- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2019-10-25 10:00:35
|
显示全部楼层
实现第一个Table 0,Admission control
0 C. C) d# O' d; c( s# @, v/ p9 ?" H; g2 o. X4 \
包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。
1 B6 Q$ f, A$ P3 ? R5 M- ]/ A* d
比如,如果source address是multicast的就不允许进入。: K* {- I# l. e$ X6 o1 F
% Y- r9 I# p) U8 G; F t: j
01:00:00:00:00:00/01:00:00:00:00:00是广播地址
8 |- X7 d" V3 N* _, j! @# \% R00:00:00:00:00:00/01:00:00:00:00:00是单播地址/ F% t( N# b7 Y: @
这种表示形式类似CIDR
' S! M2 k9 @0 Q5 N; S& r4 `于是我们添加下面的规则:' Z0 ]3 I4 u( l7 s1 U
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"! B8 y. Q: o. b0 j' I1 B7 e
STP的也不接受
# h1 H A& C- h- x; Zsudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"1 y, E: @0 @3 ]0 B# k# O9 N2 S
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1* \4 k' R, N' D6 d! P
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
" r$ y) |2 B" ?, i4 I2 g我们查看一下所有的flow6 f2 J0 |) D( r, r& b- M
$ sudo ovs-ofctl dump-flows helloworld
0 n* n4 c& h& O6 ~: T8 U+ \7 `+ ONXST_FLOW reply (xid=0x4):
8 N# i0 p8 f2 U" c( B( Bcookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) 2 B, q9 v1 a3 g6 K7 y% j5 y
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 7 `5 m1 C5 W, n9 w2 p6 Q
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
; n$ A3 H" _1 M, i& U1 j. U, I
; g9 o }6 B2 x- [) k2 Z- K测试Table 0; H4 e+ y' f0 v% }( ?1 r" I3 d
- a/ ]$ H& M8 h5 J! A' N有个很好的工具ovs-appctl ofproto/trace! K+ r. j8 g, H" ]
$ V8 V# G2 u4 Q' r( I6 v不满足条件DROP* }9 i1 I4 g# ]7 k" h7 s& X" {, Z
4 k( l( e& b) s$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
: y3 o# t4 k9 M- F$ nFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000 ! ?. R9 L7 p3 G& w
Rule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
+ F9 o: m! h: G2 lOpenFlow actions=drop
j6 o1 S, x6 D& x& y/ [1 V
J" N& ~$ G) W7 sFinal flow: unchanged : F- n- |$ C8 h9 P& F& M* q
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
. ^% A& C* a- b% T) @Datapath actions: drop% u& F S& O& U: J/ F/ I& C( Q
7 X! w; F/ z3 }8 d满足条件RESUBMIT
1 E6 \) W5 E% ^& c* j8 ?" B* }+ o$ y5 p1 ^6 k+ E# [/ z
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10
# I9 D' U$ p% x& N/ F6 yFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
3 t8 R9 y2 e4 | E( R5 E9 l( XRule: table=0 cookie=0 priority=0
# K* N" @+ F. A, x1 q- ?' w1 v9 eOpenFlow actions=resubmit(,1)' |# T% Q& w7 P4 Y
& E. j N- q. c! @& F& ^
Resubmitted flow: unchanged 2 S! b% v+ ^1 r. X. g' S
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! n0 o5 V" L( P w/ x% a: Z& j
Resubmitted odp: drop
/ N/ S4 I9 G! \ O. U( | No match7 {& F9 p/ d6 l
( G! s( o6 ]( y7 ZFinal flow: unchanged
' b7 ^$ e& L! t( ~) b7 ^Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
% \3 _: V# B* q/ RDatapath actions: drop1 J" A' ?5 T! D7 ]" B1 d
: U1 M- ], o7 q3 o( p1 E实现第二个Table 1:VLAN Input Processing# S4 L- v8 g) J& ^7 M2 ^
5 p" i; M8 n& w+ D3 p/ Y" i x; P
首先添加一个最低优先级的DROP的规则1 U7 T0 w, l9 b6 |0 d2 x& e; h, K6 q
5 j7 }6 N; E4 }- H1 r9 zsudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"0 |- r, R0 K* H# H( O& I
i4 S0 J! p# R对于port 1,是trunk口,无论有没有VLAN Header都接受。
1 c! G8 B6 ]6 L" x
$ R* ~" v8 a- |! a J3 fsudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"1 z: a& M/ I4 Y0 D
) h/ G9 R/ n6 U( f% R7 A对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag+ j* R3 ~6 U# ~* k- @
8 u6 t* m9 z# G' N0 e, Z$ sudo ovs-ofctl add-flows helloworld - <<'EOF' . L/ D& y/ ]- w7 ~9 z. Y
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2) . l( @( R" X1 O6 f1 Y0 w
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) 9 ^0 s! `0 _ a9 f5 U
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
