail.
Comma-separated list of VLAN ID ranges that will be used for creating EVS. One VLAN ID will be consumed for every EVS created. VLAN ID provides isolation of packets between EVSes. Valid values are [1-4094].
Comma-separated list of VXLAN segment number ranges that can be used for creating EVS. One VXLAN segment number will be consumed for every EVS created. VXLAN segment number provides Layer 2 isolation between EVSes. Valid values are [0 - 16777215].
Specifies the IP address on top of which VXLAN datalink should be created. This can be set to a subnet address as well.
The multicast address that needs to be used while creating VXLAN links. The VXLAN link will use this address to discover other VXLAN links on the same VXLAN segment. If this property is not set, the default all-host address will be used by the VXLAN link.
Represents the IP version of the address that must be used for the IP interface that will host VXLAN datalinks. The possible values are "v4" and "v6". The default value is "v4".
Specifies the datalink to be used for following network types: Flat, VLAN, and VXLAN.
An ID that uniquely identifies an EVS controller in the data center. It is a read-only property and its value is automatically generated when an EVS controller is installed.
Specifies the template from which the actual RAD URI (see rad(1M)) scheme is computed by EVS controller. The computed RAD URI will be used between EVS Controller and EVS nodes. The uri_template value is of the form ssh://[username@] or unix://[username@]. See EXAMPLES section below for the usage.
Represents the block of either IPv4 or IPv6 addresses. For IPv4, the value is specified as the standard IPv4 dotted-decimal form with prefix len, that is:
ddd.ddd.ddd.ddd/yy
Where, "ddd" is a one to three digit decimal number between 0 and 255, and "yy" is a one to two digit decimal number between 1 and 30.
For IPv6, the value is specified as the standard IPv6 text form with prefix len, that is:
ex:x:x:x:x:x:x:x/yyy
Where, "x"s are the hexadecimal values of the eight 16-bit pieces of the address, and "yy" is a one to three digit decimal number between 1 and 126.
Default router specifies the gateway's IP address for the given subnet. This is optional and when not specified the first address in the range will be selected as the default router IP address.
Represents a sub-ranges of IP addresses within a subnet. An IP address allocated to a virtual port will be picked from the pool instead of the entire subnet. Multiple ranges can be specified with comma as the delimiter and they cannot overlap each other. Each range is of the form start_ip_address-end_ip_address. Note that the start_ip_address and end_ip_address must be within the subnet.
Sets the 802.1p priority on outbound packets on the virtual port. The values range from 0 to 7. When this property is set, all the outbound packets on the virtual port will have a VLAN tag with the priority field set to the property value. This can be used to provide differentiated services across VPorts.
Sets the full duplex bandwidth for the virtual port. The bandwidth is specified as an integer with one of the scale suffixes (K, M, or G for Kbps, Mbps, and Gbps). If no units are specified, the input value will be read as Mbps. The default is no bandwidth limit.
Sets the relative priority for the virtual port. The value can be given as one of the tokens high, medium, or low. The default is medium. This priority is not reflected in any protocol priority fields on the wire, but used for packet processing scheduling within the system. A high priority link offers a better latency depending on the availability of system resources.
Enables one or more types of link protection. It is same as datalink's protection property. Valid values are:
MAC address anti-spoof. An outbound packet's source MAC address must match the link's configured MAC address. Non-matching packets will be dropped.
IP address anti-spoof. An outbound packet's source IP address must match the VPort's IP address, IPv4/IPv6 addresses learned from DHCP replies, link-local IPv6 address conforming to RFC 2464, and the unspecified (all-zeros) IPv4/IPv6 address.
An outbound ARP packet can pass if its sender protocol address is VPort's IP address.
The client ID in the DHCPv4 packet must match VPort's MAC address. The DUID in the DHCPv6 packet must be of type 1 or 3 and the link layer address part of the DUID must match the VPort's MAC address.
Restricts outgoing packet types to just IPv4, IPv6, and ARP.
