|
|
楼主 |
发表于 2019-10-25 10:00:35
|
显示全部楼层
实现第一个Table 0,Admission control& k0 u2 P: A$ W/ k
7 Z) A' m. ? K2 }2 T4 T& a p7 O包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。
! q2 F; b& p, Q* L
! H' w3 ]2 A& o9 P3 O4 r比如,如果source address是multicast的就不允许进入。
* F! t( S" z ^2 Z
/ i* b# K5 d) t' b2 F01:00:00:00:00:00/01:00:00:00:00:00是广播地址9 w- P0 i6 m" E9 D& d
00:00:00:00:00:00/01:00:00:00:00:00是单播地址. p f- T& H/ C( n3 f
这种表示形式类似CIDR; H9 O: F9 A; F7 r& y5 {
于是我们添加下面的规则:2 w4 v7 s% Z) B! m- ~
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
, A% n# X+ Y5 @4 ]5 @: |7 A# Y KSTP的也不接受
, |6 j& e7 Q1 A. m1 g, [' wsudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"+ _+ b' p: `" \2 {6 `/ b
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 17 |5 Q: J6 ^. F f
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
5 @! E9 d$ a1 R3 p3 R我们查看一下所有的flow4 X& D+ v0 W- |. k
$ sudo ovs-ofctl dump-flows helloworld
* V. w* {: Q& g- \* u, J$ X5 m: uNXST_FLOW reply (xid=0x4):
* M! a `1 ]8 a9 acookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 1 e1 N$ X* e# K, A
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop # @, C( W8 l. K% u: [: S0 m8 ^1 O
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop. D( Q. L% s% Z: [( H
5 a) I3 p- @0 p. [* P* Q
测试Table 0
; F3 q/ J( H3 H8 p: v
. k9 P9 c6 Q m- Y8 t有个很好的工具ovs-appctl ofproto/trace
2 j) ~3 u7 Q. Y3 U6 c- @
* P `' U0 c9 v7 H: b* W. P不满足条件DROP
; D/ x- S; S) ^, w
% z: O6 \5 d- q$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
: L& T% f+ p dFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
( s& N" {" c* }* |! w. CRule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 ! T D% I) l4 x, w. z- W) f
OpenFlow actions=drop
: h. |% N5 V$ P3 {% x: @/ ?' H" W
& z) r/ D0 z0 k2 u' {) J: T7 p/ |Final flow: unchanged
' o4 ?. ]1 w' wRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
$ }& `7 q5 ^/ O2 O6 SDatapath actions: drop
x: L' Z5 G | F( m ~* T9 l4 i1 n0 o+ |) o3 d
满足条件RESUBMIT
" s/ j8 u P8 F8 L, b2 Z
, M9 x1 y2 S) {& V$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10 ) s4 v$ W6 o; w
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000 $ x9 g+ J2 K5 @. V
Rule: table=0 cookie=0 priority=0 - T3 {. N& G- ~5 \1 M
OpenFlow actions=resubmit(,1)
: v/ _3 V; E2 F2 s# z$ K5 u
, Z x2 j# D* [0 Q; F% _/ S Resubmitted flow: unchanged
% o( Q& ^; c6 z! q Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 @. q5 p' u+ Z4 Q) y Resubmitted odp: drop ! c& R8 I5 [5 M% c
No match
) E9 p* n; G1 @3 O1 @$ N0 F& N9 X1 }6 Q$ x% X, o6 d
Final flow: unchanged ) U! y- P: S' [5 s
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
1 _3 m+ R- c# D4 w, SDatapath actions: drop" k1 ?: l8 _4 Q8 [, R! s6 s
7 ]5 P) _2 ]0 w3 b5 P2 z
实现第二个Table 1:VLAN Input Processing
2 Z! a) k2 F% P% U
( b: s0 }7 V+ A' C首先添加一个最低优先级的DROP的规则2 g! W1 L5 W% p$ T4 U4 K
, D8 e% ~3 a1 X2 B2 {
sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"4 @# @8 g! E! r- s) }/ e- p
" ~. z) ~9 z# R7 `
对于port 1,是trunk口,无论有没有VLAN Header都接受。
2 ^. E# o' f* d. N+ j1 x1 O- j+ ^. X( w/ G; Q% S9 `9 F; i
sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"
4 Z* \. P Y3 \% x! c6 \
9 E( Z1 [2 C2 U对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag
3 Q7 |/ U3 P# q
9 k( S) P( _$ ]' Y- m$ sudo ovs-ofctl add-flows helloworld - <<'EOF' 2 H! W6 ~9 i& R$ }
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2)
& l. [, J& R3 r3 T% M5 Ktable=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
8 H6 L3 o% P; ptable=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
* ]' j7 O3 G( t( ^4 y2 @EOF
. S. i: [: k; o# K0 t4 z/ `1 [( g# E$ R% i
$ sudo ovs-ofctl dump-flows helloworld - I5 V+ l, a R: G' D4 V- |
NXST_FLOW reply (xid=0x4): 3 }; z4 @1 x& P+ t9 _
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1) + m4 z% `8 V7 Z3 A$ e3 {3 t
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
: K% {0 d& f; P2 ?: T1 Y" Bcookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop 0 }) p: @, t6 I1 q/ Y0 p
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
2 ^1 q K$ t* B; w( R$ \5 qcookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 3 k, J+ p% \' c& u6 \- @7 v# D
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
+ z+ g! w+ F! D$ x2 ncookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2) # f; ]- `+ L. o, m
cookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop8 a4 X( `! O E7 R$ y
- y. B' b3 ^1 O
测试一个从port 1进入,tag为5的
( M6 x, z, H; x' s- k# w5 v1 m4 s' ]# P& ^: {
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
) ~3 X {3 J Q4 ]# C$ _4 ]; OFlow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 & s; I# P( d+ h$ o" O
Rule: table=0 cookie=0 priority=0