_: k O- F: U# C7 j3 e. o* cEOF
( r8 I7 x+ ?- c
: @, t2 v; V X$ B: L$ sudo ovs-ofctl dump-flows helloworld
6 A! `0 R7 p; z- C+ A3 tNXST_FLOW reply (xid=0x4):
: l4 }( R# E! ~ z1 kcookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1) / o _. t( u& Y: E: l& M
cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
# D* \$ _; a# {$ `- Mcookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
9 I& {# B( R& r- j6 Icookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
) A; `. k% E! Q5 kcookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
# H) I( c% I+ y7 ^- [+ v2 acookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ( L% ~& i- O/ O# _- l7 s1 s
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
* R7 c& y" q: {8 o# Rcookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop- e( A1 s' X5 r6 U r: x1 S1 K
6 K q# o$ `( r' l$ R: s6 v
测试一个从port 1进入,tag为5的
8 e3 b7 v9 ?9 p: a. A- H& z& Y- [) \/ m4 O8 x+ {. I
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5 # G+ j$ A( ]) @( Q. h
Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
, T& {7 y/ ?" j$ P9 ~Rule: table=0 cookie=0 priority=0
5 ^$ A, d# x# v( G8 HOpenFlow actions=resubmit(,1)8 X7 ?5 p. q, `- m4 T P' a
: i+ [) ?, i6 K+ j. R( e7 c% L
Resubmitted flow: unchanged : L- r; @$ n! h* s4 j& G
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ' d( l0 D/ v9 k" K/ B
Resubmitted odp: drop 2 J# S8 r7 k5 Y
Rule: table=1 cookie=0 priority=99,in_port=1 ) l* j* M, h7 } ]& C6 |5 g
OpenFlow actions=resubmit(,2)
, }* ~ V9 X$ \/ B& O+ W9 O+ y, v! `9 V9 Q
Resubmitted flow: unchanged , | G: a% N5 ?0 C* j3 }% u
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + P. x) d) T' G) D ]+ S. x) i
Resubmitted odp: drop
( f6 r: G; k4 X No match
2 R+ u2 v: V( g3 v, v- o* K4 O$ G: ?/ q3 U
Final flow: unchanged 9 b; ~: g) O% m, R$ m" Z
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 9 H4 L i5 F* ^0 I
Datapath actions: drop
/ A" w! L* S8 ` G. q$ d) C* L/ s% p. f) u+ ]0 U, V4 Q
测试二,从port 2进入,没有打Tag的, G& L& n" g2 l! l# E% j8 e+ f
' ]5 k" T c0 z! F* V
$ sudo ovs-appctl ofproto/trace helloworld in_port=2
( B0 w5 Q3 t5 Q* ?! n7 G& j/ B& `Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 6 i4 U) @9 `3 w! ^* C1 q
Rule: table=0 cookie=0 priority=0 ( A0 m* \! [! o- Q6 S
OpenFlow actions=resubmit(,1)
. S' @+ r! @/ G0 n; j' X( [' H2 Q, W0 ~" `
Resubmitted flow: unchanged - l! r( V8 P S2 ^$ ]- B
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 [- X! b- a. m, T* k N5 S: e Resubmitted odp: drop * v$ ?- q1 ^6 e
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 3 J! ?/ Q, H. t& g7 I% X
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
# L+ J: j) {# z( K' j
8 V9 P0 | n# z3 W' Y* K8 B Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
1 T5 n/ d9 W) ^3 J6 g# G1 e$ D/ q Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 : _1 E5 v3 y9 K0 H% Q3 b8 ] M, i
Resubmitted odp: drop , @+ K3 [; N3 h4 {
No match
4 q2 G" N" M" h9 p
, s2 A% `+ h' AFinal flow: unchanged
7 Y2 s9 E% i: f( Z8 D7 x5 zRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no + C+ C- q: a3 j! |* D
Datapath actions: drop: _% y8 v: \- ]8 Q( ~7 `: b
" r( O& U$ q# i' n; i0 i- j& Y2 n
测试三:从port进入,带Tag 5的2 t. m* r" Q1 g p8 `9 j% U/ L
! s1 d8 ?5 D- z a' Q% x7 k$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
9 z9 J3 y3 H* u- SFlow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 . g" k' w% Y' Q8 R# N
Rule: table=0 cookie=0 priority=0 , B5 {$ X3 P" C z
OpenFlow actions=resubmit(,1)( X0 S2 n& m3 n; ~
# a4 V! @) N! Y Resubmitted flow: unchanged 1 t, J5 ]; `, m4 E
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 Q0 M5 m4 i' [ Resubmitted odp: drop 7 ]* G/ j9 _! j0 e2 O$ b
