- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2019-10-25 10:00:35
|
显示全部楼层
实现第一个Table 0,Admission control% D3 r- [" L. e# E2 N" D0 q0 k
8 `. F1 F& q5 Q D* {5 u o
包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。
% P' i8 N- I9 t( E! L$ ?) p( c% \; X6 I9 U
比如,如果source address是multicast的就不允许进入。* @; }$ t$ \2 h& Y, G. Z
i, f. S( N. d- q8 ]: P01:00:00:00:00:00/01:00:00:00:00:00是广播地址
" G0 O: w7 i, I+ U* S. C! v& Y00:00:00:00:00:00/01:00:00:00:00:00是单播地址4 y: d, E: |7 U+ m: P5 s: D
这种表示形式类似CIDR$ F; F' k' ]5 ^
于是我们添加下面的规则:
2 h8 i3 n( r* Usudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"2 C8 i( z0 U; b% k9 ]) G5 L
STP的也不接受
" `. Q: h9 {; fsudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
( q+ |- x, B( o我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
3 ]# c, i- J4 x5 S! p3 e; [8 U. isudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
- |" c S& ] R6 o我们查看一下所有的flow2 Z* g9 G1 t1 z0 n! v% W
$ sudo ovs-ofctl dump-flows helloworld 4 l6 s) X$ G% I$ g5 N
NXST_FLOW reply (xid=0x4): + W5 ]" a& p0 |: Q
cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 7 x6 I7 V3 M) Z
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
# n" t/ o9 C! k7 P" ^/ _cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop7 l3 u4 C; u$ Z K+ d, w0 ]
1 O" S+ E% q1 Z# [* S测试Table 0
+ X4 n$ J" W' Q+ w8 c J' ?8 z# A( W& N- e& e& W; m7 l6 ~
有个很好的工具ovs-appctl ofproto/trace/ x3 G4 C# w" e# g$ O
$ w: H4 M3 v7 R4 D$ Y' g8 H不满足条件DROP4 f f' W$ X& \, |3 P# b
5 S7 n# v& e4 j) C: m. s
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
2 T, u% n$ P3 ~% LFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
$ Q- a( H, S4 j uRule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 " T8 H) r/ t( z/ l4 I7 P. ~
OpenFlow actions=drop& {' Z: M( I! a* W
4 V2 d! y/ m4 c8 j; a; Q z8 n
Final flow: unchanged
7 _; m- w5 V3 Q4 `. h* oRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
# B1 q& R e7 f8 m+ h3 Z* D5 J8 q) LDatapath actions: drop' L s; p' v% a
% v% S4 K% q9 L: A2 o& }3 E满足条件RESUBMIT5 [/ P5 S z$ ]
) S1 I6 a. J; u
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10 . a/ {3 N: a. [6 B/ x$ v
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
( f# g3 U2 x- ?3 j1 T7 N' oRule: table=0 cookie=0 priority=0
. l0 M& w9 d1 |0 M: MOpenFlow actions=resubmit(,1)
( B, v. F; A0 G$ A+ }3 j, A( r* b6 c: s
Resubmitted flow: unchanged
3 q( o$ P# N i6 ^" Q* R- T$ A) A b7 _ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - J5 g) J0 O. q5 U& C% H, f
Resubmitted odp: drop ' s& Q' S; j# W: w
No match- z: h: D3 u1 t+ G2 o
3 S" B# R8 l5 G/ w
Final flow: unchanged
7 H& G* W8 Q9 w; z; G' lRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
# `3 t3 w2 n& _0 fDatapath actions: drop
. z5 U5 h# A2 S0 M/ ]
* y" _+ Q' @7 P" U; h. P实现第二个Table 1:VLAN Input Processing! P: U) W' J( F1 a/ z( G. q3 c* i, F
9 h5 D+ u7 O F3 M9 p4 e: N/ g首先添加一个最低优先级的DROP的规则
& S k% q0 O# l
1 b1 O& P2 {8 nsudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"
+ p1 j8 K. _1 {3 W& t2 c0 O7 Z5 K; |8 Y& f$ p' ]' Z* N. Y! `
对于port 1,是trunk口,无论有没有VLAN Header都接受。+ N8 s$ M$ D. k3 ^/ N+ L
- x& d# q( s) I( S, w$ ]( E, b7 @
sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"
0 N" B: h Q/ O7 |9 D: V
" |2 K8 k6 |) m) g对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag
) W! F7 Y6 N) |1 o# S3 G, D- V6 E) ]" J! P4 P
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
) g1 k7 K( G6 m( E# p' P, |; i Ntable=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2)
, l6 ^# N# X; V' I( i7 \: M6 ctable=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) ( f- d' h* F( ^( D3 ~
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
8 o5 [$ o4 L4 P: A) z( Q; q/ ^EOF
) } p, U, r& [3 F) C* _* i2 Q, f [* C6 f4 V
$ sudo ovs-ofctl dump-flows helloworld 3 }8 K" Q4 k$ |, {, Y
NXST_FLOW reply (xid=0x4): : p* \; P2 |: O! {( G* P6 e( d; Y
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1)
5 z4 N9 S2 U0 q! i- Vcookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
7 }& e6 `6 ?' h- s# J" _8 \% J! acookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop , K+ T, }: X7 @- c( t+ i
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) . Y: @2 i2 T( f' R' Z7 r
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
" X; `' s* N, r, \1 Ycookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 7 c/ H* s4 I# ]) S( e
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
# s& p/ |* i1 M; e0 fcookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop
" ~: d6 i2 v, K# J7 X) W$ Z L6 c
9 t5 A8 @- v+ h9 Y测试一个从port 1进入,tag为5的
. c$ P* T2 U0 F
' m- T& {2 F% `5 {8 N$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
' P, [% A# r( ?* m' ?% Q" KFlow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
