|
|
楼主 |
发表于 2019-10-25 10:00:36
|
显示全部楼层
实现第一个Table 0,Admission control
6 W* |4 q; x( H' t! ~5 ? p- X% l7 B( D, z4 x/ ~, J9 x4 y! \
包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。; A- T: N4 X; T4 X i" E
! h" \+ X% ?3 L, c6 i8 m3 n/ l8 [8 S1 q比如,如果source address是multicast的就不允许进入。; @# y7 _6 c$ u
" E! ^% N$ a2 d: o3 C/ N01:00:00:00:00:00/01:00:00:00:00:00是广播地址
" l. ~) s% D8 i! w# K4 V00:00:00:00:00:00/01:00:00:00:00:00是单播地址' y5 P6 t2 F" V
这种表示形式类似CIDR# t) j6 A l+ k! Y) a
于是我们添加下面的规则:
; j; J4 t* y& I6 n4 Esudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"6 w7 w" w, D1 o) [! m6 `- R
STP的也不接受
1 N8 S% q& Q# n$ E# nsudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"+ M! S N2 @2 x$ q; _ R l
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
0 |0 f! S* t* u2 f1 I% [; gsudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"' F; M( n) e1 r7 _- x$ |
我们查看一下所有的flow) ^5 W# R3 l0 b% c J4 U. |
$ sudo ovs-ofctl dump-flows helloworld % v$ l2 O% V) B( B! l
NXST_FLOW reply (xid=0x4):
3 [+ F y8 J/ ]# y2 P* Jcookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 0 F& }7 K- a( Y8 @8 ? u
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
' {* i( C, V9 u( e2 G0 ncookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop# U5 ?( S8 h; W- j& W
F8 ~7 n8 `3 Z9 [! P! N$ m测试Table 0( j3 c( x- B5 _& z; H2 |* e8 F5 _
) }( \: s7 E' m$ t5 x
有个很好的工具ovs-appctl ofproto/trace; a5 U5 S, f6 V' _; G
7 I1 d0 Y' }( `4 z6 e& F
不满足条件DROP
! t4 t# u4 `5 L7 |6 g% R% f/ @* |$ M8 U1 y3 g' G$ ^: Z# K
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05 # G; R, N& F5 I) ]' q7 @' g6 W
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
2 E: u3 u; R/ Y' V1 ]9 MRule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
7 o- D% f4 ]; \) G4 t: wOpenFlow actions=drop3 q3 i2 ?. Y' Q1 h, S. `2 l
' f6 N Q: ~0 m) P; L$ \! t1 ~
Final flow: unchanged 0 l( {* y& U* v4 h" n7 I# g0 l
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
( D$ C7 A& r, G5 D sDatapath actions: drop. i' V! @6 K' |4 B5 l- L+ m0 V" a3 j
/ d3 H! s8 n) Y9 s' a2 Q满足条件RESUBMIT
8 N6 ^# J+ K5 l. A% A0 y& u; o/ \3 ~4 u+ |
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10 ! O& o* l. E" ]8 J; S
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000 + v+ }# ~* X, v4 ~2 V! P0 p5 j
Rule: table=0 cookie=0 priority=0
5 [1 E# Q% N" n& ~OpenFlow actions=resubmit(,1)
( {; ~( E7 ^" q# d% R( }+ {
( \0 X+ g$ \/ ?) t) ^: W6 L Resubmitted flow: unchanged , ?$ {1 }8 p8 F: x
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 : b/ R" u2 H) Z1 a
Resubmitted odp: drop ! n& ~' @; m5 ]8 \
No match
" t9 u! c, C- l
3 I: t1 |/ n& a( }( [Final flow: unchanged ! `0 Q! Y0 u8 [) _8 s9 i/ N/ u
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
! T) C4 R8 [+ y3 DDatapath actions: drop
, U3 [& \; R4 _, p5 Q" Z0 l) |! C& X I
实现第二个Table 1:VLAN Input Processing# Z, B8 h, Q( `% y' S" {4 n% K
7 j6 @9 z6 T% X' v; C首先添加一个最低优先级的DROP的规则
7 b. P& Z9 u* t% N! ^$ h8 A7 \) `! l$ ^* ?/ B; d$ u
sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"3 @. e( f6 b+ t6 z1 N' s ~- O# o
, C8 a3 N e/ o# w% Q+ y! K; I对于port 1,是trunk口,无论有没有VLAN Header都接受。+ S, V: G0 K @/ G" ]) d
4 W) U3 t% H- X% E4 q1 I8 Ysudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"" m0 n, C) j$ t S/ a1 G- m
/ L) q# l1 ^7 Z3 \
对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag" o9 o& f! q) k" }
$ J' E. G0 A- q8 w
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' , S' |- z- y! f* Y* X6 Y
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2)
+ w5 \; B/ n* D3 S: Jtable=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) : E) q: h0 z9 c# t+ D4 K' a
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) , M' h9 p. J# z& Q0 _
EOF& S4 Q9 f+ a: d( ~3 \% S0 f) y, V
# M+ _. T) T. ]4 ]
$ sudo ovs-ofctl dump-flows helloworld 3 E5 n) Z" r/ B) f3 ]
NXST_FLOW reply (xid=0x4): {6 K: Y3 `* l2 A7 E9 B
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1)
* [; v! h- T( A, ` \cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop & L+ w" S; o8 D v$ Y, T0 f
cookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
5 N8 z- m4 V7 Ccookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) # o S7 Y5 A* S5 L8 B
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
; j% z8 u! ?9 u5 ~$ Rcookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 0 i: ?9 y* }- |+ D- F6 h
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
/ Z. g* ~% V" Tcookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop) W$ U$ i4 h U3 F
% {% `# @& P1 a. N, k测试一个从port 1进入,tag为5的
9 Z7 ~! C7 Z. ?. v- Z! `/ I
; X+ M. j3 b! K! A$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5 ) b. |' Y+ H0 L& o Q$ i0 q2 o5 {
Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
+ G; o0 `+ | I6 C4 uRule: table=0 cookie=0 priority=0
