|
|
楼主 |
发表于 2019-10-18 10:50:26
|
显示全部楼层
关于 VLAN
' |& r# z/ P- }. k设置 VLAN tag+ X3 N0 q' r: Y
4 g; O1 g& k1 e5 J: b% n
ovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal9 f0 D0 d! F- ]' K& T3 m
移除 VLAN
, E' R6 z* V% F. h9 B
+ i, u/ F/ t7 u0 @ovs-vsctl del-port ovs-br vlan34 g8 s7 v7 q [% C
查询 VLAN8 G, p% a, q u! A: z' f: b
+ g/ ~/ R+ Z9 F0 ~1 g# d/ Covs-vsctl show
8 k* \; X) o, X$ X9 K# L" k& f# jifconfig vlan3
! k9 j! _ N+ B1 ]. W+ A3 |设置 Vlan trunk
( r( i6 S9 @' a6 e. Kovs-vsctl add-port ovs-br eth0 trunk=3,4,5,6, u. m- s2 d: c
7 Q# X% R9 I! O/ c
设置已 add 的 port 为 access port, vlan id 9
$ K2 }+ L1 Q/ b4 o- e
9 J( H8 P# H! ^" ~, J# `5 t0 Jovs-vsctl set port eth0 tag=9$ J( v9 x4 q% ]! ~: O9 H& U* S I
ovs-ofctl add-flow 设置 vlan 100
' `0 k( w* C( ]! }! O8 n: c* B* N0 g3 L2 p) z A4 k
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3
' @' K! Q8 c0 xovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3
2 a. y& [! b8 o7 G4 T9 novs-ofctl add-flow 拿掉 vlan tag
3 p( z/ s5 B" c h# p& W+ \& \8 y
" L* V, s' B2 T% V2 bovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1
( }1 L+ A- m# stwo_vlan example
- B ~" u9 l9 hovs-ofctl add-flow pop-vlan5 q7 Y! U$ L* a; Y/ F8 d$ t0 Y, l
: ~% ^ C; f' t$ }4 Z
ovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1' ^' S; d" S: ]! g0 e) ~1 h1 Y
) V/ Y% K- Z, I5 K& L8 i2 W& y2 M$ \& J3 t
关于 GRE Tunnel' k' ~3 d9 o, ?" m$ C
设置 GRE tunnel
0 B" t# p/ ?% s6 j! O, g! b/ d: b( p$ }" Y
ovs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.4
. V+ o+ l# L5 X. r查询 GRE Tunnel/ A8 J3 a( M/ }# K& p3 X
. ^" b) ~- G. W; J3 Z; ^, |
ovs-vsctl show" v5 B) w0 o2 Y2 G7 i" F% ]
/ P$ X9 f" H3 B+ w8 W( a. Y/ d$ Z/ r. [& R: q; |8 l! ~% j
关于 Dump flows7 M4 @; J( x; `1 T3 z% l2 b
Dumps OpenFlow flows 不含 hidden flows (常用)
1 |3 r/ k, t. O" }/ g
; f; n- U1 H7 {( F0 ~2 _- A& T* r/ Eovs-ofctl dump-flows ovs-br
+ \+ m: U8 P& I# z5 O. g( dDumps OpenFlow flows 包含 hidden flows
3 S. Z* x x E0 o8 ~$ b+ G x' ]! P1 W, x9 @4 Z+ `/ Y- s( P
ovs-appctl bridge/dump-flows ovs-br
! H! U/ P+ s0 l6 q! kDump 特定 bridge 的 datapath flows 不論任何 type
2 @$ C3 q: D+ S' c
* M L+ d( Z7 c% {5 M7 c# C/ y9 ^: Covs-appctl dpif/dump-flows ovs-br# H2 D* g- i- C- H/ K7 r
Dump 在 Linux kernel 裡的 datapath flow table (常用)1 D1 ~, J& s* y8 G* d/ X' x
, [. {* a% U. M/ ` K I# U( zovs-dpctl dump-flows [dp]
. ~5 C6 o" w; t7 N# a0 R( U- K6 ITop like behavior for ovs-dpctl dump-flows
, }: }; Z" A. [) ?( ]" l) q0 Z7 ^; t- M2 \; w& G, B! r% A% o
ovs-dpctl-top
$ ?, @. }4 X1 ~; \6 W, \: L A
2 E9 }+ k# B3 a |- C u3 r; s4 J( J! Y( r
9 ^0 {1 x4 e" P* ~4 M
XenServer 开启 OpenvSwitch 方式
" p8 L. X6 Y1 b* s% K4 _% ~% i& g检查是否启动openvswitch服务:8 w& d' v8 V" j- e; l
+ b3 K1 H0 S. w6 Aservice openvswitch status! {1 _. A3 W6 x
启动服务
1 f/ [ Q" [3 G% G W# D4 O7 j
1 Z3 I* K( T$ s' ~3 V7 c* Pxe-switch-network-backend openvswitch
* o' @5 n2 G k( b6 I关闭服务3 G8 c4 K2 I5 f8 r1 @3 F( B