+ a9 k0 e8 k" i$ A5 p- oRule: table=0 cookie=0 priority=0 2 Q8 n7 [2 G2 v3 B0 j
OpenFlow actions=resubmit(,1)
4 Z7 ^3 _* f3 _" e5 X& t$ O' G! K( ^6 y- E% I: D/ k; F) D
Resubmitted flow: unchanged
0 e. O8 t# v9 \; I Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 . L% J3 Q& }$ Y6 M- E5 U
Resubmitted odp: drop
" f4 N& v2 v+ |3 q4 g6 P9 M Rule: table=1 cookie=0 priority=99,in_port=1
* D3 C3 p, j3 x. t8 M1 }- ^; i2 H OpenFlow actions=resubmit(,2)
% C3 `4 Q2 x# X; r( M1 Q- Q O3 A G! s# a6 U
Resubmitted flow: unchanged # u, I' B1 R# d% \. ]* j
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& \' P( D- t( O8 x Resubmitted odp: drop 8 i2 ~, ~1 l$ l: X# V/ `
No match8 e9 b3 k/ K4 N( D
" b; }8 \" |* K, x: f. a/ L0 P- S# t
Final flow: unchanged
9 J4 Q- P0 X+ J1 z: n+ `6 f8 vRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
! ]6 G' X, n. a+ N6 R$ U+ ?& C- m& P: }Datapath actions: drop" }6 J/ R$ U0 e& d
`- Q4 n; U/ J. S
测试二,从port 2进入,没有打Tag的
" w ~0 G2 @) y/ e0 U4 S- ~8 r5 Q) x8 ?, _' p
$ sudo ovs-appctl ofproto/trace helloworld in_port=2 / J1 C% d- ^: Y: J
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
: q& G" n+ e/ H; n" [# N6 VRule: table=0 cookie=0 priority=0
7 L ?' w% `# P' x3 t" o3 ~OpenFlow actions=resubmit(,1)
8 h& } c1 [) u: N& K' V4 X# q( q; v& S) Z
Resubmitted flow: unchanged
, O {% u( g0 r" @/ U& Q2 ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - @) E v' c4 [
Resubmitted odp: drop
! G/ q/ y& J' k' B% n Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
H# B4 Q+ d% N& J* Z OpenFlow actions=mod_vlan_vid:20,resubmit(,2)% j, [" N ?* W8 |. F) E: g2 i
% |4 i$ e8 r; h4 n+ V$ _) y9 j Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
" c |; H4 l9 { g P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 7 l' f$ u( p6 z2 y9 z
Resubmitted odp: drop ' c. P. i9 ]0 j. w
No match
: x) ^! c& `6 [2 H. P* e2 C- x& U: u8 `6 x* L4 x5 K
Final flow: unchanged 1 P4 z' V9 N8 \" i2 P1 Z8 @
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 7 r0 L) X2 P8 S% a( W
Datapath actions: drop
" v2 y* P! Q6 {0 |" V4 U, e$ y+ M, X3 n
测试三:从port进入,带Tag 5的3 G8 q+ a$ K& |/ X6 _; |
3 j0 s) h9 w) I
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5 4 b# O4 r8 K7 v5 l2 e* H: s& b
Flow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 , n2 n8 ?8 e- k7 v2 [' B4 {
Rule: table=0 cookie=0 priority=0
6 }- h5 P6 ]; |$ f& ]7 F, yOpenFlow actions=resubmit(,1)4 U* J" p" O0 }
/ m% ?& M& H* D- t
Resubmitted flow: unchanged & t" j+ L0 T3 {# a- ]. C8 e M3 K$ r
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & L9 o3 q: F( `% I
Resubmitted odp: drop
0 m; X# F! }. Q ^6 w Rule: table=1 cookie=0 priority=0
7 l0 q1 u9 N; h. |4 {1 [+ w* r OpenFlow actions=drop' f, E# T: e8 O0 C q( q
6 r4 H: q) t3 C* i6 T* H
Final flow: unchanged 8 B0 h' l9 H# k0 D- M6 |
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
' E6 k1 K& [5 D& fDatapath actions: drop. O/ r! U8 _1 {8 O3 \. f
4 M( x8 R9 D l: L实现第三个Table 2: MAC, VLAN learning for ingress port
/ W1 H3 d9 o, D4 e8 @2 ]/ X- |, ~, z; z. A5 _' n; V, v3 L7 y
对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
8 V! o, U0 A: s/ D) k J! h( |' _+ h+ K
这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。8 {' ~/ f" L' y% f
. ^ w8 H- X- ]% M3 lOVS也要学习这个,并维护三个之间的mapping关系。
3 a8 z6 t4 N& _; ^* v5 L' ~$ F \/ n. Q, { C3 V# D
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
# |( q' Z3 z5 R+ c6 E% I' m
1 W3 W. y# M; [& \- {' Zsudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)", N2 K+ s7 Q8 A+ u
. C+ G7 F1 n5 Y# i2 }! T
这一句比较难理解。
- i* {7 }$ _: G9 X+ c$ @* ^
c% S. p% X; g/ hlearn表示这是一个学习的action
# h0 T, m8 Q, u- L9 w4 W: }
2 ]$ y3 z# j+ J- A/ K; wtable 10,这是一个MAC learning table,学习的结果会放在这个table中。0 f# }4 c" L$ P0 v
1 C3 S: i1 F! g! x
NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。4 l, W$ q2 G6 c3 M1 o7 N6 ]
4 @3 }* i3 f" x0 }
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。7 @. q7 Y2 Q, E/ P1 d
8 C- h2 z* H" b1 `3 u$ E- u( X( I E
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
! t3 r9 ^! a1 ?- F$ t6 Z3 G7 w7 W4 R8 D* D+ j. o, r, O
一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。) p5 u6 J3 s& z( j% A6 P
& S3 h/ y6 @) a
我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。+ x0 l# Y) M& A4 m
' w. P0 b1 j( `9 N0 r( L/ W. j5 D" b
cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 ' P: Q" C1 {4 c! o8 ^
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
2 p) m; B* a( ~5 l5 M" l# Q; `( C. \ cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
" ]* V/ q& i9 {0 ^" [cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
! l* V1 I3 [+ J# L0 Ocookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2) U, N" T% \- o6 ^
" j2 I, W3 `8 K7 z这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.
