|
|
楼主 |
发表于 2019-10-25 10:00:35
|
显示全部楼层
实现第一个Table 0,Admission control6 b R' u# q8 c% c& }( w% V# t3 S) t, l
- `" U. b1 j2 D包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。+ i$ }* h: ^$ w$ h$ `
& W! M( V: e- y
比如,如果source address是multicast的就不允许进入。
* E, _; y5 w$ V; Y/ a/ b
& |% n& I$ t- p+ T0 T' t01:00:00:00:00:00/01:00:00:00:00:00是广播地址6 `4 `$ d* C, x O* X) V
00:00:00:00:00:00/01:00:00:00:00:00是单播地址$ q3 i. o2 }9 T1 o3 K
这种表示形式类似CIDR! h! \& R1 L2 l. n, @( i
于是我们添加下面的规则:
( f; t* [- P6 Z( @sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"4 f) u: ~, S* _2 `' n: c( ^4 R( {
STP的也不接受3 N& ?' Z2 _- |, f! U$ H
sudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"* Z( W( p- B5 }! t7 M$ n0 u9 n8 l
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1 V# ~# h: g3 B+ k) U
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"5 D8 M O a: ^1 M2 M
我们查看一下所有的flow0 G- T8 }3 T4 u" x/ j6 m Z4 h& y
$ sudo ovs-ofctl dump-flows helloworld f0 @6 R# R+ k; ^/ o/ ~' c0 c# j
NXST_FLOW reply (xid=0x4):
2 W/ y0 R( J _$ c9 C- @cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 0 F: b* V4 m# p+ e+ P
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
& Q" |9 m& p7 o# R, F2 W5 {3 Ocookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
' ` s. y, I0 b1 V' @6 P' C! p, x! ^6 {: L( Z& o
测试Table 0
! d0 n( r5 O* b j2 H9 x3 y' C; [3 H4 `0 g
有个很好的工具ovs-appctl ofproto/trace
+ S7 z2 y3 Q0 Y) D0 a3 f( m+ T
9 r" P) m, I9 i/ q不满足条件DROP
/ I- C5 G J5 M% ]" `$ _1 @
1 b; l; q* c* N. B$ w1 V$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
, ?% B0 L6 a( g" o6 C2 q3 BFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
B! \! [! r: |# bRule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 ( ]" l+ K8 X* E) U0 n
OpenFlow actions=drop" c" K) U; t1 A, K- `
; a4 M5 X- u0 y! O- L3 F) J2 j+ l; c
Final flow: unchanged
/ ?$ R" m( Q4 R3 |Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
- J$ T+ B" X; T, {: `! r9 |7 LDatapath actions: drop
0 J$ ~; ^+ `$ K5 B0 z, c. M) `# b" m6 V: o7 c: X
满足条件RESUBMIT
% p% Q. C% {+ O+ j8 U: q) N+ p8 ]* l, k8 z# g
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10
7 Q2 l: e; V- Q( ^- G7 uFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000 5 U6 V( E7 h& n* T, P
Rule: table=0 cookie=0 priority=0 : s/ R4 }7 E( m7 t3 h: d6 E
OpenFlow actions=resubmit(,1)
9 p0 W. Z; k$ C' s' c6 h6 R- _0 O2 Q8 B+ W. ?
Resubmitted flow: unchanged ! g! l# ?, \4 S! B. D* g
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& T& V. E0 T! s! L Resubmitted odp: drop 4 T) K( Z ~, k9 X' _. k9 w
No match1 u4 A" k; I- B
9 z1 [2 g, e I+ F1 D
Final flow: unchanged 3 s5 F$ e( u3 e* h5 n
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 0 g3 O. L7 X1 ]$ j, B ^, U2 j8 z
Datapath actions: drop
$ x$ w$ s! ]$ F9 X) V2 Y
% x. E' R3 Q' b/ }" K0 b: [3 `实现第二个Table 1:VLAN Input Processing
( S v s& a2 @' \% X
8 D' R1 N( j' B5 T% O/ k1 U首先添加一个最低优先级的DROP的规则) m( d- S, w1 p' {' N4 V3 k3 I
, [! H( a, D4 wsudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"7 J# R" t: J; z# O& f
; t+ x3 X% W% b; T P
对于port 1,是trunk口,无论有没有VLAN Header都接受。
' E0 S B0 f2 H- f6 f3 e
B: e7 i- j1 E7 f. U" z4 K8 f6 Zsudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"
v c( r: E8 e+ o; k0 C
4 E0 }% B. b$ }# Z t对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag
; F$ H! ]) |, u0 n# O* U( j
; y) h3 j3 m( s+ N3 ` a/ R$ sudo ovs-ofctl add-flows helloworld - <<'EOF' - O" n2 W! S+ G. ]: z7 z7 Y
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2) 5 Z+ b0 Y C5 z# }
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) % y, O% l8 F/ L
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
! U/ T: k' b& ^( I6 gEOF9 m A, C1 t7 G% k) a3 \: G6 z
% y5 A5 y R: K/ L+ G# y+ _( |6 m$ sudo ovs-ofctl dump-flows helloworld
5 ^5 U5 y4 P6 uNXST_FLOW reply (xid=0x4): 3 w: [* o6 J# [% P
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1) + ~# l. m: j- i) V
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop % r! {) t" l6 o& h
cookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
3 |/ a! i0 R- M" Icookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) ) e$ y' u6 L$ H& E5 K
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 6 v% h3 L0 R' J4 p( B2 K8 G
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
: d( K+ s& r& K" [0 s" c# Vcookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