Protection will not be applied
Represents the IP address associated with the virtual port. When a VNIC connects to a VPort, this address will be applied to the VNIC. By default, the EVS Controller will automatically select an IP address from the IPnet associated with the EVS. If a Zone/VNIC needs to be assigned a particular IP address, then that can be achieved by manually setting the ipaddr to the desired IP address at the time of addition of the VPort to an EVS.
Once the VPort is created, its IP address cannot be changed through evsadm set-vportprop command.
Represents the MAC address associated with the virtual port. The VNIC that connects to this VPort basically inherits the MAC address from the VPort. By default, the EVS Controller will generate a random MAC address for the VPort. If a VNIC needs to be assigned a particular MAC address, then that can be achieved by manually setting the macaddr to the desired MAC address at the time of addition of the VPort to an EVS.
Once the VPort is created, its MAC address cannot be changed through evsadm set-vportprop command.
A read-only property that represents the EVS with which the VPort is associated.
A read-only property that represents the tenant with which the VPort is associated.
See "Virtual Port Properties" section above. This defines the default maxbw that will be associated with each virtual port of an EVS.
See "Virtual Port Properties" section above. This defines the default priority that will be associated with each virtual port of an EVS.
A read-only property that represents the tenant with which an EVS is associated.
See "Controller Properties" section above for more information. These properties specify the network-type (flat, vlan, or vxlan) that the EVS should be implemented as, and the corresponding segmentation ID for vlan and vxlan network-type. Basically, l2-type can be used to override the default controller setting.
See "VPort properties" section. When set, it defines the default value for all the ports of the EVS.
In all the examples below, we are making an assumption that EVS Manager, EVS Controller, and EVS Node are all on the same node.
Example 1 Set the EVS Controller to Which evsadm Should Connect to# evsadm set-prop -p controller=ssh://evsuser@evs-controller.example.com
Now create the SSH keys for the user invoking evsadm using ssh-keygen(1). Copy over the $HOME/.ssh/id_rsa.pub to /var/user/evsuser/.ssh/authorized_keys. Now SSH to evs-controller.example.com as evsuser to verify whether you can connect without password (Note: answer the yes/no question popped by the SSH client).
# evsadm show-prop NAME VALUE DEFAULT controller ssh://evs-controller.example.com --
Note that, since all the participating nodes in the EVS framework are on the same physical machine, we can just use local connection (unix domain socket) instead of SSH to connect:
EVS Manager (evsadm(1m)) to EVS Controller.
EVS Client (dladm(1M) and zoneadmd(1M)to EVS Controller.
This can be achieved through following:
# evsadm set-prop -p controller=unix:// # evsadm show-prop NAME VALUE DEFAULT controller unix:// --Example 2 Setup the EVS Controller Such that the L2 Segments are Created by Using VLANs
Continuing from the above example, the controller now is evs-controller.example.com, and any changes made using set-controlprop command will be reflected on that controller.
# evsadm set-controlprop -p l2-type=vlan # evsadm set-controlprop -p vlan-range=200-300,400-500 # evsadm set-controlprop -p uplink-port=net2 # evsadm set-controlprop -h host2.example.com -p uplink-port=net3 # evsadm set-controlprop -h host3.example.com -p uplink-port=net4 NAME VALUE DEFAULT HOST l2-type vlan vxlan -- vlan-range 200-300,400-500 -- -- uplink-port net2 -- -- uplink-port net3 -- host2.example.com uplink-port net4 -- host3.example.com
VLAN IDs 200-300 and 400-500 have been set aside for EVSes. net2 is the uplink-port on all of the hosts except for host2.example.com and host3.example.com. On host2, net3 will be used as uplink-port, and on host3, net4 will be used as uplink-port.
