|
|
楼主 |
发表于 2019-10-18 10:50:26
|
显示全部楼层
关于 VLAN# L' y& N4 t! [& V4 Z- o
设置 VLAN tag
3 b7 d- G; V& g0 p* o w4 \
# U: Z6 H+ U: S; |9 @# {, X/ dovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal/ H: x' ?' {& K) a; `
移除 VLAN
, G4 C P9 G. A& h
/ x4 D5 J* k8 ]' z9 {ovs-vsctl del-port ovs-br vlan3* V e9 e% c3 a
查询 VLAN# y! {: @8 e, u( M
4 N8 h, `& J9 x! E; ~5 v
ovs-vsctl show5 n& r" O! c/ e3 a8 h! k/ Z
ifconfig vlan3+ ^; w+ J' ] E
设置 Vlan trunk
4 g6 K/ ]8 |6 Covs-vsctl add-port ovs-br eth0 trunk=3,4,5,6
0 v$ I1 U: C4 ?% [. Q4 g( B
; k! J U- N6 K% M5 l# ^9 L5 `设置已 add 的 port 为 access port, vlan id 9! a+ r1 F3 s- l. H' L# s' }
% R: ^( ]! j8 r* p6 I
ovs-vsctl set port eth0 tag=9
6 E5 B: J2 S: A1 y j0 }1 g0 ?# vovs-ofctl add-flow 设置 vlan 100
1 ]8 Z: w- {* @# k* q E
' p- @% C% B) Xovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3
$ b! D! s& E+ h& i) ?7 S# |ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3% S2 \0 `0 k6 w, u; h
ovs-ofctl add-flow 拿掉 vlan tag
* L7 ~# ?* u. Y- a
4 y! B4 x( b* eovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1: C( ]0 B! B* n' n! m
two_vlan example, g8 W! i6 w: i) ~7 U$ L, S
ovs-ofctl add-flow pop-vlan
% \9 ?! ~5 B X! y7 ], u6 k# ?9 L ?
ovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1
2 R3 K6 e4 L) I( k
0 B* f7 t$ x, H) N" ]: T+ ?" _8 ?! n! u b9 @6 m! |
关于 GRE Tunnel
0 k+ l" j! c7 k设置 GRE tunnel' S- \# P2 a! B; s
, O8 V8 ?) ^: ^5 U" B0 e& P) d- Novs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.4
0 _, p2 p) Q) x* Q( [! U. q查询 GRE Tunnel/ J6 H+ T3 u9 D( B" N9 A4 z
2 Z3 d/ H# [6 D8 Novs-vsctl show
5 ^ g& |( ~& J% K' _- H3 z/ Q5 N+ t0 ~( z2 ^; u$ f
2 ?+ ?3 e5 i4 D# L( g* H: h
关于 Dump flows$ U( F3 q/ Z% I0 }, V: E
Dumps OpenFlow flows 不含 hidden flows (常用)
. D4 Y* L0 m( B4 F1 n' Q% f, R# V8 f2 n' K5 D2 q! n3 s
ovs-ofctl dump-flows ovs-br# I M% O5 Q# C6 k7 y
Dumps OpenFlow flows 包含 hidden flows$ k4 g' D1 `4 ~/ f+ t
3 y# m/ `5 F0 x( s/ k
ovs-appctl bridge/dump-flows ovs-br9 X( B0 U+ x: S) I1 u5 t6 z6 {
Dump 特定 bridge 的 datapath flows 不論任何 type
2 h1 h: ^/ B: O' K0 i& T0 L' e# L# D5 t7 T
ovs-appctl dpif/dump-flows ovs-br
5 `" p4 F" ^" a M, W6 A8 X% CDump 在 Linux kernel 裡的 datapath flow table (常用)
' [+ o" b. S+ y0 X* D1 _5 g
5 X# }/ y( F2 j3 tovs-dpctl dump-flows [dp]
$ `( J. U- l* ^: W% rTop like behavior for ovs-dpctl dump-flows
$ ~9 M) O h6 y# S8 g
4 H7 [9 P0 t9 O B6 I1 G, qovs-dpctl-top4 n8 `9 @9 J- W$ f( V& b$ I
' ?( p; ~) k, b! M) h e. r. k) i- t! I% X g
, q/ z" I' | r7 |, ?+ Z5 ~; b. oXenServer 开启 OpenvSwitch 方式# J/ Q9 ~5 L* a1 K! a
检查是否启动openvswitch服务:) d4 L3 j# Q2 ]( c" J
& z! `5 f M6 a2 m/ T* ]service openvswitch status+ l- ]/ w1 O# C6 F5 ]4 Q
启动服务
" ^ t4 a5 w; }. S: \2 j( s9 n& a7 x8 |
xe-switch-network-backend openvswitch
6 D' C+ t6 u" M0 }2 X2 Z$ Z0 i关闭服务
2 B! F) f7 K4 e9 |7 Y9 \8 f
" S$ z4 }% P0 p9 Yxe-switch-network-backend bridge3 z$ v7 h- R( s: K% T
