|
|
楼主 |
发表于 2019-10-18 10:50:26
|
显示全部楼层
关于 VLAN
+ q3 Z, Q5 p" [+ Q M设置 VLAN tag7 M6 z. E8 o8 L4 k/ a3 t; q6 d
' q0 _* ^$ h; Z( yovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal
7 E/ S* c& P5 U% E- Q: @( \移除 VLAN1 {; b) s! z) l6 H* k* V% \4 p
5 m( t6 ^! k( |
ovs-vsctl del-port ovs-br vlan3
6 | n& c9 @- a3 l0 b$ d& J查询 VLAN6 M O. }5 z) q( H6 F& d m
, G! ]6 V' E( E- }& iovs-vsctl show
6 K$ o0 y$ l. s. E: g' ^ifconfig vlan39 c: n3 c. n5 Z! d D( ]& N
设置 Vlan trunk
2 I. g, M$ h6 g" D' J; n& M- x3 Movs-vsctl add-port ovs-br eth0 trunk=3,4,5,6 i0 Q y l2 g( A" E8 b% K
/ K) {# ?& w0 K5 p设置已 add 的 port 为 access port, vlan id 96 C9 V: n6 K; m
4 Q5 W# t5 g: g4 O
ovs-vsctl set port eth0 tag=9
) }6 ?) j$ q% Q' S' c1 Z/ Eovs-ofctl add-flow 设置 vlan 100
3 {# n/ }% A/ w) l4 w1 b# v8 s: ` l+ W/ ~2 Q" N% x7 {& [5 |- T
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:32 ]* P( m7 ]0 y& R
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3" O4 n, g4 q; y1 w5 n- W% G
ovs-ofctl add-flow 拿掉 vlan tag
2 D' ]) R0 P. f$ b2 Y; B# B" k2 T* u f/ |2 `! ?% l ^. j' ?
ovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1
% K6 I4 u- f9 E" c% `) C+ U+ Ftwo_vlan example/ \0 T' [7 p; L4 O( _
ovs-ofctl add-flow pop-vlan8 F _& y9 n6 _+ V0 q# _4 Z7 I1 p
' a8 B) F+ L6 n w, xovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:12 `$ d W5 ]: s7 k, i6 W$ T. @
2 B9 E* V+ p( _/ C
% \7 K# d2 @, c
关于 GRE Tunnel
- g7 ~# ?" D& K5 J [5 r设置 GRE tunnel
! F% U* x5 w5 C" M7 o6 O9 W; {! D) ^5 R* _% \$ M0 T# o, @1 v1 H
ovs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.4
; m; g/ Z$ N$ n; g* A( `# g7 `查询 GRE Tunnel
& p9 M) T4 V- t1 H
6 o* @9 O! v8 M m |1 |" W# u5 g7 aovs-vsctl show$ _6 v5 _; v. ?* ^
# {( }2 D9 q* q: }6 q+ a# G$ S; e
关于 Dump flows
/ v7 z/ ~, ]- N* Z& M! U3 V" iDumps OpenFlow flows 不含 hidden flows (常用)
+ V% r' c9 i" [) W+ U1 {: J
* ?4 j# m6 e& f+ O+ @) z4 ^3 Tovs-ofctl dump-flows ovs-br9 {+ ]9 J. m q9 \! F
Dumps OpenFlow flows 包含 hidden flows9 O! b( g/ k* t1 l; o
/ R2 j8 A9 [0 v6 M5 R8 O
ovs-appctl bridge/dump-flows ovs-br S+ r% c& `/ W
Dump 特定 bridge 的 datapath flows 不論任何 type2 M& N9 v3 D5 ^# ~8 h% M
9 Z3 E; u7 h1 @% r+ h5 a. m( q6 ?
ovs-appctl dpif/dump-flows ovs-br8 i F( V* x2 `
Dump 在 Linux kernel 裡的 datapath flow table (常用)* G; L+ V, S! `5 [! o/ t
S: m2 q! ?! J: Q) u! P9 v5 e0 ^ovs-dpctl dump-flows [dp]. G4 I/ A) _ d# A0 }
Top like behavior for ovs-dpctl dump-flows) y$ U+ W4 C0 W/ n
8 _1 {9 Y" }. x+ U' s; ]ovs-dpctl-top
) X h. m: Z6 \! v/ [/ p. {* V3 a7 C8 N+ N, w9 k6 I& ^! L
6 \- I4 D% w" l
$ R# t! t/ o% Z7 w7 R
XenServer 开启 OpenvSwitch 方式5 w( t! c8 }* X f" L2 H
检查是否启动openvswitch服务:# w" q J* ^: ?- N) k
% W! t- l( W0 Q: ?" | S) f' dservice openvswitch status
1 Q7 ^% H% Z* y6 w1 ^$ e启动服务
% }5 J8 ]9 d P, Y; F3 T" v3 `4 u( g( F7 d/ }4 t" a& ~- ?