Example 3 Setup the EVS Controller Such that L2 Segments are Created Using VXLANs# evsadm set-controlprop -p l2-type=vxlan # evsadm set-controlprop -p vxlan-range=20000-30000 # evsadm set-controlprop -p vxlan-addr=192.168.10.0/24 # evsadm show-controlprop -p l2-type,vxlan-range,vxlan-addr NAME VALUE DEFAULT HOST l2-type vxlan vxlan -- vxlan-range 20000-30000 -- -- vxlan-addr 192.168.10.0/24 0.0.0.0 --
VXLAN IDs 20000-30000 have been set aside for EVSes. An IP interface that is part of the subnet 192.168.10.0/24 will be used to create our VXLAN links.
Example 4 Create an EVS, Associate an IP subnet, Add a VPort to the EVS, and Connect a VNICBefore using evsadm, set the controller property.
# evsadm set-prop -p controller=ssh://evs-controller.example.com
Also, SSH authentication with pre-shared keys must be manually setup between RAD client and controller so that RAD client can connect to EVS controller non-interactively.
Now create an EVS with name HR.
# evsadm create-evs HR # evsadm show-evs HR EVS TENANT STATUS NVPORTS IPNETS HOST HR sys-global -- 0 -- --
Since no tenant name was provided, EVS was created under sys-global. It has no IP networks or VPorts associated with it.
Now create an IP network.
# evsadm add-ipnet -p subnet=192.168.13.0/24 HR/hr_ipnet # evsadm show-ipnet NAME TENANT SUBNET DEFROUTER AVAILRANGE HR/hr_ipnet sys-global 192.168.13.0/24 192.168.13.1 192.168.13.2-192.168.13.254
Now add a VPort to HR.
# evsadm add-vport HR/vport0 # evsadm show-vport NAME TENANT STATUS VNIC HOST HR/vport0 sys-global free -- -- # evsadm show-vport -o name,macaddr,ipaddr NAME MACADDR IPADDR HR/vport0 2:8:20:95:1:de 192.168.13.2/24
evsadm with no subcommands prints the following output.
# evsadm NAME TENANT STATUS VNIC IP HR sys-global -- -- hr_ipnet vport0 -- free -- 192.168.13.2/24
Now connect a VNIC vnic0 to HR/vport0.
# dladm create-vnic -t -c HR/vport0 vnic0 # dladm show-vnic -c LINK TENANT EVS VPORT OVER MACADDRESS VIDS vnic0 sys-global HR vport0 evs-vxlan200 2:8:20:95:1:de 0 # dladm show-linkprop -p allowed-ips vnic0 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 allowed-ips rw 192.168.13.2 192.168.13.2 -- --
Note how allowed-ips of vnic0 is set with the VPort's IP address.
Now set the VPort's maxbw property to 1G and see how it reflects on vnic0.
# dladm show-linkprop -p maxbw vnic0 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 maxbw rw -- -- -- -- # evsadm set-vportprop -p maxbw=1G HR/vport0 # dladm show-linkprop -p maxbw vnic0 LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 maxbw rw 1000 1000 -- --Example 5 Create an EVS with flat l2-type
Define which uplink-port on EVS nodes will be used to create FLAT VNICs.
# evsadm set-controlprop -p uplink-port=net0,flat=yes
Now create the Flat EVS, associate subnet to it, and add bunch of VPorts.
# evsadm create-evs -p l2-type=flat evs0 # evsadm show-evs -L EVS TENANT L2TYPE VID VNI evs0 sys-global flat -- -- # evsadm add-ipnet -p subnet=192.168.100.0/24 evs0/ipnet0 # evsadm add-vport evs0/vport0 # evsadm add-vport evs0/vport1 # evsadm add-vport evs0/vport2
With that all three VPorts of evs0 will be on the same network and the outgoing packets on those VPorts will be untagged.