$ a8 T. K* h( z& BOpenFlow actions=resubmit(,1)
& K* Y& \$ A+ m
' @4 f% h7 e6 C Resubmitted flow: unchanged
$ E9 A0 k6 X! K. B+ {# g Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 # H2 r0 C' h; o. }" x
Resubmitted odp: drop
; ^/ w7 R' P9 Y0 n! N8 e" y/ G& p0 J Rule: table=1 cookie=0 priority=99,in_port=1
: e. g% y: y; i5 j6 @. a: E9 k OpenFlow actions=resubmit(,2)
2 z1 ?, ~+ k( p+ @5 a, y' M. |1 e! B5 {5 N) _ V4 _- N
Resubmitted flow: unchanged ' a1 b7 _3 v! t
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & W* u1 y9 r# A9 ]0 R; N. c! J( x
Resubmitted odp: drop
5 M3 g3 s# [) J# W4 ` {0 M1 T No match
0 q0 ^3 ~* O* a; I& P+ Z
% t8 k. c# T2 s& H5 UFinal flow: unchanged * H7 h8 _* l- ~& \9 X* ~# y( G7 m/ p: C P3 h
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no , J: a- T/ R. O0 E; k# F f/ d8 W, O
Datapath actions: drop
) U! C: H% X i
8 ^; u& {9 L0 q" w, V! r& b- c- n0 |4 t测试二,从port 2进入,没有打Tag的
2 I7 ~7 Y' w0 {% J" [" G
9 G8 j' r: B* P* C$ sudo ovs-appctl ofproto/trace helloworld in_port=2
+ J. y5 H( D" r4 d! G/ SFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 ( ]9 g' r$ M t
Rule: table=0 cookie=0 priority=0 f5 ~; i: s* T. N5 E5 K
OpenFlow actions=resubmit(,1)9 F7 e7 _/ q2 y0 g8 ~6 N$ c
! ?) ]5 j- `9 E9 H! [5 i
Resubmitted flow: unchanged * G2 E, p; ? V7 N
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 f# P* P! K5 f8 i Resubmitted odp: drop 0 {* H8 f+ S ^4 ~% ]9 q6 b0 Q
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
/ p* `) }$ J+ ?6 p5 V OpenFlow actions=mod_vlan_vid:20,resubmit(,2)+ ?+ `! t6 c, [
O: p! ^1 u) c8 y# P. v6 ]
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
, |: J0 Z! y6 y( }$ M) u5 U Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 * {% V* ^5 \3 y6 w5 [4 Z1 }
Resubmitted odp: drop
5 z; z/ w; ?- B No match
5 B) w# W2 A1 h2 y# W {) x( Q8 c( g8 v
Final flow: unchanged
! w! x; A$ ?6 W, W# P _Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 2 S- E9 l1 z+ g+ d
Datapath actions: drop- H5 q3 {9 S7 ?5 t$ L- G! q
% g' r0 |) r! x# b
测试三:从port进入,带Tag 5的
! o2 }6 u ]$ h2 [* X, L, l4 @: Z k; I' t3 u/ H
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5 4 q$ g0 S; Z t. Q
Flow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 ' ? w) e1 g; q# C
Rule: table=0 cookie=0 priority=0 1 ?! g* p* X2 k2 W0 b, \+ F8 D
OpenFlow actions=resubmit(,1)6 ^) o) q/ W7 x7 X
0 c+ g. _9 e0 S# u: x Resubmitted flow: unchanged
, O; u/ c6 I; ^, `8 i Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 7 u- ~" {) v0 h! u! w3 x
Resubmitted odp: drop 2 L& g7 s. E. T
Rule: table=1 cookie=0 priority=0 . _" d$ D$ ?: m- U
OpenFlow actions=drop
v1 @/ x8 a' H6 I7 E& T9 e$ D$ _8 H0 Q5 Q9 f/ i% |$ b6 u
Final flow: unchanged
* B {" @' i) ]" d: W) R6 eRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
$ v5 E9 b/ }, p! F' R/ m7 Z P; TDatapath actions: drop. {% m3 g4 B! y0 N. x+ t
! e+ n, ~1 W* D+ l8 Q+ a实现第三个Table 2: MAC, VLAN learning for ingress port+ n& L P" q5 q
, J: L$ e: C) b0 W3 `1 o* I* Q0 q
对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
+ ^% e) E% Q9 h, N9 }+ Q3 \% B! [7 B/ |" M F, ^
这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。
: a( n; D+ W$ |2 M! g$ {, x: H2 v$ S1 H
OVS也要学习这个,并维护三个之间的mapping关系。3 n, X3 b" V/ z- K
& b3 a5 f N0 [" u, @6 a) H/ m" Z在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
; O; C% u; v" Y. n/ I3 I1 k8 I) }6 X) D: Y& K8 y
sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"0 l+ F! \9 R3 q4 T! D0 s$ X
+ c, R9 }0 g( j4 u0 g
这一句比较难理解。2 R. G% W; S" t6 n: M
: H1 @5 n5 n# m* V, i2 B) c
learn表示这是一个学习的action% h' ~5 b, ~: l; t
+ O1 ]! d7 D* ^8 G
table 10,这是一个MAC learning table,学习的结果会放在这个table中。" k1 j f7 [+ V& F0 ~2 e; c- I
$ ^1 r1 q3 `* O5 H) x2 c3 WNXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。
8 b8 f$ `# V; u: r! ~* C# A) E! y7 ?; o6 |5 R, r
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。
E4 X) U9 m- v4 d# b
6 D7 F5 w& w! F- T7 s( j3 H, ~NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
. ?. W B+ W$ L+ _( e) W6 @
5 ^4 }6 x3 C/ W- y; k4 o一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。
# z, e5 i' f( ^* z& _) s- N9 r
8 Z! T* k0 P" H- E3 h- S我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
1 V! w4 s" l- N
% h, y3 l6 }& \ ?cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 2 c" n$ ]: J0 i, x
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
$ O" E, O9 d: w. ~- x cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
+ f5 Q7 @2 M1 v; M4 Q! s' R" k3 b- Jcookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
* ~- i3 ]# e4 i" i4 ncookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2/ A; q: ]; ^- f0 j; S" l* F' H% x D
; v1 e6 H" @1 [* Z9 r! D! R3 P5 W. g
这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.