, O5 P% ^1 F }/ c: \cookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop
7 e( @& ^, |) p- t8 S& o5 s; K- S9 Y3 N1 e& B3 K
测试一个从port 1进入,tag为5的" n0 y" L1 v4 c' a" K
. |3 X( c Z4 o$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5 6 V" d, [- |8 \7 L8 h/ o
Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
2 t* W6 Z/ |; v6 n1 U/ |6 DRule: table=0 cookie=0 priority=0
& _1 ]9 G4 \3 s6 m& ^, S: @OpenFlow actions=resubmit(,1)5 l# a4 v$ i' P; ]
$ G/ i2 J/ z& R; _1 U& L, h7 p
Resubmitted flow: unchanged
$ a- V0 H9 K6 P( @5 y% v3 O Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
, q; U9 ]: D& I3 @8 l t0 U Resubmitted odp: drop 7 Z; b @% R& w9 r
Rule: table=1 cookie=0 priority=99,in_port=1
9 @# x. Y& q4 k- S3 ^ OpenFlow actions=resubmit(,2)
( ^$ D5 h: x7 z7 k2 x( D
% _: a4 X3 ?+ {) `; t* F4 D" c Resubmitted flow: unchanged 3 {5 y; e! y8 C4 T7 O$ n H
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 2 ~0 Y: I3 z) K6 W3 A" ?! k5 q
Resubmitted odp: drop
0 `1 P, \7 T9 d; r7 K No match
0 ]/ d. P1 d. g c0 j3 b M9 O: V# `: t$ @" t( M; F- n; d+ Z. A/ ~8 J
Final flow: unchanged
! C0 o& D6 Z8 R# QRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
7 r% j1 m+ u: h9 ZDatapath actions: drop. z" A0 H! y7 m
" S* U1 O/ i9 J" }+ b% J- c! q测试二,从port 2进入,没有打Tag的
. X4 c4 P/ m. Y7 C
0 y) L+ _ Q/ b5 l$ sudo ovs-appctl ofproto/trace helloworld in_port=2
1 A8 q" m. H0 _- z8 L, xFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 , i) X, n8 V6 @8 M
Rule: table=0 cookie=0 priority=0
1 @8 I2 J3 k6 I: z H7 E+ E( f2 t% }OpenFlow actions=resubmit(,1)# g, |, Z- \1 }6 ^! Z
! j& t+ T9 v$ X4 \. O$ Y Resubmitted flow: unchanged : S7 b/ p4 [- |: ]
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 0 T; y% `/ s/ T; W! c W
Resubmitted odp: drop $ G! j, Z: P, [
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 " x! S% c2 M" L5 r% g- X
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
! ~; o. v L/ k5 D
( W% B" ^" s; o3 c" H0 H Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 & q6 _" m6 {8 n" T# h3 q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; H# L N. {* }( W# G! v Resubmitted odp: drop
3 h" S! N& F+ s" y( A/ q& v" Y! s# l No match. A: @5 m' B; u6 d2 D) {
# y+ L4 @$ e3 f- K* wFinal flow: unchanged
* u# T$ l3 x* p7 LRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
9 G& h8 x: Q! p8 }8 n% Y1 s0 {Datapath actions: drop
0 O/ I3 X. R2 ~) n }( Z3 U* A# A4 N. g
! G4 c. B$ [- m8 k2 Y& U3 L4 X/ l测试三:从port进入,带Tag 5的, v' V: Y4 T& O3 r
7 n. l z+ t0 X: R$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
& K" O4 }3 j' Q% M4 b" |Flow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
& v+ W, y/ H2 X) B+ r9 Y' bRule: table=0 cookie=0 priority=0
8 d2 y( |2 W; J8 h B6 iOpenFlow actions=resubmit(,1)
) ^9 t5 u5 ]% P7 C1 V% A! m! L0 n8 M& z9 }
Resubmitted flow: unchanged
+ R) i! C8 V1 u$ K$ Q1 y& `8 p Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 1 q; \/ Q) M h5 X& P2 a' Z3 x3 ~" v
Resubmitted odp: drop % V9 g% H5 r* t [
Rule: table=1 cookie=0 priority=0 1 l* x# b! @ h
OpenFlow actions=drop9 _3 w3 C. v" W9 y& P0 `# A# e. v
3 g) B; e0 q H6 F2 e V
Final flow: unchanged
& W2 V7 [5 R. \' KRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
6 a2 V0 a# z; {: K9 |Datapath actions: drop4 @5 q% {' L; l" C) F$ N2 q/ Q
' N* t& V# }( z) q) R3 H6 z实现第三个Table 2: MAC, VLAN learning for ingress port
5 N3 k U2 U- U+ M$ p
7 Q, X2 e& Q& l, n: T1 F对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
- k4 s( W9 }) m# F6 R1 |5 l/ B/ x+ }. f0 K8 u
这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。8 M/ C, }1 D9 _* e" Y
# W& i5 l3 K: Y
OVS也要学习这个,并维护三个之间的mapping关系。
6 T. y$ O. @" N; K( o4 \- [3 q! R! m; |" A" \- p7 I
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
; n6 |' h$ _9 G% C. x' t, o
% u# i b) B' g' o2 q% ?sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"- o% C6 Q6 H! g8 c' T
. }) l( A$ K/ `* g/ T' K2 x2 Y$ F这一句比较难理解。
& W% A9 }; x1 |1 i* ?$ L* o
* D) `# L: Q3 \3 d6 elearn表示这是一个学习的action
W6 A8 d/ A' F: J7 \% |1 |6 {) g5 w! }, X
table 10,这是一个MAC learning table,学习的结果会放在这个table中。
5 _/ h, L& J, h% G6 t( y7 Q" x
( i2 D- L% q! M& L$ X( qNXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。
0 g+ S" U# J# \2 m0 h4 U3 S5 [$ e# |9 p4 `! z
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。/ b# o2 F0 d5 |: Z4 v3 z