Example 6 Display Properties of an EVS# evsadm show-evsprop HR EVS TENANT PROPERTY PERM VALUE DEFAULT POSSIBLE HR sys-global maxbw rw -- -- -- HR sys-global priority rw -- medium low,medium, high HR sys-global tenant r- sys-global -- --Example 7 Display Properties of a VPort
# evsadm show-vportprop HR/ NAME TENANT PROPERTY PERM VALUE DEFAULT POSSIBLE HR/vport0 sys-global cos rw 3 0 0-7 HR/vport0 sys-global maxbw rw -- -- 10K- HR/vport0 sys-global priority rw -- medium low,medium, HR/vport0 sys-global ipaddr r- 192.168.13.2/24 -- -- HR/vport0 sys-global macaddr r- 2:8:20:5c:cb:a5 -- -- HR/vport0 sys-global evs r- HR -- -- HR/vport0 sys-global tenant r- sys-global -- --
# evsadm show-vportprop HR/ NAME TENANT PROPERTY PERM VALUE EFFECTIVE POSSIBLE HR/vport0 sys-global cos rw 3 3 0-7 HR/vport0 sys-global maxbw rw -- -- HR/vport0 sys-global priority rw -- medium low,medium, HR/vport0 sys-global ipaddr r- 192.168.13.2/24 192.168.13.2/24 -- HR/vport0 sys-global macaddr r- 2:8:20:5c:cb:a5 2:8:20:5c:cb:a5 -- HR/vport0 sys-global evs r- HR -- -- HR/vport0 sys-global tenant r- sys-global -- --Example 8 Remove a Virtual Port
# evsadm remove-vport HR/vport0
Note that, if the vport is being used, then the above operation will fail.
Example 9 Delete an IPnet# evsadm remove-ipnet HR/hr_ipnet
Note that, if an IP address in the IP subnet is being used, then the above operation will fail.
Example 10 Delete an EVS# evsadm delete-evs HR
Note that, if VPorts of an EVS is being used, then the above operation will fail.
Example 11 Create an EVS for a Tenant and Associate an IPnet and VPortThe following example creates an EVS evsA for a tenant tenantA, and associates 192.168.100.0/24 as IPnet with it, and a VPort with maxbw of 1G.
# evasdm create-evs -T tenantA evsA # evsadm add-ipnet -T tenantA -p subnet=192.168.100.0/24 evsA/ipnetA # evsadm add-vport -T tenantA -p maxbw=1G evsA/vport0 # evsadm NAME TENANT STATUS VNIC IP HOST evsA tenantA -- -- ipnetA -- vport0 -- free -- 192.168.100.2/24 -- # evsadm show-vport NAME TENANT STATUS VNIC HOST evsA/vport0 tenantA free -- -- # evsadm show-ipnet NAME TENANT SUBNET DEFROUTER AVAILRANGE evsA/ipnetA tenantA 192.168.100.0/24 192.168.100.1 192.168.100.3-192.168.100.254Example 12 Specify per EVS Node RAD connection
To push VPort properties and to retrieve VPort statistics, an EVS controller connects to an EVS Node. How the RAD connection need to be made can be controlled by the uri_template controller property. This property globally applies to all the EVS Nodes. However, if for an EVS node a different type of connection need to be specified, then the global value can be overridden for that host.
The value is of the form ssh://[username@] or unix://[username@].
# evsadm show-controlprop -p uri_template PROPERTY PERM VALUE DEFAULT HOST uri_template rw ssh:// ssh:// --
This basically says that all the per-EVS node RAD connections should use SSH and should use the user executing evsadm as SSH user.
# evsadm set-controlprop -p uri_template=ssh://evsuser # evsadm show-controlprop -p uri_template PROPERTY PERM VALUE DEFAULT HOST uri_template rw ssh://evsuser ssh:// -
This basically says that all the per-EVS node RAD connections should use SSH. However, for SSH user use evsuser instead.
# evsadm set-controlprop -p uri_template=unix:// # evsadm show-controlprop -p uri_template PROPERTY PERM VALUE DEFAULT HOST uri_template rw unix:// unix:// --
In the case of single server EVS (that is, all the participating nodes in the EVS framework are on the same physical machine) there is no need for SSH and we could just use local connection (unix domain socket).