8 h/ x3 g" q" J8 m! w$ f; M) t
" u4 h' |8 w9 R. C5 h& O" O6 ltable 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。9 b, v% X. \ D L
- O4 j- X8 a! E9 J, b: H. j: \# g5 L上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
$ P+ K4 Y9 t" ?9 C- @( }' s* Z U- F! A
table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int. a, I6 P+ G9 s; G. t
+ f+ y; ^- D4 y" O
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=11 w4 v6 v( `7 L! Q4 g5 B
! p9 z8 T7 K5 Z" q. Z; CNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc) y5 ?' a0 h, M! f+ D* e
9 X) [( F/ P/ ~. `/ T0 Q
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan* U! o% E3 a2 I5 b$ d
* }' W3 n7 D8 z- W- E
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e92 N: q* D8 o2 p# r8 C% U
& R- p9 t/ W9 \output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:27 H s2 w; _$ n5 s6 O1 O, Q
9 X$ K V `; Y
测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包
" |' ~: k! R+ [/ p0 v0 Q) |" m1 x: R8 d) f6 A" A
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate
2 I7 B7 |$ @4 r2 yFlow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000 : U5 ?6 o6 [ W4 Y
Rule: table=0 cookie=0 priority=0
* U8 k6 a# A+ @0 o" COpenFlow actions=resubmit(,1)* m0 u1 {; U* @9 E1 d& ^5 ]5 T* J4 Q) T+ B
' |' n! m& g" j6 U Resubmitted flow: unchanged 6 P2 ]& c# }9 O, w- S2 J
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 W; u! {- X. G$ ]! f. O0 j Resubmitted odp: drop
, V P* x" r$ o7 {0 P6 i0 s- ^ Rule: table=1 cookie=0 priority=99,in_port=1
* F% c# O5 p; i2 E- g8 c1 L OpenFlow actions=resubmit(,2)" G. e! a1 A- H2 r; B
5 I) S6 e7 E9 y. C: L
Resubmitted flow: unchanged
6 r$ r% b8 K" I( V7 @8 P8 { Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. O% @& M$ ^1 p7 m- o Resubmitted odp: drop
* V% d Z, j1 r6 V Rule: table=2 cookie=0
2 A2 h6 e: _ T' W OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)+ i* S v, X* a' {4 }
6 d6 v: N3 V" y8 W7 z: ~ Resubmitted flow: unchanged
& F2 A# q* }6 N Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* S8 @; H. y( V3 ?, l, b Resubmitted odp: drop
, ?. c: b* G0 v5 B4 P, M0 l+ z No match' T$ f% |8 t4 c* J+ Z0 Q# h
; r/ K% X% X2 I
Final flow: unchanged . C9 q3 w9 d' H
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ) c6 q& b6 u" H% ?0 l& @( D
Datapath actions: drop Q* R1 w5 X" C0 y6 l# @% w- W
; s A4 d, l" }0 F1 b" D
$ sudo ovs-ofctl dump-flows helloworld
6 g, I0 n, h6 C# T' ] YNXST_FLOW reply (xid=0x4): ' D" l1 r7 H2 k2 U7 p7 G
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) $ n+ y: n, R+ F6 d
cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
3 ]8 M6 `1 T4 H& g% icookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop + P/ ]" v6 i9 Q$ g2 Z
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) $ y% J1 E/ _! `
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
8 Q9 e$ n" r, L- U1 ucookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
8 q* J4 R9 R4 T5 c Kcookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
. A! C V" s8 ^5 i+ v( hcookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
6 V6 s: T& h1 ?. M ]cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
9 r' o) G! o2 n/ y5 l* n cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
' r) g4 b3 V* ?
' a! {# j# Q- f4 Z3 Wtable 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。$ ^6 p7 @( o$ x: f$ z
# O' x4 v" e1 [* Q+ M; i- w/ D5 z
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02( @/ D& B/ @) I+ B1 t+ i$ o
" H. S" o9 ~0 K e8 `$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate
- j) |) K$ z" b! j r3 h$ Y/ dFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 6 |! `; d9 K# G1 h5 M: t
Rule: table=0 cookie=0 priority=0
5 i4 \" b3 p6 m' Q+ MOpenFlow actions=resubmit(,1)) t& v6 k- w4 O7 _. b, {2 h
& c$ N l4 ?& v+ E7 p: e) t
Resubmitted flow: unchanged
; `6 v) e4 T4 u2 _0 l- K Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: B/ G+ g! ?" `4 L* N1 n1 {) D Resubmitted odp: drop $ ~! U' U' c" L7 _* R. c( w- e
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 4 o% J5 H/ g4 @
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
: k' q& x5 \# [! S9 M1 M, U( P. _% J, [8 d" a3 @' U
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 6 A- J( r( Y8 ^( O4 Z# L
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! j3 a% k9 T3 X2 e8 d Resubmitted odp: drop