6 X) M) b# A7 [' J3 c4 F& z$ F# X% v% B; U/ W: R. f
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
% s0 u/ K8 w& `) w9 O! B1 ~+ {; Q* B; X$ x9 u
上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
% }# f8 _# W4 _" m, x) `+ n
2 ~) L) j; B5 V; Ytable 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int
) t# O5 Q% f5 r9 C4 M) ?3 P& G, S& m9 \
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1
$ u* T( s5 e1 A$ [ \+ B8 _* m- z
, R( P1 E8 \: ~( s( ^. q% |NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc
( |5 m7 \9 Q; j8 u% X' s: Y+ O+ ^. m: }' b, C1 b. R
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan4 X/ c/ X7 q. c$ e1 }% u! Q; d
; i" Y, Y$ q# l% ~# g; kload:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9) N; U3 @9 @' H v3 r `1 M5 X3 v
6 r* z" b `" `6 A0 e* ^- r
output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:24 v. b2 P) I: g
' K" c8 F. z v3 r! a1 \+ l测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包. E- W7 c& X. `8 N
, F$ q6 R9 C# ^" v# [6 e1 I$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate - X+ o# W# x$ r, S8 q7 B3 N
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000
6 t) i1 D1 l+ w0 i6 PRule: table=0 cookie=0 priority=0
% H4 c( O- H; ]1 y E. b" ~ d9 ^8 `OpenFlow actions=resubmit(,1)+ d5 d( |/ j: [8 J' S4 i
+ @5 {. J( i/ t( @; Y& z" D% b; t Resubmitted flow: unchanged
% N8 A: Q4 ]; Y7 R$ T5 v Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
% H8 S$ g3 |* O Resubmitted odp: drop ! D, K4 l( E5 t: k
Rule: table=1 cookie=0 priority=99,in_port=1
& L/ M, f% ~/ | OpenFlow actions=resubmit(,2)+ N- _8 F; K8 H/ s1 q
& {! x( Z$ T1 [! X4 c* \4 A
Resubmitted flow: unchanged ! `' |; r* _5 ]' `: c) X0 F) A; z$ `4 u
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 y+ r" I. }3 p }1 g) Q Resubmitted odp: drop * m, X4 W* i+ B* ]: Z
Rule: table=2 cookie=0 + @. b* D1 ]; O' k! G
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
3 s$ x1 t& z6 l6 Y% K1 ]+ F
6 ^$ D) N% T. S A: {6 Q3 ]1 O Resubmitted flow: unchanged 5 s2 N( c2 n* V3 h' v
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 / L! W- _6 n7 |' s. l* T: B6 [
Resubmitted odp: drop % x3 B+ i2 @3 w: d7 R4 O Q, h! B
No match
! B& M- W+ L* I7 y, _1 t0 Z. k2 d# P% _* J
Final flow: unchanged
0 |: U' R+ @& D7 m% y$ N# m! q, ERelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 8 j k5 l4 c* U# {; E( A5 F
Datapath actions: drop
3 |7 H7 G" h6 t% U
- W) G$ c$ n+ ~" |" o$ sudo ovs-ofctl dump-flows helloworld
2 I! _4 B0 g6 J9 ]NXST_FLOW reply (xid=0x4):
) @; G* {% U! p+ k+ L. `cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) ! c/ i* o/ w4 {, P1 \8 U1 h
cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
* G, X7 y* g; E- Xcookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop " V* y2 M6 g: n( c$ H
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) " X( H3 ]. U8 a" V# @2 ^# e
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) $ W6 s( u+ a! N, w% T0 Y
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ( S1 @- P* Y+ {0 l
cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) " C' B! A( s. Z/ W4 [1 Q
cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
# g: `6 Y) l8 _; k/ _cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) 2 G2 a6 T4 r/ {
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
# o' W7 x2 y. I$ u; D) E& c/ h3 N$ _5 y- B& z. s' ~
table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。
" e) c+ c, c- h d0 B3 v$ [$ ?- L: h# _- E4 `' E
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02
6 i% s5 q2 d0 b$ f' {/ B
7 e5 }$ o6 E# `' l$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate : G% m8 o, z4 E: K% o$ ^
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 - t4 B3 X9 ]* ~& N% B
Rule: table=0 cookie=0 priority=0
, R- `9 C$ v D) ^OpenFlow actions=resubmit(,1)
1 D* {' r5 @8 N1 r9 E$ L; z; I0 Q7 _- o% y" ?0 x& H8 {! Y
Resubmitted flow: unchanged 2 G" l- x+ L& b* q- x. K+ N# @2 t
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 M" _3 Q- U- J* A' ? Resubmitted odp: drop , I' P, U' j6 z8 `- F# _
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 1 M* a: O/ Q- f# D R, r
OpenFlow actions=mod_vlan_vid:20,resubmit(,2): s, _ O1 L; V. d7 q; D# K
; W( _' o7 C! c( f
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
: f* T: I6 K/ E6 D1 ~- A0 F" w Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 . q0 A1 y, Q! j" L- ?; c
Resubmitted odp: drop
+ [7 j, ?& A. o* Q5 G Rule: table=2 cookie=0 6 d2 H2 K3 O: T5 {5 P
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
% g8 u9 N5 `/ E& ?& x4 \* w- \9 g0 L1 ^# K7 M) L6 Y
Resubmitted flow: unchanged
9 p9 O8 i: [; s2 R7 N. {( O" P; u Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! K! s2 y6 U0 A B
Resubmitted odp: drop 1 _' b, `5 n% M/ q+ f; ^