+ t* Y2 [4 {. o* y/ h: M
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.$ u9 [3 c/ @8 V( ^7 z
$ b T$ `9 j/ i; A) I6 ?9 A一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。1 Y8 I* `3 ]- H
- F, a4 F& J2 f; O# {/ {" p- v我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
% d0 U% R7 N" u0 g' ]' O7 d0 C) P
9 n- C$ C7 I, l. Y( acookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1 & V) X4 k; G6 U( A+ a# o; w- X/ s& Z
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21) , F, X! D Q+ X# V C* n
cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
7 K/ a0 J0 E/ _- k3 ~& `. gcookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
+ s9 n, n/ T: f5 ~% T" ?cookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2 m F8 j E; V5 g
; K; U( T; `' A; |+ Z这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.4 a8 v8 @2 W; O- ^
/ D: c6 O1 z- g/ y
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
2 h7 x+ g. I5 J' D5 z. {$ S2 M8 Z) `0 [1 {8 i5 ?2 P7 z! s$ ^
上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
5 Z6 v; M0 k0 w0 X5 } F* Q* U1 c+ H* l0 V" f
table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int3 J& S% L9 g+ j+ {* P' @& d# o6 u- G
6 t# B6 \& Z6 }1 E
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1+ u) @2 D9 c& q) l
) ~5 h5 V D3 j1 O4 h5 Z5 c
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc/ l7 d( O0 g) T( J0 O
5 }5 v- I- R- a3 s! S2 L% _* Bload:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan
8 c8 W" x/ k+ U% }% C) {+ d
2 X& y! H6 B$ k b0 `" rload:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9
# V% q$ k: o6 A$ v6 l. z) O
3 f+ Q( X1 ?* |4 f0 h5 toutput:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:26 e3 z% A4 A3 i: a. d. y
4 A" @& F# Z$ C( }0 m
测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包
5 N! q& ~! w V4 F; w3 L
+ w* [9 u- y4 Z. m4 [$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate
* x( q9 j2 ]7 zFlow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000 0 J9 ~: F4 n. E& O& \0 q, C1 a
Rule: table=0 cookie=0 priority=0 ; A: [- T) P! m8 k' S7 n/ ~- T
OpenFlow actions=resubmit(,1)
' ^/ X4 }; l7 ~" t
( \1 l/ z1 `( c/ C7 k# U Resubmitted flow: unchanged
; V0 T- I# F( y; h9 U+ ]- ? Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 K' y, q" t! Q# i y, R: ^ Resubmitted odp: drop
' q# y; R$ R6 s+ ~& u Rule: table=1 cookie=0 priority=99,in_port=1 1 p& d& t& Y5 K9 I. Z' i2 |
OpenFlow actions=resubmit(,2)' v' L- i# s) i3 b* i& H( @
; K' h' a% W6 ? Resubmitted flow: unchanged . \7 Y5 @0 I9 a
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ u; k: O1 D( s4 o+ k- N Resubmitted odp: drop
( T! A- Q' ?8 f. g0 y+ ?! ?! ^ Rule: table=2 cookie=0 % u4 @7 d" L( C$ ]
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
1 W% e! {* X) S3 `6 ` \/ V; `( L, ?, t* \0 a1 T4 N4 b; d
Resubmitted flow: unchanged
1 M. R. [- ]1 i% Z& M Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: f5 J0 _7 ]0 q. H( ~ Resubmitted odp: drop
& k# ]# y! U+ B No match3 q8 S; X; ^3 ]2 T+ l7 T0 ^
5 _$ V5 ?! H, d
Final flow: unchanged Z9 g$ A. s: P/ n" J
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
$ X% {% e, e1 {& WDatapath actions: drop
' u \+ T' V# D( P. J, H$ P+ q5 L6 T) U* Q0 C
$ sudo ovs-ofctl dump-flows helloworld
- t9 b9 Y/ z! f/ ?% y: q% p5 dNXST_FLOW reply (xid=0x4):
: o- j' M: F# c' }cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) # ]) h6 Q6 _( W' e4 D
cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
$ M$ n. u3 x% q ~cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop / w. M8 E) ^7 N& K( L: A! F2 w3 d
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) & X' r$ @2 i: D, N$ ^$ B( z
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
t6 `3 Y9 L5 _; H1 gcookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ; I! G5 n* `. ^2 O/ L0 ?
cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
0 m) P0 `. V ^2 t" g' ]cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
+ Q: x7 l' U' E1 X1 h# {& Y5 Vcookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) ( y# a9 R& L7 A
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
8 z- i6 Z7 l" h- p" v* r. t
+ w0 F9 c/ }% E( @table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。
" V+ _; t; y* f8 A, b; b) P& M2 K0 z* `% R% a1 Y
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02$ J+ M& ^+ K# p' b4 ~8 n. ?6 l