4 e, H2 n3 R( g$ L Rule: table=2 cookie=0
+ ?4 U7 }$ N* L# x OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)9 s/ ^+ }# S% e7 \3 E
3 t9 u! E& G! k8 w6 m" r2 B Resubmitted flow: unchanged
7 _9 N C% I9 D7 C `4 {( M6 T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ; w( n) ?; s( U( D8 y9 Q! n
Resubmitted odp: drop / |$ j! R7 H: N9 ]$ a
No match
! a0 v/ i/ k. ~7 V0 V$ W- [+ O* G, \2 v$ A4 l5 Z1 L( R$ Z
Final flow: unchanged 5 ~& K( E& G8 K
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no # b% C' T" T$ W
Datapath actions: drop
7 ^1 a* ]% e) Q. b0 o( {
X1 b" x$ Z4 d2 s$ sudo ovs-ofctl dump-flows helloworld / R; W- I1 A+ S6 Q
NXST_FLOW reply (xid=0x4): 0 }. w$ H" A, U% {# F
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
3 {. Y- I& b- P( Y- j7 e- qcookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop , F# z" b4 r( v* z! B+ r6 M1 `
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
6 C G, a2 A: H6 \6 N/ @cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) . }( E( Q1 O; s6 p# y$ H$ Z
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
' l, ^) T% r2 l, ~3 V7 Tcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ) l; ? r [2 f1 ^; G, r
cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
# \. |, k7 c+ |0 l: ycookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 4 I- z& }2 H# F7 ~' @ X9 [
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
J0 k( E ?2 H2 ?* g cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] 5 L: G$ n: ^: h! u% d/ w- i
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]' R, y1 k+ N' z# _# g, y2 p w
+ [; f2 }# q% v; l v2 L实现第四个table 3: Look Up Destination Port( E' }! d; E' W8 x+ Z
2 S0 E1 \2 D8 x6 K4 S, r+ E' F在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood
. S' a- Y' I, v$ a2 v( n
8 |# f' q3 Q3 m1 x, n5 nsudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"
# C! L$ Q& t) i& }
) @, ?; g; I. Q8 ^6 a8 f添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4
, q+ i. ]+ i* y8 z. a9 v2 Z6 s: }
如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。0 N$ H% F" }* e
; r4 i( B' v% a/ Ksudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"* Q4 }5 A. a& ]- i0 m$ \8 l5 Y. P6 |. {$ L
1 u* I' ?) T% G# _! i( b( ]' @
我们进行一项测试
# y4 j8 \0 I$ J1 q2 L8 f
* v7 t0 [7 e9 B- k" h7 I$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate ( t# c; m1 _: c# X$ M4 C9 K
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
V# _; a# w/ [, `" E) |6 QRule: table=0 cookie=0 priority=0 0 r# |1 k( ]: K' M6 y% X
OpenFlow actions=resubmit(,1). S. b# j0 l" }# S
. ]9 F* \& O0 k+ ~# U' T6 `
Resubmitted flow: unchanged 2 m8 h$ ]# I( n r( r7 \8 Q x( T6 f+ z, M
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 J& n: j( m8 {
Resubmitted odp: drop
, d, P5 {2 w' z4 w* U* \0 Q. D. i Rule: table=1 cookie=0 priority=99,in_port=1 * ~. x+ ~- ~9 d) Q
OpenFlow actions=resubmit(,2)2 G* f" |- G# k( ~* ^5 v8 f4 v
5 f& n# D2 ?7 Z3 l4 |, ?
Resubmitted flow: unchanged
/ n0 N% v- O' d- {+ J6 P& I Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
) E) p. o8 O4 } Resubmitted odp: drop " w& m$ [, H8 V" \6 V% G
Rule: table=2 cookie=0 ; U- [. Y- m" h ^2 | p, N4 ~
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)6 K0 o- |' e; Y2 G
9 M$ V! Q" N1 Z Resubmitted flow: unchanged
2 b$ ~) q7 q$ \# T3 v# C8 B, i" y. g Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
3 G- x. ~; Q7 R2 H) G3 F% R7 @ Resubmitted odp: drop : K( e7 Z& N! q/ x
Rule: table=3 cookie=0 priority=50
, Q$ G. U- j" c/ ~- M& ~ OpenFlow actions=resubmit(,10),resubmit(,4)$ I/ J" _" P; V# A4 ^" @; {
4 Y4 }" f0 p" _! E Resubmitted flow: unchanged & Z! h- R9 m0 b: h" B4 [$ H+ B1 I$ |
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
" F7 P+ o M) {' x# p Resubmitted odp: drop 7 w( T' t; Y" G( o3 E
No match: z( l ]3 o; V$ ]. P, s1 R4 v. i2 `, _
/ F: t1 H* h. v* I" h
Resubmitted flow: unchanged
: ], f4 @" n% W& q7 h" B q. | Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - {2 T- x6 h8 E h+ C- E. P
Resubmitted odp: drop ! S, v4 E7 [5 b; W3 b9 L( r- s* w. {
No match" L( P" L. L2 G9 u3 n6 v) p
# D# l9 R1 G- c) r$ P) N( G
Final flow: unchanged 1 z8 A* c. j. u. X
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
- s/ g' ^% K- \/ e8 p: [Datapath actions: drop
1 A: n! Q! J3 M) D/ |6 i3 w: v% F2 H( O5 c4 s C
由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.
