|
|
楼主 |
发表于 2019-10-25 10:00:36
|
显示全部楼层
实现第一个Table 0,Admission control
! h% R/ R( t+ j/ ?0 f3 J4 r& b. v3 U% ~4 X$ f' T# _4 B3 r" K" g
包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。/ w" k+ A; u# _, \+ k8 Q
S7 G- c$ ^5 j9 b: f4 _: V) M9 O
比如,如果source address是multicast的就不允许进入。2 B: h) K$ u; a9 N
; P$ e, [" h/ I' e. i( `' y" X
01:00:00:00:00:00/01:00:00:00:00:00是广播地址+ d1 b# K! B m; Y* s% r- U
00:00:00:00:00:00/01:00:00:00:00:00是单播地址
) }0 {& [$ l7 [- V这种表示形式类似CIDR
' @# @ v5 K' O3 T' |3 z于是我们添加下面的规则:
9 f8 }* s# R# d! {' Usudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
' C, ^/ {0 e! fSTP的也不接受/ S% n7 C1 F3 Y8 X
sudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
( P6 \. v. h( E u* x3 m" ^我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 12 g" `/ A- O% m% e
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
. O/ s3 D. X1 Y g1 Y" h) Z X我们查看一下所有的flow3 {* {: F' U! M2 K! ^
$ sudo ovs-ofctl dump-flows helloworld
, i2 _ V0 [6 \6 h* o7 @* _" WNXST_FLOW reply (xid=0x4): 4 y( T& m6 i' B7 q" w
cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 4 u P: E O9 U t4 V% Z6 h
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 6 A( B- v# @6 z [8 ~( Q
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
) J! g- K: _( h. q, w5 P3 G5 X+ R: l% c
测试Table 0
' j1 V" n+ Y: ^ F' W* Q7 S$ n+ A6 _3 q M; ? Y
有个很好的工具ovs-appctl ofproto/trace
; K9 g( [% q1 y2 C- F! w5 r
* J% q d" s8 o+ |1 r- q不满足条件DROP8 t" d/ \, C. h- r) U$ \
2 a+ W5 J8 ]" r
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
: C9 X+ H3 s; vFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
2 T$ D, K" `$ s( `" _" hRule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
2 i- D- l' [9 YOpenFlow actions=drop4 g$ Q2 ~' X5 N* [6 r
* e) h5 K. H6 r1 C: |6 x6 F# y
Final flow: unchanged
( s* V3 `0 q& n. v: tRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ' E; z8 d3 |; n7 V8 ]2 P
Datapath actions: drop
& h$ j: B( n* m, C5 v) }% L, Y+ j3 ~0 \/ R+ d
满足条件RESUBMIT# B- H2 f1 L& v: R c4 ?
7 f& }( u$ ~! g- @6 t7 o N, L+ E
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10
$ m' t' H5 B0 b7 I4 r _$ a7 cFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
/ l3 k6 V$ S6 {1 V2 Y! ERule: table=0 cookie=0 priority=0
6 }3 b V( W- t4 c) oOpenFlow actions=resubmit(,1)
2 x0 B2 X+ Q$ g6 K: q
7 j% [1 m3 z b: `, z+ J. ^ Resubmitted flow: unchanged
" M& C" b( {0 r1 [5 ] Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 }9 E7 n1 {/ r+ o$ K0 _
Resubmitted odp: drop
4 k$ [0 K2 ]# e/ ?/ i No match6 l( e, F$ X- L+ Y, ]4 B3 P! m
! ~8 N' _+ o1 Y- hFinal flow: unchanged
8 X: I8 }7 P; n# I7 F( P- HRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no $ s! a& {/ r, |2 t ?6 F
Datapath actions: drop# C! P) ]1 ?& M/ a# B
- T! K% F) {( d4 T; }
实现第二个Table 1:VLAN Input Processing
7 M& u0 p ~' b# }9 u
& @! G7 |0 z. d+ }8 v p/ }首先添加一个最低优先级的DROP的规则6 Z0 l+ c1 a+ p# l; G! |
- G D- D7 I" k" E4 ^ Ksudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"
% M) ?1 v- S! V2 z% k7 v* ^& {- I, ]8 P7 l6 \8 D
对于port 1,是trunk口,无论有没有VLAN Header都接受。
* w: T: N; I9 o2 W$ S
/ T6 U! F' n4 }# M9 {sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"% u L$ k; ]$ a! G; l- G6 ^+ `
# x9 i: p3 m! ~( n) Z, g
对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag
* e% ]7 a, q' P' Y3 T: r- _' ^5 q
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' ; l' L+ n' _) U
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2) ) }% Q6 N: ^4 d
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) # ^. l. Z, m E1 l0 N
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) 1 O. j& P5 }9 I9 t* T! @
EOF7 S! I3 ]# @+ ~+ p
% D8 h. o& Q) B$ v2 j8 [; L) c
$ sudo ovs-ofctl dump-flows helloworld
4 }' w5 h% t7 [$ M7 u! {NXST_FLOW reply (xid=0x4):
3 ?9 s, d& _/ K% Bcookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1) ) Q8 ]7 R% ]0 n7 m0 ^
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop * z" H m5 C) C
cookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop 5 G. V" X, ^7 p' |* R: B! O
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 3 b9 e3 _- l7 j9 c3 g; q
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
2 x9 H1 ]1 b4 K9 b$ @: Kcookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) - I* I+ X1 U3 D: h: Z
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
, A# @- s6 [7 p' ycookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop6 E9 `" R3 P) m8 ~, d& a; |
% n. }1 F! E6 G测试一个从port 1进入,tag为5的/ b- B3 O( N- h$ G0 B4 v2 c
* o/ k' t7 E( d1 M, r
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
1 l$ b, V! b; Z7 x! i$ xFlow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 3 D2 z. V4 G3 Y. v" r* h
Rule: table=0 cookie=0 priority=0 1 ?$ V4 _, Z( k2 l/ d; _7 w
OpenFlow actions=resubmit(,1)( U' s" G1 H8 k: k$ @
5 R X1 o* H- ?4 d
Resubmitted flow: unchanged # G8 S3 o+ b1 x$ q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 # P. c" R, U" k) D: \) P j& U; X5 ?