Rule: table=1 cookie=0 priority=0 7 g% q# I* v; [ Z5 N: c
OpenFlow actions=drop
! O* D! L( n P/ y" j+ Q* s% P
6 G2 a! z7 U1 l: oFinal flow: unchanged ) g5 m3 t: d6 U0 f8 G: f1 o
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 2 z8 I; B, B3 T. e; P0 R: O" a
Datapath actions: drop8 ~( ?1 x P3 {3 ]& ~+ }# v, `
& n0 Q, n' v8 r0 J/ ]3 {: S |
实现第三个Table 2: MAC, VLAN learning for ingress port" {8 G; P9 C* Z p4 }" I: x6 F
* I- P5 G* r$ Q' T% H5 n
对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
# ^6 O0 x! V; d/ g% i, s/ R) Y
$ F) {# K$ S8 X3 H* M0 `3 k这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。
! a4 H% s H& R) G6 t, h7 z
) D! z- y: c/ y" x' iOVS也要学习这个,并维护三个之间的mapping关系。
8 b6 `7 E" w* f, @- G# k9 @2 v# A- a. B" l, t& O3 n
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
7 v \; o6 g6 f1 m2 [* i( X* X/ h) D: N+ m+ }1 `
sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"& ] Q+ z' i1 F. D7 Q( s
% ?. F. m0 E+ I# S) |+ K
这一句比较难理解。% Z7 B: W$ i c0 J) C% J" r
2 e6 E1 l; a3 Q6 O1 j& j+ U
learn表示这是一个学习的action0 _! t5 y( D( C
* A# m: @8 @0 \* E
table 10,这是一个MAC learning table,学习的结果会放在这个table中。
b3 B8 u$ P/ o: W, \: `& A; G& M5 l' e# ]8 M
NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。+ r) f$ I6 Z1 I$ X6 u, K+ U7 [7 {' `
5 ?. }6 i5 k! uNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。
0 p) E0 N; {- J3 s9 u+ } F( a' Z1 e- L2 _# s4 j8 A
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
% `6 \" I" b$ U2 E* k; Q' ]2 [3 B8 `) Z. w/ ? j+ g
一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。
' E6 K- l" P p* D' f/ V2 a, |4 b+ b" Q( b, R- I1 y
我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
& f% @" ^1 l* b i2 Q/ Y6 K- r. L; o
cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
( ~: `: P7 q2 n. a# A# a4 `cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
' W# e0 c: B) A cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2
, q9 B7 R& i X. B# jcookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
- e* ]7 F U y9 Scookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2, {$ ^# v7 T: f3 T [
, [; }0 |! i0 L- ~* a N# j# x
这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.6 j! s7 y! k* v: q7 \
) P: R) X/ @. f; s# C2 k; u& t; Y; atable 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
# U3 @, q, w8 q: J$ _/ w
5 N, P/ b, C3 q0 x6 A上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
- m8 t9 t( c2 N* w) n9 f& D" X1 K4 r" {8 e4 F8 y
table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int
( S7 b4 i ~9 T/ ~) z* Z6 ]5 R0 L" j9 T0 u7 a2 W7 j% p; y
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1
/ R6 N7 V+ y: ` V
" [( t2 y9 m: Z# Y1 K+ qNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc2 v y# {/ Z* a. @" B1 l, g% e
, [7 B/ r* a! T) _/ c1 `; T lload:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan
$ q2 L' v. q' I, w: R9 n- G4 a% i8 r8 y& W" F/ X; D* H8 [
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9& r5 ]1 x6 \' f: _
4 P+ b. r8 q/ o; ~& _& a0 d
output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2: c& ?; I" t0 P6 a8 @% i# F) f
% E" S+ Y/ ?; R# @测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包
; c% G" \( x9 a( u7 K9 P6 J2 Y2 M5 E& @' G+ c
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate ; U t. z f W, B
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000 ( h5 c) Q- a% [) |$ v
Rule: table=0 cookie=0 priority=0 6 l8 m( F/ T/ {. g6 J
OpenFlow actions=resubmit(,1)
e7 g8 _* u6 b7 v9 e3 }
+ e) x: P* \/ t! `: p Resubmitted flow: unchanged
& }5 n* P5 v/ Y' D( q Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