' H* [3 ~2 w) s2 _/ T7 N0 m; G2 V- Q% u' W
但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01
, v: W- J% o' F) N+ W, ?6 f
+ X1 T/ u6 S9 W( x8 g$ sudo ovs-ofctl dump-flows helloworld
5 B: X! c- `! E9 aNXST_FLOW reply (xid=0x4): , Y8 e5 y- y9 Q5 @. z3 W* I
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) 2 U! a/ \/ o1 J( u5 A( Q1 L
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
( i8 M& Q" c: H8 q$ g* X, Zcookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop ) n7 a6 u, C6 |% i- P5 n/ U+ E
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
( ?; K Y' D1 e8 Ecookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
$ @5 f$ n! v6 f3 j& ~8 m$ fcookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 3 _; a9 S) R4 S6 P3 f8 C9 w/ I5 x* i
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
6 Y- w4 _- M) S( s+ R" ]! hcookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
1 ]# S6 v1 E" A& V, g6 wcookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
2 U X0 A0 G) jcookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
- p# p( |5 V/ J- H* m1 p: L7 Ucookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
3 u/ B$ n: d5 D cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] 6 {' K6 G) D e0 u. z6 l
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] ]$ k6 L- T5 K: [" h. [/ Y
cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
8 B, t; L) d+ O t. D3 K* Y% A2 x2 j! U' X, {3 L, e4 b
下面我们进行另一个测试
; b" a7 x) ^! }- Q; B8 e2 K7 J! }' S* U9 X; O' B
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate
9 C' j# Q0 V. ?" @Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 8 o. e5 d4 R2 p7 y! O( m4 _- G
Rule: table=0 cookie=0 priority=0
7 v7 o8 q/ u- h! C6 SOpenFlow actions=resubmit(,1)% A- I0 r0 k9 J) k
3 V h [( q5 O; e
Resubmitted flow: unchanged ( c' j' L/ s3 ?. v. D' R6 I
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 `2 G8 W! W3 B) }9 v' S- w4 f0 U
Resubmitted odp: drop
& f% |, o S4 t/ c3 c Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
. n" {( g+ j) q6 g2 q OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
( Q4 \2 [7 n5 i* D( k5 G( |- q9 f8 o# J
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 + G% `; j9 s+ R$ `
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
- q3 h5 [1 [' `. R! x& H9 d Resubmitted odp: drop 7 D" V& |2 q+ w, h( L
Rule: table=2 cookie=0
& \* o0 g! }* J! a OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)4 F& B( }9 g/ z. M3 d7 ]
$ p8 m: D& J( N4 D3 M4 i q Resubmitted flow: unchanged
- [6 Q8 n* C, M- [* J7 m) ` Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 k* \0 L2 C3 G: `" J$ `/ B Resubmitted odp: drop 0 I) G. u) A. a
Rule: table=3 cookie=0 priority=50 $ T- {2 N3 q2 C, i7 h, D
OpenFlow actions=resubmit(,10),resubmit(,4)6 k6 T# \( F; k. H
; w. R9 C9 {: f I; Z) C5 a0 f Resubmitted flow: unchanged 3 b7 H- S& x) D, K! N$ ^
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 C- Q, P% l' D5 l$ F9 @) G Resubmitted odp: drop
8 B, ]7 T' U; k) r Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 ) u9 A- T" U; P: o# R8 |
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
: D. i+ S4 k) r. X
+ n5 m- M3 E2 N( ^) n, f3 ~) |) B Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 * F/ k* W$ X- ^/ `
Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 # Y1 Y' w' q( @+ q: Q& L
Resubmitted odp: drop + d& k I$ o2 I7 ^
No match
5 F) n, ]% q. J2 K1 X" }; K
5 h6 w! M# h# s0 O4 aFinal flow: unchanged $ v( U7 Y" `5 r" g! i9 N* J! _
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no ' q" T% x6 R. S3 m
Datapath actions: drop* s+ L M* F: J5 q) D9 }( t
% n& M9 B) t0 t6 }; I4 v" Q9 _+ y因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01# O2 {# S9 {3 x: s$ _
" k1 T9 ?; K/ y$ M: T下面我们再发送第一次的包
* Z, U; z8 g* Q) x5 X8 {# i
$ T; c% |( }2 m6 W5 U G7 k$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate 9 N o K, |5 q; h+ A2 N* f
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 ) o& r. y, t( k1 `; X6 n9 J
Rule: table=0 cookie=0 priority=0
( W, n i% e5 p4 AOpenFlow actions=resubmit(,1); c& Y! n' e& Z/ I2 J$ \' ]
1 j2 F8 v, }" J4 w" D* L1 H/ N
Resubmitted flow: unchanged 0 J. U% f a2 d8 D
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! r- Y% e- I1 k3 f. Q
Resubmitted odp: drop
3 V& H$ {: T) `' j. r, [! _% h# C Rule: table=1 cookie=0 priority=99,in_port=1 ! s1 b# g0 C" J' j m9 G
OpenFlow actions=resubmit(,2) G/ _# S0 W* [
8 v, P1 M. |/ i Resubmitted flow: unchanged 2 O1 u- C5 q) _" V. R
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' K& z4 f5 \* E$ H. J
Resubmitted odp: drop
$ z: Y( f! B! Q Rule: table=2 cookie=0 5 o- H+ S; W" W# J2 C; P
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
! R- A( [2 g' Q3 t% j% W2 m. L- m4 p; J
Resubmitted flow: unchanged
/ ~: M4 N! F% ~! D8 v Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' x; N! c& C2 W9 R; @. }
Resubmitted odp: drop
2 S2 W, K0 A0 G Rule: table=3 cookie=0 priority=50
- E& ^+ W* C, D6 {, Z W% S9 ?" z OpenFlow actions=resubmit(,10),resubmit(,4)7 R5 A* j* ]) u
! g* x7 w9 n6 g
Resubmitted flow: unchanged
5 w. S7 y- ~! ?. o# p Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' R. B; g6 _5 T: i7 m6 q4 L+ ~' W Resubmitted odp: drop
1 Y3 Z Z8 B' c, b; p Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 ; L$ j* a. B! D$ L
OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]. v2 Z9 V" g1 p2 A2 W5 J
) G6 _4 w9 k7 u: t% P
Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
' a" c2 b3 a- U8 E6 X Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 j% i/ p; b2 O. K' I. ` Resubmitted odp: drop
& p, f* j; C0 }0 J) W No match
, H! e* j8 ~5 A: P* t8 _$ C" P N! L# F) Z
Final flow: unchanged + q% \8 J. e! }% e, D2 R/ k
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no . z7 T Y* F( Z G' K
Datapath actions: drop! Q& q9 `: [$ K6 P2 W0 E; Y3 @+ w- M3 c1 ]
9 w9 F7 O' @! o4 P x. y; Z发现也在table 10中找到了记录
, @8 Y5 o$ i4 r0 o3 W' {
/ f$ d# M, {7 o+ n9 }. R( c实现第五个table 4: Output Processing: Q' _' ^8 R9 Z; {: l- Z1 ?