Resubmitted odp: drop 9 n( ]& {. l8 `6 B4 r* y/ `' ]
Rule: table=1 cookie=0 priority=99,in_port=1
m/ M' t& U' T1 D OpenFlow actions=resubmit(,2)
6 I- B4 u j( G& Z1 U& }" m/ W2 S# K! b0 A( }" t
Resubmitted flow: unchanged # {0 {3 }9 h' e ^
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
$ h6 w$ b( _( W. T+ L% [ Resubmitted odp: drop 9 V- e5 [; a( t5 _6 J# { c# W Y$ {
No match |6 _: B5 p0 w0 a% G8 E% B) g
/ }) @, R# T8 @3 r7 S1 {Final flow: unchanged 3 J# e9 K2 t( v" `. p7 {$ m
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
0 w3 k2 y4 f! r. V+ C" p5 wDatapath actions: drop9 z `/ B! f; T5 g9 M9 K3 F+ i
% |% X7 O0 R, s) h
测试二,从port 2进入,没有打Tag的
2 w4 l5 w4 a% y' ]& @& r7 B
" w& q4 o' N ?) U& \$ sudo ovs-appctl ofproto/trace helloworld in_port=2 ) t; b; m( X$ b- w$ O0 C
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 - c8 ^) m1 c: }' @; R# `+ L& n
Rule: table=0 cookie=0 priority=0 5 p1 d. T- v0 v( e; V- l" X1 W
OpenFlow actions=resubmit(,1)
5 A6 i3 X$ K& M9 e5 ]
9 m0 o$ d n. `0 F7 y2 J& i Resubmitted flow: unchanged
0 G( R! \! U' R3 t Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 P) b- _, c" w1 G9 V Resubmitted odp: drop
0 U3 k! S0 x b1 y' ^/ _ Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 + l1 p1 \7 P: n; v- B
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
- c7 {7 {) ?+ v: |( z* f3 `% a$ t7 S# d: P- v
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
8 a; {2 }( ~8 _+ |/ v7 ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ X, h" a( a: i/ c' |- l
Resubmitted odp: drop
|: b0 M- a+ d1 D+ x No match
V; s) j3 C% h3 D/ N0 M" E6 H' \+ r; y+ z6 u |4 j% x) w/ w
Final flow: unchanged % A7 E: w& p' p' m. x8 C
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 7 f0 I! J3 i/ T7 a
Datapath actions: drop
}1 ~ X% e9 u+ H& C, z! Y+ _7 S$ I! r* L- ~
测试三:从port进入,带Tag 5的
/ L8 x/ _# \; t+ P
1 A- H- x/ F6 K- ^3 @) Z$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
( ^+ Q* u. }/ w* Y' e, jFlow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
% A5 e ?* _' M: @' K3 xRule: table=0 cookie=0 priority=0
" j+ k8 K: x: y( `+ @! IOpenFlow actions=resubmit(,1)$ ^' O9 E6 `* S( w* e' w l+ w: j
, B ^' g/ O) c% l5 n k Resubmitted flow: unchanged 4 f8 S# x( ]- K8 x
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 " m5 K2 i( a* }, P; L4 k' L9 N& \) t
Resubmitted odp: drop - [2 y; v! j1 z0 }
Rule: table=1 cookie=0 priority=0 2 R- R, M/ P+ Y' r% }1 H# H J2 V# Y
OpenFlow actions=drop5 ]' a) R7 G" |, b( R( Q
! f4 \; _; J. S; C! XFinal flow: unchanged ; d- \2 t8 K c# }9 {& f1 w- n
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
1 G/ Z' o; E7 B, w8 ODatapath actions: drop/ e% ~* o7 P+ O% p$ t4 K5 R
7 C3 G& J/ z+ ^0 p; V6 z. _0 b实现第三个Table 2: MAC, VLAN learning for ingress port
3 O" t7 F: v5 ?# w* | W
9 U4 }$ l5 W) o% P9 y3 S对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。& h- S6 S. i* z/ z
4 b; G2 ? q. |4 E o这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。; ?) b1 @& u1 B% H" q% C
* l2 f4 G$ x9 U9 M# X: r# }1 Y
OVS也要学习这个,并维护三个之间的mapping关系。
) U3 e, q0 ^0 k8 Q
4 Z0 J, c# I1 Z. |$ A: s6 E在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。8 Q) x/ o9 g& n0 X
2 |0 u' b! h! y' Z
sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"
$ M8 J1 C) I& n8 `7 t, X& x s" p- T x. ?- Z, A
这一句比较难理解。( P9 z) W; R1 N- t
% X2 A A4 h3 h# plearn表示这是一个学习的action
: m s$ X& N6 M
& M. |4 F+ q: s; gtable 10,这是一个MAC learning table,学习的结果会放在这个table中。
, C* h& T1 }) x# B
( x7 w3 ]3 N: @9 I- @NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。
+ @6 @, h/ w7 m) y
7 b% W* t$ w9 b# z- N0 D. }NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。
% u) Q9 J; ]% X2 O
" i( u2 w4 I( [1 c F4 w! P! lNXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.5 y' N; e- U' V2 J
% u" w- _$ U* F* F6 N- [$ \. L @
一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。7 v3 ]9 ]* q' Z; G$ D# J# A" O
- h% y# k+ E/ S, ?7 t& o) t我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
5 Y2 \9 `8 g) {" P, ~+ D: D+ t1 @8 d
cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
& R% Z8 g2 j Vcookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21) $ i5 U! c/ B; N. N% o+ \, l4 ~. _ I
cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
& b: ^# g) [+ D; `1 l' @cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop 0 k. M" ^4 J1 X H$ g* g
cookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2# N% }! E5 q( {' g7 h" J
* _7 V# c; T/ [6 n& p! D* |
这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21./ h" Z- d; c U! b# l
( g9 j. }+ z2 j8 }
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
7 p! P" R. g* d' R2 P- ], e$ s: F/ C, q& @* w R+ J- Z/ m! m i; k
上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。; ^" ?& [+ [& v5 d( H
# u: I; I, H- X$ n2 Ktable 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int. h+ v; E B9 w! y
9 ~+ [: t+ Y5 P+ o3 x. m( Q
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1
& [7 F2 R2 S, H5 r+ W8 P
( F! S/ g3 b2 `0 W' D" B0 Z: K1 XNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc
A+ Q Q1 R! `; a+ F: r; s$ ?+ N! T
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan, j6 W$ }+ V; L5 Q ?$ L
6 i, Z z. }0 A& j# ~9 }3 ?2 g
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9( o+ j! C/ y2 t, m8 N' u" A1 z
) \# J0 b- \& f- p! L5 f7 {output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2
4 J$ v y+ _; p: ~' R5 o( R( X+ t! p ~' g, M' H" p