+ ]# M3 {7 U9 {$ a( x+ @ A. ~# q) V$ w! |
关于 Log4 T: ?% k; f) T; [
查询 log level list
. Q) Z! N+ m+ G5 }9 d
" d. u P) F/ k9 v; Kovs-appctl vlog/list* B$ k( ~, x' }- w& \ w% Z$ m2 |
设置 log level (以 stp 设置 file 为 dbg level 为例)
7 q* V' R0 }; Q
3 N- l1 i; G, V" j: Y) Qovs-appctl vlog/set stp:file:dbg
0 e+ E8 j# Y3 O8 g/ m9 O9 x/ n) bovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}
9 H$ R( j. o, [$ Z+ R8 C* `$ t% Z* L2 O. t+ Q
( s; v, L. g1 K: X) L
关于 Fallback
& \% M4 Y& ], t/ UController connection: false 的时候, 会自动调成 legacy switch mode' N/ A" X! [( A# P5 o- J A
) h! i, S8 X7 t& X- H9 ^" `
ovs-vsctl set-fail-mode ovs-br standalone
* Q! `" z$ ^( P* {. g; o5 l无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default), u8 _6 t) P) t4 Z* [* x
. H7 q5 X3 n& J$ _
ovs-vsctl set-fail-mode ovs-br secure
) o' j0 F% `+ L. r: \移除4 P) ^$ |4 D9 i! v, Q, T
" o2 B1 D, u- C1 L9 z
ovs-vsctl del-fail-mode ovs-br
g- I0 e5 ]8 ?$ Y7 X查询 d, m9 G- p: f3 s0 E' Z8 k
% u. E- l0 G; w; Y& r, F9 povs-vsctl get-fail-mode ovs-br9 _* F+ f+ B6 M; O# h3 t
: r* T, X9 Z% [" \4 A6 Q
" M: G) D, P* X/ f关于 sFlow, \) A/ n: e$ Z- t
查询
0 J5 O9 W" C f! X
8 V, F8 }5 ~) k1 zovs-vsctl list sflow }% d' I9 ~. K$ \( @
新增
+ m5 y1 Z- b; b& o+ r/ p
, ]8 b2 ^ l0 z" TSet sFlow 缺7 c$ M. o# W* @- V/ Q( }2 ^
刪除4 n+ p0 G$ b9 [2 r0 W6 M
) Y. w7 ~# T+ w' x* N7 x7 {ovs-vsctl -- clear Bridge ovs-br sflow( M6 @, c; @: s
7.13关于 NetFlow
' @& X) b! z: \4 ]' t7 b# q查询
. c% g+ j: n4 |4 s7 J, s0 s) y ]# s4 Z1 [
ovs-vsctl list netflow
. x1 g; |$ ]3 U) C6 D新增1 X* X. o# X8 }
$ _4 V( G* \1 ^( ]4 j$ L, @+ Z4 G
Set NetFlow 缺
4 A |9 L% k$ n: q4 q1 M% x y刪除* b9 m$ H/ b+ x' R
8 H; Z: ~& Z) H
ovs-vsctl -- clear Bridge ovs-br netflow/ u; l- `! ^" [, i; |: c3 x; Z
7.14 设置 Out-of-band 和 in-band
) z5 j; X: C6 b/ L查询
3 [/ I) _. y6 E3 P! W$ A
* D2 Z8 {" O, l* Z! \8 R; W0 a2 [ovs-vsctl get controller ovs-br connection-mode6 F% b( e# U* |: ~
Out-of-band
' H |, t: }+ D$ \" C( q
; I+ z' `9 j5 K9 q, s/ {/ |ovs-vsctl set controller ovs-br connection-mode=out-of-band
/ y5 _9 m2 t' C' g2 T' e; iIn-band (default)
5 A' c: W# ^: X* k O3 T4 G+ s. k
" F: x6 d$ \$ Lovs-vsctl set controller ovs-br connection-mode=in-band
3 {& u; `3 v3 x1 Y/ l0 F l; f6 \移除 hidden flow
, G- B6 d( y& T7 j3 w9 u
, j4 f) P: k# |, Q Aovs-vsctl set bridge br0 other-config:disable-in-band=true+ ?" b8 M2 y$ x" I) C- c9 u
7.15 关于 ssl }& m7 Y9 S# Z L+ u5 p
查询
\3 n! B) u1 ^5 y1 |' q. d! d" h# a0 u% y2 G6 o
ovs-vsctl get-ssl
# T' S% D+ ~ B( i; b5 V/ }/ S, n设置$ L1 ]8 `- W% b$ L5 {+ G: N
4 K! K1 _) r0 ]! P+ R3 X2 \
ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem
, y# {$ I; l) |5 t% c8 H* D: _OpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl
/ S7 `# `* B2 B/ V9 U- B刪除1 V( o; L8 m& t ]* K
4 j+ w' s- U8 Q& r9 F% ]/ rovs-vsctl del-ssl/ U+ I1 L5 s. y4 Y& m# J
7.16 关于 SPAN& L% k! [* A ~( ~% w
详细设置+ ?, w0 ?' |, S' t# v" W9 U/ j- d" e$ v