9 @( t5 Y0 o9 j6 NOpenFlow actions=resubmit(,1)
7 `; Z8 v1 U( U- J4 y# v7 `: ~" W7 w7 R5 ~) @) y) B9 J2 q
Resubmitted flow: unchanged
9 N) V8 j9 I! h! v7 b) X! ^/ D& r Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
" x( V8 ?' ^0 V; _* k Resubmitted odp: drop ! `1 m2 S9 [6 U* ?8 C7 C6 b3 U: L
Rule: table=1 cookie=0 priority=99,in_port=1
2 _, V. K+ K0 Z, l OpenFlow actions=resubmit(,2)
) w8 q+ z+ {4 D( \+ A- p' h1 |8 l. E0 f
Resubmitted flow: unchanged
1 O0 s( j" e) W$ r* X Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 t; j/ E9 g B# W4 m0 k; D0 D+ W
Resubmitted odp: drop / K& e' W) X5 F5 _" _3 m
No match
. Y0 q1 o5 {; h `% a7 \! `4 S1 e- K$ f- O+ s4 g( r( z
Final flow: unchanged
9 D. {! z0 q7 h. b* FRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
0 {1 c _9 l) H6 ~Datapath actions: drop
2 h- H( \+ _. M1 j1 w
! w0 @4 t) M- _* W+ t. L. q测试二,从port 2进入,没有打Tag的( Q3 m3 }1 O% L
* Y0 h; X) M; q' e3 i
$ sudo ovs-appctl ofproto/trace helloworld in_port=2 - Z, U# Z, j9 w7 m0 L) Q
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 , I: ^$ K. n7 [$ M
Rule: table=0 cookie=0 priority=0 * s A% K; ?1 Z' A/ F
OpenFlow actions=resubmit(,1)
9 g; H: R/ h; `1 V! z1 _
( w! N4 H! {3 D! w+ S C' O Resubmitted flow: unchanged + K- }6 p# h D: e5 L
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 0 c2 c; F: M! U
Resubmitted odp: drop
2 K( b0 i7 U# L' |( U# F# s3 L Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 ! \0 f% I- s% S( |5 k# y' N
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)4 O3 s+ \9 H: r
; o% T: m2 x. X! E: G
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
" t- O/ [: N( E4 t Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' \7 S- P) _3 q9 d: P4 I) ]8 f
Resubmitted odp: drop 3 f9 |4 o8 M% w' w
No match. v& f; d1 e7 I8 i% j$ V
0 j1 i$ F4 `) |1 G% xFinal flow: unchanged
) ?" ~% e, h4 z/ M9 J) _# F& D8 hRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
3 h$ v- }* |! |: kDatapath actions: drop3 f- ^5 y2 m# q
+ J/ Q% G& \6 c7 ^' g测试三:从port进入,带Tag 5的7 ~7 y$ n4 B+ `; q
# U$ y/ ^- Z V6 j$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
* _ c# b% u2 TFlow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 3 @1 v( Z, L7 v& ?1 X, s+ h. Y# \: Z
Rule: table=0 cookie=0 priority=0 ( N1 i; }4 r) T7 ]# C" V
OpenFlow actions=resubmit(,1)% J8 |5 R9 N- X0 S
/ \/ I0 A% ^, W Resubmitted flow: unchanged 2 X$ u! A2 s$ r5 P' {* Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
x. @! P4 I4 i Resubmitted odp: drop . T' z+ E2 R3 a: z0 {+ Y( u
Rule: table=1 cookie=0 priority=0
& ~; u$ m& l% n OpenFlow actions=drop
# v+ v( U( `! x$ j# d
# y: r# e3 r1 \Final flow: unchanged $ C) A, Z" ~7 B3 ~0 N ?0 W1 V8 m
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
: V4 ~$ i# y) y* S- _Datapath actions: drop5 @6 Z/ O9 ~. w8 F! [
8 f" K8 e& `3 Q+ U# n8 x
实现第三个Table 2: MAC, VLAN learning for ingress port
: _0 e/ @7 F) C; L' {: Q: \0 z0 U5 _
对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
6 ]( M7 D1 q" x. @6 G" N. u0 O
0 ?9 s1 _! C1 `/ z0 p这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。2 q3 Z% m8 o9 w7 c { Y
+ n' e0 @4 M# [0 i. U4 u* J- Y, f
OVS也要学习这个,并维护三个之间的mapping关系。
1 ^6 ^$ n1 y# ^9 U- q2 Q1 X2 ?4 r
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
# w6 |/ ?2 M& y5 y. d8 Q: d
8 N# E \0 K1 b% e* Rsudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)": y' G! j# x4 E" c
' M/ _- s' ^* K8 d c这一句比较难理解。
: M$ C c8 @4 w5 Q3 H
& X' z3 u+ B) A7 nlearn表示这是一个学习的action
6 }( q0 H8 y% N$ j: w. ~# F7 |5 M
table 10,这是一个MAC learning table,学习的结果会放在这个table中。
+ ]+ o q$ H( j8 t3 L: _$ z! k
; u" _( P9 S3 O, HNXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。; O! N5 L4 a9 x! S. A3 j9 j! I, t
* `# M( e$ ?" H; ^0 a( MNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。8 ?+ T/ |. @' [' n9 C6 g0 K$ _
2 Z9 }) g! F# S3 W2 q4 r
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
' W2 v5 X1 A; \8 n
; b2 O8 q1 i# t3 d; h% r一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。
; N6 p0 U- I" _/ z# _* ?# V& \2 q; v
( D5 c5 f! b9 I8 E- Q4 i( ], h我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
( ?2 a8 Y! \( x5 I V' }2 s( v, @% x0 t J" y$ z
cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 - s6 V( ?! w( b0 @- H" T. r/ y
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
& h5 s* U5 O/ E. ?" @9 L& h cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2 - x9 H; L2 r s7 S
cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop , i4 F! o: N1 v' m: |6 @1 Y0 B
cookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:23 b8 W: M/ ]. E4 H% _' K
. S7 V& Z- [3 s1 N1 O这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.
