admin 发表于 2019-10-25 10:00:33

ovs-ofctl dump-ports 输出交换机的端口统计信息,包括收发包、丢包、错误包等数量。

ovs-ofctl dump-ports 输出交换机的端口统计信息,包括收发包、丢包、错误包等数量。 ovs-ofctl dump-flows alubr0
OFPST_FLOW reply (xid=0x2): flags=
cookie=0x1, duration=1263.439s, table=0, n_packets=572, n_bytes=27498, priority=1 actions=move:NXM_OF_VLAN_TCI->NXM_NX_REG1[
0..11],strip_vlan,resubmit(,22),resubmit(,23),move:NXM_OF_IN_PORT[]->NXM_NX_REG4,move:NXM_NX_REG1->NXM_OF_IN_PORT[],re
submit(,4)
cookie=0x1, duration=1263.439s, table=4, n_packets=36175, n_bytes=26587191, priority=0 actions=resubmit(,27)
cookie=0x1, duration=1263.439s, table=5, n_packets=35646, n_bytes=26564073, priority=0 actions=resubmit(,7)
cookie=0x1, duration=1193.636s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=18038,dl_src=fa:16:3e:83:4c:69 actions=drop
cookie=0x1, duration=1253.085s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=3575,dl_src=fa:16:3e:e8:53:ed actions=drop
cookie=0x1, duration=1190.175s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=291,dl_src=fa:16:3e:b2:1c:91 actions=drop
cookie=0x1, duration=1176.930s, table=7, n_packets=522, n_bytes=21924, priority=32769,in_port=21588,dl_src=fa:16:3e:f7:f2:b0 action
s=drop
cookie=0x1, duration=1256.088s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=5670,dl_src=fa:16:3e:35:a6:e0 actions=drop
cookie=0x1, duration=1197.461s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=29064,dl_src=fa:16:3e:82:2c:2c actions=drop
cookie=0x1, duration=1196.999s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=249,dl_src=fa:16:3e:83:aa:df actions=drop
cookie=0x1, duration=1195.700s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=422,dl_src=fa:16:3e:c9:6d:72 actions=drop
cookie=0x1, duration=1198.286s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=19360,dl_src=fa:16:3e:95:46:90 actions=drop
cookie=0x1, duration=1195.371s, table=7, n_packets=246, n_bytes=22388, priority=32769,in_port=440,dl_src=fa:16:3e:21:d3:7c actions=
drop
cookie=0x1, duration=1214.428s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=417,dl_src=fa:16:3e:ca:06:53 actions=drop
cookie=0x1, duration=1207.443s, table=7, n_packets=22, n_bytes=3454, priority=32769,in_port=386,dl_src=fa:16:3e:34:aa:b7 actions=dr
op
cookie=0x1, duration=1185.017s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=29117,dl_src=fa:16:3e:ec:aa:39 actions=drop
cookie=0x1, duration=1204.103s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=15250,dl_src=fa:16:3e:d7:f6:f5 actions=drop
cookie=0x1, duration=1197.818s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=28265,dl_src=fa:16:3e:f4:c0:f1 actions=drop
cookie=0x1, duration=1185.573s, table=7, n_packets=283, n_bytes=28562, priority=32769,in_port=275,dl_src=fa:16:3e:ed:7d:60 actions=
drop
cookie=0x1, duration=1191.564s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=185,dl_src=fa:16:3e:55:06:7c actions=drop
cookie=0x1, duration=1210.767s, table=7, n_packets=8553, n_bytes=549905, priority=32769,in_port=526,dl_src=fa:16:3e:62:2a:1b action
s=drop
cookie=0x1, duration=1231.485s, table=7, n_packets=5, n_bytes=450, priority=32769,in_port=8163,dl_src=fa:16:3e:cd:48:42 actions=dro
p
cookie=0x1, duration=1254.538s, table=7, n_packets=0, n_bytes=0, priority=32769,in_port=799,dl_src=fa:16:3e:da:fe:ec actions=drop


