How to use an OVS Bridge for Networking on Docker?

OVS bridges or Open vSwitch bridges are used as an alternative to the native bridges in linux. It supports most features which are in a physical switch while also supporting multiple vLANs on a single bridge. It is also widely used in Docker networking because it proves to be useful for multiple host networking and provides more secure communication compared to native bridges.

In this article we will discuss how to perform docker networking using the Open vSwitch bridges (OVS). We will discuss the various commands which would help you to install OVS and the OVS utility for docker. We will then try to create an OVS bridge and then connect two docker containers to the bridge. Finally, we will try to test the connections using the ping commands.

Installing OVS bridge

To install Open vSwitch bridge in a linux system, you can use the following apt−get command.

sudo apt−get −y install openvswitch−switch

Installing OVS utility for Docker

To install OVS docker utility, you can use the following commands −

Move to the bin directory for the current user.

sudo cd /usr/bin

Download the openvswitch repo using the following wget command −

sudo cd /usr/bin

Change the access permissions using the following command. The rwx permission ensures that the owner, the group and the users have the rwx set giving them read, write and execute permission.

sudo chmod a+rwx ovs−docker

Creating an OVS bridge

Let us now create, add and configure a new OVS bridge to get docker containers on different networks to connect to each other.

sudo ovs−vsctl add−br ovs−br1

The ovs−vsctl command is used for querying and configuring the OVS switches. It creates and adds an ovs bridge.

You can use the following command to display the ovs bridges.

sudo ovs−vsctl show

Connecting the containers to the bridge

We can connect the containers with the bridge using two different modes - NAT and Bridge.

In NAT mode, the bridge is actually a virtual interface. The docker containers will have internal ip address and network address translation rules applied to communicate with the external world. While on the other hand, if they are connected in bridge mode, then the bridge will be a real network adapter.

We will try to connect them using the bridge mode.

First, we will have to configure internal ip addresses onto the OVS bridge and to do so, we can use the command −

sudo ifconfig ovs−br1 173.16.1.1 netmask 255.255.255.0 up

Now, we will create two different docker containers associated with the ubuntu image.

sudo docker run −it −−name myContainer1 ubuntu bash
sudo docker run −it −−name myContainer2 ubuntu bash

Now, we will try to connect the containers with the OVS bridge using the following commands.

sudo ovs−docker add−port ovs−br1 eth1 myContainer1 −−ipaddress=173.16.1.2/24
sudo ovs−docker add−port ovs−br1 eth1 myContainer2 −−ipaddress=173.16.1.3/24

The above commands connect the containers to the bridge and associate ip addresses to them.

You can now easily test the connections using the ping command.

To conclude, in this article we have seen how to create, add and use the OVS bridge to connect two containers to the bridge.