9 T. r1 f* z) i( q) ]6 h
xe-switch-network-backend bridge
' [( n2 L* X- C; \3 ]9 j+ T: T3 W1 k, o3 H2 h7 P
( z; y; r2 W8 F关于 Log; A3 B) D' A: H! B+ G
查询 log level list) o/ f" v5 R S& r- P: U
* c( i1 O& f7 W- z: X6 ]( E& B0 \ovs-appctl vlog/list8 a' `) J9 F. V4 u6 E
设置 log level (以 stp 设置 file 为 dbg level 为例)
9 G' j' |& F. f) ?9 }" I
6 x3 z) a9 a, M/ zovs-appctl vlog/set stp:file:dbg1 O9 B1 d9 M4 Q" N6 G% M
ovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}
: j+ e' B% B7 j. x* f/ Q% q6 C. c0 m" c
+ D% I/ x: x: s" C. t1 H0 r4 Q 关于 Fallback
8 g9 F$ }) |/ V( {" U$ w. j* b; HController connection: false 的时候, 会自动调成 legacy switch mode
0 L( v! q P7 p3 C+ C! f
7 I/ F; Y4 ?" movs-vsctl set-fail-mode ovs-br standalone2 x0 z x7 T- [6 k* G* L: Z& m
无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default)
$ Z @; J" _' ^
8 C* x' w3 O2 V4 V; C" L5 Lovs-vsctl set-fail-mode ovs-br secure6 d$ I3 Q0 z( c% B( W/ n
移除- D- N& Y% P6 Q9 V3 ]+ g
$ m3 ]: T& f( R$ z4 ^1 C) Q4 ^
ovs-vsctl del-fail-mode ovs-br
8 U8 a& W" Y) R4 N查询* g: f' s* f) H3 L; y( @
" D0 z3 A' U; p( Z# B$ ~! rovs-vsctl get-fail-mode ovs-br& c& x% ^- ]/ w& g% Z' o+ m1 h |
2 B; I' z5 E' u
8 N; D* q* [) b9 e关于 sFlow
8 \$ ~( J4 R: b. A: k* V查询& K: ^5 I" L; J$ a& z+ h' @2 P& g
& |' J3 u0 A2 }ovs-vsctl list sflow, [& b! U4 [5 R# j3 a
新增- R+ K- c* B8 o
S% D/ j! o: Q$ y0 JSet sFlow 缺
/ L `! S9 j: n* H4 k* e刪除
, j% H. ~2 x. |6 U" ?
) W/ i& d" e; o% n( {ovs-vsctl -- clear Bridge ovs-br sflow
) t a4 |5 B1 o0 A Q7.13关于 NetFlow4 a* Z* ]5 Q) `* i
查询
4 y% Q: W6 G( Y* X5 H# O
8 L) w; i5 i" j: d2 X. Fovs-vsctl list netflow" E4 i5 y9 d9 r0 P2 N
新增 B* s3 N }# V7 p) y+ r
: L0 }5 Y5 l# [. _2 \; Q) }Set NetFlow 缺
" X1 ^) n- c$ F2 l7 n! U刪除! E$ R/ i, {; t
; A1 _* P4 _! F8 e- ~ovs-vsctl -- clear Bridge ovs-br netflow
& x, L" Q4 x0 P7 J' J* r( P7.14 设置 Out-of-band 和 in-band
3 t' ~9 W7 I. k查询
7 f; {7 y3 i9 j0 O% J: A7 m' h Z- F# i
ovs-vsctl get controller ovs-br connection-mode
- }. J4 \% u" J( POut-of-band, y: Y- j9 J/ [/ s l% b4 D
, j. `6 U$ B& O' g3 @4 t+ @/ X
ovs-vsctl set controller ovs-br connection-mode=out-of-band# X7 P" h1 x! t
In-band (default). A% v( y5 U$ T! G
* \# U3 L" J$ u- D
ovs-vsctl set controller ovs-br connection-mode=in-band; k' @* `1 ^( Q N
移除 hidden flow" l! K& H' p0 {! }8 C
; p: k m0 I8 _0 j# t; n4 k( Povs-vsctl set bridge br0 other-config:disable-in-band=true
' O" s! Y% n) x" E' \3 k. L7.15 关于 ssl
2 l' t. @/ V4 w& `% a4 K, K查询, u6 F; p: `' e* D. b9 r8 z9 e8 x
$ ?. n6 d& h3 \6 f: [. p
ovs-vsctl get-ssl
5 ~: U2 q; b! E7 s2 G# L) k设置, w$ v! e: b: x3 y4 u
2 G. V- |6 a* {/ P& b, Y
ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem
* t: X+ m' V: l7 w6 tOpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl, ~( m% w& i* p
刪除7 y# x3 Q& O" V e& ^" r9 y
) d0 @; j- R5 t" o3 qovs-vsctl del-ssl
0 q8 [9 f% M( M. x2 `' |" ]7.16 关于 SPAN
" q# n8 \0 q- \/ p0 n详细设置) H4 N3 p5 d# I( K7 V