测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包
9 L/ Y" m% z7 ~
9 `4 Q' [. n1 g+ r1 [8 ~8 a7 q$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate
9 k' E8 s6 C$ q8 ]Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000 , Q1 u* p8 X7 t, K4 D+ f7 ]
Rule: table=0 cookie=0 priority=0 1 l9 X, q0 j0 O7 h8 Q6 v/ U
OpenFlow actions=resubmit(,1)
/ L, K" o$ |9 E7 m8 f+ | J* o: K& o
Resubmitted flow: unchanged . @% D. s2 C" s8 D( s- S
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
" M% N, h; y( L, o2 c+ n" { Resubmitted odp: drop
: D0 Y+ u6 E$ y. z* z8 G Rule: table=1 cookie=0 priority=99,in_port=1
4 w% U+ m% M# r) K1 d OpenFlow actions=resubmit(,2)
. z0 e" N9 p/ c) U0 V
l( @/ a& i3 w9 M Resubmitted flow: unchanged
5 u$ N% a$ ?! H8 _3 K Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - G( r/ E: C- F/ ~% {( D6 y
Resubmitted odp: drop
0 @- L- p" {, P5 P0 D3 b w# e Rule: table=2 cookie=0
3 X2 O( ]! n8 K: l4 D D- `+ }& O OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)3 }# J; P# g6 _- X
2 ]( `0 d$ N2 N
Resubmitted flow: unchanged 1 c& C% F! u1 g, P5 A
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % t. H& ?% M3 ?0 c0 V
Resubmitted odp: drop * _8 g0 w9 a6 ?. l
No match
. n4 r; F F$ s$ o" B1 D# I& l" M4 W& L" i& f
Final flow: unchanged . k @7 f! Z5 s% o3 s6 H
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
}5 B" ^* Z. S* }* A1 pDatapath actions: drop
' O. e' d/ X3 u1 h$ ?1 {7 j1 y
' r" i; _0 s" A$ sudo ovs-ofctl dump-flows helloworld 0 @8 A( \, N! ?& o
NXST_FLOW reply (xid=0x4): , k! m* i3 q6 D8 d0 J
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
6 d6 e8 M0 P% ]+ x1 i' J$ {; ]# k0 Ucookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
, p5 h# x) D8 e3 \cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop 6 H6 s0 W# B' v2 P `
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 1 J; [, K' [. a5 g/ B+ B
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) * u% g" y) U5 B% E! Y+ n5 z4 E
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
2 E3 T/ x3 U+ R' z1 S. x9 bcookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
. _$ H3 {0 Q/ m% c3 [2 mcookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop # u- f2 ]& @5 ]6 W3 d; w
cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) 4 q" L' S' q1 D2 Q$ B3 i% g
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]5 p/ m/ M) u# ]. v+ v' L
5 i2 x6 {# a: g% X H7 ktable 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。) D, [( F% D% ~/ m4 G9 u6 h8 e
! X4 j3 i5 Z& j' _测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02
/ n( d$ ]( ~0 V9 T+ F* ?8 L* R: Q' _% Z4 V! v4 \
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate
2 D7 ?# e/ J0 JFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
5 W9 \1 a6 v7 } t; p: zRule: table=0 cookie=0 priority=0
0 f0 f* U* I5 }OpenFlow actions=resubmit(,1)5 l/ |) R* j1 l" K7 L5 @: A
4 x3 y8 d, E. B; y
Resubmitted flow: unchanged # N( _9 O! M) a6 ]+ o% \
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 a! _4 A+ u9 l" l. c9 `) e
Resubmitted odp: drop
' L9 `" E& y5 o Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
- V8 N( d- X4 B8 W2 O OpenFlow actions=mod_vlan_vid:20,resubmit(,2)0 g: ~4 b: ]4 b* y+ ~
( Q5 I4 J3 m4 Z3 h6 i# y9 E6 E2 V
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 / z( K) Y$ @& G& x1 ~+ j
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
p& O# w( s2 ~ Resubmitted odp: drop , i N8 n# R+ @+ I
Rule: table=2 cookie=0
& l( |+ C- @: U3 O: ~' f9 D OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)9 C+ Q* z3 @$ @* g q
7 R1 ~. I6 F& g4 P2 s Resubmitted flow: unchanged
/ D/ F, i$ U8 \. m: w7 w' S Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* q' a2 ]( E1 u \/ f$ @ Resubmitted odp: drop , F* J, D) c4 w
No match! n- H* d, u( t
% x( B2 p( N9 S6 H/ M3 |. CFinal flow: unchanged
3 F/ D& e) B: D7 a% ^# [Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
" @/ p( C5 K7 c$ U0 {. fDatapath actions: drop* S# s. a! u4 [, @
* z7 \. W5 j, H) k9 q
$ sudo ovs-ofctl dump-flows helloworld * I4 j1 A, J7 v6 ~: H
NXST_FLOW reply (xid=0x4): $ h0 d$ O% ?4 U2 @) E7 d
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
% |5 t+ E6 Y- r& |3 `: ~/ B) g! Bcookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop % M$ b. ^1 z- k. g7 y% j
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
# P* d3 j0 Q8 x4 t$ tcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
$ F/ K9 A3 k1 y/ [4 M( ucookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) , D. Z; G/ s) j1 F, n9 s
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 3 J4 O$ l4 V- t, a! y; g
cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
/ l5 p W, h9 c7 gcookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
. s6 b v/ a8 i8 Icookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) / t: m" Y! }0 {! @
cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] % ^( w Z" }* B) W( L/ B4 @
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
7 }- Z) q5 ^& q5 R% c
) }; Z) P+ z" I6 v! y* o& g$ \实现第四个table 3: Look Up Destination Port
9 X% n! ^2 o$ o+ s: o3 E0 W& k2 B+ G2 d9 t
在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood, m& }7 H* T3 e o
3 w$ o! `. _/ L2 y6 J, |sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"! N. c H; R) K
) k2 u3 x0 j, X3 r! E# ~& |7 I添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4" h/ b2 h3 `4 W1 K7 O# k# t
! h% u9 `$ V/ J1 C: R: ?