# evsadm set-controlprop -h evs-controller.example.com -p uri_template=unix:// # evsadm show-controlprop -p uri_template PROPERTY PERM VALUE DEFAULT HOST uri_template rw ssh:// ssh:// -- uri_template rw unix:// unix:// evs-controller.example.com
This basically says that all the per-EVS node RAD connection should be the default SSH except for evs-controller.example.com where local connection should be used.
Example 13 Specify a Pool (Sub-range of IPv4 or IPv6 Addresses From a Subnet) for a Given IP Network# evsadm create-evs HR # evsadm add-ipnet HR/ipnet0 -p subnet=10.0.0.0/24 # evsadm set-ipnetprop -p pool=10.0.0.10-10.0.0.15 HR/ipnet0 # evsadm show-ipnetprop -p pool HR/ipnet0 NAME TENANT PROPERTY PERM VALUE DEFAULT POSSIBLE HR/ipnet0 sys-global pool rw 10.0.0.10-10.0.0.15 -- -- # evsadm add-vport HR/vport0 # evsadm add-vport HR/vport1 # evsadm add-vport HR/vport2 # evsadm add-vport HR/vport3 # evsadm add-vport HR/vport4 # evsadm add-vport HR/vport5 # evsadm add-vport HR/vport6 evsadm: vport addition failed: insufficient resource # evsadm NAME TENANT STATUS VNIC IP HOST HR sys-global idle -- ipnet0 -- vport0 -- free -- 10.0.0.10/24 -- vport1 -- free -- 10.0.0.11/24 -- vport2 -- free -- 10.0.0.12/24 -- vport3 -- free -- 10.0.0.13/24 -- vport4 -- free -- 10.0.0.14/24 -- vport5 -- free -- 10.0.0.15/24 -- # evsadm set-ipnetprop -p pool=10.0.0.10-10.0.0.20 HR/ipnet0 # evsadm add-vport HR/vport6 # evsadm add-vport HR/vport7 # evsadm NAME TENANT STATUS VNIC IP HOST HR sys-global idle -- ipnet0 -- vport0 -- free -- 10.0.0.10/24 -- vport1 -- free -- 10.0.0.11/24 -- vport2 -- free -- 10.0.0.12/24 -- vport3 -- free -- 10.0.0.13/24 -- vport4 -- free -- 10.0.0.14/24 -- vport5 -- free -- 10.0.0.15/24 -- vport6 -- free -- 10.0.0.16/24 -- vport7 -- free -- 10.0.0.17/24 -- # evsadm add-vport HR/vport8 -p ipaddr=10.0.0.100 # evsadm NAME TENANT STATUS VNIC IP HOST HR sys-global idle -- ipnet0 -- vport8 -- free -- 10.0.0.100/24 -- vport0 -- free -- 10.0.0.10/24 -- vport1 -- free -- 10.0.0.11/24 -- vport2 -- free -- 10.0.0.12/24 -- vport3 -- free -- 10.0.0.13/24 -- vport4 -- free -- 10.0.0.14/24 -- vport5 -- free -- 10.0.0.15/24 -- vport6 -- free -- 10.0.0.16/24 -- vport7 -- free -- 10.0.0.17/24 -- # evsadm set-ipnetprop -p pool= HR/ipnet0
Above invocation will reset the pool to the entire subnet range excluding default gateway IP.
# evsadm show-ipnetprop -p pool HR/ipnet0 NAME TENANT PROPERTY PERM VALUE DEFAULT POSSIBLE HR/ipnet0 sys-global pool rw 10.0.0.2-10.0.0.254 -- --
In this case, any VPorts that are added to HR will get IP addresses from within the specified pools. The addition of VPort will fail if there are no more IP addresses in the pool to allocate. To use the address outside the pool, you have to explicitly use -p ipaddr=<IP address> during VPort creation.