No match5 U0 x1 u$ h' k& m$ M
" [% z8 T# B- s/ \/ o! J4 |Final flow: unchanged
5 x k: a) _, U& uRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 5 ^8 i( T( ^" }7 w2 o1 W
Datapath actions: drop/ l9 F; H' |* s1 x9 L" S( r" z
5 `, I. \% G Y1 o& P1 z$ sudo ovs-ofctl dump-flows helloworld ! e" }; @- Q' l; D. T, @, I: j7 b
NXST_FLOW reply (xid=0x4): ( T( C, f/ M( b7 U* Y E
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) ( c# ]. P) u ^) z
cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 2 z# p1 i1 y& g. \
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop ( h4 @" l0 D& ?8 s1 ^3 X
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) ) Q, V$ w+ M! m& Q6 V( f
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
2 T4 ?, U8 G4 ^. ]# H8 h, o$ Lcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
7 Z' A: Y) f( ]# ?cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
$ N& }; Y; x7 x2 k) Fcookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
/ n( W0 O6 _# |( _& p6 Z) N5 ~cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
) \6 ] i4 o" z4 ~2 e9 j$ G cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] ) g# F# n ~8 v" O
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]. h( i) w9 m5 v; t
# G M- q7 N) f: c
实现第四个table 3: Look Up Destination Port( N: P, D" g# j# m6 r
/ ~ ?8 W2 b% l& s+ M
在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood
, X8 C0 ?9 l0 W! m" @
- J, ~: d& i9 p) l6 S4 j- c# Rsudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"
: B0 w3 o1 c# ` }& L+ K4 a9 T& j6 h4 L; h) Q8 J: P% j
添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4
, H( s6 V+ v% ^6 a- a, Q( s: a6 R1 f5 s3 B. ?$ T
如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。
) `4 g/ D% _4 g" |) L; I( V7 B$ D
! n! q1 F; K0 e+ E* O- J- }sudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"
' B% I0 J: I& j5 n, Z# ^3 }! G! @) F" d, ^- A# |* [
我们进行一项测试8 e$ `3 E& X0 D3 [
' C. V5 E' l+ I2 o5 y( G# y D
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
2 F3 ^1 K4 o8 X" ^2 V( T4 @1 U% tFlow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
7 S! J; X* y cRule: table=0 cookie=0 priority=0 / M) v9 p8 m) F5 @$ v. J" d
OpenFlow actions=resubmit(,1)9 R3 d! O8 h0 s* {
2 w8 x$ a/ Z. ?7 [/ u
Resubmitted flow: unchanged
2 H4 H3 j6 \4 K5 ]% L; t Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - I, d2 ]% e& k# V% G& o7 O5 j3 ^, g
Resubmitted odp: drop
/ k- A3 p# R9 P* I6 j Rule: table=1 cookie=0 priority=99,in_port=1
- }/ P4 i* a1 j+ w5 g/ W9 F/ k OpenFlow actions=resubmit(,2)
' U5 C1 I" I+ c6 \+ x# A+ P# e
# z* x) l [5 _ Resubmitted flow: unchanged
8 x2 Z* C4 |. l7 S, D- M: N Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 t7 p* t+ t. A- o2 O9 ]$ U$ J Resubmitted odp: drop
L6 s1 I7 U% a& A Rule: table=2 cookie=0 @& B- L; B$ Y3 {# |7 b3 _0 [
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3), U) T+ A0 k$ \2 P; Q% p. r" M, ?
/ ^- M6 J( }! Y, \. q Resubmitted flow: unchanged
9 t1 i. H' N% f7 B* T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) C* e6 P5 y1 C8 \. F# V% s. c
Resubmitted odp: drop % U5 ~) C3 T" @% V3 x8 i1 f
Rule: table=3 cookie=0 priority=50 $ J$ y) ?7 Y, c- O( R. t" h
OpenFlow actions=resubmit(,10),resubmit(,4)
1 Q8 W# r9 o# K
w% H) T/ W5 U6 S Resubmitted flow: unchanged
4 u, y" }) @$ { D* ` Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! b9 B3 y3 H" V! b, G) ~& ~ Resubmitted odp: drop
5 v- t/ R2 T* C4 d No match# J% u9 I. V/ F t' q# p: M% W
2 s( G5 s6 `" t( C# L4 A+ B
Resubmitted flow: unchanged
$ F) N6 f* ]4 y0 r5 Y5 C% N Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' J+ \6 {2 H q, L8 K3 v6 o Resubmitted odp: drop
" f$ M2 O% e, O4 U No match
0 `2 l \4 s$ }! \% H6 n: u% _& I7 }) f- ]6 P! g' g
Final flow: unchanged
* m# \, t7 L8 z, o& @1 p* ]Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no 7 d( G6 J: T- m2 e% B. I
Datapath actions: drop
2 `( p. P2 c4 f8 U( o7 `" O
( F3 @6 E; Q9 Q$ n由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.$ Q4 M1 K; L U! L2 E$ z
, \8 w% J5 H5 E" r( R但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01
6 _2 W {, I* ?1 Z& E" S8 K
+ k9 f* D# Q) T% `! f, i$ sudo ovs-ofctl dump-flows helloworld
8 d: v0 \* @) S5 INXST_FLOW reply (xid=0x4): / I$ k' [, E7 m3 e5 M' V
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
. [" O0 m! O" I4 Scookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop ( ^% X, e6 Z5 [
cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
8 R7 a0 o- x: kcookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) ! k3 X. m) u$ s5 F8 a% _
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ( f" l$ M2 i$ m
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
4 `1 Q. k x# Y+ I m9 Tcookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