% z0 }5 s8 r( ]) h Resubmitted odp: drop ; Z$ n: v t. N5 `1 n2 z. x
Rule: table=1 cookie=0 priority=99,in_port=1
* G; W. Y6 x5 ? OpenFlow actions=resubmit(,2)
$ M6 f1 ]* w1 E6 u$ m8 {
* F0 y! g, K/ e1 T8 ~ C$ k0 o Resubmitted flow: unchanged
4 G8 T4 ~& _$ ]3 M- I+ l. G& N1 R Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ( |' |1 P0 z1 x% ]
Resubmitted odp: drop 8 \8 M: n9 U( q: S
Rule: table=2 cookie=0
; ?, ?4 G* z2 {/ j' Y6 b& ~5 p# i2 r OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)9 u: w {2 H3 S8 l+ R3 l4 B* ~+ @
$ q1 J+ p/ d% \. a8 f' q
Resubmitted flow: unchanged
. B3 a2 w1 d6 I5 ^ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ; \. o D( z+ K
Resubmitted odp: drop ; i/ M1 @' x* b% C; Y
No match
5 m) r5 Y7 r* w/ o& w7 A+ `- g; S8 Z6 }$ [; c; Z
Final flow: unchanged
1 J: _' a# e. k o" Z# |/ J, XRelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
) X2 a0 b7 p6 L/ ^Datapath actions: drop
' D( \& t/ c* a A5 \" b% x0 [4 h! w/ H. j* T
$ sudo ovs-ofctl dump-flows helloworld
" P1 ^6 X3 \- M. |, oNXST_FLOW reply (xid=0x4): 5 N+ X' s# v* C; N( w) i: k# s9 h
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
6 G/ T' s% G, Q0 V) K+ s+ Wcookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
" d. r/ A) l" e, @1 B, |# |cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop ; G# r7 ~( `7 f/ J3 _5 P, ]9 V
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
3 D- H4 M+ V; Icookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ( ?: g2 r7 X, \9 E
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) / o X6 r4 @: l8 x" J* R3 v$ f/ S
cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) ) F/ z' ]4 e/ z2 f E1 w
cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
" f* ^* T, k% p# x. Q* xcookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) ; V8 U2 E" Z6 Q+ y; t a
cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]; p1 z6 k* g; I- Q, B
3 h" g K: ~4 K7 R9 ^7 U8 M( D: Q
table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。
: S- A5 R K/ H- j$ f) {6 }. {4 O1 A) C1 b+ u, J
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02: m/ O) E, B1 s" a7 @
& r; I F o1 ]& b. B$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate
k% C: y% m$ s6 Q$ M* MFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 : `5 i0 I& m6 N( o. g
Rule: table=0 cookie=0 priority=0 $ I) `( W1 |, Y1 j X6 n1 c
OpenFlow actions=resubmit(,1)1 T% t) u' }8 _% D9 K4 U: ?% [& S
3 A- N# z) L* p& V Resubmitted flow: unchanged 6 \: u# T0 }! G! V; S: h/ z5 y
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ U; l) R0 g" j: L: ?8 m Resubmitted odp: drop
3 g4 s4 Z0 b; ]7 n* f8 y Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 9 Y. d( `5 V) v0 ]
OpenFlow actions=mod_vlan_vid:20,resubmit(,2); G! y4 x1 t) l8 C# N, Z; o5 E2 n
7 H7 V3 \5 I% S7 _, |, q' c8 B
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000 5 _0 w8 V- ]6 g! \% N, E- q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. a. Y( B* v8 {' X Resubmitted odp: drop
8 i- M, C+ O; a% x& I Rule: table=2 cookie=0 2 X! r) c5 B' T2 Y: [+ |" f
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
" Z: ^0 e9 r8 Z0 [& ]6 p. W7 @; d0 r
Resubmitted flow: unchanged . D8 q6 x4 |8 d: M5 R$ F# n
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 " n2 M( N) @6 A/ I/ ?, h
Resubmitted odp: drop
( F% O1 ^4 T9 D0 E2 t! V8 J6 F0 U No match
2 @6 |0 P- |8 j2 v8 Y) K7 B9 x" X$ X9 F/ z; d/ Y2 H8 q
Final flow: unchanged
' ^/ T; F% e* t) A4 SRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no . b; m, c/ d* |- L
Datapath actions: drop
$ q! x/ Y+ I L7 k3 \: {
$ m; f$ y, ^* k! |$ sudo ovs-ofctl dump-flows helloworld