$ N# D& H" M0 _: [* Q7 [" f# `, T1 S这个时候,register 0中包含了output port,如果是0则说明是flood。
' u5 e' g2 y* T. X$ ^
6 a& L7 h/ n# I; j) S对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。
A' _4 E* ] D$ q% A |
$ U6 A$ |. T2 ~' Gsudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"
+ e" ^6 t) i( A4 H# c) T- N ?: C- G0 w
对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去2 o6 E7 w! T' t4 C& Z8 S: q
0 I1 @: B1 y8 W& \, w
对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去
7 W" U4 O/ u0 B, h' T6 U: M0 Y: a6 ~0 {) s' ?
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' 4 F5 [/ c. l/ R! V$ r/ P' m6 Q
table=4 reg0=2 actions=strip_vlan,2 ; Y" i9 A; }7 p. P4 a6 c* F
table=4 reg0=3 actions=strip_vlan,3
9 J8 Z( _( Q' B5 m7 p table=4 reg0=4 actions=strip_vlan,4
7 N# c; x9 \: o, @6 vEOF
% l/ }' H6 p5 l* w% S5 }) l5 ?$ l j0 _4 ]0 K `/ K$ v5 x
对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。3 S8 ^6 m8 H. {4 k4 e z6 `
, b( U3 E. h* P C1 q9 I7 U
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' * q2 q. c* y5 f" k- V
table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 * o/ N* W( ~7 i; T1 H% B
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4
5 P2 _# [2 Y' I5 R/ f, N table=4 reg0=0 priority=50 actions=1 * U3 i* j+ v7 R% f3 w2 V8 A% H
EOF: o0 m( L7 b) ` U1 J- f; `
2 _1 g9 Z- D: p9 w* b
所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。' U! M5 g4 j" h% L9 `9 ~
7 q0 Z q+ I8 H- @& d; o8 k
$ sudo ovs-ofctl dump-flows helloworld : u$ E+ O0 |& G. z* D+ L" e3 J
NXST_FLOW reply (xid=0x4):
: U0 K/ y" l7 b% dcookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
) @, E7 Q( p0 _) y# F+ Scookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
' C9 d. J8 g/ @1 V& o6 |cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop : J8 w7 e W5 i6 }- j
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
8 k: \' t: l/ g) V% ]* ]( V( Icookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) " g* d* `' R: ]
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ! D9 x8 c1 K; a: X6 u' T) m' S9 ^; ]
cookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
: G9 Y" r$ a6 I$ j8 j& ncookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop $ ]9 W/ d9 p% @
cookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) A+ E6 J- L, ? E& F- o
cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4) $ `* F7 U y6 v* d- N2 \; z
cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 6 H2 g! a' C8 s0 `' ~; [
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3 8 c1 }" O1 t q/ o# d
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 & K6 Z5 Z3 r4 i9 m
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
3 L( X8 m/ `1 H& `7 v2 ucookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4 7 [# t) [$ o* r+ W9 Z: e0 T0 f
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2
, J" k5 h3 s: @cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4 ) | D2 i: [: w8 C. M2 O7 ~( u
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
1 x4 n: o* |0 G. G. \6 R8 U/ _cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] 3 T: H- h0 {, p) h! e
cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] % O B! [! m( x3 G. l7 S' D+ l& D% p
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15] 2 p7 B0 d% b. h* z3 Y) f+ m
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]8 o) G" }( e# P- e6 v9 i" u
, }0 B/ a9 y. ?) J
首先来测试一个multicast和broadcast f+ o( O: Z0 `, g& u" ^! ~9 n1 H
0 K; y8 _2 j( L4 T1 s
如果是一个port 1来的vlan 30的broadcast
# j; D8 v( J/ w- g. B+ S; [7 ~& R1 t- j: X' Q6 u O& t& U. F8 ?
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
: G" Z2 {7 r j7 y f% [! H' bFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 9 n3 L+ E& X/ T/ l
Rule: table=0 cookie=0 priority=0
2 G% s5 x$ k* I$ g- e4 R8 H* BOpenFlow actions=resubmit(,1)
5 D# d7 i3 R, A* i5 y: J% u0 |! U. @3 l2 G1 z
Resubmitted flow: unchanged & l E* Y0 w, v$ V( }
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ( @4 s/ \& p6 f
Resubmitted odp: drop
7 e2 l# s, Z- J2 R% ` Rule: table=1 cookie=0 priority=99,in_port=1
) x& t5 ?+ _9 |& G5 z9 d" L$ ~ OpenFlow actions=resubmit(,2)
0 R, P: Q) \/ T+ Z( [
( D- s& f9 o X8 b8 {# [. ` Resubmitted flow: unchanged
/ d9 T; l5 j9 ~: m- H0 t# Z Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 V. _, m4 W& O* ^0 j
Resubmitted odp: drop & c V# v2 z4 T% }- ~$ \2 F
Rule: table=2 cookie=0 ; }8 n+ L4 h- k7 c' w2 y* v
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
; h; k3 b. d3 R& M1 s. P" e9 ?) b- c) Z/ s& T& X( H1 D" ]) r
Resubmitted flow: unchanged 8 |, p& `! {' g) F
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
% v/ d6 ~8 p( L8 Z+ L& [5 r' X2 r- j Resubmitted odp: drop ~8 S; \. a( ~) P! I% e- Y
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 [, e) m0 T0 @9 `
OpenFlow actions=resubmit(,4). \; s# o' w0 f8 _- d% W+ p