5 M) {* s* [) b+ ncookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 0 H. N. J4 J, Z1 J
cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
3 \) R( x( d% X3 L3 d+ a! tcookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
8 ]; b- C5 O+ r1 {) {* X7 Hcookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
* p! a/ q Y8 N+ `8 E cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
5 s3 f0 [5 {; a- ?2 acookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
7 u) h2 m" \1 h2 bcookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]6 T( m7 O) T0 Y. z" l: f7 A
# q& d) n, B! q9 \9 s1 ?下面我们进行另一个测试
2 \+ p3 E; Q, R" U' d+ Q2 P
% h, [3 P( a5 ^$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate 7 u a; G: X1 a9 ]
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 x9 f5 X- F1 I) |4 s/ y
Rule: table=0 cookie=0 priority=0
* c" B4 I7 k- k3 DOpenFlow actions=resubmit(,1)
) O& t2 y9 k( V
: C4 r. ~1 x* x6 A3 U+ y Resubmitted flow: unchanged * r; W* a) h1 E8 O
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 V4 m0 q0 y% w6 O+ |+ s0 @. p Resubmitted odp: drop ' O7 K n) T3 F0 f5 @5 \, d
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
: m) g- G/ L" } OpenFlow actions=mod_vlan_vid:20,resubmit(,2) a$ |! e! [9 L
) y# P* B- A8 ?& t Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
2 O% J. G3 B' V, F Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 a+ m/ u9 D& F" U
Resubmitted odp: drop ( s4 l7 K& e7 f+ Z2 c5 B
Rule: table=2 cookie=0
4 Z3 Z- |: \2 F$ |3 g) t OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)9 q1 p8 ~3 _4 }% r* i
# z, c0 F) d! b+ [, p j N
Resubmitted flow: unchanged % N9 R, c* d8 T/ |5 g
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. P; c5 q5 {" O: y: z5 ]2 Z* K2 H Resubmitted odp: drop
# l& ^8 g1 M4 ^: [1 l2 W Rule: table=3 cookie=0 priority=50
( t3 Q8 j U1 x8 [ OpenFlow actions=resubmit(,10),resubmit(,4)# B) U8 a/ f a
* J. V0 L' j$ l+ y% ?2 C- Z7 B
Resubmitted flow: unchanged - N2 R1 O% Z* j& ?* J
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 H5 t0 E9 M# B
Resubmitted odp: drop * t9 V: z1 ]+ K& s, p; Y0 t t
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01
) z6 S* W; W1 E, | OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]2 q: Q: O, I: S: w" [
& e! A& \/ ~- F! V1 U0 ?6 i V) R. h
Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 # c8 O. {! A4 P1 \8 L9 ^
Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 Q5 [3 c: d3 n" @$ g) [% _) \$ s$ q
Resubmitted odp: drop - b$ o$ ]6 ]" S u8 S9 U
No match f( V) w" Q' F$ ^2 s! G( F
9 R( D ` d3 M2 z3 P! y
Final flow: unchanged
9 P8 `# f4 a0 w1 xRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no " H! G# F9 M7 i% v
Datapath actions: drop
3 V! W& r) i# ~1 S% U% m) E5 d+ S/ r. f
因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01
9 z! H/ Y0 S1 p1 f. z' @
+ Y% O/ u$ O5 ]下面我们再发送第一次的包# P) |- t; f. o
- T/ t$ ^2 Y! o. s5 h+ b$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
) [( r0 E6 S; v" P/ V- a+ eFlow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
/ j" g) }& g) }) |1 k/ g9 ]+ dRule: table=0 cookie=0 priority=0 9 b! X- D, y+ q; u
OpenFlow actions=resubmit(,1): j* o2 I1 _$ Q! W( S- K: f
9 b0 A; g" \: a) \1 _, _
Resubmitted flow: unchanged 8 K" Q0 A @5 h
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & x9 e' H v% K" T1 `
Resubmitted odp: drop $ w8 _/ j( k& K" e
Rule: table=1 cookie=0 priority=99,in_port=1
( l: U9 t' {/ f- I9 | OpenFlow actions=resubmit(,2)
G$ a P( f2 g3 W) F
+ @' i/ r; U3 y& h5 I' ^ Resubmitted flow: unchanged 7 H! c3 z7 R# G; L; `' o; d
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 0 i$ g/ z% _6 r3 r2 C
Resubmitted odp: drop
, q g# y, y r9 \$ g Rule: table=2 cookie=0 & R6 r% q& ~" e
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
+ s x/ u5 D# {) h ]* q
# c8 n- L" @1 \ Resubmitted flow: unchanged : j! x m/ @* \5 d
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
1 R6 D1 C/ b6 u! n4 V' ?% U Resubmitted odp: drop . B9 m+ _- z/ V y
Rule: table=3 cookie=0 priority=50
. ]7 J1 j0 G$ Y' R; X/ a' Z OpenFlow actions=resubmit(,10),resubmit(,4)
% X4 r% b3 {% u( |5 n, g7 E4 ]7 h' X6 u. K9 e& _
Resubmitted flow: unchanged , r# m; C4 t4 q0 L- z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
1 j0 u2 @1 b5 |$ C3 H5 @ Resubmitted odp: drop ! c( Z/ i0 C, p- B3 ]& X) t
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01
* f4 v3 R/ w0 {# V) }+ w5 @ OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]2 b: S; n% C3 ^$ }6 ]( E
& Q5 C1 @1 F9 p9 q4 ?; n4 I% x) W* L' R Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 ( W5 o8 k' T0 ?
Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 / Z: K- C8 f% ^( a
Resubmitted odp: drop
' ] W5 S! a: U+ g/ k! p No match: a! b* Y R# w) ?
