- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2019-10-18 10:50:26
|
显示全部楼层
关于 VLAN, j. |: i5 v& Z3 e2 @" Q
设置 VLAN tag+ a/ T( N2 Z- T/ c! G4 u
, l2 t" D# c3 bovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal$ i9 n0 _7 e8 [. y/ S7 f) n
移除 VLAN+ S& @% X5 u: ~$ F* \! h1 M
: C# }( c: T$ ~6 t/ d
ovs-vsctl del-port ovs-br vlan3 C) c7 W2 W6 L. a
查询 VLAN
6 l% t" [5 @ F2 n. {7 ^, B9 z( w) T8 g9 T* e
ovs-vsctl show, M3 c& B6 ]4 b3 E# c9 S
ifconfig vlan3, J7 y0 W6 ^& R- `8 o
设置 Vlan trunk
2 m" x ?* B# ]/ P& X% @ovs-vsctl add-port ovs-br eth0 trunk=3,4,5,6
* O/ P2 k' o! X3 E% j: C
; X9 a- U: H* O设置已 add 的 port 为 access port, vlan id 9. L5 [; x2 v. D+ D- @/ q" D
& I4 z( Z$ |0 H0 h3 O( M9 iovs-vsctl set port eth0 tag=9
7 A7 a7 q0 E9 H7 vovs-ofctl add-flow 设置 vlan 100
# W+ l4 }. f Z# K5 U! @. F& P, Q! x: v2 L8 c
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3" O2 C" D" R- N H# Y' v% v
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3
- _- ?5 c6 v) t: {7 bovs-ofctl add-flow 拿掉 vlan tag
8 w0 {$ p% r! H' x C
/ Y) Q$ Y% P j' q' Povs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:15 |- G# }9 a2 b, R
two_vlan example
" U' E3 ^- t' F7 T' ?+ E" ^# B/ S8 Sovs-ofctl add-flow pop-vlan
% {8 s. {; A3 {, j; r2 c. Z2 O& s9 H+ ^& C0 o) X( t
ovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1
5 e1 L5 m1 O# @5 b
' E; F3 M9 Q) P7 B3 P5 }; i8 }, C0 O
关于 GRE Tunnel- T/ |' b2 H* q2 e
设置 GRE tunnel$ q% o) e l' `% G! c& J
9 M! I/ P# X& h, Z! o
ovs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.45 \$ ]& }4 @, v% H W
查询 GRE Tunnel
# ~+ m9 o2 k! M: ]5 X
j. M, m& U& p) Fovs-vsctl show4 Q$ J; f Q! u3 m# y; T1 j9 z/ _% D; l
( S a9 R' J/ Z4 l' L, W
( V; [: D6 ^- c; d- T+ V, J, k4 s7 O, {
关于 Dump flows/ h6 {% j+ L8 H. G. i: r/ c& w* {
Dumps OpenFlow flows 不含 hidden flows (常用) S& b; R3 Q4 b
, ^% N" {2 A& |- ^! Lovs-ofctl dump-flows ovs-br& c% P* w( A+ {! H5 J4 U
Dumps OpenFlow flows 包含 hidden flows+ ~1 V& }. S- ^+ ?# K
/ A0 C( E8 n; p: y) s
ovs-appctl bridge/dump-flows ovs-br# _; ]# ?" d- s Q4 R2 W# Y3 m" T
Dump 特定 bridge 的 datapath flows 不論任何 type# X* N6 l) S! @) w6 X; b5 P* f
& ^1 R0 u# y' {7 @% e9 e
ovs-appctl dpif/dump-flows ovs-br
; e; Z7 W+ {/ X9 NDump 在 Linux kernel 裡的 datapath flow table (常用)