, Y8 b, |) Z/ d3 ~- y% Y& Z# U0 p9 a2 ~
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。. o8 L- k; l# z
! e% p* v& S) t1 c( ?上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
2 r; c0 F6 K; ^/ E/ G& y
0 _4 c) q$ k' I8 l: E4 Gtable 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int
$ M+ B' X, I& i2 S1 K
! O6 k; M, d6 HNXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1
! v! o9 |. A0 o8 \$ f3 e! R
; P2 g" |/ l; ?/ u1 | JNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc
. l5 Y' w5 I, ?) O5 J. k, v' G+ s& o+ d! V
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan. P% U+ Z9 U, e: o, [0 w
4 \: C) l7 I X# @load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9' Y, t7 f4 ~+ X* z* q$ m
, ~0 c: t4 R' O; C: A5 D8 ^output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:27 ^! L% f! Y# O" Y2 T
; Y Q1 t' h% v' l- R. V& j测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包9 G. f) ^, k* R, i* r$ U( C" H8 B/ x
/ K) h% L: C; P9 W, K
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate
/ ?: i' K, {0 ~* e bFlow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000 4 S4 P {4 |, }9 w) v* e. q0 E" P
Rule: table=0 cookie=0 priority=0
4 Y0 N# T4 Y1 m0 zOpenFlow actions=resubmit(,1)
: e+ p5 E% Y; J& U Q; T. B5 C/ T3 q. e% {6 c1 U. |9 W9 z/ d
Resubmitted flow: unchanged
. I) D' S2 k; L+ R! o. U Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; E* C, g4 B) `; e6 a; ]" e Resubmitted odp: drop # f, g1 O7 H+ b- N+ n3 C' ]
Rule: table=1 cookie=0 priority=99,in_port=1
" T9 F1 p* A) P OpenFlow actions=resubmit(,2)
5 g# C6 D+ D V# ~% f! i0 X3 U: E8 i' `. b0 p2 G/ J- L- A
Resubmitted flow: unchanged 0 O9 C1 W: |/ @/ p* ?# V. t
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: g- ]8 U; v7 V! V Resubmitted odp: drop . S/ y" G% g7 K) F0 y$ P
Rule: table=2 cookie=0
4 q" N4 H B% C/ c3 k& Z OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
7 v, W3 N; z: y1 _# d
/ L d9 P7 S! U# \ Resubmitted flow: unchanged 7 G3 O8 O* S6 `
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 k4 Q4 @1 @3 Y: X5 _ Resubmitted odp: drop 4 V9 f: K& A- n4 f* V' I0 ?0 k* V
No match. m* k* M5 E" X) |
# ^( b$ r- d! H6 }. ?
Final flow: unchanged * @8 g( f' \- t; F, k
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ' v: X. c0 x6 i: e! u+ c* x
Datapath actions: drop
" f, Q& K" Z9 d" m
4 X! j- L. k$ w( P$ sudo ovs-ofctl dump-flows helloworld
4 e3 s6 C+ U' }8 ZNXST_FLOW reply (xid=0x4):
& m2 t1 a: l" f! ?' N' ^% x9 Mcookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
! q I6 r; L" e8 Hcookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop & F9 b8 B3 n6 N& X% V
cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
# _! k) |+ |. c, |; D3 J" M4 |. Acookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
: q% _2 b9 {7 D+ B% Ncookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 5 d3 v- I/ A' N% _8 p( k
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
1 D* |& d& e/ F( i& M* v0 ucookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
3 R$ ^' J2 Q' |6 A8 z& ^. L6 i, ?; F% Rcookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 0 C' Z8 m: c0 u% `: }
cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
* v% n9 A$ ?) f2 O% m, N& d cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]9 `$ {: Y1 I1 l' w$ n
9 _$ N- S. q7 v! |0 Jtable 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。1 t$ P- T b8 q8 I R& v1 r$ W. A
5 u# c# U5 a2 T/ N; P! S' i0 y, Q* J
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02- _- i- S, A8 Q. b3 ?2 e
! t1 p9 c- t: ]& B+ T& g7 L
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate + E! ` I! }* \
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
3 ^# B5 k, r6 {6 X$ f, a5 [Rule: table=0 cookie=0 priority=0
# v9 c4 w! W$ V) D# V8 U1 POpenFlow actions=resubmit(,1)# l7 N) @. a. a; B( ]8 C" s
! l2 e4 K0 }: g$ s/ v- e7 g# H Resubmitted flow: unchanged + Q0 J* s. t8 _; R, T
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 o* b1 j4 Y6 \2 j- |5 k
Resubmitted odp: drop
9 k3 T* o5 q. W& O9 y# u5 K5 H" ` Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 - q& l& v" w* @7 o+ T
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
1 i; U9 ~) g/ [2 Y4 I6 `. `: v& G9 m3 @* ]2 l! f4 O% s8 x/ H
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 . V. @/ Q' p/ I% ~3 u6 B! [
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % E! ^* S8 J$ s. @