xe-switch-network-backend openvswitch& ?; \$ W2 U$ }% q; N5 r9 T' N
关闭服务
+ }& P7 c Y2 z% B( H* W
" Z/ a! A' z+ N$ c1 p1 V9 zxe-switch-network-backend bridge
* q# @. P4 K( J
" A. c/ M8 h+ \/ U% c6 B8 ]" n8 ]; K/ ?/ b& }9 p5 ]
关于 Log* n1 ]4 u6 h% E- I0 j) _
查询 log level list
) {8 T# `- |! g7 ?1 g( g n0 g, `8 a* C9 F: a
ovs-appctl vlog/list
: c1 c( r% C8 n4 o设置 log level (以 stp 设置 file 为 dbg level 为例)
% @+ L- P3 K) ]
! Q B$ w2 ^4 ^6 J9 q# E( Z, Fovs-appctl vlog/set stp:file:dbg
& n# q' u) q7 S! B) x! f" Dovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}# k5 D- a/ E2 `
; b; C. k6 L- G4 t" W5 G/ a* I4 c
6 K" W) ?& z! l/ V 关于 Fallback) ^# C E( h, ~) N9 ?* K3 ^
Controller connection: false 的时候, 会自动调成 legacy switch mode# y' M1 K& V# V+ U& G( ^+ a3 v( x
% n E0 e2 @/ ^5 Q, ]ovs-vsctl set-fail-mode ovs-br standalone" s" m/ j( Y( T* E5 `. j
无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default)( G; `. R5 y! j. I
; X( e& a( a% |, H3 h
ovs-vsctl set-fail-mode ovs-br secure
8 S3 G2 [! ]0 e$ B移除 z) O3 C2 y' H: E3 p5 S0 P8 R
; f& K) J ?8 govs-vsctl del-fail-mode ovs-br+ Y1 ]: i3 D, F/ k6 Q; S# @) J+ \
查询& E( Y5 j! q: Q# z" X. u* @, l4 _
6 p* C7 ~ O$ k @
ovs-vsctl get-fail-mode ovs-br0 O1 q5 d$ |7 \1 {$ A$ t+ d
! E" c, G1 Y" `6 o h9 N7 m, W
* n. U% _5 z$ K/ x关于 sFlow- S9 @5 O6 b9 ~0 b0 \* w/ U
查询
# {7 Q0 y' k$ b; Q- g }+ Y ]
, B. P; L- c( S. q) u t+ uovs-vsctl list sflow' E0 e3 ~% E7 s# s% H: Q
新增
# n% w1 z2 I7 e# O) h' Z
8 {3 J* n9 Y( V! I( [& aSet sFlow 缺, v, X2 O/ E$ Q6 K* m
刪除6 K( `, n' ]; n6 i" u8 Z
+ S! b8 N6 N( B. Oovs-vsctl -- clear Bridge ovs-br sflow
% |8 Z u4 {# K" Y7.13关于 NetFlow. ^% H! w: A; x0 d+ R
查询
3 ~9 k! L& ^. Z( L6 i1 i
1 [: V& U! s) Novs-vsctl list netflow9 A& v7 ~! i3 v5 w+ s" V
新增
8 C2 Q' @# |9 ]2 K; W
$ V' m/ m1 V8 @, n7 ySet NetFlow 缺
, D0 ^' c) r. {& F5 x刪除
$ }: e& ~9 F3 e8 i R$ \( r: W, ~6 N0 _: o3 P6 W. F; \. {$ b* O1 q& Q4 B
ovs-vsctl -- clear Bridge ovs-br netflow3 K8 S% d' F% @$ h! {+ Z
7.14 设置 Out-of-band 和 in-band) ?: Z( c( Y5 V5 E
查询
! Z. {" A9 }( a! g. p2 C2 V ?" y' F- P. j- ~6 {
ovs-vsctl get controller ovs-br connection-mode
) U: J( L1 S4 w5 [* V, C" gOut-of-band
) Q5 O c G) u& y2 J$ E9 D" p7 Y& l, v; h& m9 \) a$ r
ovs-vsctl set controller ovs-br connection-mode=out-of-band" H3 _4 {3 U* r8 q; x, V) O3 a% c