- n* q( J5 {3 S: E {Final flow: unchanged
! _: {& P) H% F, v) }" _Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
" M/ M: d. w) O( O! q/ M- r* ]Datapath actions: drop) Z5 u" I" Y* o ^1 h1 f
6 T+ d4 P6 X% w( A
发现也在table 10中找到了记录
1 k& A1 M6 n) m. }+ N, g
3 L$ e- S/ B- Z' a4 K" j( {实现第五个table 4: Output Processing
. c+ M. ]9 o9 x$ G9 i) a3 j8 G+ X
" Q( o- f1 n( ~9 F+ }- j) B6 Q这个时候,register 0中包含了output port,如果是0则说明是flood。/ s+ R% ^1 ]! m
; y5 i3 M; P0 u( ~
对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。2 q \4 T/ P1 e4 ]
n3 X* o; `" M; G+ ^1 y2 v x4 e$ F; }sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"
: i6 W( i( V8 b7 k( \+ F, @$ o" `4 o3 z; s7 i, b6 b* N
对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去( I2 u! e! U6 a8 X- R
5 R* O( n( R* V$ f+ {0 C对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去9 o! L1 E0 U% |
8 `- \3 X a* F
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' 8 y: H. `+ L6 X" i
table=4 reg0=2 actions=strip_vlan,2
. V( T- ^( h/ e table=4 reg0=3 actions=strip_vlan,3 5 v: w$ h5 ~- `
table=4 reg0=4 actions=strip_vlan,4 $ P, c7 Z' Z( h! @3 k. d
EOF3 {0 X' Y. O. K6 J3 o
9 r; U( X) H3 }) w8 E8 @ r对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。* C. S4 e4 O, A% X0 D, F
9 B% p, G7 ?3 d$ sudo ovs-ofctl add-flows helloworld - <<'EOF' ; [- J0 Z% p, ~8 h
table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 8 {' _5 B2 n- S4 E8 }
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4 5 m1 \9 x: _, u0 g9 m2 {
table=4 reg0=0 priority=50 actions=1 " N' k9 l' `! R2 t3 f0 f# v- E
EOF S2 n& A- n/ K
e" s, Y: Z1 ^5 I所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。
! [ A% q' _3 M, J0 J4 e7 L9 J+ R) b
$ sudo ovs-ofctl dump-flows helloworld ) l: ]+ y" s4 j( U/ {
NXST_FLOW reply (xid=0x4):
1 i$ y" F" \2 d# I: I% Rcookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) ' k+ X$ }3 ^' L0 C+ O5 c$ _" c
cookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
! \8 t6 ]1 Z& Y; ?- W y8 Q* ]/ xcookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop * E6 `. R z6 C& v$ V7 s1 N
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) & d# G( V4 g6 E1 B7 w
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
) F9 h/ k8 ^& k- w4 l( x( wcookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
+ z1 ^& }. H" n1 [4 X9 m2 p3 ucookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) 6 G5 ]5 u2 a6 |
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
' H+ e8 Y: {0 C8 H: Z6 \1 W( tcookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) * r: I* C/ y! P& y* c
cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
7 O8 L4 ]3 ^+ `# X9 acookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 3 k. |9 R/ P. U' x
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3 ) a- g( I5 |, W) {
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 1 S7 m7 |" c2 y, K. J
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1 . b, J: {% ?8 T, K. q5 s; k
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
6 L H; o0 j# ^+ Z* Scookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2 2 f) b2 l5 w' Z! ^2 \
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
2 ~0 `: h! \3 ?2 B8 r* o; e2 J9 Rcookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2 " T1 Y% R+ ?, y7 D1 d! C
cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] & D' U5 f* i3 T
cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
5 s7 R8 I0 d0 T3 z) P$ F* ~cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15]
/ d- V1 h2 \- e: w0 `* ^; B" kcookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]" X# i, F, c0 w8 Z0 X
# l$ k1 s+ f" ?首先来测试一个multicast和broadcast
: W. U' x6 F J5 p* p% w: ^; m0 L% x+ W6 f8 M0 N; @
如果是一个port 1来的vlan 30的broadcast
' V" k O3 s+ p% M1 q- @6 A5 z" K9 G5 }3 ] @! K0 `
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30 3 ?+ D8 R- q, o9 i* \
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 - d& x5 P" _* |
Rule: table=0 cookie=0 priority=0 / ~$ P4 j/ |* h A" S. y: F
OpenFlow actions=resubmit(,1)7 `- I8 V' e9 G8 N3 x0 t1 F
) `4 W( X8 \/ P( A: l0 r# b Resubmitted flow: unchanged
' |/ y- o1 Y w7 k" I Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , P4 | f9 N/ a
Resubmitted odp: drop 7 F- ?+ y& E0 Q4 |& |7 a( J& ], c
Rule: table=1 cookie=0 priority=99,in_port=1 * P- K( a( f- I' i; y: P0 Q; U) z
OpenFlow actions=resubmit(,2)
& R/ \: z( Z0 G# I9 O3 B0 q
3 ^! a; h7 H" J5 ~0 \3 O, P Resubmitted flow: unchanged
! g* ^ L: @8 c- v Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
1 i& t% e. {2 }- v Resubmitted odp: drop
4 N. v! j6 d2 W6 ` Rule: table=2 cookie=0 + s& |9 ^7 s! ^7 j# x
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)5 N# k; ^6 z" Y) X% W0 q0 x
1 [8 ?4 e, [/ ]8 V9 N$ w Resubmitted flow: unchanged , D. N7 }; Q) Y* H' A
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 m- F) Y$ z% z( X( w5 p
Resubmitted odp: drop
- Q9 D N& ^( ?3 e" I: {+ G8 y2 I Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