* k% H3 [9 z% R8 ]" u Resubmitted flow: unchanged # o% f, W, z. l/ r& s8 n
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 S& v2 t0 [) h \4 O$ a
Resubmitted odp: drop
' y) ]2 [5 _9 Z4 |% ~% W, `5 E Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 7 z! g5 G* }9 d' i
OpenFlow actions=output:1,strip_vlan,output:3,output:4
1 o6 P% q& b* y skipping output to input port
0 z( m& x6 z/ a$ K2 J9 K; O' L( N2 x
0 d" l9 {( _5 R( F9 t& XFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 5 Y. u, s* X1 x8 Q! w5 @9 e
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
" d- w' E0 q' [1 P' l! s% ]Datapath actions: pop_vlan,12,13: a/ X) N0 k4 i0 ]# I( M
7 e5 a( d. n% L r L5 v) A6 B& O
结果是port 1就不发送了,发送给了port 3, 47 F! U. D6 k$ i! y3 j
& h! _, ]8 g( d
$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
! U; Q# |1 Z5 X" aFlow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
) u; Z4 J `; J* n9 B/ `2 zRule: table=0 cookie=0 priority=0 " b0 W& }* \- [" D4 D
OpenFlow actions=resubmit(,1)- L7 ^. w- H! F) \5 _) B
8 f; V- B. ~/ G& N( {8 o/ z* z! v Resubmitted flow: unchanged 7 g8 `5 j9 E$ z9 S" g8 ~. c
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 ?3 c2 l+ \/ M( g | Resubmitted odp: drop 2 c2 }/ j/ ?' |5 @
Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000 5 \* j3 W. [/ e* e1 W
OpenFlow actions=mod_vlan_vid:30,resubmit(,2). s1 u6 w, Q( ~- `/ u+ T3 G
. a: f3 ~4 s# k8 t+ _ Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 : D0 p3 C1 |$ q w8 r' M, l+ W
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 H# R1 M. Q% I4 w
Resubmitted odp: drop ; H$ p/ J/ W: v, p
Rule: table=2 cookie=0 # R& ~% f, w( {- Y2 P* o/ x
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
) U+ m" R0 ~/ a- x( s; ~/ w( y
) R! ^) q& R# s' N% q3 r' y2 b: v Resubmitted flow: unchanged ( S c9 O8 D& b" `
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 u. S) ?+ K& k' t; d3 M
Resubmitted odp: drop - B4 {0 x e7 F) D3 Y/ F
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
8 Y% m9 p+ d6 ]1 C OpenFlow actions=resubmit(,4)
) y5 @8 }/ z: y' ?! m' v
5 e, _* F8 |9 y( ]$ X: e, S Resubmitted flow: unchanged 5 N" T) O s" Q8 I9 |2 E0 R
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , X* g1 U* A$ p6 x( Q- l% B
Resubmitted odp: drop 6 X, u. X- D; ~1 m+ v" e# W5 t
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
1 }* P' M% ?. Y( d+ P OpenFlow actions=output:1,strip_vlan,output:3,output:4 : u' ~3 y5 E/ ~
skipping output to input port
1 `( |) Z; M1 j9 J
- g z# C7 {: E$ LFinal flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 : E5 h5 R% @$ c3 ^0 `
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 7 F. K4 ^3 ?' C, O) m
Datapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,139 f D# b( [! Z I2 _
, |) C" B: Z7 {. Y% {
接着我们测试mac learning
: j2 y! o" b p) q6 r5 j
* A( w0 H4 z% c) `; n+ A$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
% w5 D' M! }! C/ y3 o1 y9 r3 T- N6 rFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 ( W( c% z: e6 N7 |! i% K8 m
Rule: table=0 cookie=0 priority=0 2 u( k: _3 W1 E! Y6 G2 R& J. v* q
OpenFlow actions=resubmit(,1)8 d; }2 z1 J1 D, X# B ?
1 B5 Q, t# K! A7 Z( z Resubmitted flow: unchanged B1 p0 r$ a, T3 m6 p1 |- H$ P
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 _8 w4 { u, E* j! R8 _" k
Resubmitted odp: drop , `: ?9 g+ k+ F' n
Rule: table=1 cookie=0 priority=99,in_port=1 ) }* p& v& | N8 |* l9 F$ ~; K
OpenFlow actions=resubmit(,2)! c' F4 |5 A, s3 O. U
$ J; ?9 j& j# P Resubmitted flow: unchanged
y9 c7 N4 \" R% M Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ g0 _, n; b H# z( l
Resubmitted odp: drop - J3 L3 W$ T9 J4 B: B
Rule: table=2 cookie=0
' `$ E/ J' U8 ~1 c7 o7 { OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
8 ?9 n/ X! i' Q, ?! S8 q8 U
4 ^" A7 Y8 s# C2 K! l2 W! ~ Resubmitted flow: unchanged - c9 Q. ?2 I& P; j
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 }; r9 w0 P$ Q# }% t2 Z Resubmitted odp: drop ( q7 N6 D1 Z8 w3 Y: w
Rule: table=3 cookie=0 priority=50
, x1 V; n9 S# q! s OpenFlow actions=resubmit(,10),resubmit(,4)
3 f% Y; _ [$ D! A! K; C5 N2 \
3 p% v$ l8 Y7 F. H' \ Resubmitted flow: unchanged - s4 O$ v$ ?5 |( ~. f( q% V: A
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 C5 ]* u4 t! k8 S1 n; B9 t: \ Resubmitted odp: drop
3 E3 d1 S/ \2 v. q No match
. l* Z% _+ @7 ]% x* b: L% B+ J6 V0 }
Resubmitted flow: unchanged
. s0 ~1 \% B* L5 T* M$ B8 t: t" G. j Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 1 g0 R8 b `1 O, S8 ]
Resubmitted odp: drop 7 o' d' i( C! i" I- r* i1 a6 }
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
0 J, k6 a! W+ O5 n+ d8 W1 q# n) K OpenFlow actions=output:1,strip_vlan,output:3,output:4
* c! D; H# \1 I) p9 d% x) { skipping output to input port
- C t' E* u. q- P( N3 C
0 C7 R( q/ g% QFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