4 O5 X: X* {. Q$ w' ?
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate
4 z& p; z! u* v% tFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 5 Y r- Q" y: ~+ ~0 C6 N
Rule: table=0 cookie=0 priority=0
" m# i' ~. S$ ~) bOpenFlow actions=resubmit(,1)5 r. y" _$ y3 {8 D
5 A z* w* j9 u _1 ~5 t Resubmitted flow: unchanged
7 P+ ?1 x9 M6 k- q6 _2 d Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 * g3 _6 m# k4 y) [8 N
Resubmitted odp: drop
$ M4 L6 D* W+ }# m& t/ U Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 2 W1 I& v' ]. ]1 y* g4 l& n
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
* c9 c" w7 g* Z' a U" n! p% |7 [8 H. T$ m2 V) Z+ ^
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 0 I: A3 G2 o& R, @4 a1 |$ {) P
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 X5 L4 [' `8 i# T' ~8 } Resubmitted odp: drop 1 E1 H( M8 ?, o& S- N# u0 O% F
Rule: table=2 cookie=0
4 l, P- E6 i y5 l4 e& U OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- _- F- }! Q3 |8 Y- _- X
1 P& F* b( \' q" ?" K* ^3 B Resubmitted flow: unchanged 7 C, h6 z0 [8 c
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
* H% i8 G( x/ o/ S0 l% W- ] Resubmitted odp: drop $ Y) A- c4 @- P4 Y3 \6 `% k
No match/ G! X; x! K! T+ _
) u% `4 \& d7 H# yFinal flow: unchanged 0 G: _: L ]: |: \1 a- o
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
0 H+ b4 o4 y& ^2 g; _( X2 M8 [+ |Datapath actions: drop4 {( d0 ]+ j% g, a( I; o, O
0 J, R* @- x8 p* H7 g
$ sudo ovs-ofctl dump-flows helloworld , |/ H$ [3 U9 i) T; r
NXST_FLOW reply (xid=0x4):
) h# w+ Q6 t; ]# d# R! J! A0 wcookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) 2 o+ M0 b+ W5 d0 c% J
cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
t2 @ X4 q1 i+ I, _. Zcookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
/ `2 v, g& c" o# `cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
6 ]- C ^: j! s8 |cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
" C& z1 j! h$ S2 W( qcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
O* N$ T* x v' e# W8 J8 y' N( L0 i) ?$ kcookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) 9 T# y* Z. L% f$ W
cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 7 d5 {! j4 u) m9 ?# w' f
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
& [5 U K& g# M: q Y9 m) X cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] ! E: ?0 S% b. z4 h3 b0 Y
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
3 l% Y9 ]5 v: Z2 f u6 ]+ k# Z0 X# z" y$ m( A
实现第四个table 3: Look Up Destination Port+ E& {' g3 u/ \9 L
9 {4 O8 U0 l7 n4 R O3 a
在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood- O, c( e8 f! @+ j7 [6 F# P! w+ M
4 F" H7 F8 V: F/ v9 b1 J6 ]. X) z, o. ~sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"
! K" l" \& T7 n' E: A
( c$ `1 A$ x0 T. z) j& J5 p添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4
# F4 I) {; n4 c2 S6 O: a. m
& v$ z$ A _% n) U m0 W' n' o如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。9 [% a, z, o5 P* h0 D
$ l9 U0 N/ K* g/ Qsudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)") h# h! Z g8 w( `. H! v" p- ]
: d4 V2 l% A3 T0 M- D4 l) r我们进行一项测试& B4 A6 c# B) o( y% C8 I
! Q3 q( D7 y# [) Y7 j" D. D$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate & m- q. P( z/ Y9 n1 {
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 3 d6 F: W& r' c5 e/ E/ M$ k6 O% `
Rule: table=0 cookie=0 priority=0
8 Y: r, b$ F) C# A; `OpenFlow actions=resubmit(,1)$ F0 o2 P1 W! g- b9 E2 v1 R% c
9 ~% S7 s b) d: @3 C Resubmitted flow: unchanged
7 F) d! S) N* c: V' U! n" v Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 2 j+ C8 }/ x0 |
Resubmitted odp: drop
" F8 H1 M; q6 e/ n Rule: table=1 cookie=0 priority=99,in_port=1
& A) F4 `4 [& ~ OpenFlow actions=resubmit(,2)
( x. I; Q) z1 \5 Y" Z3 G9 ^% G& L5 o+ d* G$ u/ ?4 B9 h
Resubmitted flow: unchanged
, Q4 O: J3 o4 T w. i) }, T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 [' o) G3 b$ q `+ L$ f- ^ Resubmitted odp: drop
, H$ n" ]- H& K, k' j, {5 G8 @ Rule: table=2 cookie=0 - A! H7 m6 @ s/ m. n" X( A
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
q9 G! X1 B4 p. ^" M! _# z& o5 X3 D9 [$ j! \5 M" Z: T* @6 A
Resubmitted flow: unchanged
2 {9 e8 k+ ~! ?) k' A Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & o/ Z/ | w& c
Resubmitted odp: drop
: U- E; T1 s! B2 P6 J3 u9 } Rule: table=3 cookie=0 priority=50
7 p. {' V, h9 O' o( i; D; R OpenFlow actions=resubmit(,10),resubmit(,4)
4 |0 M* e/ [+ x6 J4 _6 h- N& r+ ^7 D9 c* t' w
Resubmitted flow: unchanged ) B! Y& M7 ?+ |6 I/ h' j! s' [
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - {# T* f/ X( ~3 E2 t$ K) V2 [
Resubmitted odp: drop
5 p o. _" S/ ^' i1 v No match$ g; U6 `# X- M
5 c0 r- T# P; ]4 I3 r0 M0 o Resubmitted flow: unchanged ( s2 H+ }0 G' O6 Y u2 j
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + j. v6 Z" M0 B0 J1 |5 K9 |
Resubmitted odp: drop 4 T$ P# l. G2 y3 ~) Y
No match9 s' `" T. I" W
- ^ w; a% q* e. N
Final flow: unchanged 1 Y% {8 a9 w3 {9 y% a
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
9 j. c; Z) N1 d! p# ~Datapath actions: drop