In-band (default)! g% {8 F& @6 ?# F- t% f" G
* P0 ]( L8 ]% Qovs-vsctl set controller ovs-br connection-mode=in-band
, s \/ r ~$ f4 m0 B3 i移除 hidden flow
/ b1 k/ m) H9 e& h/ V9 x1 U) Z0 u7 x# ?: Z
ovs-vsctl set bridge br0 other-config:disable-in-band=true3 U/ G7 |7 q7 ?; f5 y
7.15 关于 ssl
4 m8 z2 z5 `7 m查询7 S' U0 Y9 M$ |
7 A7 J7 {. o' F9 J, ?
ovs-vsctl get-ssl; k) n8 H. a4 |+ H" R1 u
设置- q* s2 U+ _5 @
0 N8 f' x4 b* Rovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem' o1 Q7 V8 x2 ~( }8 {) e/ Z9 O2 k
OpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl% w( f* p9 Q1 `2 F( W
刪除
2 w: j( _$ \8 E# Y. k2 T1 c! `2 s$ N0 G" r. G2 n
ovs-vsctl del-ssl0 q+ P4 z' j( E9 c- P; f
7.16 关于 SPAN
1 n' e# M- H. C# Z' o- B详细设置/ w+ T1 Y; f8 v8 e
% u: ~+ o K; ]+ f
ovs-vsctl add-br ovs-br$ I ^& l" [# g* l8 M
ovs-vsctl add-port ovs-br eth0* M( h9 A4 C& N+ F- r" L) ^
ovs-vsctl add-port ovs-br eth1; P9 D( q2 f, I/ r$ S# \
ovs-vsctl add-port ovs-br tap0 \
1 I) H! ^. o: H- t3 c2 J -- --id=@p get port tap0 \( m+ Y5 K! i7 A$ \5 d- M
-- --id=@m create mirror name=m0 select-all=true output-port=@p \
) b5 \6 d2 G6 ]6 o' _ -- set bridge ovs-br mirrors=@m
- j% O( C4 z' `将 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0$ @$ Y. K' B8 ]: x6 [; O( J: r, z- i& x
2 z$ h, O1 d* K" O [; h刪除
# U6 t7 j0 Z* m [* E9 a
' |- e4 ~# p" U. {5 N- h$ j: uovs-vsctl clear bridge ovs-br mirrors # 關於 Table* d0 J! P; E( F$ s3 Y- y% O
查 table ovs-ofctl dump-tables ovs-br
- R" e+ C* g; k
+ A9 y0 M7 W( a) @ |# S3 h7.17 关于 Group Table% A7 O- @9 i: r% l5 {; c7 M8 e! n
参考 hwchiu – Multipath routing with Group table at mininet
& A9 J; M4 K' y* O- F
3 f; y% i3 ^! u& ^: J* S, w0 s建立 Group id 及对应的 bucket7 q, E: }3 B- J' I4 r- V D( T
* L, X! H$ ?. b1 J zovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3
- k+ `6 u1 f+ d" v6 U! U, wtype 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/ope ... upmod/#GroupMod_1.31 H9 W2 N# @7 q' P! x, Q# p
F# L, ~/ A& p* B r' q使用 Group Table
& ~5 g4 h) ?0 [- L2 i5 \
& j1 i0 G! A1 sovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:5566
( R8 A$ Y$ P- @0 Y9 e8 h7.18 关于 VXLAN7 q# d/ k9 i$ b
参考 rascov – Bridge Remote Mininets using VXLAN0 j1 d1 j0 H- P9 _7 J" {
( P% d6 x( g; Y; {& C
建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9
X/ j0 f' |7 C- i8 x7 {! @
. a& L; D" a: |9 X Novs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9, {& F) u2 _% [# f( }- x' R
VNI flow by flow
, T' w/ _! D2 \4 G( R1 N
' i$ x7 \3 j; n. O4 s* jovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9
! Q! L# N3 n9 X4 q4 z p$ w设置 VXLAN tunnel id
6 G0 h1 O+ A. c, R0 u! M" _8 C
/ }" ?* |$ M' ^ovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:2! H/ m$ l" o* ^3 l; M! ?8 R
ovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1. x+ I8 [- F1 S6 H. l. h5 X
7.19 关于 OVSDB Manager! b2 [9 Y( j( e$ i$ M
参考 OVSDB Integration:Mininet OVSDB Tutorial
2 t1 S6 R( R* G' c- e
; R2 ^: k r2 Z; z F! AActive Listener 设置
% ~# I+ f2 a( z. ]5 v- y% S) S( b, c) j3 u& L1 @, D0 P" X
ovs-vsctl set-manager tcp:1.2.3.4:6640# k/ b6 t: |( j& \2 M# n, j
Passive Listener 设置# t$ F! H0 k# B6 z# a
8 [+ F$ @6 r! r# Bovs-vsctl set-manager ptcp:6640
! d1 Z# R- ^& T* g! l5 K! d7.20 OpenFlow Trace0 G( Z4 H7 A2 B6 g5 F2 W: x. w
Generate pakcet trace4 Z3 K; Z0 W3 D( c$ E' k0 G
: w* ~& J, g6 Z& o7 t3 _1 P& E
ovs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate4 U- x" i, v! m, q
7.21 其它
) ~+ q9 ^ H Y l查询 OpenvSwitch 版本
' ]* W+ z: E* `
4 E0 z4 X2 V9 j* Y: c/ Eovs-ofctl -V* n8 b% }/ J7 I$ `
查询指令历史记录
' e6 U# r1 w9 B G1 W
% ~: X1 _) L7 I* l) Bovsdb-tool show-log [-mmm]
1 g" M' f( P- F6 } |
|
发表于 2019-10-18 10:38:50