如果设为fail-secure mode,则初始情况下flow table是空的,否则会有normal$ sudo ovs-vsctl add-br helloworld1
$ sudo ovs-ofctl show helloworld1
$ sudo ovs-ofctl dump-flows helloworld1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=31.467s, table=0, n_packets=8, n_bytes=648, idle_age=21, priority=0 actions=NORMAL接下来,创建四个veth pairsudo ip link add first_br type veth peer name first_if
sudo ip link add second_br type veth peer name second_if   
sudo ip link add third_br type veth peer name third_if      
sudo ip link add forth_br type veth peer name forth_ifxxx_br将是添加到bridge上的。我们添加四个端口portsudo ovs-vsctl add-port helloworld first_br -- set Interface first_br ofport_request=1
sudo ovs-vsctl add-port helloworld second_br -- set Interface second_br ofport_request=2
sudo ovs-vsctl add-port helloworld third_br -- set Interface third_br ofport_request=3
sudo ovs-vsctl add-port helloworld forth_br -- set Interface forth_br ofport_request=4ofport_request是指定端口号新添加的port都是出于DOWN的状态

admin 发表于 2019-10-25 10:00:34

把它们设为UP

sudo ip link set first_if up
sudo ip link set first_br up
sudo ip link set second_br up   
sudo ip link set second_if up
sudo ip link set third_if up      
sudo ip link set third_br up   
sudo ip link set forth_br up         
sudo ip link set forth_if up

也可以用下面的命令

ovs-ofctl mod-port helloworld first_br up

admin 发表于 2019-10-25 10:00:35

实现第一个Table 0,Admission control

包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。

比如,如果source address是multicast的就不允许进入。

01:00:00:00:00:00/01:00:00:00:00:00是广播地址
00:00:00:00:00:00/01:00:00:00:00:00是单播地址
这种表示形式类似CIDR
于是我们添加下面的规则:
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
STP的也不接受
sudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
我们查看一下所有的flow
$ sudo ovs-ofctl dump-flows helloworld      
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1)
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

测试Table 0

有个很好的工具ovs-appctl ofproto/trace

不满足条件DROP

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
Rule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
OpenFlow actions=drop

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

满足条件RESUBMIT

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

实现第二个Table 1:VLAN Input Processing

首先添加一个最低优先级的DROP的规则

sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"

对于port 1,是trunk口,无论有没有VLAN Header都接受。

sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"

对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2)
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
EOF

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1)
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop

测试一个从port 1进入,tag为5的

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

测试二,从port 2进入,没有打Tag的

$ sudo ovs-appctl ofproto/trace helloworld in_port=2
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

测试三:从port进入,带Tag 5的

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
Flow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=0
      OpenFlow actions=drop

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

实现第三个Table 2: MAC, VLAN learning for ingress port

对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。

这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。

OVS也要学习这个,并维护三个之间的mapping关系。

在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。

sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI, NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0), resubmit(,3)"

这一句比较难理解。

learn表示这是一个学习的action

table 10,这是一个MAC learning table,学习的结果会放在这个table中。

NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。

NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.

一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。

我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。

cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2

这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.

table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。

上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。

table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int

NXM_OF_VLAN_TCI是记录vlan tag,所以学习结果中有dl_vlan=1

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc

load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan

load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9

output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2

测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。

测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate   
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld                                                
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

实现第四个table 3: Look Up Destination Port

在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood

sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"

添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4

如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。

sudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"

我们进行一项测试

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.

但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
cookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

下面我们进行另一个测试

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01
                              OpenFlow actions=load:0x1->NXM_NX_REG0

                              Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01

下面我们再发送第一次的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01
                              OpenFlow actions=load:0x2->NXM_NX_REG0

                              Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

发现也在table 10中找到了记录

实现第五个table 4: Output Processing

这个时候,register 0中包含了output port,如果是0则说明是flood。

对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。

sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"

对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去

对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'   
      table=4 reg0=2 actions=strip_vlan,2
      table=4 reg0=3 actions=strip_vlan,3
      table=4 reg0=4 actions=strip_vlan,4
EOF

对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'   
      table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2
      table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4
      table=4 reg0=0 priority=50            actions=1
EOF

所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0
cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

首先来测试一个multicast和broadcast

如果是一个port 1来的vlan 30的broadcast

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
                        OpenFlow actions=resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,12,13

结果是port 1就不发送了,发送给了port 3, 4

$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:30,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
                        OpenFlow actions=resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13

接着我们测试mac learning

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,12,13

由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4

$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:30,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
                              OpenFlow actions=load:0x1->NXM_NX_REG0

                              Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 reg0=0x1
                              OpenFlow actions=output:1

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: push_vlan(vid=30,pcp=0),10

回复的时候,由于学习过了,则仅仅从port 1发送出去。

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
                              OpenFlow actions=load:0x4->NXM_NX_REG0

                              Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 reg0=0x4
                              OpenFlow actions=strip_vlan,output:4

Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,13

由于在回复中进行了学习,因而发送的时候,仅仅发送port 4

admin 发表于 2019-10-25 10:00:36

实现第一个Table 0,Admission control

包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。

比如,如果source address是multicast的就不允许进入。

01:00:00:00:00:00/01:00:00:00:00:00是广播地址
00:00:00:00:00:00/01:00:00:00:00:00是单播地址
这种表示形式类似CIDR
于是我们添加下面的规则:
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
STP的也不接受
sudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
我们查看一下所有的flow
$ sudo ovs-ofctl dump-flows helloworld      
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1)
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

测试Table 0

有个很好的工具ovs-appctl ofproto/trace

不满足条件DROP

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
Rule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
OpenFlow actions=drop

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

满足条件RESUBMIT

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

实现第二个Table 1:VLAN Input Processing

首先添加一个最低优先级的DROP的规则

sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"

对于port 1,是trunk口,无论有没有VLAN Header都接受。

sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"

对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2)
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
EOF

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1)
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop

测试一个从port 1进入,tag为5的

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

测试二,从port 2进入,没有打Tag的

$ sudo ovs-appctl ofproto/trace helloworld in_port=2
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

测试三:从port进入,带Tag 5的

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
Flow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=0
      OpenFlow actions=drop

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

实现第三个Table 2: MAC, VLAN learning for ingress port

对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。

这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。

OVS也要学习这个,并维护三个之间的mapping关系。

在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。

sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI, NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0), resubmit(,3)"

这一句比较难理解。

learn表示这是一个学习的action

table 10,这是一个MAC learning table,学习的结果会放在这个table中。

NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。

NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.

一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。

我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。

cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2

这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.

table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。

上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。

table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int

NXM_OF_VLAN_TCI是记录vlan tag,所以学习结果中有dl_vlan=1

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc

load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan

load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9

output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2

测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。

测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate   
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld                                                
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

实现第四个table 3: Look Up Destination Port

在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood

sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"

添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4

如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。

sudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"

我们进行一项测试

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.

但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
cookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

下面我们进行另一个测试

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01
                              OpenFlow actions=load:0x1->NXM_NX_REG0

                              Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01

下面我们再发送第一次的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01
                              OpenFlow actions=load:0x2->NXM_NX_REG0

                              Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: drop

发现也在table 10中找到了记录

实现第五个table 4: Output Processing

这个时候,register 0中包含了output port,如果是0则说明是flood。

对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。

sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"

对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去

对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'   
      table=4 reg0=2 actions=strip_vlan,2
      table=4 reg0=3 actions=strip_vlan,3
      table=4 reg0=4 actions=strip_vlan,4
EOF

对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。

$ sudo ovs-ofctl add-flows helloworld - <<'EOF'   
      table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2
      table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4
      table=4 reg0=0 priority=50            actions=1
EOF

所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。

$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
cookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)
cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0
cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0

首先来测试一个multicast和broadcast

如果是一个port 1来的vlan 30的broadcast

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
                        OpenFlow actions=resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,12,13

结果是port 1就不发送了,发送给了port 3, 4

$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:30,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
                        OpenFlow actions=resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13

接着我们测试mac learning

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              No match

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
                              OpenFlow actions=output:1,strip_vlan,output:3,output:4
                              skipping output to input port

Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,12,13

由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4

$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate   
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
      OpenFlow actions=mod_vlan_vid:30,resubmit(,2)

                Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
                              OpenFlow actions=load:0x1->NXM_NX_REG0

                              Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 reg0=0x1
                              OpenFlow actions=output:1

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: push_vlan(vid=30,pcp=0),10

回复的时候,由于学习过了,则仅仅从port 1发送出去。

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Rule: table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)

      Resubmitted flow: unchanged
      Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
      Resubmittedodp: drop
      Rule: table=1 cookie=0 priority=99,in_port=1
      OpenFlow actions=resubmit(,2)

                Resubmitted flow: unchanged
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmittedodp: drop
                Rule: table=2 cookie=0
                OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0),resubmit(,3)

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmittedodp: drop
                        Rule: table=3 cookie=0 priority=50
                        OpenFlow actions=resubmit(,10),resubmit(,4)

                              Resubmitted flow: unchanged
                              Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
                              OpenFlow actions=load:0x4->NXM_NX_REG0

                              Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
                              Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                              Resubmittedodp: drop
                              Rule: table=4 cookie=0 reg0=0x4
                              OpenFlow actions=strip_vlan,output:4

Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
Datapath actions: pop_vlan,13

由于在回复中进行了学习,因而发送的时候,仅仅发送port 4
页: [1]
查看完整版本: ovs-ofctl dump-ports 输出交换机的端口统计信息,包括收发包、丢包、错误包等数量。