如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。: b! A0 }' s4 l( f: K
7 k3 J* F* P2 @; B2 `, K1 ~sudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"' D9 H$ E) p3 j* K; j5 z" d: i, I: {
* [1 M9 v1 i+ ?' ~3 G! O9 n
我们进行一项测试4 C2 V- J& G+ ^- \$ G1 e
2 i7 F4 |$ x. K* A5 `! k; J, R* G. i; p
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
- t( p9 ?) ~3 [8 XFlow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
# p# C& l) S# O/ |3 zRule: table=0 cookie=0 priority=0 6 O, p' i2 V0 c
OpenFlow actions=resubmit(,1)
/ P- X9 |4 l' c n* s- `; a% o# e; N U; |1 ^9 w
Resubmitted flow: unchanged 2 \/ Q9 b- W- D3 m
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
( e; Y) U ~3 e; K* N# _7 c2 [ Resubmitted odp: drop
) t, Y5 t' I5 C9 j8 @. r Rule: table=1 cookie=0 priority=99,in_port=1
4 m0 u" G8 q- n* Q9 q& r+ Y8 x2 B# H OpenFlow actions=resubmit(,2)
! p. C* n$ t7 h! x" Z& l8 J0 c! X: N: a2 a: i) ?
Resubmitted flow: unchanged 3 O- P( e" S. U" f
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
- C9 a) G. A& {( X6 e; T' m: P Resubmitted odp: drop
5 P7 \; g6 ~0 r! C/ X+ c Rule: table=2 cookie=0
! N5 {- H: R. W OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
0 I/ @; l3 W9 p( j, k! a/ i6 g( [# y
+ N7 R5 U6 ^5 r, u Resubmitted flow: unchanged
6 J5 X; D0 I# g( f Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 H8 |. c3 V+ H$ S2 L
Resubmitted odp: drop # K/ y( \! B' f9 h9 O
Rule: table=3 cookie=0 priority=50 ( a& l) L, Y1 G
OpenFlow actions=resubmit(,10),resubmit(,4)
' x* N: |2 c# ~. ]# M" v2 L9 Y3 s: v) a- d# _ i1 a# V
Resubmitted flow: unchanged ! r! O& v- M; u
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 7 B" ?; m: P+ {! M
Resubmitted odp: drop * I/ N8 a E2 ?2 A
No match
1 @ j, V3 |2 N9 g
! d0 ~6 J7 `9 f7 R. x* S Resubmitted flow: unchanged 7 a/ w, C( `& u3 ]* I6 Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 . P6 _1 u5 s, z) J( _5 Z/ o. d0 E( k
Resubmitted odp: drop ' i* e5 z4 Q# |$ v
No match
; C Z% o' Q0 D' l' P4 Z% }; K
; J6 H5 U* U8 mFinal flow: unchanged ) n/ R3 ]9 \& t" T. O
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
( N: V7 q/ Q, _1 _5 _Datapath actions: drop
J5 P& H3 J/ d8 q0 K, d Y# `7 g# V7 v) n1 b4 I: J
由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.
! P- ?3 ?( w5 H9 R
E0 m% w$ W: ]" h4 R- a( b" V但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01
! o6 r- O5 d' n: t! H% x' B
@; @7 U$ i+ W8 p: q: O$ sudo ovs-ofctl dump-flows helloworld - c7 C3 S2 f4 n( Q( ]
NXST_FLOW reply (xid=0x4): 0 y" N; l* Z) J9 V' l- m6 z5 K
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) $ H* H9 {8 G7 l. }- v+ S$ a. L- @
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 2 c8 S4 ^. ~- L
cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
- f, M6 c6 D6 Acookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
" T1 Q' l" n+ z) Ccookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
- z7 o3 B" y( hcookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) y& o0 D9 Z' g
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
* n3 M8 T; K8 d, gcookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop $ t% I3 D! [& l! U* }$ t
cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
6 M4 N; w+ R3 Q# X" V" m: u" K+ `cookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
& |- c0 r1 E6 |: {/ Ycookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
1 F3 k8 v0 n0 g! M2 v# |& \ cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
9 z/ [- B7 ? \2 ]; bcookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
e1 N% d/ D7 C6 w d0 C6 ?cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
8 z0 ]! W9 X3 F3 K5 H% j
. z9 l+ M, ?$ G7 e) ]4 d% y. X下面我们进行另一个测试' F; J3 f; I2 Z( {( o7 l
1 u+ {9 n* u# z$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate
9 d4 I: X( ?& w2 A, Q5 I: L! BFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
0 s! @9 h5 H9 A5 ^7 q2 A# VRule: table=0 cookie=0 priority=0
4 i8 b/ v! o5 Z9 WOpenFlow actions=resubmit(,1)
' i2 G# J7 R% T% [8 y9 P) ?