Example 14 Connect Through Multiple Uplink Ports From a Given Host# evsadm set-controlprop -p vlan-range=200-300 # evsadm set-controlprop -h host1 -p uplink-port=net0,vlan-range=200-250 evsadm: warning: provided value range is a subset of the complete range. Ensure to provide the remaining value range on a different uplink-port or vxlan-addr # evsadm set-controlprop -h host1 -p uplink-port=net1,vlan-range=251-300 # evsadm show-controlprop -p uplink-port -o property,perm,value,default, vlan_range,vxlan_range,host PROPERTY PERM VALUE DEFAULT VLAN_RANGE VXLAN_RANGE HOST uplink-port rw net0 -- 200-300 -- -- uplink-port rw net0 -- 200-250 -- host1 uplink-port rw net1 -- 251-300 -- host1 # evsadm create-evs evs0 -p vlanid=200 # evsadm create-evs evs1 -p vlanid=251 # evsadm show-evs -L EVS TENANT VID VNI evs0 sys-global 200 -- evs1 sys-global 251 -- # evsadm add-ipnet evs0/ipnet0 -p subnet=10.0.0.0/24 # evsadm add-ipnet evs1/ipnet1 -p subnet=10.0.1.0/24 # dladm create-vnic -c evs0 -t vnic0 # dladm create-vnic -c evs1 -t vnic1 # dladm show-vnic LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS vnic0 net0 1000 2:8:20:d4:d7:d5 fixed 200 vnic1 net1 1000 2:8:20:a:11:40 fixed 251 # evsadm set-controlprop -h host1 -p uplink-port= # evsadm show-controlprop -p uplink-port -o property,perm,value,default, vlan_range,vxlan_range,host PROPERTY PERM VALUE DEFAULT VLAN_RANGE VXLAN_RANGE HOST uplink-port rw net0 -- 200-300 2000-3000 --
This says that host1 has two uplink-ports net0 and net1, and on net0 the supported vlan-range is 200-250 and on net1 the supported vlan-range is 251-300. For all the remaining hosts, net0 will host the entire vlan-range. Resetting uplink-port property for a host will clear all the uplink-port values for that host.
Example 15 Configure the Protection Property# evsadm create-evs evs0 # evsadm add-ipnet evs0/ipnet0 -p subnet=10.0.0.0/24 # evsadm add-vport evs0/vport0 # evsadm show-vportprop -p protection NAME TENANT PROPERTY PERM VALUE EFFECTIVE POSSIBLE evs0/vport0 sys-global protection rw -- mac-nospoof, mac-nospoof, ip-nospoof restricted, ip-nospoof, dhcp-nospoof, none # dladm create-vnic -c evs0/vport0 -t vnic0 # dladm show-linkprop vnic0 -p protection LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 protection rw mac-nospoof, mac-nospoof, -- mac-nospoof, ip-nospoof ip-nospoof restricted, ip-nospoof, dhcp-nospoof # evsadm set-vportprop -p protection=none evs0/vport0 # dladm show-linkprop vnic0 -p protection LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 protection rw -- -- -- mac-nospoof, restricted, ip-nospoof, dhcp-nospoof # evsadm set-vportprop -p protection=restricted evs0/vport0 # dladm show-linkprop vnic0 -p protection LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 protection rw restricted restricted -- mac-nospoof, restricted, ip-nospoof, dhcp-nospoof # evsadm set-vportprop -p protection= evs0/vport0
Not specifying value means resetting protection
# dladm show-linkprop vnic0 -p protection LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE vnic0 protection rw mac-nospoof, mac-nospoof, -- mac-nospoof, ip-nospoof ip-nospoof restricted, ip-nospoof, dhcp-nospoof
Note that the default value of protection property of VPort is mac-nopsoof, ip-nospoof. Resetting protection property will restore its value to default value.
See attributes(5) for descriptions of the following attributes:
|
evsstat(1M), dladm(1M), zonecfg(1M), rad(1M), attributes(5), prof_attr(4), ssh-keygen(1),