Resubmitted odp: drop 1 m. \' ^( n4 a( f* I) y$ F9 u$ E/ O
Rule: table=2 cookie=0
# c2 b9 k$ b( W. E8 K9 j OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
! g. p" ?; ]4 J3 f# Q9 ~% I5 y; g# }) \5 P, }- X/ j. |/ k
Resubmitted flow: unchanged
' u) p% A# E) V7 u) F2 w" m6 Z Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 b5 i. M4 V" Y$ i& l# w# o- U8 G
Resubmitted odp: drop 4 i6 O* }# y' f a
No match
( a) b; P7 ? U* e7 S$ ~9 |. J; z
Final flow: unchanged @0 I) ~' L4 N, ~; R8 H1 w- T
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no % }/ l7 p3 [$ p# v7 `& @" R
Datapath actions: drop1 {! U* l/ c3 H* E4 ]
0 d/ o- k o( {$ ~6 Q$ sudo ovs-ofctl dump-flows helloworld
2 J. @. [7 C" x% R( }3 G; C- aNXST_FLOW reply (xid=0x4):
8 K: g/ I9 O, D- h, z8 \+ pcookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) 1 k' d7 c6 f1 [6 i
cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop ( U) X& r- C2 X6 ?- n2 H/ j
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
( Z& ?9 a2 ^1 K! n% d2 w S( hcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 3 H$ W. t; X4 N! n) _3 A8 a
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) , M8 m5 J& |, a( [5 B/ f3 x
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
4 X( x$ F* A, u6 L5 S1 Xcookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
- d5 D1 B9 {+ d% E0 [. c6 ?; bcookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
# T2 @, g8 p7 B3 Ncookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
, ?0 k% W3 N% @1 G cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
& k7 C( C# T, O$ Acookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]& z9 }7 M2 e2 F# V4 q
1 n: }/ b0 s% g0 t# R( }# d
实现第四个table 3: Look Up Destination Port
$ R( X! `5 f# Y! a3 N# O5 Y
: u- d3 ^$ O$ `3 }9 l在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood0 V! Y1 J* g( S' f( S* n# R6 U
& D& J: L) J l8 ]
sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"7 k( u7 X) i' o
9 |7 i$ _! b$ G1 A3 g5 [
添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4
6 ^$ S% t* p- n: m5 c1 s6 J0 y9 r0 ^0 V2 `
如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。6 v4 d. P6 Z7 J; g; h" n `% T
& N% D/ V* T, j T: I1 J
sudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"; d; d* `* F L2 k& M1 K
" C ]' F+ N- {/ G E5 Z我们进行一项测试
) |' j) A7 {- U7 i- z. s3 Z$ x4 y
4 d1 i4 P8 a8 {7 i1 O$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate " y2 S- W, l5 b, D: t, [9 h: L+ o
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 1 r) h, I, r5 f7 T2 h! F+ E
Rule: table=0 cookie=0 priority=0 + a- Y" ^; _7 c( @3 C0 q
OpenFlow actions=resubmit(,1)# L: H- y5 v5 I) G: ?; V d$ ~: G
& |/ R- K4 B/ m! A# W1 ^; b) P" f6 E0 {
Resubmitted flow: unchanged
% F# m0 [5 F) L' f5 k6 J Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 # x' ]) Z8 P: G
Resubmitted odp: drop
' d2 B8 P7 P( _1 } Rule: table=1 cookie=0 priority=99,in_port=1 : \& @$ y3 ?! k4 D
OpenFlow actions=resubmit(,2)
4 ^4 n" l% \1 F4 O7 x V
! a: S6 T, i5 h6 u z Resubmitted flow: unchanged
4 T7 ?. R+ T% x# v" y& a6 b Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* M$ T- Q$ c' ?- p6 M# |3 Z Resubmitted odp: drop ! g* m; c: K4 c' u7 {; k
Rule: table=2 cookie=0 " }5 g* X+ _# S, Y- ^8 U
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
% X4 W) F4 v9 I" n K. G, s; W% Z9 M5 K; }
Resubmitted flow: unchanged
p2 w6 U! h) F) k, g Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 C) \& f) q# A! Z Resubmitted odp: drop
. k1 B% T( p% z0 u, M; q Rule: table=3 cookie=0 priority=50
3 [) m, g0 D4 @, M/ ? OpenFlow actions=resubmit(,10),resubmit(,4)
# j2 X4 l X7 g! P5 J9 e
+ T# i6 T2 \$ X7 h Resubmitted flow: unchanged 8 R' j/ _ S. b% H% a
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 H0 |# B& }0 l" l9 m6 V5 m
Resubmitted odp: drop
# ~- h- ? K, t/ w No match+ m$ J T% Y* Z/ N3 K
+ U) e2 b1 E) V Resubmitted flow: unchanged ) |1 ]$ J0 Y b7 r+ |7 F, f
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - @4 `$ U7 c* @
Resubmitted odp: drop
! [; d f( d, \/ w, H No match
1 R7 l8 r6 d& H- B+ w1 h6 p0 S" J# u, t9 n; w& x
Final flow: unchanged
6 F: z, g$ D5 a4 @2 n3 {Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
8 w$ }8 U3 Z8 D# @! X7 tDatapath actions: drop
5 E* P' n5 a. N8 {% }( F
* X; N: K$ o. c$ u; R4 Q' M% C由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.