8 w0 A. q; ~# @& E9 S* W Resubmitted flow: unchanged
( l% o. R' o5 }5 c' Y Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' t' Q# }. _; R9 v. s2 U6 H1 G& @; R
Resubmitted odp: drop
' I2 E! d/ ]; F7 \% B* g/ e Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 , F; O" H+ E6 y2 a4 e0 h
OpenFlow actions=mod_vlan_vid:20,resubmit(,2). O2 V3 G J% Q8 m9 B( D4 B
$ c, K7 M: s) p4 V# r ] Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
7 W7 R5 W T2 E/ t; d# J Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. c1 f" Q' _! t8 |' ^ q& `9 f- @ Resubmitted odp: drop ; N& x; q% u8 H) U7 a/ i" ]
Rule: table=2 cookie=0 ( q) W5 i% `* ` V& b7 o
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)- z& E7 H9 z1 ~7 W+ ]$ q
- {$ L0 A6 U, Y8 g
Resubmitted flow: unchanged K- V; O& ]6 G' D! L
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 {" r. N* i9 \6 R1 S! ^ Resubmitted odp: drop + [) ?: T$ h9 K& O
Rule: table=3 cookie=0 priority=50 " k' M" N+ \; P" t
OpenFlow actions=resubmit(,10),resubmit(,4)
6 t* `6 D* W8 g) G7 Y& N% K6 |9 Y" O: A2 m, J; j0 Z
Resubmitted flow: unchanged
$ o1 ~: n4 O- T$ q( h4 }) O4 c4 o+ u Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' ]1 s$ y t2 ~/ [% V+ q
Resubmitted odp: drop * l! w' a. D4 [3 T" S
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 & ~4 @# z ^* D+ p; T c
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
) F6 O+ w" o) _3 d- ~
3 N( P2 h/ ]+ y2 f/ H" {( L Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 6 `- f u) L7 O4 s( n
Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 o- \% M5 |5 c5 K0 M Resubmitted odp: drop 3 ]3 B! W* m' k9 C
No match, G& b" Z* f$ Y: \1 F# a8 |$ w
; @) X: D$ d+ Z# T, YFinal flow: unchanged 7 B" \: M3 \/ U B! S' `3 j# y
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no
+ q( v$ W; {5 m7 _% t. P5 d7 FDatapath actions: drop4 i- d4 c- ^/ j* c
) W0 V' l+ B( `* j8 V
因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01
4 u8 B" D, [8 C$ F' p* {: o# `3 _ q, F: W0 L
下面我们再发送第一次的包
5 \7 V) n! |8 \% V O6 }' x+ [6 |" W" H0 f& ? l) N: C
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate 9 n$ E( X2 S6 G
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 ! p9 T/ v1 T' v/ ^
Rule: table=0 cookie=0 priority=0 4 q c) B8 Z7 o
OpenFlow actions=resubmit(,1)
% m1 I: O& K, ~/ _& K
# }( U1 u% B1 t" a0 J+ B Resubmitted flow: unchanged % ^3 n3 }2 @& R3 D* ]( k7 P/ T" g1 X
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 / R" b4 E. L* p/ M% Y: a$ {
Resubmitted odp: drop 8 H6 J' M+ a& N3 M1 `+ E
Rule: table=1 cookie=0 priority=99,in_port=1 ; w2 s' ^" u. {; ]; J: [" s
OpenFlow actions=resubmit(,2)( C7 A2 j4 j# X/ q
0 f% Q4 C! s5 L& Z6 ?" T. b4 I# O Resubmitted flow: unchanged # P S5 h. p4 O/ w, Q6 U+ ^
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 T7 q4 C& r- N
Resubmitted odp: drop
9 p$ R5 N$ Z8 E* s# v4 H Rule: table=2 cookie=0 1 O3 c& @" M7 M! @) a: [
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
% `# ]# y1 C9 X0 ]
0 z( B) }4 m9 P" b) N Resubmitted flow: unchanged / D6 ~. z4 W2 m
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! f. F! d, v; p+ a$ T2 P2 p
Resubmitted odp: drop
8 `( L; v' v8 |' V' [" r Rule: table=3 cookie=0 priority=50
7 z5 O/ P; r# q+ \7 b OpenFlow actions=resubmit(,10),resubmit(,4)
0 s# x1 d7 f# j- X) i6 z3 m4 H; @
2 o0 c S% _6 K* X x6 l Resubmitted flow: unchanged 8 {6 `% T) d! q) T% _ {+ |
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' F/ ]( s. d. Y9 r! O: p Resubmitted odp: drop
/ I, I5 f7 K$ H, Z8 k' l8 {+ N; ` Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01
$ _! f# ]. ^$ H# ~' }7 l OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]
& w( \8 y5 i& h0 C! _; s
+ S$ |6 v! f9 ?' a, z& b8 R* i& x& C Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
. G' |$ G# Z1 s+ W* j4 \ Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 x' l' h% b9 m& ^$ N/ J# r Resubmitted odp: drop . N: L# C* I3 K- @' Y1 ?