5 B! o! C: A2 m. x" BNXST_FLOW reply (xid=0x4): ! C. D( y I, K
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
+ s9 e+ Y7 g0 D, Z( U5 `, lcookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
/ b* E" z- _1 v2 F& M5 [cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop 5 w2 F5 H- P2 y) ^( N. ^ }$ J' d6 F: Y
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
& `7 I0 i( y. x: t1 E: a% Dcookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
4 f ?/ o2 w2 v" Ncookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 8 l) V! j0 Z, C) a" h
cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
; q: s: O1 o' p hcookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 1 }: o" y( o( N: t
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
( p+ t2 H R3 m, s3 K8 t cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] 9 _. w: m3 a) J" v, B) Q
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
& Y5 B. C2 [9 W ]0 K2 X4 A' C( ~4 q- z
实现第四个table 3: Look Up Destination Port
$ T8 U' ?( P" v6 R6 ]
3 ]# E' T/ B% G: J: h在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood3 l; w9 j n* E$ f# Y: _# h3 A
7 }+ ^, p1 F8 i. M' [+ u
sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"
- [4 B r% F& [% } k+ @: M: z! \' W2 X
添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 47 ~* P) I3 m r2 S
: S/ A4 `1 B! ]# i5 |如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。. z6 P$ `) H+ [7 @% u! k, |
+ O0 T" m" Z/ H; R: r7 d- tsudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"3 |1 k; [, m4 E; p- B4 |( W. h
2 x& M% Y8 v, Y) d1 p: T' Y我们进行一项测试- w) o0 d" u, E4 {& _
- s. U) k2 I" Y1 J5 g$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate ; F! _% W' Q5 t" @
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 , |% M# z" G" P7 i% y5 j* R5 h
Rule: table=0 cookie=0 priority=0 $ D; G8 v& ?8 H5 a& n
OpenFlow actions=resubmit(,1): n# g: P/ w& @" i9 p Z. L
5 A$ C. T) n/ P1 m% S: A
Resubmitted flow: unchanged
. M1 D3 w% {; |7 f Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 {" S" g; n( l. d: N
Resubmitted odp: drop . y! R7 t8 i& ]* a' f$ F) p: b% B5 ^
Rule: table=1 cookie=0 priority=99,in_port=1 1 I/ `$ T0 ?2 `$ J0 Z
OpenFlow actions=resubmit(,2)
% ^1 z( \8 m; k, f# N+ V) D: J/ O2 i9 w
Resubmitted flow: unchanged $ N5 y$ s8 c% g8 ?% {6 ]
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
$ T i4 ~- f% ]; i' w Resubmitted odp: drop
- y' A8 u8 ]! x3 s; s) v Rule: table=2 cookie=0
) ]' A& ?5 q; r3 ~# C! y& m; C OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) N& v* s, [" [9 @
# R0 y# \% d w; U" Y
Resubmitted flow: unchanged
" W0 K% f, h2 F; F% x Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& u9 Q+ k4 Z0 _ Resubmitted odp: drop
: B; k. ?; L+ v$ O& { Rule: table=3 cookie=0 priority=50
4 N3 Z3 |' Q( b$ J8 { OpenFlow actions=resubmit(,10),resubmit(,4)
; F4 V+ q+ L- f' }, `8 d9 C( \! L. D4 ^% k1 ]
Resubmitted flow: unchanged
' N9 X% D9 g9 X# m0 J( }5 r, @8 x/ O Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 8 K) F' {% w4 d' D1 H, j
Resubmitted odp: drop
+ I! q1 {3 p$ o" q4 }5 [8 U No match+ X( c& J; o" G8 f D
, t# J0 K! }( q5 U5 Z8 A- }
Resubmitted flow: unchanged 9 N! E" h {7 _/ Q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , h) y6 u% r+ h1 M/ Q) Q6 z2 d
Resubmitted odp: drop 1 p) P# C1 j0 b# t" I" Q; Y
No match/ q! W- Y3 L! R% N
$ G0 n9 f/ k) n7 @8 g0 I! Z; `1 J" Z
Final flow: unchanged
$ j# J+ H% Q5 _+ }" ARelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no ! h) G7 n I k$ N
Datapath actions: drop3 [ h/ k+ r7 m5 M+ P: m" ^. h
* J& U5 \+ r" F" _$ i
由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.