1 |6 F, T3 {' P0 ~- M; d6 f/ y7 J OpenFlow actions=resubmit(,4). e/ N) Z4 }/ V! h
6 \. K) P" b( m6 f8 M- [ Resubmitted flow: unchanged Y/ N5 ?9 {2 N- b" F! |' e
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) O% D1 M- s9 ~3 ~! n
Resubmitted odp: drop
$ P% C5 y% i8 e. c( q Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
; b3 d2 d2 [8 q# S OpenFlow actions=output:1,strip_vlan,output:3,output:4
8 i: ^+ r" t+ n5 J5 o skipping output to input port
' A$ f1 e0 B7 r Z# m# m: \4 ~
+ }5 W x5 n4 {" k1 j# C7 y! XFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
6 G2 v: Y0 E: M8 t0 X, \" WRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
+ ~: e! T3 C n. MDatapath actions: pop_vlan,12,135 y/ b2 f) h+ M6 M! O D! @! @8 [
1 d- M* C; q% j* G1 o
结果是port 1就不发送了,发送给了port 3, 4$ x9 Q8 k5 C0 Z8 O4 ]3 r
3 a* T! g7 d9 V. g0 S1 y
$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
" K$ r* \; [7 D% l% J* V" |; @0 JFlow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
9 u4 _" j$ C/ [. o& W) lRule: table=0 cookie=0 priority=0 # j, I/ h5 g$ q% D7 Z
OpenFlow actions=resubmit(,1)- |+ y- k7 j# x% Q; P
8 y, k* ~+ ?6 \( n- s0 Z3 w" I5 \
Resubmitted flow: unchanged
& D8 U: `; v7 S1 x# e z" S Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' u9 x# U7 ]* N: L) b
Resubmitted odp: drop
# X, p: N/ B, O6 I! k3 k0 g* E7 R Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000
. `3 `0 e# A3 r3 a0 B OpenFlow actions=mod_vlan_vid:30,resubmit(,2)7 c' |) T3 n$ |$ O5 }, c
8 m2 p1 a [5 V Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 : m1 k- f) O1 h ~( v
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 B8 y; T+ m& e' v, X2 Z Resubmitted odp: drop 8 o8 O+ K% `) {1 N
Rule: table=2 cookie=0
! l, l8 |; X9 Z; M OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
O8 {& B% ^- V. w! t
5 f7 X: q7 Q8 m/ j$ x Resubmitted flow: unchanged & r2 ^( ?* [& L5 W1 W: w; O
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
# ] ^) G( D; [/ u, V4 w1 w: C3 } Resubmitted odp: drop & q) @: D* H& E& g9 t* h
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 : h$ i7 {$ ~8 A7 x, z
OpenFlow actions=resubmit(,4)
" l& A# ]$ U9 H$ ]( w9 A0 D2 s3 L6 C! E, _7 m9 \! q6 X
Resubmitted flow: unchanged $ J+ {' u, S/ C2 r! k, ^2 ]! z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* K' ~9 {4 N& B3 K" a$ E Resubmitted odp: drop & n/ o* t+ h3 g( T9 s* K
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
. w- b! H) J+ w3 { n/ y OpenFlow actions=output:1,strip_vlan,output:3,output:4
, b5 j! ?2 K U& s9 i8 M ^5 t skipping output to input port# @9 A# {! X. \# l% O& o
& c( `, N9 `: B1 }- DFinal flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
1 E! o1 r/ P5 [( e9 dRelevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
" j+ Y D* V1 {! O3 _/ u) i" K/ S# }Datapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13" ~! Y( H' y) m
2 ?) u# w, I7 {2 J$ n4 k% H2 A0 v5 U* A接着我们测试mac learning( @3 @1 X, ?0 M% t) d+ b
5 k1 W0 R3 T9 t+ E" z2 K8 D
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate , c2 |3 P8 U n8 ^+ J
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 4 G' ^) [# p3 U# j- H& F
Rule: table=0 cookie=0 priority=0 # j, ?7 @5 W. C: N' f5 v2 s
OpenFlow actions=resubmit(,1)
4 Z9 b& M9 s4 ~6 V5 k0 F
1 S. F9 u9 j0 P) j, p Resubmitted flow: unchanged 2 A9 X) d2 D5 W, L: G! ]% f
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 U% i3 k4 w; ?3 r: z Resubmitted odp: drop
4 I6 _- u: D$ E5 {% e9 n Rule: table=1 cookie=0 priority=99,in_port=1 0 x6 |/ k) s2 a; R
OpenFlow actions=resubmit(,2)# i1 ^6 n) O; d8 a1 W- \" ~+ g
/ l( I" E( r' t- d* x8 t/ [
Resubmitted flow: unchanged
8 W. p- A6 `9 \+ S3 { Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 {3 }5 w5 P- T" F Resubmitted odp: drop 8 t* g6 b# @+ j% q
Rule: table=2 cookie=0
5 W h# t, S x# @4 N OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
* g5 Z& R1 ^1 u" [% A W- a: K, e8 Q* o
Resubmitted flow: unchanged
$ D, ?3 L# N, k. h4 s: V Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 G8 ]& J9 I& u
Resubmitted odp: drop ( P8 t1 u" g: }# f! g9 Q# F/ `: A' [, S
Rule: table=3 cookie=0 priority=50 3 m) _& C2 z Q/ [8 w- A8 ^
OpenFlow actions=resubmit(,10),resubmit(,4)
/ f) R* j' S; h- W( d# m8 v" f& N) K% Q* p# L9 ?. g1 x z
Resubmitted flow: unchanged 1 N! `) Y9 a7 R6 r9 O
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
3 N; N! A# `& Q! N Resubmitted odp: drop
2 H+ B; _( T: Y No match
s! b2 G: B6 O1 X3 a6 b
5 W9 v+ G! H& C+ F Resubmitted flow: unchanged
+ l+ J# G8 _5 G8 w( v7 ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 * h4 t5 H7 o0 A6 b/ _* N* U" O
Resubmitted odp: drop . _: z, C9 S5 J9 s, g
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 1 Q& \2 J* l' i/ i
OpenFlow actions=output:1,strip_vlan,output:3,output:4 0 e" a$ R6 q+ R. ^
skipping output to input port
4 E: e# L2 t7 W6 W3 A/ K: x
2 I* Q1 [* l5 k. g- r Q5 T5 E) |Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