No match
; y" w; K- F" C) H$ r) X
; P% ~: I- y; X* v3 S# x+ eFinal flow: unchanged
) F7 h9 O G3 lRelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
4 Y: f% D/ H2 M4 P9 LDatapath actions: drop
$ }1 Y1 t% X5 W+ a- g
! K* s/ f/ \* n4 k$ q发现也在table 10中找到了记录. ^9 M! l+ {$ D3 |- E# S X
' U8 x- A+ [2 |: z
实现第五个table 4: Output Processing
; L: w# S# Q$ s/ E
( q/ w6 w. K0 z4 C/ w这个时候,register 0中包含了output port,如果是0则说明是flood。
5 h# M7 T+ D! I$ K* ~+ a8 j o6 W D
对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。
& m! `* w% b# e5 v, I- s$ I6 l6 h3 s
sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"
7 w2 i! Z( }% W9 [2 q2 _$ Q
" E" l, k" l# y7 Q4 r x4 x3 I对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去
* T2 \6 i: H8 A' z% |6 `
, B' W& s3 K7 T* ^对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去
# q1 q) Q u. F* L- v, b/ f& y3 ~2 j. A
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
1 f, }0 m# D: x( { {4 k; D, { table=4 reg0=2 actions=strip_vlan,2
# E$ ~- r3 n# m table=4 reg0=3 actions=strip_vlan,3
; l& Q. [6 I4 E: i7 k7 l table=4 reg0=4 actions=strip_vlan,4
3 O5 V0 P0 ]) ]" c- o3 cEOF
" w: T# j0 S$ {$ q2 n- n2 s. \; e( Q# W* @; Y! p5 b$ e- U
对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。
3 [9 ~2 S3 K/ Y" ]) W+ o2 \4 L& d. {6 e$ b- z- ~7 ]
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
6 G. s2 G$ M. n table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 7 _8 `9 [0 y) y5 g& e$ N6 A
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4 1 x, X/ p( y: J% l3 l
table=4 reg0=0 priority=50 actions=1
+ k* D* Y+ v5 J+ P9 {4 KEOF
1 a9 @! ?% i0 V/ L5 N3 M- E& Z* p5 d2 x$ T8 M9 s5 D. y
所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。
8 @) L* h3 ]+ r! n* O9 ?; Q) L; V3 e R4 U+ q8 a- {; @$ N
$ sudo ovs-ofctl dump-flows helloworld $ a' R( [" T8 R9 B) ~" K F4 s
NXST_FLOW reply (xid=0x4):
# t6 v* X4 F, X5 U" L! vcookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
4 ?6 a( U8 Z1 V" e8 Ocookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 2 ?) ]( U$ X! t2 M+ s& R, g8 Q) D1 y
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
+ }6 b9 r% ]# H; ycookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 7 t2 Q" g& m' J7 ~
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
) @- a, O7 H' Ncookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
5 v, U: D8 n1 e4 }3 Ccookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) % E* d# g! c1 W. O# ]9 z
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
7 T! Y9 n( j: a8 Kcookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
; `! r7 Y# t- @+ R3 G: ?+ c" fcookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
8 A: b+ A8 [# d1 l* O scookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
. y% K% l- z3 j$ C! Mcookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3
7 N8 Z4 _) D/ K1 wcookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 1 r6 |9 G5 r( y r6 _' W |
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
" e' k- s6 i2 S" U7 |# a4 I" @cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
" i( t, m, D/ c% u* H3 Q. ycookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2
8 H# b( ~7 \1 \% Mcookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
: R2 X( R: {& Q! Z% Icookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
v% c' D8 g6 gcookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
4 E$ I! ]2 C: p0 S, G& Zcookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] : g/ z9 m" U9 B7 ~
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15]
; I# a- v- E& h/ ocookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
1 @7 i u( s1 ^& r5 m+ ?0 ^: S9 o
首先来测试一个multicast和broadcast
) z5 e$ F: ]' p' ^; `8 h9 }: F) ~. n8 P6 e% @! \7 ~1 V
如果是一个port 1来的vlan 30的broadcast) h0 ]1 v5 _3 x' j
/ @2 }0 W @- B* d7 f$ R
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
`8 H, d5 `2 H( g6 F7 uFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 / f* c. T( o1 x4 d) E! X
Rule: table=0 cookie=0 priority=0 , J* Q: I6 |! @; u0 w
OpenFlow actions=resubmit(,1)- {- ?0 H0 N' S5 [4 {8 l B
' Z7 m. h; e6 J8 z; r6 ` G I Resubmitted flow: unchanged
2 L0 N9 @1 r5 ? R Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
p: K# D# n6 |7 e3 O' e; A/ N4 K; B Resubmitted odp: drop
4 n. @7 B4 h8 D. w/ Z Rule: table=1 cookie=0 priority=99,in_port=1
) ]( \+ d. G4 E% Y. c OpenFlow actions=resubmit(,2)" B9 k8 k( e" @# k% I! Y
F$ X1 Q% b# C" V
Resubmitted flow: unchanged ; ]0 f" D! I9 F$ U$ j/ f( `0 G; a8 m
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 D2 k" P- D* I2 o# j A Resubmitted odp: drop , @9 g$ {4 X# _3 h. M& g6 t8 h
Rule: table=2 cookie=0 5 h0 J4 }- H, z, X+ T9 i3 Y3 |1 G; w
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
, j6 I5 O1 X% [" }
2 m: M0 H, o# l# N2 i$ _ Resubmitted flow: unchanged
- ]# ~# I* d7 y! ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 n$ D, H8 A# m+ u _% r Resubmitted odp: drop ) A4 @4 l5 Q7 H j4 \( ^2 x$ V2 X