# ]* M& p+ o4 z9 [; C6 ^3 y/ C8 x4 g' L9 m3 J5 B/ V
由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.- [: I4 P4 S1 h
$ x7 J) V' }! G" E$ C( Z. Q: D! q
但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01 i, q* t! f& C
6 w2 ^) D8 {# ]' T* S& Z$ sudo ovs-ofctl dump-flows helloworld
6 H/ G9 I, t- z% QNXST_FLOW reply (xid=0x4):
1 S: \( I# Z! o$ @& `9 z& Ccookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
& r1 o6 c4 J+ M5 fcookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
1 b# f5 J# B& ]9 u1 Gcookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
$ B3 f6 ]2 N3 _0 F Xcookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
! j9 J( z% o: n* vcookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) & K9 o: U' m6 O1 W3 ~
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
$ i9 r& S1 D1 f1 M' [4 vcookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
, `4 Q% w) i) c/ _! n# U7 Ccookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
4 w: ]5 C% B; Q' @( ~# y$ ^cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- a# `# N$ T2 R! H9 w# [) icookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
7 M, Y% S& z, C/ Ncookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 2 Y7 L4 v6 g: n! Q; e# k% E. M
cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] ! J( ^- Y# L' [) t7 q& K
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
: K& d/ z- r* E" \( w8 bcookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
# m" V+ J4 L% v1 U! S0 }9 D# _0 ?6 A
下面我们进行另一个测试
) [4 ~+ J% H9 o3 z
; ?' Y! g6 Z% h8 F+ U0 t Y5 y$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate
- Y$ f- P& {4 L) Z* {Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
% N- X, z$ k i5 ^" ?7 URule: table=0 cookie=0 priority=0
9 {) e8 Z$ \2 r$ _, ]# M6 i/ G7 }OpenFlow actions=resubmit(,1)) e. Y( p7 ?9 l
. N, ]1 g. q* n
Resubmitted flow: unchanged ; V8 N n" ?6 L/ O7 @1 p
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: n y+ }4 q3 t2 k g Resubmitted odp: drop % n+ }, {1 Y5 e% T9 W
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
6 W: ^2 U! r4 B0 O, G OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
& k) ?1 n. E( T8 H2 |" z
& u/ m8 T% v& u4 ]7 d6 n Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
! s. D* ?. Q9 D& ~4 d9 i Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & g' T, }* u+ V. m# W* ~; O
Resubmitted odp: drop 8 g2 `/ d3 y* O1 ?2 N
Rule: table=2 cookie=0
5 `7 s; N4 |0 T- F6 Z) I. k- j OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)8 p+ U+ ~9 ~5 ]% W
: b8 R! E# ^6 K# V
Resubmitted flow: unchanged # }/ R' Y J! w& Z$ g: J
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
" r3 B0 ~+ n, O; p Resubmitted odp: drop
$ Z# D6 x9 e8 S- B( y2 k# X Rule: table=3 cookie=0 priority=50
7 O0 J9 T6 Z. q! }9 n) A7 C3 p$ G OpenFlow actions=resubmit(,10),resubmit(,4), k3 w8 {' {; F ~4 _' C
& d1 N+ d5 p& q
Resubmitted flow: unchanged
D/ G! w1 {, ]" M( ?; P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & P9 f1 U9 e8 l7 i
Resubmitted odp: drop }! x, s6 n7 ]9 ^
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 1 t" y7 q( R8 P
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]7 |5 T+ |5 v: |0 Z2 C% m
, W" O3 ~$ G1 l+ M; R Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
7 @3 R$ \: }& T. A+ K7 o: M3 | Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ p. Y* `3 P1 S1 t
Resubmitted odp: drop 8 s2 w1 h; L9 d6 @) w
No match; c$ | V0 N' S7 L. n' {. @5 E
8 q2 U6 Y* t \: H; x
Final flow: unchanged
! W6 v% {- i2 }3 yRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no
) p+ Q: W5 a7 l3 R& oDatapath actions: drop% M2 Z1 r6 }( W
! T' T2 F1 w4 D0 m! Y4 O
因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01
7 r- Q1 C) e, `& g# P
9 N/ Q/ s% _* J: @& W) |' ~下面我们再发送第一次的包
6 z& M. B0 |* ^3 v0 o
/ H5 Y+ P9 ^ V4 A; p- X/ B+ @) f$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate 6 V8 p6 `4 _# D, \; ?
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 / Z2 v% T2 S2 t/ [: s5 U( E
Rule: table=0 cookie=0 priority=0
5 Y' D( ~: \- z) r4 ?3 nOpenFlow actions=resubmit(,1)" c7 Q! C% |; d. T
4 d( a$ h# f2 m8 p9 s" K Resubmitted flow: unchanged & e: X M$ B# _/ K
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
) l! h$ P/ n7 [5 s; t; ~ Resubmitted odp: drop
8 \+ {5 i3 e3 _# A) S5 M* v% Z Rule: table=1 cookie=0 priority=99,in_port=1 ( O* B( s, D6 w* j
OpenFlow actions=resubmit(,2)5 @5 e* b% P' L
) r* E$ c/ I" _, F1 G# j/ m Resubmitted flow: unchanged
+ ?; l) c: j2 u8 {% q" ] Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ s; _# f+ F4 l% n" ]2 p+ k Resubmitted odp: drop
+ ~# P7 h6 C7 V8 X, b Rule: table=2 cookie=0
& k1 W& E1 A% r+ [6 L3 f OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
p; a& l1 E ~2 n( [- _! \4 S) \
Resubmitted flow: unchanged X4 c1 x$ X h, K
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' k i- w( v6 ]* c2 ^ Resubmitted odp: drop
5 T1 H4 j/ i* e- W V6 F Rule: table=3 cookie=0 priority=50 ' ~7 S, F- a! s; j w) K
OpenFlow actions=resubmit(,10),resubmit(,4)+ n: N$ u5 N; H7 c+ L& z4 e% E
A1 f4 M5 y5 s5 Q' n
Resubmitted flow: unchanged