+ |; [: i1 H' M! ]ovs-vsctl add-br ovs-br
. r/ l* G" J! N; I$ g$ X( xovs-vsctl add-port ovs-br eth01 f; n+ j- P1 O/ C2 Z( Y
ovs-vsctl add-port ovs-br eth1
0 q3 C' x1 w/ g& Sovs-vsctl add-port ovs-br tap0 \
7 d1 ?; {6 R! {0 F -- --id=@p get port tap0 \
( a. ]3 k9 o& `) Z0 Z -- --id=@m create mirror name=m0 select-all=true output-port=@p \4 t+ l* r3 `% y2 A2 @1 T9 W. Q4 R
-- set bridge ovs-br mirrors=@m
: R, i7 G) d! a& U, L将 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0. N4 f: T4 \3 s$ b c3 O: y
$ K, I9 c/ D& w; d8 q
刪除% E7 Q; ^& H& ^6 S+ T5 o
4 j0 \4 \/ A3 s
ovs-vsctl clear bridge ovs-br mirrors # 關於 Table! P# E: t5 Q6 q/ n9 ?$ H
查 table ovs-ofctl dump-tables ovs-br4 J5 Q* F- I( a/ q4 I
# q% U- f( y$ l! x+ }! g0 P, V
7.17 关于 Group Table% M! N) \- w8 j! a/ r
参考 hwchiu – Multipath routing with Group table at mininet5 l, ?9 N+ l/ n+ r7 O3 w# L1 h
. ^; P! X2 `! D, i建立 Group id 及对应的 bucket; U1 d0 r6 {2 r, O {( ]5 r! l% k
9 v* z9 H7 |% I' y) k i$ z
ovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3
8 l9 c. i) \6 E* R3 u5 mtype 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/ope ... upmod/#GroupMod_1.3
# N: u7 R0 I& V+ C* L. n/ G; _. q6 O6 h/ ~9 t% C0 X+ _
使用 Group Table
+ C, v( j* A5 I2 `( b2 _7 D" Q* P* a
# ?& F9 F9 p/ ]5 ?2 Vovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:55669 m) i" x3 P5 f
7.18 关于 VXLAN
$ x$ e; a) N$ W. O! m参考 rascov – Bridge Remote Mininets using VXLAN3 {5 b4 K4 } Q8 y# J& X
: h. u# H. t$ L% P9 \ I; [建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=96 m9 `) c! u& @) u" _( `# P/ P
, N) p; X# Q5 m: S+ w. O9 Y
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9
* H1 W: M+ |' L4 k& mVNI flow by flow: r) y* g) ~1 _. _% H. t, V
+ D) F+ h. x. k6 J) q
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9
9 I7 L% h+ F8 T9 I设置 VXLAN tunnel id3 o9 U( e5 W* J3 B# G: ]
6 D' y6 Q0 D! J3 N" x+ X" Xovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:2
$ V/ T( `7 d8 @# }/ b( R. Q" u5 |# u0 Bovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1
: ^( a A& C* t: g1 w7.19 关于 OVSDB Manager8 z/ f' ?4 D$ Y0 q9 g _7 q7 \% X9 x7 q
参考 OVSDB Integration:Mininet OVSDB Tutorial! w3 _4 X% ^ G1 s+ \
( f* F6 o) n7 Y" Y( oActive Listener 设置& ~$ U$ g2 q+ ]0 ^% q6 ]* P
6 l. _ a& |( o* b$ J0 _5 k6 R( xovs-vsctl set-manager tcp:1.2.3.4:6640
( P' F# O0 O% _# \Passive Listener 设置
$ t% r. f+ h3 H1 o' \, i
; W. W; g7 _; v f- M3 Z% S1 fovs-vsctl set-manager ptcp:6640
) {3 h( X h: C6 `: q& R7.20 OpenFlow Trace
4 w- \; V- y! DGenerate pakcet trace- t& ?1 I4 @) Q
4 r, Y! I4 j+ N4 iovs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate
' n1 U3 i1 J2 r& j7 E+ Q% J7.21 其它
2 X0 m9 y6 ~9 s" E6 y* l: b m$ b查询 OpenvSwitch 版本
0 w& U: t, _2 P% a1 x. k5 f. U, w; z/ V3 ]. H
ovs-ofctl -V9 D! l2 g& P- i) a
查询指令历史记录
% u! s& ]" g1 @6 r+ [ Z
; j* k' `6 P8 T" I' b0 L! govsdb-tool show-log [-mmm]2 }1 G5 l" a$ D. J' h2 K
|
|
发表于 2019-10-18 10:38:50