0 A4 n. N3 B0 \/ F5 wovs-vsctl add-br ovs-br+ h7 |3 Z8 g X' p) @6 ~& H
ovs-vsctl add-port ovs-br eth05 G5 `: i6 ^; p8 D# _ t0 F
ovs-vsctl add-port ovs-br eth1
: u% k' [* {3 l) [. t" Wovs-vsctl add-port ovs-br tap0 \( ]3 O/ ^% \8 R- D# m: ]
-- --id=@p get port tap0 \
2 n. ?1 h& {' u3 D6 w, n" M -- --id=@m create mirror name=m0 select-all=true output-port=@p \ o% C& e- Y# v) \7 T5 k
-- set bridge ovs-br mirrors=@m( _& X: ?/ z! @4 C7 ~1 R5 D
将 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0( m0 N* s/ C1 v* Z5 E
' Y" i- e+ z7 |1 c* H8 ~! z
刪除; a% J% ?" c2 L& ]
, z ]; k) E8 Y* V+ l7 s* M
ovs-vsctl clear bridge ovs-br mirrors # 關於 Table
& w7 G( r: S1 ^6 O查 table ovs-ofctl dump-tables ovs-br& w' _( [/ ^) G7 B ?# i& R/ T1 s
2 V& [5 t- |: {8 {. v- ~' J7.17 关于 Group Table5 \- G* B: T5 N# L% y
参考 hwchiu – Multipath routing with Group table at mininet
# s; }" g: ^3 ~5 U
" \4 W5 Z3 b4 f$ E+ y- T! Y9 [. m' A建立 Group id 及对应的 bucket
( j+ S3 I1 t" Z/ k8 V+ _4 t$ U" _- P0 U, M. y
ovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3
+ ~4 J& y. b6 ?5 M% e8 otype 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/ope ... upmod/#GroupMod_1.3
6 A2 s. B9 ~2 B% }: C4 N: i: g2 i+ _ p" G
使用 Group Table
' `( U- ~- Z& I c
`& G) [3 G( U( fovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:5566. |, l5 N& A6 d. w6 R3 X6 T r
7.18 关于 VXLAN
& n6 X- ~2 t: s; C参考 rascov – Bridge Remote Mininets using VXLAN% d' w+ ?% N7 k- U3 e8 W- w
1 s: ~: a( w! ], u4 S: W建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9
- N( ]7 Q, `2 j7 x. H' P4 p' G3 y: Y) v: f9 o
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9
; q! A. o) R1 ]- e. R6 Y3 y# b! FVNI flow by flow
5 L+ }0 Y. m, L: u9 q( q( p$ r( y9 Y. R
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9' a7 A1 Z6 M7 r) o# s! {
设置 VXLAN tunnel id
$ N$ ` J' e( w; v( r7 t) k
# R) ^# I# n, k: vovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:28 x D+ Q& V9 w* i0 \$ Z+ g& @
ovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1
' u7 \5 Z, y2 [2 p7.19 关于 OVSDB Manager
- N( g+ T7 y8 A% G参考 OVSDB Integration:Mininet OVSDB Tutorial
2 i5 X/ L2 v) G- q7 z
6 u; L! b4 v# zActive Listener 设置
' i9 [+ V$ w# k2 K7 R. d5 q5 G! ]- K( t/ k7 x8 ~
ovs-vsctl set-manager tcp:1.2.3.4:6640! C( `# U1 s z; q4 [. `9 D
Passive Listener 设置! {6 X" [& H! X( z$ U, |5 {3 V
/ Y- Z# {* C4 f( I1 M" C. govs-vsctl set-manager ptcp:6640
( @! X% @9 k3 p7 T2 \7.20 OpenFlow Trace
" T6 C6 r7 [ c# c2 d! xGenerate pakcet trace% Z* `1 c* T6 ~' j
. G" W' n0 p- j& a1 h' \+ tovs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate
; n, b/ c" p1 {0 F( t4 K* n7.21 其它
4 |, U2 G, T& J1 @' P: Q查询 OpenvSwitch 版本9 c+ ?; D7 p- t
% E) h. Q' D) a5 @ s" J( Y
ovs-ofctl -V/ ?8 Q4 C X( i# t8 [2 H
查询指令历史记录0 _# c! `8 N) j
" f G0 Z! ~* Z" B7 ?4 k
ovsdb-tool show-log [-mmm]" J2 t! E- j' n0 @! ~# ~4 @7 Y. k# y6 j
|
|
发表于 2019-10-18 10:38:50