, z: q+ m1 j- Y4 \# O$ k Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , D; h2 |" c. P- d# n+ G
Resubmitted odp: drop
% i" R9 E$ h3 K/ g& @2 o Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 / U. g" l( e" @) i% y
OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]
# k' ~* N, p" ^' t# G0 y6 O- s, y1 U; K. |
Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 # @2 b' @- c3 J! U6 N
Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 8 _2 o" k" ]. n2 L$ \" T" z- K0 v
Resubmitted odp: drop 9 U5 ~; s0 L1 J! _
No match5 O" a) M' z- L5 E$ }) z
~8 h. m" X$ H* `2 f: xFinal flow: unchanged " k- E. d+ t6 e5 S& t. m
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
9 Y0 d( O' {/ d9 X/ @. x) v6 zDatapath actions: drop
1 x$ v+ S3 Y9 x8 d3 `. V5 I8 S7 B& v+ D- l) z
发现也在table 10中找到了记录4 h; A7 |5 a/ C! q( J, }
/ b6 D( G, T# Q( M$ F$ T6 o( W( d9 s实现第五个table 4: Output Processing
1 a8 Y& ?; q1 Q( m6 o
/ Z2 G4 Y( R2 i" i2 ^' }这个时候,register 0中包含了output port,如果是0则说明是flood。
, e, l1 ?* H7 F% R: H- i* T4 V5 E5 Z' u/ V+ Y* Z8 c2 m/ c+ \
对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。, w2 V6 D$ q- p) A
# }( P$ j/ |* i+ L4 X9 H: A
sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"" O( ~5 ]+ }" Z7 f( D! }
& j* _+ _5 Y: D* v8 w- ~" ~ W8 i: Y
对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去7 ]. H+ c4 g# L. C
# F6 B8 m* N9 C7 k对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去0 y- _" T, Y5 K% Y+ Y; e- ~% t
) _+ _: _7 F ~& ?8 g* |% T; L$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
- x9 S, v5 z+ [6 L$ s table=4 reg0=2 actions=strip_vlan,2 % M! G ?( L9 A. T( c2 T7 j0 o8 n
table=4 reg0=3 actions=strip_vlan,3
& i# b6 Y0 W: a6 y table=4 reg0=4 actions=strip_vlan,4
! E8 N" M) Y+ @0 Z1 Q& K% T7 \EOF
- F: s% M+ M9 n( j8 B' j$ `! p1 X6 l J# a, L
对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。: s) o7 ]* N$ C1 N4 D
/ N: H9 F- A* W$ sudo ovs-ofctl add-flows helloworld - <<'EOF' , z* V {& Y$ D2 |6 l% Z
table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 9 z; j1 H. k8 U/ `' f
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4 $ j& \8 S$ Q; h4 Y
table=4 reg0=0 priority=50 actions=1
' P1 _% }1 }$ H; H# `EOF
8 G- U9 f0 f1 _) p2 m0 V
6 N. k1 P+ a4 O所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。0 U+ N) c w/ d
; o' X" ~0 x0 b7 s9 ~7 J$ sudo ovs-ofctl dump-flows helloworld
d5 D: r" x& C% l: n* d# hNXST_FLOW reply (xid=0x4):
% b( n% M' @$ b+ A( _cookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
: `+ R1 B& i3 W# k0 qcookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop - b( g' B8 _9 ?2 i4 N- L2 x
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop ' y( G' q3 Y& e) I
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
0 p9 Y& v4 g; q6 I- Lcookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
. L3 O+ u+ j8 ^2 X" k+ n# G9 Wcookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
- Y6 o+ E7 \: ^8 H+ mcookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
; l! K$ q+ \; tcookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 6 u/ b( ] t- F! d6 q! }' U
cookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) ' T8 G ^7 M0 ~. D/ b9 K
cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4)
. u. z" k! Q; Z7 C; Wcookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 8 J1 c4 H) `2 u
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3
' `5 b$ E4 o; A$ D [cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1
$ g8 D/ L" d9 x9 [; Qcookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
4 {8 {6 t1 \6 a# H9 U" Ecookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
3 T! y9 _9 G6 a2 Q+ c0 w3 Ecookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2
g- e6 F) D) Rcookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
" ~8 S+ ^: g# t h. ]; ~. _& X2 acookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2 3 K* l/ D, Z. j/ v0 `+ ~# M- [
cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] + ~; e2 e( R o5 B
cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
- o9 G. U; y% E: v9 ocookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15] ! q9 e, N* a. T! F
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
8 S) i. p. `( c8 B
: m2 q. M7 G. C5 _4 t首先来测试一个multicast和broadcast$ }. S3 o6 b" [0 t- x5 S
, w4 T# b! F9 u. I: b% S
如果是一个port 1来的vlan 30的broadcast
. r: _! g y+ P% [3 v/ ?# ~3 Y0 z5 o& _$ D/ q3 g1 z+ A! s
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
4 b6 y3 x, i( g: WFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
$ m1 l; t4 |8 y- x7 y* [9 ~Rule: table=0 cookie=0 priority=0 $ P% V0 J0 _2 D+ a* n
OpenFlow actions=resubmit(,1)
: h$ |9 s% y; _9 X" n) B
5 ?+ w" e0 R/ _3 g: F Resubmitted flow: unchanged % q* F& G% r6 ]# ~; ]
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' i; u) O! Y+ Z2 K8 s
Resubmitted odp: drop
4 g+ }1 z P- a+ [2 b Rule: table=1 cookie=0 priority=99,in_port=1 3 m" Y4 P4 e& v e
OpenFlow actions=resubmit(,2)5 C* G% t0 ^- {! Y) y
% S, A# L0 g" b" Z. o: \
Resubmitted flow: unchanged
8 \2 C7 k W. Q' g2 E8 p4 S Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' A. V1 ]! p# \" W& a) _3 h