' Z. l& J; T4 p7 j0 J# |& D% ?' ]
# _9 p, W9 D6 A& s但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01
- S: d# n# i5 E, `7 q* U3 z- Y! l2 s2 f& E, q* ], u
$ sudo ovs-ofctl dump-flows helloworld
7 S5 y4 w K6 ?0 B1 k$ pNXST_FLOW reply (xid=0x4): i6 m$ c$ m* W3 b
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) # _$ Z3 w/ p6 F: R B4 A
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop & e* b2 ]! q5 }# h* Y6 Q0 a$ q! o) N
cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
; x/ ^8 K' w/ V) _! N6 J6 @cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) ; G6 M8 B- V' H, S: s/ b+ z' N/ M9 ]
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
9 u% R I9 H3 X( _3 _cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 1 ^% L1 M9 j/ Q5 r/ [
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) : O* b) j9 u# t8 k
cookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
0 h! k; ?3 k3 Bcookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
; P6 [3 G6 U' Y& Ncookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4) / X1 p+ r F. f: Q, w$ g0 ^5 x
cookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) . i9 r# x3 Y. r: c" ~" r
cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] & e# C6 L1 n- M& b0 Y# O n
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] * h0 h8 s% V8 F' E; t6 e" {
cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
8 \/ o9 S4 N1 ]1 T8 n4 u* b
( o3 _6 b; H5 w. @下面我们进行另一个测试/ O; L6 D/ d: {$ Q/ W$ }& a& L4 J
7 F* m2 Z6 p) p
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate
. V. z, ?# k/ w( f CFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 1 I% q r$ ?1 `7 _- m( z
Rule: table=0 cookie=0 priority=0
* @- K5 M3 c/ \$ S9 F. o* d+ }# KOpenFlow actions=resubmit(,1) V$ a4 `0 o0 r S
0 o$ A" a- h! Q6 ^$ a( p- z' |0 t Resubmitted flow: unchanged
% k; \( v$ _$ T; { Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' J5 V- ]9 G& j$ a* a }6 o/ B Resubmitted odp: drop
9 b0 d# Z2 B3 h% }9 B1 i4 t& r Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
8 V4 u3 G. T T: T OpenFlow actions=mod_vlan_vid:20,resubmit(,2)$ k, z6 k* X3 H
- }; t6 c6 T3 I' ]
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 ; z. f( t- m9 ] U
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 0 g/ ^2 X% [7 c% n: h; i' y
Resubmitted odp: drop + W- O) r& t9 V! E2 [- Z
Rule: table=2 cookie=0 : Z: L* \6 [& Q; g1 p# P# x
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) y: K# n" ~& j _
( R2 i6 i0 F' V4 ]8 }
Resubmitted flow: unchanged
2 a4 \( C0 H2 j# l Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; V6 U+ C8 E9 Q Resubmitted odp: drop
# R- A C3 ^5 o Rule: table=3 cookie=0 priority=50
7 h5 u9 O! s8 ?0 Q7 M( W9 X9 j OpenFlow actions=resubmit(,10),resubmit(,4)- y, K9 O9 L0 l/ A1 r! K F+ }
& v/ _; \% ~) k5 O
Resubmitted flow: unchanged
- Y6 [) p' k8 @: M* a0 i Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ; r* [% n& l5 O$ e
Resubmitted odp: drop / v; q8 F& g* Q5 Y" _5 N
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01
; ]) y, t& F9 B/ r0 [ OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]2 g" P* V" w$ \4 q) X
4 p7 U% R* h8 D& C5 } Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 1 C: @3 P t) E" t) d C$ E/ J
Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 z1 A. e# D4 [0 F( y
Resubmitted odp: drop
$ F* ]2 @; Q, d% v7 d' A No match% X# Z" G4 E! t5 H% ]
, q6 N: N0 G" i7 pFinal flow: unchanged " t" I3 a$ O5 `% ?5 t Z* @
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no 1 r3 x. I J9 S u5 p. I
Datapath actions: drop
0 ^4 f: x, A% c# `6 }" E
) O- E# ^& w, {0 e3 h因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01, b6 G& H7 E5 O7 F0 _; u
7 y$ s" \# a' J% a2 R
下面我们再发送第一次的包: Y. Q$ u) h3 _/ T$ e4 T, M
9 u% B# v8 L; F/ {- p, j
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
0 k( z" V/ m$ C8 S) P2 |9 h+ BFlow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
, j' \8 K% p6 o; g8 r- ]Rule: table=0 cookie=0 priority=0
" ^ D5 c! d/ s* _. {& C/ U, VOpenFlow actions=resubmit(,1)( S- X( q/ I- ]0 j( F5 g
, S& v) ?5 e& P) h1 X: ]
Resubmitted flow: unchanged & ?# h/ X: Y1 i1 m! f2 q `; d
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 V. z3 F2 Q" }' H& N) S- i2 ? a5 s
Resubmitted odp: drop
4 {2 |* I' _ Y4 s+ M# ` Rule: table=1 cookie=0 priority=99,in_port=1 9 [8 o, b9 y0 ?! Y$ b% r
OpenFlow actions=resubmit(,2)8 v3 [4 B" N' H H" t
& K% m. p0 \ R( s! H [$ h
Resubmitted flow: unchanged
( D8 p1 `7 k! W/ [8 D7 } Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) p; N/ V2 i" b! m6 N! x% T; t" Q
Resubmitted odp: drop
, ~% Q& q9 k8 X6 ], o4 q% Z Rule: table=2 cookie=0 0 P2 V5 u! |1 t
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
5 o$ s/ p8 ^& m6 T( W3 n9 _0 s v: h6 y
Resubmitted flow: unchanged 3 r. M8 ^# A, j/ E
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 2 l$ L4 x0 r/ ?0 H Y3 i
Resubmitted odp: drop
9 d T/ z: R, X( b+ G1 s/ |+ {( q9 F Rule: table=3 cookie=0 priority=50 ' l0 z: L) m) ]; N" L5 J+ i! C
OpenFlow actions=resubmit(,10),resubmit(,4)
' |6 F. R8 {& Q2 }1 N% y* w) `* U6 S8 o8 p" d
Resubmitted flow: unchanged
0 P0 m& m0 w, U. }: {( ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) z7 d8 o6 l% i( f' H- l4 G
Resubmitted odp: drop # f7 C; w$ B9 l+ X( x1 [
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 B/ Z9 `* p* Q/ k! d( W$ u( {5 r
OpenFlow actions=load:0x2->NXM_NX_REG0[0..15] A4 m2 }/ y9 R1 Z
: m& y6 G- {( a2 H2 t
Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 - k* [: [" E. k" c+ n, ?4 h8 n. v0 E
Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ Z$ ^9 `, o6 q7 B! | Resubmitted odp: drop . l$ s% I, {0 z
No match
4 v+ Z, ]/ ]8 F0 I
( c( S* u2 _& f" v& F) FFinal flow: unchanged
# f4 B( j& u% T/ ZRelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
+ T2 H1 S' S0 b. v$ \Datapath actions: drop
4 F& O$ x0 Y$ d2 `9 L1 Q7 U I
$ s p# I, O4 w' O0 `3 M发现也在table 10中找到了记录