+ L3 V" ?! p1 ?# pRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
: S6 H. j& f& m/ |& }, y, v- xDatapath actions: pop_vlan,12,13
/ c9 n3 e' C* X! I" O' V6 T* H* r) e+ K
由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4
# p" b' {& `/ I/ Y
, ~/ c# \8 {% ^0 z& W6 J6 T$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate * h! r3 c6 G* R7 X
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
8 N& X+ X% D- ]Rule: table=0 cookie=0 priority=0 : H e* N& F% U% k0 R# Y" o! u0 H9 u8 d
OpenFlow actions=resubmit(,1)
% I! n6 a, `: \
! u. C% Z$ n) k: e0 R: n( d+ @ Resubmitted flow: unchanged ! N2 B% Z7 g2 t9 |5 X
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - _9 y0 R7 J6 i( H, X# y" D
Resubmitted odp: drop " O& w# u; g, } u
Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000 / y" _. T/ W4 { Q) k% K+ i2 `! U
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
% {, H/ S% \0 } d, V0 W
# A/ {. ~" o1 p Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 % C! Q Q4 V& N8 S
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! N& Q( Z8 U1 @2 j
Resubmitted odp: drop
$ {8 ^4 r7 c# t* u7 P$ c; c Rule: table=2 cookie=0
1 `8 G8 f4 p0 w( [$ T \7 @ OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
6 j; W% P0 N: \. ]. V3 B( H- h; c& t, m5 r2 Q" H5 @! V% g* I/ E, |0 p
Resubmitted flow: unchanged
/ C \* X8 {6 p$ _( W" T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & [+ m: I" {& f3 f/ ~6 s5 Q
Resubmitted odp: drop . L4 _( x$ s! _+ w1 B6 `# m- I4 _
Rule: table=3 cookie=0 priority=50
! {6 [* c; ~: U, i OpenFlow actions=resubmit(,10),resubmit(,4)3 a# [8 u2 S- @5 j& y* g7 w% S
1 r" }# D9 ~0 Q4 c Resubmitted flow: unchanged
0 Y: A& y7 \6 F2 ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& Z- z$ d" V: h) Z Resubmitted odp: drop ; s# _, u. [& \: y0 F
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01 6 [1 A& H% R! @/ |% g( Z" X
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
- }! W, _* @! s( D* K) J+ i& L+ ^9 f" J* ^, w1 C0 }1 d5 @
Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
( S. k: Y- v2 I: A6 X5 b5 C Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , a; ^6 }8 ~, j
Resubmitted odp: drop
: ]3 q" ^ [& s Rule: table=4 cookie=0 reg0=0x1 3 C. ?4 d" @/ a7 y6 K
OpenFlow actions=output:1
& | O9 C% c5 }9 ]' d' B
. j% Y6 {* h5 t& s* wFinal flow: unchanged
7 E# T5 ^2 {; H, \3 ERelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no , B: t% P/ x; \3 Z; {, @7 @
Datapath actions: push_vlan(vid=30,pcp=0),10# O5 K' ~5 N8 n. _2 ^1 J
) U' W, J ]0 O2 M
回复的时候,由于学习过了,则仅仅从port 1发送出去。
, ?, e- d8 q0 [* _* s8 A
" N1 _5 \- q# B5 l$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
7 j7 p& V* C4 D, d+ NFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
9 P: E* D: l U8 @Rule: table=0 cookie=0 priority=0
# a3 o" A+ }' G: m" {" yOpenFlow actions=resubmit(,1)
/ i% d4 E, i+ V) Z* K o
$ O7 I9 P0 ?5 D* i; b2 p Resubmitted flow: unchanged + v' y; S5 ?" a, _; v
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 C- z$ a Y( z% l% N m$ X1 D6 o Resubmitted odp: drop
- \) O" l3 W: i# B I4 n Rule: table=1 cookie=0 priority=99,in_port=1
& i+ k% L* ]& o& B( J6 ? OpenFlow actions=resubmit(,2)
5 D- w9 w, c D& m9 X" p7 l n
$ B f- u( `+ M7 @* i" k. ~ Resubmitted flow: unchanged 4 _( [+ f3 P) b% n
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 h% l, L; ], T; ~4 }
Resubmitted odp: drop
. @2 }: W: G4 ?2 w; W! {3 K' [5 t Rule: table=2 cookie=0 9 P: W4 @, Q* u, d& F5 @+ g" ]
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)& N- r; x/ Q. {) E
1 r8 e( I- A* C z) \
Resubmitted flow: unchanged . h( y) U/ l1 X' M7 i1 Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 Q* ~, S A" v, O2 u6 M Resubmitted odp: drop ( A$ N) [. B( U: B
Rule: table=3 cookie=0 priority=50 2 s$ e6 L: b7 M- {
OpenFlow actions=resubmit(,10),resubmit(,4)
" ^6 @$ l5 y4 S5 a* c3 n
0 u/ [3 T" R' a: w0 B( j Resubmitted flow: unchanged
! ]/ \2 N Z# Q& A& \ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. w& P8 J9 l1 q) @ Resubmitted odp: drop
4 q+ } M5 B) E: I+ l Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01 * q b. ~$ l% G, t
OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]& ~7 k6 m# e5 V$ V9 a" W$ H1 S
3 P2 K" I) z4 f% H8 b' R Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
) S* T1 C$ {+ A9 p$ \% U7 J Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! {; q* \! N" ^0 d% ~ M6 Y Resubmitted odp: drop
2 ~ @: ]& n9 |0 g3 o/ ] Rule: table=4 cookie=0 reg0=0x4
- n$ m3 n9 S+ u OpenFlow actions=strip_vlan,output:44 O( i4 _9 `$ k. F2 s8 a. T% o7 o- B7 d
/ q+ C L% d% x5 }0 i: c
Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 ( N# l' @0 Z6 y7 q r
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
$ v% B s. h6 }7 h8 ~Datapath actions: pop_vlan,13
0 z% i" y& ^, W7 o( e6 |! P( }0 J( n( N X8 l2 h) z
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2019-10-25 10:00:33
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