Resubmitted odp: drop
( V0 `% h( b5 E0 }. a. _6 Q( }" r. v Rule: table=2 cookie=0 + ^* O% a: H0 e9 l2 Y5 A0 u) ], n/ f# V
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
9 l$ Y( E4 Y7 k0 c* `2 m+ P! U" D* |) V+ |# ~7 L! D' C
Resubmitted flow: unchanged * E9 q6 I! o7 _8 d' m% x) P2 ~
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 . e& u" X- I, d
Resubmitted odp: drop 6 `" L- F6 q. |0 {. c
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
0 w2 e4 f8 s4 Z& Z1 a; g! R OpenFlow actions=resubmit(,4)9 f. I# y( E! V; L6 }" Q0 b: z
9 @: K' v: |7 Y) P
Resubmitted flow: unchanged / z1 ]% r- P2 I4 Q+ K$ |
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 D+ |/ N) _. w% e+ N
Resubmitted odp: drop
6 N- l5 q5 T; Y9 H6 r; \/ z Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 1 Y3 S' G5 a$ v1 W. P" \2 N1 {
OpenFlow actions=output:1,strip_vlan,output:3,output:4 ! ^; t# q( O0 {8 a# E1 Z
skipping output to input port4 U! G k O. i, A
+ ]* g( d" v; _' z1 ?Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
' ^' _1 @$ o- _9 B8 MRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ! v, M% U8 l4 O. h8 Z! D% m8 f
Datapath actions: pop_vlan,12,13, a: Z' |9 j' B- F" k/ Y+ m7 ]# Y
; V/ S/ F( }" R结果是port 1就不发送了,发送给了port 3, 4, g$ }; G7 u$ F
5 \* ^$ O" p4 Q6 l( R$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff
1 h4 \! v' q5 J' @Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
8 _0 e* s3 |1 S' a7 n8 }Rule: table=0 cookie=0 priority=0 5 P+ T2 ?" \6 u1 R+ @
OpenFlow actions=resubmit(,1)
1 i' i- a+ C1 e {0 K' ?/ ]/ Z9 u* B
Resubmitted flow: unchanged
- S7 ~# y, \: y! j( } Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 ^ L+ s% b( p3 j' ]/ t
Resubmitted odp: drop
7 m& w2 g2 v7 n0 r; d Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000 2 i/ p# x8 \, N
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
6 f% k5 P f# C; ~$ n/ h, m! o
& l6 b3 U9 s$ I8 A8 [ Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 " T1 p0 }2 I2 C. a9 o
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ f. T: J w; j& I9 R! P2 m
Resubmitted odp: drop
9 [: u- m1 ?+ I Rule: table=2 cookie=0
8 H5 T# i, V! a* o OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
4 X; Z7 Z' o# T, ?2 ~8 X! j4 D8 j$ U9 [$ O5 ]" ^+ @* u
Resubmitted flow: unchanged 1 x* z9 H7 Z8 h0 W" M
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 a( B/ _" }0 X* j) J9 t: @: o
Resubmitted odp: drop # s$ R3 x6 l& }3 c$ [
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 ~1 i7 }* Z( I$ c( n3 j3 o
OpenFlow actions=resubmit(,4)
K0 T+ B( Q4 {
h/ n; {: |8 X$ B6 _ Resubmitted flow: unchanged ' V5 q6 X6 l- V5 B' u
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ n1 g2 A2 U; y% `' c# n1 c Resubmitted odp: drop
& Y0 B5 Q4 ~/ M3 c6 @1 K' X7 t Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
3 p4 V4 S; `4 T% a7 k& [/ P- p OpenFlow actions=output:1,strip_vlan,output:3,output:4
8 Z7 O8 E8 T8 U" X, G. V0 o skipping output to input port
- _: i" \( |. \
" w0 g8 T' [" V" b6 FFinal flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
, W$ U: t" h+ n: I) M7 f! j7 O% qRelevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
- O8 k6 a9 A3 C5 ^( G6 \0 A6 I3 IDatapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,132 t; A" r' Y9 Q; T8 E# ^
2 n% s$ x4 e! u
接着我们测试mac learning) t: y! s' s! o( |, H# K l+ R( c
% x, o: |$ C1 }, e; Y6 w, L
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate 6 g6 v& X( s- F* V9 x5 P! p
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 ( l! s. ]% n3 v c/ o* X5 n
Rule: table=0 cookie=0 priority=0
# k+ ^7 I: N) {) Z! @OpenFlow actions=resubmit(,1)4 y( o7 I2 k! h" g9 p0 X9 L- P0 B
7 @# F; a( K, L- \: E
Resubmitted flow: unchanged
9 M- U$ `4 M1 `3 Z" s Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , F/ z( x, o) V
Resubmitted odp: drop 9 E$ T; _, W# }; V% r) U& J6 l+ M
Rule: table=1 cookie=0 priority=99,in_port=1 & p u- [+ @# T# j- v
OpenFlow actions=resubmit(,2)2 H7 A% N- F. ?: Q
" a# O) S U9 Z' B0 h' @( Z
Resubmitted flow: unchanged
; I8 L9 x# _+ }: T. @$ Z Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
N8 i0 y/ L3 v Resubmitted odp: drop
/ O! K" c8 J7 h; m1 ~+ j Rule: table=2 cookie=0
; a c- ^8 f+ b1 y2 K+ S4 c6 `, Q; C OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)# J1 A8 ?0 e$ M `# H8 t% o
% V' m8 m" ]: z. Q# D# F! c' T3 K) z
Resubmitted flow: unchanged
+ [+ A$ Y3 C x- o2 C Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) q4 \+ p4 S2 c1 E# O
Resubmitted odp: drop
5 ]' c/ \4 l- _ Rule: table=3 cookie=0 priority=50 % S7 \2 | y+ z! d5 m- t) [
OpenFlow actions=resubmit(,10),resubmit(,4)/ t3 e% v2 T+ q7 V( y
' B0 N) H- @, i$ i, F% j# a1 ] r Resubmitted flow: unchanged
! f7 u& \9 _, D- E- r& g) W S9 P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: C! U4 k0 G% W6 b# n' H Resubmitted odp: drop
& g0 h Z' L* [0 G& k0 x3 t& r& G No match
p* H6 @0 K6 y- @0 `, P
9 X) Q/ J3 d6 T; [. ^0 L Resubmitted flow: unchanged ( U7 d( m7 y% i" K p. c
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 g' h+ F: c7 p1 h3 m# D0 X; g
Resubmitted odp: drop . y5 y9 W3 X6 x- A5 o j