* z; Y" s. b- P' r. U1 |: aRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no 6 Q' l8 ^* @+ G+ L# z! t" ~
Datapath actions: pop_vlan,12,13
0 |8 ?# a1 F, s( Z' m- u% z8 S" c( {( \( v+ d7 q( S2 ]
由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4+ C& d+ u; {0 ~
$ F! w0 m3 X/ [5 e# O) f
$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate
( \8 t: p9 H( c. i2 W: k1 k; PFlow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
% S! Z. p& u" d+ s. ]Rule: table=0 cookie=0 priority=0 / F* e K' x# p5 {$ N3 t+ O
OpenFlow actions=resubmit(,1)
6 ?' F4 Q7 l" U; T; }; _+ x8 c/ L, q/ }
Resubmitted flow: unchanged
9 Y. C' T3 }2 v( G F: n0 E Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 ]+ r5 y" A0 K2 p
Resubmitted odp: drop 0 H& a0 I8 b! \+ C! j) z
Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
# ^( I" c5 V' y OpenFlow actions=mod_vlan_vid:30,resubmit(,2) y' Y: A' Z8 R3 G+ w
6 E0 V {- I1 C4 V- a* e% I Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
0 J; \1 k" f" O) V. C' a$ o Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 D" n7 [3 f) q5 \5 D( K Resubmitted odp: drop 2 D% n, C7 F( C! Q- U- { L8 `
Rule: table=2 cookie=0
2 b) o/ ^0 O/ X3 W2 X9 G4 g& v* F& T OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)8 R) b3 s' K: |* L
( _3 C( G1 o k' @. \
Resubmitted flow: unchanged
6 K" W: L* g/ {5 H# \, @ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & Q7 O! G8 |$ p
Resubmitted odp: drop
( y! G1 e) j" n+ A7 l Rule: table=3 cookie=0 priority=50
% ], O, N9 D) \" n' U7 Y( I% q OpenFlow actions=resubmit(,10),resubmit(,4)/ B7 Y# \- B V. d- t& H6 F
9 S: O- a& O! l$ b7 |' i Resubmitted flow: unchanged
7 ]2 p7 i) u; f+ t Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! t) D: \1 r2 @8 v) E
Resubmitted odp: drop
: Q0 G( \$ X( `' Q8 [& V! R Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01 - J5 V/ ?5 l. N
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
2 Q8 j* [: N2 H0 r% T; F( w1 Z$ O
' l2 \$ q' n" w$ Z( `% Z( v3 T Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
* _) p6 a4 `) _, G6 [% c6 Z! K7 k Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + Q( }: n+ d+ C" a% A/ u; M
Resubmitted odp: drop ( z; x; y% q/ Q2 P; U: N8 V! }: u
Rule: table=4 cookie=0 reg0=0x1 8 M O% G6 Y6 F6 J% H, }8 c# U( d
OpenFlow actions=output:19 V3 f! K" `6 w/ k0 Z0 h
* H. u! k2 q9 d/ M: C) a+ z6 |Final flow: unchanged
* d5 o0 N$ _: RRelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no . _% P/ M8 H. g2 k
Datapath actions: push_vlan(vid=30,pcp=0),10
) U) Q6 U% t3 B2 a9 k! O! S1 L, t9 q9 j- W
回复的时候,由于学习过了,则仅仅从port 1发送出去。
5 K, H9 Y8 x6 w C' m* A$ z+ q5 S* l
- a: |+ p, M" h* r9 m$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
1 n- L3 k! S |Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
6 G4 s, Z- F1 u' x# wRule: table=0 cookie=0 priority=0 ) ^* A' z S$ _6 \4 u+ E
OpenFlow actions=resubmit(,1)5 n' Z) F$ p9 l
, w! k# p6 v8 r0 s
Resubmitted flow: unchanged
( `* B- y$ ?. i# @6 ?- j( @6 @ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
w, a+ u- |1 ?, F0 M Resubmitted odp: drop + h' c. ]5 ?( \+ X
Rule: table=1 cookie=0 priority=99,in_port=1
2 }3 T/ Y# E" n OpenFlow actions=resubmit(,2)2 W9 q% E. Y4 f, U' p2 c8 B
( `* j4 E9 U# j+ |$ S4 ^ Resubmitted flow: unchanged : N3 O( |$ c5 D
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & o% ^) U; p E3 R
Resubmitted odp: drop 0 z5 M6 \( a7 D+ |1 {
Rule: table=2 cookie=0
* v/ b4 [% Y, q: p OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
8 L2 W( }) r6 y7 B" b) T
( K, R- v$ C# U7 i, v x Resubmitted flow: unchanged 1 n/ _$ \9 j2 @* {% {
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 * U# Z6 J s0 ] ~
Resubmitted odp: drop + D5 y1 `3 t' Y# y7 b
Rule: table=3 cookie=0 priority=50
; G9 z) |9 D+ J1 G2 Q, | OpenFlow actions=resubmit(,10),resubmit(,4)
) O }$ z4 Q$ H& _0 [5 ?- T+ _. N2 I3 t3 m
Resubmitted flow: unchanged ' S- F5 E; X# o5 j5 d
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
% x" X/ X4 j7 j, ` Resubmitted odp: drop
8 ?4 \* v5 ^1 S$ w1 W Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
) \# B0 C# K5 B2 E. Q8 r OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]# f- j& X- k4 n- O1 D+ [
" }5 g `4 u8 u, T: Z. X
Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
1 K$ I; I+ A: z0 i B6 e Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& g8 Y! I' \% ]1 ?! e8 c+ { Resubmitted odp: drop & P/ M, |9 W2 ~- E7 B
Rule: table=4 cookie=0 reg0=0x4
/ s8 c; f) L i. n. q# B/ M# J& \ OpenFlow actions=strip_vlan,output:4
- H* J% q( Q& a8 k0 C; g9 R' @' X) g7 r0 @
Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
B5 ]4 G/ d8 J$ h* m0 cRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
6 F6 G4 J/ t4 O; W3 h* }# _Datapath actions: pop_vlan,13
9 R/ z3 L7 y! g3 I; Q6 A2 ~3 t# A+ E7 d# b1 n5 @; a Z2 h
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
发表于 2019-10-25 10:00:33