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
. f2 w/ L( l9 k$ @6 N7 ? OpenFlow actions=resubmit(,4)6 n5 r; Q3 B1 U
" ?2 S7 h- u: ]0 y7 w# d
Resubmitted flow: unchanged * }1 j0 E& Q3 j5 I! z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 d; O3 i; a" m/ K" a/ f
Resubmitted odp: drop
' e) K9 D: o# w, r Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
8 Z$ |5 J; c9 `0 U8 |. `7 N OpenFlow actions=output:1,strip_vlan,output:3,output:4 , e% Z/ l" H* O: }, Z7 I% D+ {
skipping output to input port
- C% w% L& \4 e, f' b1 B
; g0 v7 l1 n; E, V! YFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
7 U! w3 t7 Y6 Y7 CRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ; y# w; ?4 k5 N# x
Datapath actions: pop_vlan,12,13
3 G1 L1 h1 F* ?, Q2 |$ l' ^0 E" q
! N% S( _; D: P* [2 G结果是port 1就不发送了,发送给了port 3, 4
! S" u" l7 g t( Q w% l k9 o7 g3 I% k# }
$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff " l" q- u6 ]& \$ b8 }
Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 * Y5 X6 V7 r% x, Q g
Rule: table=0 cookie=0 priority=0 , ^& j; m% Y: Z) V6 @& A! X! l
OpenFlow actions=resubmit(,1), [; ]' A k4 Z* Q
* n9 G& [; B6 _; Z- z1 | Resubmitted flow: unchanged - O5 H% K* }9 X6 v4 i) y* F: b1 j
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 K0 ~- o* n+ W h
Resubmitted odp: drop
% c( H- }& I+ k0 \' O Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000 w7 T+ m3 w+ d7 X5 H2 Q8 u3 o& M! r0 x' }
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)' b3 s% y; }; y) b: l
3 U$ L) d6 A" ~, W7 |( P! P
Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
$ r# \9 Y8 l7 m% s6 O. c Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' n3 S5 |. w: X* x$ a( A Resubmitted odp: drop
1 U7 ~: u! O# h Rule: table=2 cookie=0 0 R) t; d' k' k# V$ d- y
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)5 h1 w1 d, j$ e% [& J& ~- i/ u, X# v
$ j. _) S9 A& R2 Q& y4 D$ d* B& F
Resubmitted flow: unchanged 1 m8 S, }3 \6 ]8 ~ |" i9 a
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; X2 @$ K& }; _/ X7 {8 K, s- N) c Resubmitted odp: drop
) Y2 K2 R% S3 Q- n' r. E; l Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 8 W, X3 N6 D0 l) J
OpenFlow actions=resubmit(,4)* _. g. T. B! k! w! r2 x( U
4 s w8 O. a5 O- o$ N1 U, `* p; Z7 Q
Resubmitted flow: unchanged 5 k+ ^- p- ^$ B& }) Q6 o6 f U
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 1 |+ ]8 g" |, C: i* Q; F3 P" w1 y
Resubmitted odp: drop
3 |2 n+ L Q" ~5 n* R1 N5 ^+ c2 d4 N Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 0 q, i1 C" u1 u' ~
OpenFlow actions=output:1,strip_vlan,output:3,output:4 2 p) d6 K/ h0 ]$ x7 O" a
skipping output to input port7 g$ Y" f4 t; V
7 ?9 C1 v& c5 b" C2 [& m$ _Final flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 " h: x1 |% G- I5 p) n" b; U! e
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
8 P! U* F# f w) i4 `9 Z" QDatapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13
& j- V8 |+ N' A9 j/ ^# w8 |* b1 H- V+ ]9 l6 I4 \
接着我们测试mac learning5 r Y- g4 D6 F8 ^
8 g+ |% a! g$ @+ L9 p
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate 4 V6 X1 K* t' O1 ~
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 2 `1 S! C: n/ I7 v
Rule: table=0 cookie=0 priority=0
; c% R: w+ x2 m6 ~; }! h0 j4 lOpenFlow actions=resubmit(,1)
! \2 ?: ]4 u4 N0 X" k5 {' X( n+ r! O: S, p+ y7 H, ]
Resubmitted flow: unchanged
0 Q- }# j% V7 n( H4 w Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 / D, y8 ~3 {* ?- {; D. b' }3 n
Resubmitted odp: drop
. {, `, Q4 R, d) K3 p; h Rule: table=1 cookie=0 priority=99,in_port=1
* h- E2 M" V5 n+ o: \ OpenFlow actions=resubmit(,2)0 i4 b5 n, U) A" `- \
3 t5 [. c) C, k! D, K8 Z- X; _2 \" ~ I Resubmitted flow: unchanged
( C; u& ^/ |% @! @ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ s* H/ ^$ M8 H
Resubmitted odp: drop
; g& V6 c9 r0 n( y4 b" _ Rule: table=2 cookie=0
5 N8 |. y/ w. d- s' | OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)- u1 D' X { F% a; Y# |9 y
( ^& K5 J' S m1 L' r( x4 u
Resubmitted flow: unchanged
7 j: h0 Q/ F7 `+ J$ z. F5 ]; W B9 q+ ] Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % d T' S! W% Z$ e& ~ H2 \
Resubmitted odp: drop
# ?0 b! [* g, H8 H9 U, Z! D Rule: table=3 cookie=0 priority=50
/ b9 k7 ?* O4 ~ OpenFlow actions=resubmit(,10),resubmit(,4)
! M) K4 f: z3 W& \, I1 V r! t% g
3 A' o" ]6 K2 J1 ] Resubmitted flow: unchanged 5 ]- a5 }/ h6 X- O4 {
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 s. M* B% C2 |( ]
Resubmitted odp: drop
/ O8 l! @; k) L* x1 Y6 e8 K No match3 A p/ a* h2 W
2 t* R, X: w. g% a( @/ ^ Resubmitted flow: unchanged
& G: Y# u) {$ N# e' U Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 H% g2 B- H3 e3 C+ C1 ` Resubmitted odp: drop
3 h+ N# `% e' n2 r9 U* m$ t9 S Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 3 ?" x9 e% h; H8 ]2 P* h