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 6 ^, l8 @# V2 c9 [
OpenFlow actions=output:1,strip_vlan,output:3,output:4
1 K F* _+ P+ [& U$ o skipping output to input port1 f+ Z7 \3 t9 i, E* B; Y8 O
- _* Q- @& w( a R" C0 XFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 $ n, C4 F( g9 g7 m) W. R" l
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no : L8 {8 D$ J i/ Z; c6 X6 ~
Datapath actions: pop_vlan,12,13
* J/ r8 }8 J% Z9 L0 r( Q8 u0 M2 r& O9 B
由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4
8 d/ J' G! x" F. C3 U3 `) `/ p- m+ @, o" S0 n V6 Q9 X
$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate
, P4 N0 y/ i2 @, b- Z; RFlow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 # ~1 y+ E0 Q H) N$ q
Rule: table=0 cookie=0 priority=0 8 C* D1 N: N& z9 R% w# _% z% ^. o
OpenFlow actions=resubmit(,1). i$ t( o; V5 K. E
/ s. l, q8 W) m w' j0 E/ v Resubmitted flow: unchanged $ Q) E0 ~: J. Z% Q+ O8 \
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
" u/ ^9 P# t1 b Resubmitted odp: drop G$ K- L- B+ ^, S
Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
9 k- `3 Z8 k: e p' z OpenFlow actions=mod_vlan_vid:30,resubmit(,2)6 a# [! I6 J; i4 r( z+ u* n1 ^
6 W( V* l O. l7 r Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 ( T8 u9 L4 c& a/ Q2 k
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & G o- [5 P. c6 [* p* M; ]0 E
Resubmitted odp: drop % H$ E- k4 @+ Z+ f
Rule: table=2 cookie=0 & U6 f6 |! ^6 W/ ?! U4 f+ m% E
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)- ?# b* U i( g' [5 b2 T7 B1 i
1 g- d. Z& l" ]
Resubmitted flow: unchanged
1 I9 v. t- h* Q Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: T) t9 f D5 u1 a3 S/ H, R Resubmitted odp: drop
4 ~4 `# @! N+ w/ t0 @ Rule: table=3 cookie=0 priority=50 ( Q3 M& z2 a+ C& u1 r
OpenFlow actions=resubmit(,10),resubmit(,4)) _; X4 g, Z% d
! E" ]6 Z! ^- h& X# \
Resubmitted flow: unchanged & j5 R) i3 q5 w& G- R
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) f* S6 l5 j6 n1 v0 {. ~
Resubmitted odp: drop
, n/ m; b3 }; I( S# O Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
2 F6 R' K$ s6 O1 N u7 y OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]2 n& t* o ^4 S' b0 M
, I$ `# { A7 n+ |8 i Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
3 y* c9 U7 c" E N# j Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 y1 f! G, i: V' S1 \
Resubmitted odp: drop
2 K4 E+ O5 K8 c" Z Rule: table=4 cookie=0 reg0=0x1 : z8 ?9 s7 T. [- \1 y
OpenFlow actions=output:1/ i* F, _' r H8 [! g/ y
. G. P5 F& T' X
Final flow: unchanged
7 h- r6 t6 `; Y1 T; jRelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no $ A6 Y8 Y! ?0 u
Datapath actions: push_vlan(vid=30,pcp=0),100 D( P" X3 e8 c) V+ O- C
3 n1 W, q1 Y, W% h
回复的时候,由于学习过了,则仅仅从port 1发送出去。
8 X( x+ v! l) }3 N" h/ F' A% E6 ~4 y Y: Z( Y }
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate # l; L, U+ X( S3 D
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 8 a; X! Y. t* V4 w
Rule: table=0 cookie=0 priority=0
' o- q* `' u: l% E* y+ \OpenFlow actions=resubmit(,1)
% L- e3 J" B. Q
$ D8 j( p6 y$ f* P; R: ]% U( V Resubmitted flow: unchanged
/ p; }" `6 H/ Z/ G" S* X Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! b) b1 K6 \6 J1 ], n" o, {' I( e
Resubmitted odp: drop
+ B/ U/ C) a% v Rule: table=1 cookie=0 priority=99,in_port=1
# H; W+ p/ p1 o. t5 z( X& L3 { OpenFlow actions=resubmit(,2)
! l9 N1 ~1 u4 z0 C. y- {
1 c+ ?5 q2 b( M6 w$ a Resubmitted flow: unchanged
6 Y, R7 E- b' [% r, f* Z0 j$ m Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ) D5 ?4 L+ A! }
Resubmitted odp: drop $ a+ _3 v' x, ?0 Q8 p
Rule: table=2 cookie=0
4 d) ?+ Q1 S( L0 z, H3 ~& _4 k OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)4 l B4 W: Q& m' f' i
3 W. | W3 c# \
Resubmitted flow: unchanged 8 N, S( v9 v' u4 y# X
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
# f3 V$ Q: B7 \# y1 ^- H Resubmitted odp: drop 2 ~4 b; |: E. e; e" x2 ~. V0 h
Rule: table=3 cookie=0 priority=50
0 S' k8 l& q, s* f; e& j OpenFlow actions=resubmit(,10),resubmit(,4)1 Z9 d. y2 I6 A" n
+ B- G$ d; Z5 E4 W( b# L Resubmitted flow: unchanged 9 Y w3 k @' t9 X* m" A% Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - i. n7 y" |7 K& }, w7 R) Q& |
Resubmitted odp: drop }. I( H+ G3 Q! I! A) e3 h
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
9 P( X$ j# g' z, E' Y OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]
3 _' D- M+ s* ^5 X5 i; M4 C+ V7 ~9 U; f
Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
. i! z: ~- ^# b7 N+ p) [5 s Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 B8 \, G6 u) }, W Resubmitted odp: drop
4 y* s+ }5 I8 M$ e7 z Rule: table=4 cookie=0 reg0=0x4
+ f. c/ l4 t: P& v, f" p OpenFlow actions=strip_vlan,output:44 h* x; @/ I2 v4 g( D' }
& \2 s3 h( S* a: O: I
Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
6 m9 [: w4 T4 ]/ Z5 E" O5 Z7 j( ~1 F# YRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
1 c' p$ f3 \6 F8 [% e4 ?Datapath actions: pop_vlan,13" _7 Z- o+ V. h# ^5 J& G% Z
, [+ a& J7 |3 x7 V- U
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
发表于 2019-10-25 10:00:33