* P) R- i* k: V) Z: A7 O5 b* m2 ]3 X5 e$ G: T
实现第五个table 4: Output Processing; [7 R2 z/ V- T/ B) F. g
, V1 N1 [8 @/ ~. R/ q6 k8 S" t( Y1 t
这个时候,register 0中包含了output port,如果是0则说明是flood。4 O3 _) ^0 p$ S# F! N+ q4 }
, e& u x, Z* l1 b
对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。, d- U4 P6 M9 y, p
! c% r: ^ w4 P- Zsudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1", j; K* R7 X* @* r( \% b
4 C U: D7 |- X0 B对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去+ x2 [& y0 l" @; ?$ b' `
3 d4 H* e8 G0 L L& L/ z
对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去
8 k- h8 k1 n9 y$ S% x- B* N% b9 U4 J! }/ J' ^2 f
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
" E9 C) \9 y& Y) k# a$ D table=4 reg0=2 actions=strip_vlan,2 ; J8 Q7 p* ?! \" e
table=4 reg0=3 actions=strip_vlan,3
5 r/ {- b& ?) ~0 ?& `0 V table=4 reg0=4 actions=strip_vlan,4
2 s7 G: q) e- ~0 n* Y3 Y# A3 MEOF
/ u. I8 s! |% B& _6 B6 {) K3 t
/ D& q) H' Y8 c3 a- k对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。
" R& x- |6 }! f' S! _/ i/ l; E; U# g5 M$ m8 @, H
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
8 r6 k$ e' X3 F2 i( R2 t! R table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 5 E3 F+ x) Z/ D3 E7 d0 {
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4 1 x/ \) m& k' `6 r9 ~
table=4 reg0=0 priority=50 actions=1
7 A3 h& O! f" D0 v& O9 Z* b2 YEOF
. I1 m4 G- x7 z, Y* p, C; @( J r4 U/ j( f& P5 i V9 j1 ]
所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。
& r( [2 L( F. u+ N$ \" v, d; f' Z: Z/ v: D2 g
$ sudo ovs-ofctl dump-flows helloworld
. E" d& q% L% FNXST_FLOW reply (xid=0x4):
2 W$ a X! U8 z9 ecookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
4 T5 b$ u0 n% G- j' ccookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop z6 I0 a$ @3 R+ @ P
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop . c! I. d& q5 {8 i, V
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 7 i6 H, R2 y! j' {
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 3 T- s: U% n0 t- E
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
! s1 M) e5 f6 U# k( _8 bcookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) - X( W# t4 M! f, f
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
+ i; O- p8 e1 W2 R# Scookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
3 L1 `/ L0 Y1 u# Zcookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
* g) g; m( L5 ~% J+ |- }5 ?cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
6 d* v9 `) W% x: Zcookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3 2 b9 [; \5 c! \
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 $ ?9 u$ E; a% h- g9 |, M8 Q; w6 \
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1 & [% \ @; d- \' i9 A% Q9 ^! b6 S
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
9 x+ O) m. ?1 V0 L+ B: x- V! ]9 i6 @cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2 ( L& O0 h! r, g* y. n
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
; r# u6 y+ R1 `4 L! {3 ]/ n. Mcookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
/ R9 R* }2 p) y! _) h8 i" [cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
9 A6 X- I X. V" A4 ?* ~cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] ( h7 J2 h" i' V
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15] ) U& a0 Z, e1 R- I
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]% X1 _: V& b+ n' |% X8 F- Q {
& C2 i: ~6 T' d5 {$ U/ b首先来测试一个multicast和broadcast
" f: ?, c: s" V/ P
& d3 M7 t6 c/ Y2 h* Q% f3 S- |如果是一个port 1来的vlan 30的broadcast% ~% S. V: W4 W+ _, W2 y
( _2 g7 }: s* `' A; `
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
9 f3 g- N7 t/ p8 bFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
, \3 A8 Z/ c+ D- N" m& M6 hRule: table=0 cookie=0 priority=0 . C# U) _, E8 o
OpenFlow actions=resubmit(,1)- A; H* \2 u& {. ^& u( X
% U) O6 C0 I' W) s n5 T4 M8 q
Resubmitted flow: unchanged
& T% b1 D! \ _, x Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 7 [- ^" | M& z$ S6 M+ K3 e/ I5 J
Resubmitted odp: drop + q, b( v. }0 A6 s5 @
Rule: table=1 cookie=0 priority=99,in_port=1 ( U# `. {' S! [% a4 |! f7 ~
OpenFlow actions=resubmit(,2)* t7 B, V- Q6 b; |( E4 w3 [. Q) k7 T5 M: l
8 v5 x, |0 \7 M7 x6 i
Resubmitted flow: unchanged * j# }9 t0 W- F) {& U' C
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 ~8 d% I9 Z1 q3 f
Resubmitted odp: drop 1 {: o: P S9 O, Q7 J$ ~) Y
Rule: table=2 cookie=0
; q4 z' }, Z1 r& j OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
* l8 T3 M7 f" C0 G9 g0 b
" K- g, Y* Q. M( f' R; G: ~ Resubmitted flow: unchanged - u2 @- g; E' N( E5 }
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! C& _' ]$ Z0 ?$ j: l" r Resubmitted odp: drop f( {9 b* }1 ~0 p q0 U" ]
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 9 E1 w% [7 }1 n( x! x. _, Z) {9 R6 Y# C
OpenFlow actions=resubmit(,4)- n* V1 b: F$ C. I3 q
3 k9 T& `/ ~2 V4 m& \ Resubmitted flow: unchanged
* j- V; l* U6 S3 T4 l/ ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' O6 u: i: d" H Resubmitted odp: drop
; r1 p/ g5 L* i3 m J+ |3 O Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
5 B0 o; @0 h& k; J9 |2 c* Q* E7 L. X OpenFlow actions=output:1,strip_vlan,output:3,output:4 2 E4 h2 o3 H9 ^9 [
skipping output to input port
! `& o6 h" X& w+ x2 l2 u* {
0 R( z: L# y/ h4 }* F7 rFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 ' I# {# C) x3 j0 C" [- p- D9 O8 `3 i
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
; J# E" E5 ^& d" yDatapath actions: pop_vlan,12,13
! A: R% v" w) {" c! Q+ ^/ B: l4 S6 M( i- @) A. F
结果是port 1就不发送了,发送给了port 3, 4
5 N) x& V& P& \" i7 `) f2 F
' T& H8 F8 r9 U6 y( V) ]4 C; N$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
6 S6 o# j+ \ P- N* V' s) tFlow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
# { b# m/ E2 ]: V" V tRule: table=0 cookie=0 priority=0 ' d' F7 I( A- w
OpenFlow actions=resubmit(,1)" w8 S2 t$ F% g+ k+ t$ W# {
+ Z' X% p* N6 L, v _% ~2 ?