OpenFlow actions=output:1,strip_vlan,output:3,output:4
3 C/ N+ k5 A3 ^& f- m. L3 N# z; j2 q skipping output to input port
+ [! H% H2 l; E' o" q7 W/ ^5 E5 c+ H( M5 Q* J1 O5 o' N A
Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 : s- z$ B c6 r6 O; L! u# X
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
! v& K3 G. t8 s) PDatapath actions: pop_vlan,12,13
6 x/ z6 T e/ b! e2 f) k
$ r8 F7 U0 ?+ t* E" P由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4
& m. {7 T! x( p) C6 Z v: P# g; P! v
$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate
3 H) O9 j- [' |2 }( eFlow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 7 ^; R6 g$ Y* ?
Rule: table=0 cookie=0 priority=0 1 `, w" `, b+ Q
OpenFlow actions=resubmit(,1)
. m X" W* q* L2 {2 L9 N9 |& z. K O* l8 W
Resubmitted flow: unchanged
( ?" u7 m$ ~7 Z+ z4 N7 [8 m3 l$ v Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 2 C& _ F% b/ s. C: ~! Q
Resubmitted odp: drop 2 W0 B& g8 f/ J0 l# w6 E
Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
# C$ G$ F( b6 V3 A1 @ OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
. {- t, A% P$ ~3 D" D, B7 N" O' A" S5 ^
Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 2 U4 _/ q( @ D$ M- A; n
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , [6 C$ q r' A
Resubmitted odp: drop ; Q/ K% \6 U2 U8 C7 B; R1 l
Rule: table=2 cookie=0 ! e. w$ U3 w8 F0 j
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
! B4 Q! I; h/ f3 t
@1 m7 V8 r" h4 O( R% X Resubmitted flow: unchanged
+ L$ @# e! d( \. D. } Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! M# f% Y$ c* i7 N4 J
Resubmitted odp: drop
( n8 G5 B7 {' [" y4 Z# u- j Rule: table=3 cookie=0 priority=50 - r7 k) @: O. x }, M0 f
OpenFlow actions=resubmit(,10),resubmit(,4)
% b1 N/ W* \& D6 g8 @, ~8 o" d
1 o9 U' v6 i: T6 } Resubmitted flow: unchanged # ^0 a! u, W' _* w5 o7 Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ; j+ k& M8 H# l3 z# O9 A' Y6 I
Resubmitted odp: drop
. D0 g- C0 e. S3 z5 n Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01 7 u' O. z9 Z8 W7 S# D+ n* {
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]6 A Q, z; k. c
8 y2 ^& I1 G/ J# G5 c% i
Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 6 V$ X- f& |- I% b$ D" d
Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 z) c9 Z7 `& d$ T3 N Resubmitted odp: drop / e3 b0 U5 W% A" e; A* k6 r9 H
Rule: table=4 cookie=0 reg0=0x1 8 k- h9 O+ @6 Y7 S8 N% v
OpenFlow actions=output:1
! e2 _: D2 `. A9 [- ?" {4 H$ L& I
1 R7 z1 F0 t$ X7 Z8 NFinal flow: unchanged
0 t2 n6 ~; j) p2 [1 ~- B" {" ARelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no ; S2 g# P/ }8 T6 j) ^
Datapath actions: push_vlan(vid=30,pcp=0),10
( b" b- U. @7 l6 s( f' g2 ]: z+ P2 O) [
回复的时候,由于学习过了,则仅仅从port 1发送出去。
0 P2 j2 e* m2 |/ u' G1 B$ r5 j: E9 l! G9 X2 w. O
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate ) n2 T: E# v8 d8 l, {7 V
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 # F9 u. \* D S+ e: s1 L& b
Rule: table=0 cookie=0 priority=0
6 Z# H" @8 ?* ^9 @; ~# e" uOpenFlow actions=resubmit(,1)6 F$ ]3 i. P& L0 v3 a+ }: ?: l
- I& _! ^' B7 H" G! l) t# P* b- } Resubmitted flow: unchanged 6 x8 g9 Y3 q- v' ]3 h4 O
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* J7 x4 _ R; W, q6 u- ?8 l Resubmitted odp: drop
# t: [8 E* ^' f Rule: table=1 cookie=0 priority=99,in_port=1 / ?0 Z% ]/ K7 y. ?
OpenFlow actions=resubmit(,2)! J, m& n4 X' E6 H5 z
" k& j9 x' `) D7 X5 A; ]' G Resubmitted flow: unchanged
* L& B* d! G, T0 h2 ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 {; a9 x+ K: C, P
Resubmitted odp: drop ) E4 B: ^! G1 F: z m5 u# u! Q& _
Rule: table=2 cookie=0
- m; K! r" \% R$ y OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)( G& `8 U% \8 v0 F
4 X# W" p/ ]- ~7 ^+ r Resubmitted flow: unchanged
7 a1 [4 |" v" \( [ v9 J. X Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
# @3 \0 Y$ Q: D+ t% X$ r Resubmitted odp: drop , F, s/ B, Q/ @3 H
Rule: table=3 cookie=0 priority=50
& F: r! J# W% {* B- q+ h' b OpenFlow actions=resubmit(,10),resubmit(,4)
5 S( D8 l2 A: O; y$ N$ x5 _6 B
7 e/ @" @- d2 \2 u Resubmitted flow: unchanged @; i, f4 l/ i5 l/ p4 N
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 8 ~4 [+ _3 {# L& v: V0 u5 W
Resubmitted odp: drop 4 W) n! F6 k3 T/ f! y
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
9 w7 m6 n7 ~; Z* n OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]) u, f+ m: L7 q2 K) T2 f8 e3 [& w
$ a( d) g7 c6 w8 C5 s2 @ Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 $ [! s. p4 J$ V0 o
Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 V7 E8 D% M) J/ L Resubmitted odp: drop - t6 [; } V' H
Rule: table=4 cookie=0 reg0=0x4
' y: V) O, I# | f& U OpenFlow actions=strip_vlan,output:4: g0 @* ~5 l- q h$ u7 `
5 L0 t) K( y( I) `6 c* r
Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
$ p" r. Y' {1 p+ k3 O8 X1 K) jRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
% j, Z8 m5 Q% f) L( oDatapath actions: pop_vlan,13; }" Y6 x4 L8 v+ o
' L3 B7 l5 J# W- K由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
发表于 2019-10-25 10:00:33