How to use an OVS Bridge for Networking on Docker?

OVS bridges or Open vSwitch bridges are used as an alternative to the native bridges in Linux. They support most features found in physical switches while also supporting multiple VLANs on a single bridge. OVS is widely used in Docker networking because it provides enhanced multi-host networking capabilities and more secure communication compared to native bridges.

In this article, we will discuss how to perform Docker networking using Open vSwitch bridges (OVS). We will cover the installation of OVS and the OVS utility for Docker, create an OVS bridge, connect two Docker containers to the bridge, and test the connectivity.

Installing OVS Bridge

To install Open vSwitch bridge on a Linux system, use the following apt-get command −

sudo apt-get -y install openvswitch-switch

Installing OVS Utility for Docker

To install the OVS Docker utility, follow these steps −

Navigate to the bin directory −

cd /usr/bin

Download the ovs-docker script −

sudo wget https://raw.githubusercontent.com/openvswitch/ovs/master/utilities/ovs-docker

Change the access permissions to make it executable −

sudo chmod a+rwx ovs-docker

Creating an OVS Bridge

Create a new OVS bridge to enable Docker containers on different networks to connect to each other −

sudo ovs-vsctl add-br ovs-br1

The ovs-vsctl command is used for querying and configuring OVS switches. This command creates and adds an OVS bridge named ovs-br1.

Display the existing OVS bridges −

sudo ovs-vsctl show

Configuring the Bridge

Configure an internal IP address for the OVS bridge −

sudo ifconfig ovs-br1 173.16.1.1 netmask 255.255.255.0 up

This assigns the IP address 173.16.1.1 with a /24 subnet mask to the bridge and brings it up.

Creating Docker Containers

Create two Docker containers using the Ubuntu image −

sudo docker run -it --name myContainer1 ubuntu bash
sudo docker run -it --name myContainer2 ubuntu bash

Connecting Containers to the Bridge

Connect the containers to the OVS bridge using bridge mode. In bridge mode, containers receive IP addresses on the same network as the bridge and can communicate directly.

sudo ovs-docker add-port ovs-br1 eth1 myContainer1 --ipaddress=173.16.1.2/24
sudo ovs-docker add-port ovs-br1 eth1 myContainer2 --ipaddress=173.16.1.3/24

These commands create a network interface eth1 in each container, connect it to the OVS bridge, and assign IP addresses 173.16.1.2 and 173.16.1.3 respectively.

Testing Connectivity

Test the network connectivity between containers using the ping command. From within myContainer1, ping myContainer2 −

ping 173.16.1.3

Expected output −

PING 173.16.1.3 (173.16.1.3) 56(84) bytes of data.
64 bytes from 173.16.1.3: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 173.16.1.3: icmp_seq=2 ttl=64 time=0.098 ms

Advantages of OVS Bridges

Conclusion

OVS bridges provide superior networking capabilities for Docker containers compared to native Linux bridges. They offer advanced features like VLAN support, flow control, and better multi-host networking. This makes OVS an excellent choice for complex container networking scenarios requiring scalability and security.