Resubmitted flow: unchanged
) ^) f+ u3 c, o# J6 `# {: w Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! C/ w5 m/ \, c% w2 t$ D9 s+ W
Resubmitted odp: drop
4 t5 t) a4 @6 T Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000
: |/ r. |+ O$ k OpenFlow actions=mod_vlan_vid:30,resubmit(,2)+ R/ `% f5 K. K$ n( w1 R5 K; p
0 e" E# }& j3 o: @) M1 i9 I
Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 5 b% \2 r, U) m
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + S: s) u! p6 e7 y: T6 x
Resubmitted odp: drop 9 r1 I* d) s" T( R: ?9 d3 C" Q
Rule: table=2 cookie=0
2 A$ r9 K$ [( o- ^ OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
& X3 @7 n/ f, K5 R( V' ]( A9 P1 H* F$ Q6 N. J
Resubmitted flow: unchanged ! q5 k( E" J' g+ h; L2 M; o
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , I# f" ?& E8 k+ R! T, x; \9 k6 V
Resubmitted odp: drop 7 z2 c+ ^# u/ O& X) P
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
, M% E4 j3 n) b8 j OpenFlow actions=resubmit(,4)! W( h8 m) d8 T. n2 U7 v
8 U& f3 A9 ^& ]& i+ J
Resubmitted flow: unchanged
8 P+ |% M! K7 ?: q8 y Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& U3 @8 Y# m) y( U3 N Resubmitted odp: drop ) s8 _" D( D: A0 w6 R0 Z2 ^5 S
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
! B, C8 q8 V5 j" v7 S& P3 h OpenFlow actions=output:1,strip_vlan,output:3,output:4 6 M6 {' {4 g/ K! B2 G
skipping output to input port
* n0 ?& L. N$ F) }2 n% R) Q5 b$ i8 F: U
Final flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 : p3 q% K' R* r0 h5 O* l7 m$ W
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
. d3 f1 I# x, k9 @4 DDatapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13/ W) Y% j, X6 o) z
3 n. }, }5 h0 l( T+ s
接着我们测试mac learning( t7 X/ W; e8 g8 D" s2 b9 H( t
4 T5 h* y3 @; |/ @1 _/ j; O$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate * O% O0 l5 n- {2 e% b
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
. N( D- }- P* I) K5 O& pRule: table=0 cookie=0 priority=0
3 U" @2 u% v! d6 r6 L) OOpenFlow actions=resubmit(,1): W) Q/ _) S1 e) k4 t3 ]
. _- Z7 _" z \) y/ x4 H/ a6 E3 _
Resubmitted flow: unchanged
5 o4 A0 M6 }( s0 F Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 T' D3 t8 n6 s# J
Resubmitted odp: drop 5 S: W! S! Y; L
Rule: table=1 cookie=0 priority=99,in_port=1 0 X- {' x0 m6 Z0 G! K/ D# y
OpenFlow actions=resubmit(,2)
1 k& P8 V2 B# ]0 Y) M# S6 S# O9 \ e8 ^1 o7 S9 H" U8 n
Resubmitted flow: unchanged
]3 a$ a @7 Z" J; u8 ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & w$ h$ s0 v& b5 X
Resubmitted odp: drop " T8 n3 {. ], m5 q! }% H
Rule: table=2 cookie=0 0 w9 Q6 v: A* }0 O- E, l% B' {1 N) i3 v
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
+ C" g; J" G; q+ f
8 |- y: {5 o- K7 O Resubmitted flow: unchanged
% f8 U. P( R- S/ d( O5 Y! A Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 1 k; e. A W0 G1 i1 E4 i# q
Resubmitted odp: drop
4 h9 [* p/ _. M5 x Rule: table=3 cookie=0 priority=50
2 o6 m4 L' ?" L# q/ | OpenFlow actions=resubmit(,10),resubmit(,4)
Q+ P5 z* O6 \2 Z9 Y3 b
b3 s1 n, W, e" v; U2 D; a Resubmitted flow: unchanged / {5 a8 `- ?' q. \1 m. }
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ; f- F/ K$ m: }/ N
Resubmitted odp: drop
- @. R& R T2 j: X, {" L' S No match
8 \4 s' i3 Z! W. y5 H* o) T5 t* E9 m/ Q" w1 [5 z9 z& y. d: U9 r
Resubmitted flow: unchanged
3 M- k6 z) D- B h! h9 w Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
$ _' V3 s/ X2 W9 Q Resubmitted odp: drop 9 }( t* ~ \5 [; g3 x" E
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 : y, \7 G0 T( V s1 |) `) m! @; d
OpenFlow actions=output:1,strip_vlan,output:3,output:4
/ v: ^3 ]& a. L* |% x/ x2 W skipping output to input port8 K2 U/ l9 \. g# K( S. z
0 f5 O) H( U Z, x, a8 eFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 " P5 k) E. U) ^. d! f
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
3 {% J6 U/ E3 w+ _& @& {Datapath actions: pop_vlan,12,13
{/ U) e& ]7 h5 o
) Y; J3 G" ? m& X由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4
7 Q, a$ Z( w( m8 o \; y$ K: {4 s9 c; E
$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate
K+ z1 D1 M! b* Y& o4 ~' _Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
5 \# b9 p4 _% x7 j% \Rule: table=0 cookie=0 priority=0 : M) A" d4 ?( {' a) \
OpenFlow actions=resubmit(,1)
! A$ J/ |+ B$ E6 |; M; K