9 o! V8 ^8 |: o ]
- q1 w- V7 O2 }7 i/ h4 y9 f但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01/ a* ~. O) Q1 l( m( k- f0 t8 Q
8 @7 _1 H+ |& m4 R6 g$ sudo ovs-ofctl dump-flows helloworld 8 w1 q1 d/ D) Z! `' r t$ s8 }2 R
NXST_FLOW reply (xid=0x4): / ]7 M$ O S9 H* R3 W6 s
cookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) ! n3 F7 V+ H5 a8 J0 X1 h$ c
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
$ G; m/ D9 `1 A6 Z# w% ?; \* M3 ycookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop % j8 _% Z" c0 J+ X. r1 ] K
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) - g2 x* h/ O6 f9 Q! B, F
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
n+ {* ?- S1 K: e' {) ^% q& ~7 `cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ! `0 l$ V2 `: S3 G/ ?, {
cookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2)
4 w; ?: b9 y: T, l1 Jcookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
5 s2 P+ C! C9 r! i' E% S- j8 j, c5 ^cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
: v& X6 M: H& b! ]" Jcookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
# H0 y7 k8 G m8 D0 pcookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 5 e2 R% \, |: b8 R& O. j9 X: T6 i
cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] # G/ L8 q- P9 i$ \0 g
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] 2 E2 Z# j" ~4 `
cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
' R: \: z" n9 V M: l0 d1 ]8 \9 m' _- t3 [' d8 }0 H7 g
下面我们进行另一个测试
* N: O$ `/ T+ B$ D, F- l% y* N! G8 Q# q$ [2 E/ \% y I V3 R/ h0 O+ t
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate # P4 Z, b! M) Z% C! s
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000 " Y6 D0 i. ^' H g$ U( D* N
Rule: table=0 cookie=0 priority=0
# |1 J# f# y/ f9 t( x. P9 v X7 U; zOpenFlow actions=resubmit(,1)
* {: Y/ _* d1 }. X2 G4 R4 s+ Q8 {7 D$ x, |; f, W0 L* { K+ N2 C
Resubmitted flow: unchanged
3 r& P9 q! n8 k% B8 ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 4 B2 E2 o7 e8 j3 x( e
Resubmitted odp: drop / e2 }1 O' h* \$ B
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 , l, I; o* k8 y$ }3 U3 g4 b2 p
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)" C5 C- M- ^ K
* z* P& L7 _2 Y4 U ^- r: r4 n1 g9 T Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
& f8 D: j6 n. g" T3 t( }* P/ D Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
- L* f: H" E. S. o* H; g Resubmitted odp: drop
- l5 v4 |9 O: g. i$ o7 C0 T3 ^0 ~ Rule: table=2 cookie=0 4 {" j, C0 F+ @ | S
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
2 O( _# G' |0 x
5 s% _5 n. } B, t. L' M* i6 F/ O! G0 P Resubmitted flow: unchanged ( q6 C5 S+ g' K
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. S8 {; K% P9 p& V Resubmitted odp: drop 3 ~4 }( I% H3 x% ]% Q5 b
Rule: table=3 cookie=0 priority=50
% t4 a# |$ _5 I5 I5 U OpenFlow actions=resubmit(,10),resubmit(,4)3 a0 i" B7 a6 J
% J% O @+ }7 E- t% l Resubmitted flow: unchanged
" K- M- R# n, H/ |) a( G& w: g Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& v k7 z7 R# m2 r" h Resubmitted odp: drop 9 [ M2 P9 J7 L( V3 G; P* E
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 2 W! P* o) m6 g4 p
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
3 \: A! k4 u) ^" H6 O1 v- J5 W) l6 ^. T3 b3 b! [6 X! f
Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
/ H6 I2 g5 R: t% n1 ] Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ z4 t, L. |! `8 ~) C5 t% @# _4 G Resubmitted odp: drop 8 o7 @! W) c9 H9 v# `+ U- r9 |# z6 `
No match% H9 R5 D: Q8 z& ?
* B6 i( W* m3 |8 FFinal flow: unchanged
/ _ `9 q! L2 G9 z9 NRelevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no
" r0 Z+ }" k( s; w5 h; Y% rDatapath actions: drop
3 u. J( q3 m, w# i* L# I" }% W+ c; s$ Z: A
因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01
+ P$ f7 q6 J# {& y. S+ i) I. U& l
_7 X2 c4 ?) h: c% N下面我们再发送第一次的包
5 J+ G/ q8 K. I3 j( \/ Q; i- L, x! r" T
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate
7 Q- e/ f: L+ h7 [ MFlow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
' K! k+ @( v6 D |0 ]; y: {" RRule: table=0 cookie=0 priority=0
$ M7 X0 D/ t5 j* p- gOpenFlow actions=resubmit(,1), J* ~* I7 {+ K) y
. W8 W. X8 u0 S& |8 y8 q" `+ P. z
Resubmitted flow: unchanged