) I D- h" b: q% B' {% p4 P4 ~. i
5 L8 `9 k& X0 ^( \. D; S$ ~( ~ovs-dpctl dump-flows [dp]
$ d' p. \) M* q. \, N; pTop like behavior for ovs-dpctl dump-flows
6 Y3 L* X' k7 w: R/ w& O6 q' q, g8 s) Y% d- y
ovs-dpctl-top, Z9 _4 c- j) ?5 H8 E
9 h+ n; I+ w4 `! O
# [$ ]/ l% {8 o
) u! t1 ^4 m! X) j! A
XenServer 开启 OpenvSwitch 方式
, V. M) c; [7 H' b: J g$ \5 L+ f检查是否启动openvswitch服务:- g* ]2 f! v' }* H
* f" k8 L/ _* p% H0 r% e0 G. T
service openvswitch status
/ k3 c* |. N8 }: X& [启动服务
# a% ?/ C/ A, K4 @7 e0 ^) ]! L# ?
$ x1 c Q1 K4 X$ m! Q7 O0 `2 Axe-switch-network-backend openvswitch
) ]/ a' c# z" P1 e* M关闭服务: [6 Z- P7 Z! \
, Y' @( w* m6 q1 @! ^4 c; o
xe-switch-network-backend bridge; @# _: ~( p% M$ p
; ^; k3 L; I4 o2 `
9 ]! f3 t' U' {: O8 Y
关于 Log5 A' R) F) N3 B% a* m
查询 log level list) {3 @1 e2 y0 c$ V' N; N
2 ?& F. |1 \2 b/ a( ?5 eovs-appctl vlog/list: ^" i% f4 I: E' M
设置 log level (以 stp 设置 file 为 dbg level 为例)/ |% L8 X- E8 X8 H) R
; r# i( G+ ]) r7 d# s
ovs-appctl vlog/set stp:file:dbg2 f" U' S2 W, N. E" J/ x: K1 S
ovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}2 E( q2 f; m4 [" p/ |' a
% v3 m% L' a1 }) R( h+ M/ H+ m3 N) I8 h
关于 Fallback
) h. A. u& c9 `) K, f/ IController connection: false 的时候, 会自动调成 legacy switch mode
* W$ M, c, l" |% D3 C- S
& S" ]2 L7 [( `2 y7 Z5 govs-vsctl set-fail-mode ovs-br standalone0 z1 M* r) H( t$ i
无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default)9 }" [" ], C' v1 z' G
" h% t+ B" L6 ~) W- I
ovs-vsctl set-fail-mode ovs-br secure
: w& e0 C( I9 J1 c8 d# P" O移除% I P7 o0 ^9 {; ?# q. y+ Z
7 G* C- ?$ ~# S" L
ovs-vsctl del-fail-mode ovs-br
$ l8 J" U) E: t7 N% c* c1 p查询6 ]$ p2 P8 X3 s' n# r
7 X' d6 u( m+ m f6 }ovs-vsctl get-fail-mode ovs-br
8 Z X+ D: q+ P- g
; R: I: |' h6 Z
+ T! d" K m, i t, u! Y! f关于 sFlow! R6 W$ W1 u9 p+ p2 B
查询
; K5 ?% @( A. V$ C- n# _- t0 h- u6 l q* W7 H) ^2 N* |
ovs-vsctl list sflow
+ f9 i, P* Z3 O6 ]新增
% b& {- R/ q$ ]2 {9 I2 L
7 m; [* q4 e. u& O3 Z- J2 X$ oSet sFlow 缺
. R! v' N2 l7 S& {2 D% ~9 N( A刪除
( s* ]8 [% ~) y5 G) l1 i: d1 I7 Y+ N& H# a; M
ovs-vsctl -- clear Bridge ovs-br sflow
- ` t1 j Y# k6 T# |$ n7.13关于 NetFlow
& y& O0 G" w) J+ v7 ]% N查询* E8 K, @& e6 l
2 P' u+ ?7 n( ]8 aovs-vsctl list netflow
l9 g }! I3 r" H* A! n$ N新增
" o" Y% f/ N3 z \$ b; j) e
; i; o s' {! E! J6 O; k, |0 _Set NetFlow 缺
4 |+ R! H. N& V/ z5 r刪除
! n9 ?. X8 @& S( b3 t; Y" g
* C. j& [9 U- m. `0 a/ { Govs-vsctl -- clear Bridge ovs-br netflow
# V X6 F' ^' n2 r7.14 设置 Out-of-band 和 in-band
- q; g/ I6 A' @+ a查询
8 T' @3 u9 E6 l7 j8 F5 w
0 F1 c) Z. I- ` ~/ bovs-vsctl get controller ovs-br connection-mode
4 o- d/ Q0 [! t, N* rOut-of-band
. [" d; }! ^8 ^- {) U$ b, z7 _( |* C, o- G* g' G/ j; \6 V, G- Z
ovs-vsctl set controller ovs-br connection-mode=out-of-band
$ ?6 X/ {2 u7 YIn-band (default)5 |0 a4 W! Q: o' ^! d! l) m% @
, S n8 L- @2 \# m9 H+ A
ovs-vsctl set controller ovs-br connection-mode=in-band
* Q0 n) B# b& E# q/ U移除 hidden flow
+ D# _1 g7 z( R9 I' i" `( T, ~' C' ~ T
ovs-vsctl set bridge br0 other-config:disable-in-band=true
) I3 d3 Z+ f1 _5 r8 d3 B* r6 h7.15 关于 ssl8 O5 f0 F. w; r/ I) M/ Z m, I& l; j
查询+ Y8 C: A( G1 c
3 P4 [, t2 Z$ m$ @9 ?6 ?$ ^ y
ovs-vsctl get-ssl6 N6 ~* G4 x; n9 ]
设置$ m" `0 X8 V+ B/ W y# ^
7 `9 U" l( _! {7 A$ G
ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem# s9 b1 ~4 @ `9 k& {2 [' f- O
OpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl
; Q8 j3 j# E5 w刪除
+ H' g. E+ R0 Q& E) w) ~% P; o* v3 u) N. h% T) N5 L3 x; K
ovs-vsctl del-ssl& H* I9 C0 V% o- M* U
7.16 关于 SPAN
, l; j6 O6 s$ @6 s* A详细设置
0 v1 D' c# E# y2 C' p8 n0 |8 y0 A* f1 P) {) z0 A/ b9 ~; _$ F
ovs-vsctl add-br ovs-br
8 P; C) a) o0 ?. govs-vsctl add-port ovs-br eth0' h# m# r. h" ?
ovs-vsctl add-port ovs-br eth1) p' ~5 }6 B) G/ u
ovs-vsctl add-port ovs-br tap0 \
. g5 o" H% o: M3 J& U -- --id=@p get port tap0 \/ s' ~3 Y- @% q- Q/ {- t; _
-- --id=@m create mirror name=m0 select-all=true output-port=@p \
. p4 L7 I' x2 m( b! A5 o -- set bridge ovs-br mirrors=@m
% {, ?5 u8 }' ?! {, T/ V' K$ i3 D将 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0! d- C# I% `, F3 b8 z3 a
; w' m6 u( J8 v; L. l8 N刪除4 e3 d9 d+ S7 u* n* \( _7 Y
0 d8 a# r# r8 J) P; M# r
ovs-vsctl clear bridge ovs-br mirrors # 關於 Table+ ?$ u+ k. k8 Z: v
查 table ovs-ofctl dump-tables ovs-br5 h/ F; U3 E, K2 X) X# b* C' T) s
. S! |$ ?( b' J" Q1 h+ s7.17 关于 Group Table) S1 a& M& Y- b0 _0 v$ Z4 ^
参考 hwchiu – Multipath routing with Group table at mininet
" c# X2 W5 M! F1 t$ m( a
- S& X' y+ y% L3 {3 L4 p$ L建立 Group id 及对应的 bucket- q/ O- j6 |' m
6 \7 E/ L, ^8 V* Q3 ?
ovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3) S4 f% L4 e! c* H% N+ X& {" L! _
type 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/ope ... upmod/#GroupMod_1.32 a1 a1 F( b) [$ Q0 }+ F) B
# T* _ @ o) R& g5 `5 U# E
使用 Group Table( V1 m9 C& N& A6 ?8 t* U5 e
, z2 S9 F$ \1 l9 e( e$ K
ovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:5566( L4 E% R4 @0 w6 ]# U1 t. B' b& k4 u0 |
7.18 关于 VXLAN' B, D0 H4 j* K) y4 A) a: B U# W/ [7 _
参考 rascov – Bridge Remote Mininets using VXLAN
; D( l' Y2 a5 o
0 f" Q7 I, [/ ]5 K# Q' Y建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9
3 k. O4 Q+ Z0 }/ j
' `; }" v( x$ ]* v8 zovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9
C% P& o- |/ ZVNI flow by flow
/ |% e+ q8 c G5 ~! y- A/ o2 d0 g5 g0 H# l& p
ovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9+ h M3 b# j# |( U. O
设置 VXLAN tunnel id0 L# K/ { [/ Q
/ h) |2 \9 x9 K: H6 ^" lovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:24 t5 z7 g5 Y0 e/ s0 p9 x6 [
ovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1( p5 e2 U0 p9 H f
7.19 关于 OVSDB Manager1 \' v' J( @5 d* Z- Q
参考 OVSDB Integration:Mininet OVSDB Tutorial* {, {+ L; |( d4 r1 |4 }
; h0 ?' Q# B2 W2 M$ L
Active Listener 设置
) V9 c9 v1 H) ?% e& J% Z. N- \) A( I) A, R: Y) q
ovs-vsctl set-manager tcp:1.2.3.4:66404 s5 ?% Q1 e' @* h0 Y( r
Passive Listener 设置
7 v, c, e- A/ ^: k8 L( c* e( A* a; a, s0 ^
ovs-vsctl set-manager ptcp:6640" u: n* K6 [. F: U
7.20 OpenFlow Trace
7 r1 K, B+ j6 N7 y YGenerate pakcet trace
8 w+ d$ m$ r" w2 |$ y3 g1 `& b6 I+ ~! g" o% |
ovs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate9 O3 U+ A1 f" Y6 z& f4 J: t
7.21 其它
8 H- I+ o" y2 t, x' o查询 OpenvSwitch 版本 z' x4 `+ U* {5 b
2 `# u3 o$ r# @/ T! Y( j4 b
ovs-ofctl -V- ~' Y% M0 A; s$ J7 O- }0 i
查询指令历史记录: _1 _, D. w. \. [. ]4 x
+ T6 I- ~. ?( G, c& Jovsdb-tool show-log [-mmm]3 ^5 l; v+ @8 r! y. C
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2019-10-18 10:38:50
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