1 O% m; P, `4 @8 U! j) N Resubmitted flow: unchanged - {+ m/ A3 ]0 @$ \- p/ _2 ~! E
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: d/ H! i+ K) ~5 m+ f Resubmitted odp: drop 5 C' |4 I b( i. S* v* D- M7 x
Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000 ; n' i1 F, ~1 z- W2 A ]
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)/ e1 \2 `. W! S3 [* V- h8 r
. t, v. Z9 t9 N% A8 y Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
3 g ?3 x: t$ b' q4 C' \ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 0 W3 @6 a0 b9 c9 `; v( D* j0 ^* m
Resubmitted odp: drop
! Z$ [: |; z" t v Rule: table=2 cookie=0 8 _7 V, f; }# `- \
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
6 G6 a4 j M5 k1 m4 d0 w! | w$ u6 V2 Q0 y7 M f
Resubmitted flow: unchanged ! Y/ |# t% N6 E- S6 S+ B
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 V8 s" d# q0 J Resubmitted odp: drop . K" }5 S! d# L8 U
Rule: table=3 cookie=0 priority=50 / A5 }5 [, M3 u! u+ Y
OpenFlow actions=resubmit(,10),resubmit(,4)0 y$ G* O5 M4 }# B4 n8 O) |) I
* v+ r: T8 ?$ I, P6 F X
Resubmitted flow: unchanged b; R2 {* X' p8 e7 N4 l$ R; N
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& K* V6 s1 W. X5 x" y Resubmitted odp: drop
$ w' F6 f2 \6 s/ S" o Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
! A1 A! x1 ` E+ N" z OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
$ B5 G. G+ q. g8 G4 ~" L1 O+ N4 E0 k
Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
4 z; s8 L6 j0 I) s: h2 z5 L" t Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: `& M' V+ m1 o/ ~, o Resubmitted odp: drop
7 M3 G& ]( N" L1 ?: H: y Rule: table=4 cookie=0 reg0=0x1
' _. \" o' Z9 A OpenFlow actions=output:14 n* K# k& \, s' J( T: E6 G3 G0 e
+ Y7 r! S$ j' A6 N0 n, r, FFinal flow: unchanged
( ]/ r! P2 \- I- ]' eRelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no ; N2 f' U4 a9 Y0 K1 F
Datapath actions: push_vlan(vid=30,pcp=0),105 q7 c! e( [/ v. f4 ~) q
; G! L- f* p' T; @' d: Q* M回复的时候,由于学习过了,则仅仅从port 1发送出去。; Z9 I/ ]) r) J/ y6 {8 v
! a/ a$ B \2 F/ l5 P' |! h8 t
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
. W& E/ z9 |' e4 u3 WFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 5 J: K- s, `" f, p
Rule: table=0 cookie=0 priority=0 6 c. y4 O1 X3 b7 @: |1 H3 S# D
OpenFlow actions=resubmit(,1)
. U% U* q# c6 j% }. ?* l. C, Q* W
; K3 }* M( c5 g1 n2 E7 d Resubmitted flow: unchanged 6 ^$ Y o- w& d+ l; d4 Q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
9 i& M' @* g& J- T" w* O& \ Resubmitted odp: drop
+ e8 l8 o! ~4 M1 @, F9 N Rule: table=1 cookie=0 priority=99,in_port=1
$ C/ \# P$ q: [2 K, X OpenFlow actions=resubmit(,2)" q+ }7 }" E5 h- y) d% K
1 |! `) V/ Q" ?- u7 a) H Resubmitted flow: unchanged
3 e1 e2 B! `# M& `. {8 m Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' O: N) Z* ?% S: x: f Resubmitted odp: drop $ w* T4 I, q8 b* d" m
Rule: table=2 cookie=0
8 ^. l. D8 W. v/ ^/ Q( \ OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
4 \; ?' C" b* e3 v) Y1 p- T
' y! \8 Q8 b6 R! W) I0 n. z Resubmitted flow: unchanged 7 q5 I0 l1 ]5 X+ v* w2 e8 `
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
4 _+ ?6 b/ }+ t* Z4 m5 f Resubmitted odp: drop
l$ k& \, N1 Y/ k: ]6 w Rule: table=3 cookie=0 priority=50
5 j$ |9 o* y- I6 u OpenFlow actions=resubmit(,10),resubmit(,4)8 W0 }: ^% X* V3 P% ^* n) B
5 L& A8 `, I3 t- n- Z1 a Resubmitted flow: unchanged
4 l8 U$ V ~+ y" z, y7 u Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 G) n: x3 {) F
Resubmitted odp: drop , z0 ? R9 `- y2 q+ y( D- K @
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
. [$ f, z5 ^3 } G. h OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]. Q' D# m; s u
& i& o, L+ z6 x3 D) U4 l
Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
5 p/ w3 L& R; z, x) \ Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
9 s+ f2 a A' C9 R3 J! | Resubmitted odp: drop 0 _8 R6 x6 h/ f/ |' w3 d
Rule: table=4 cookie=0 reg0=0x4
$ B0 o/ x' U! x m) D( z, c* G OpenFlow actions=strip_vlan,output:4
7 G- ^$ {2 K' q4 w) | S* M* U
( t9 v) {2 @1 Y9 D; @5 `& uFinal flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
. j7 Y9 Z# ?3 oRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
3 {* x% }3 h$ ^/ L1 }! qDatapath actions: pop_vlan,13
$ _) A5 v% F/ ~7 p8 x6 J- X: N( B; e0 H( h& b$ i! C
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
发表于 2019-10-25 10:00:33