% s3 L, j/ U9 s* a% o8 n5 ~4 b Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
# @( I7 R/ E/ p* \- t1 {7 K& f Resubmitted odp: drop : W/ \6 `7 g( C4 y9 K# ?$ d9 V
Rule: table=1 cookie=0 priority=99,in_port=1
3 o# F3 { Q [7 e% K! ?/ p7 C* F OpenFlow actions=resubmit(,2)
. I/ a& h* {3 ^' ?1 C; i3 h Z" N5 H U! C4 Y6 [7 n
Resubmitted flow: unchanged
6 i4 @3 }9 }; N( X: }4 { Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
3 c3 R9 P7 x2 r. L Resubmitted odp: drop # d4 |/ t9 v. x& p% @
Rule: table=2 cookie=0
1 h' E5 x1 {. [: ~* _: d OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
$ o- u7 G/ K L$ P& i, `2 t. ^; t6 N" G0 y2 Q( I. a# h
Resubmitted flow: unchanged
) i" ?; K, q' D/ y Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 G& V8 R9 P3 ]9 \ Resubmitted odp: drop 2 W& E; s0 n& `" i* R; Y
Rule: table=3 cookie=0 priority=50
" v6 g" }5 h2 _0 B1 C( B OpenFlow actions=resubmit(,10),resubmit(,4)
+ i, M; n8 y; E! x' C- V; m: Z; i7 N u% F$ T0 L$ ~5 [
Resubmitted flow: unchanged
/ y9 A. T- z( P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 ` r* k* } B0 }, ` Resubmitted odp: drop
' o- d& I, E, I* V Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 7 b) t e: Q% b! H
OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]2 }9 T; e+ Z- E
7 _/ x3 P$ L) D# X' q% u Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 8 X6 S3 R: h N- [" @: v4 `
Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! u! o1 \# L' I: @9 Z* C) e5 l! T Resubmitted odp: drop 6 u5 z+ Z" o# `5 ^ e
No match: ]6 ~ Z) T8 j' h" K/ U: F5 w
+ b- m2 g" J; \8 x+ R: p$ Z; RFinal flow: unchanged
* t; N' Y: w- e) H% aRelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no
, Q% R3 M, D% w, nDatapath actions: drop
0 I7 ~: R$ _" z* h9 I$ b, m& t7 r v0 \
发现也在table 10中找到了记录
6 Z. m' m# S+ R+ Z/ R& L" M( { I* M/ H0 i3 Q* a
实现第五个table 4: Output Processing
/ q4 U6 z6 w4 T R) y
. ?4 @/ W- H1 f这个时候,register 0中包含了output port,如果是0则说明是flood。 s0 l4 Q# A' K" l
" M/ Q; L0 ^" A# c% }; x& k6 l对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。
& d. r1 I; x7 y6 O0 k+ [" A. D2 ^3 X6 B
sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"' P: D8 y, Y+ W5 f3 Z
5 x# V0 \# C- p
对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去2 d, r5 x* U' R' S- [' ]
8 U( n, d! [$ O对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去
j. B/ ~$ u% U6 S9 w- Z }% Z. k0 ?: _1 q. S0 v8 g
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' , H, Y$ @3 G1 ?. N
table=4 reg0=2 actions=strip_vlan,2 8 O6 J* b" a }: g- @$ K# R0 f( c
table=4 reg0=3 actions=strip_vlan,3 ! |' P$ o: C9 ]5 n( B
table=4 reg0=4 actions=strip_vlan,4
% h3 r ^: e* WEOF7 e# M0 a9 B1 Y ?" Z
; D. p( b: \6 L对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。4 G7 [0 E! g# }" M' l1 t
9 L- ~7 \( k9 e% {; q
$ sudo ovs-ofctl add-flows helloworld - <<'EOF' , }' `+ t$ ~6 F. v0 S
table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2 U8 p1 `& h R9 t$ H
table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4
# J8 t [8 s! b5 r" ^2 a table=4 reg0=0 priority=50 actions=1 , q6 d# t7 ^$ p7 _7 w: r6 {4 _* P
EOF
8 ?+ I" U q$ g. J$ R
) d5 c7 E1 v- v" J( q4 b J所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。
- T7 c( R0 Z6 D) q7 @ z( S; d* Z, C% [. R+ v g# _! z S
$ sudo ovs-ofctl dump-flows helloworld
( u9 c9 ^" b" {# ENXST_FLOW reply (xid=0x4): 0 Y$ j" I: U. y5 |4 R8 `; k" P
cookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) ; o" Q7 B# \+ M. V; y3 ^! r
cookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop . w5 a, @& ]- U5 L/ C8 i
cookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop ) K" x9 \3 ?3 k
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
" g Z) q) T$ \+ ocookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 7 C+ e8 _( O, s+ c- K
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
; r2 f# d! j8 g r+ J3 j5 t3 X* Ocookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) 9 I2 o a1 |8 Y- P( a+ V5 F! V
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
! c" k, _/ I2 y1 tcookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
6 o% t0 F T2 r* p, Dcookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4) 5 m9 a( A& B0 R! k* V7 F0 |6 T
cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
2 n8 T& y" j2 X$ C$ r1 `cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3 & f* h8 J5 p% o' Y( Z% D
cookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 + Y J- [: N. V$ p4 v# a" } _" F/ T* Q
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
F' l% X# J3 g0 kcookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
. i- O+ j" J( @) f' J2 P$ \cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2 1 A* m, X! ?8 ` c& B) r
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4 2 M! _9 a" g/ i# b
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2
* U% E; X( R! zcookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
$ L: o( {1 q) E3 \7 |% [, m: Jcookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
( _9 i2 |9 U, v# n, x# Rcookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15]
" p3 U. P0 U5 ? h5 Ucookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] V; A$ a E8 G. g
# _' N: M' i, D; b- y首先来测试一个multicast和broadcast6 T' _, l J! W8 W
) d. f* _3 @6 [0 G* o2 J; O9 c& y
如果是一个port 1来的vlan 30的broadcast
8 B, m# i" R* l9 v9 Q, e" G
8 s& G0 o5 ?% t! T' y$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
$ v9 Y) M' d& m: y6 LFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 ( k1 N J( b. @4 n/ c# e
Rule: table=0 cookie=0 priority=0
3 z7 H$ t* W+ Y7 i5 @OpenFlow actions=resubmit(,1)
% @$ k& a/ `5 \3 U% g
; t9 p" _1 G7 Y; E6 c/ P" d. h Resubmitted flow: unchanged
4 j- j$ [3 Y% [ b) b8 U Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
) n) R9 G5 X, j- T2 C- j: h1 n Resubmitted odp: drop
- p4 {$ n% t2 N% f; r7 G Rule: table=1 cookie=0 priority=99,in_port=1
1 Q5 t# q S/ m& m* a8 R" x! ` OpenFlow actions=resubmit(,2)
0 a2 p6 Z& E* {5 j( V( \8 @3 C/ _5 w% i. X5 t q6 J
Resubmitted flow: unchanged 8 Y" v3 z0 s1 T, z7 B) |: s( P7 o
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ( k, }6 U& M6 \9 B
Resubmitted odp: drop / {( U& t& d @. J3 n/ h7 f
Rule: table=2 cookie=0 # w+ ] A1 |' {; T. D) N; Q a
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)0 K w2 M. ]3 t5 {, F' t
# o) e; E s; P, q) F e
Resubmitted flow: unchanged : p$ H& n7 y4 N5 k
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 ?9 c: c9 _" ? Z6 X# W' { Resubmitted odp: drop * Q3 M$ v! A7 f& p, G3 j
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
V) C! m J9 ^ OpenFlow actions=resubmit(,4) E- ^6 A+ G- `* G
$ y m( j6 B* h
Resubmitted flow: unchanged
* g q* U: Y* P+ k/ Q/ Q: f Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + O0 q Q# q) P
Resubmitted odp: drop
1 G( j- V! H: |4 L* W Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 2 l& R/ g2 {( N6 A
OpenFlow actions=output:1,strip_vlan,output:3,output:4
2 M2 O1 u d+ y |8 L, } skipping output to input port/ k: Z r8 m) s6 W. a" S+ i
% J& L9 t/ J: G& RFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
; o3 n6 S- Y2 q% X {! g3 w' q3 [Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
5 N- }4 P3 u+ ]Datapath actions: pop_vlan,12,136 E2 S: |2 P1 Y$ r+ P% ~
+ H- r5 H6 s- M$ y结果是port 1就不发送了,发送给了port 3, 4
/ T" Y) U/ w0 J: I9 f$ ?! w( s D4 z: {4 Z0 p5 M5 d
$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff * D* w9 n# Y& P+ [
Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
& }+ k* G) `) c% A" n! s |Rule: table=0 cookie=0 priority=0
' f/ d# ?# ]/ Z u: uOpenFlow actions=resubmit(,1)
5 S- u% k+ v8 n. y6 ~6 O& S0 J2 M6 [6 S
Resubmitted flow: unchanged ) S( H6 v, f8 n* P# v! |# E
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! K5 N, Z* q' `
Resubmitted odp: drop % m- l7 K) e6 b7 f
Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000
& }) |) @+ P+ E) N OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
8 j5 c& n! `* }2 q' i6 N+ S
; c9 B( u& f6 ~2 r2 Y0 R: m Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 * j) V+ Q: \2 q0 [1 l
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & q ^7 x9 y. E5 G4 ]' c( D
Resubmitted odp: drop
& s$ L- V) t; i3 o/ r0 k Rule: table=2 cookie=0 : @) F9 _0 y7 E- N. @7 R
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- Q3 g1 [% W* c, _+ |5 i4 g4 O. w2 q
Resubmitted flow: unchanged 9 L7 x' q# o7 E! s. g
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 6 d Y2 T& I) `2 V( D2 G
Resubmitted odp: drop 3 l5 s6 J5 b& }! S+ A3 f9 X
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 ( ]1 Q7 Y5 Y( C, O- u# g
OpenFlow actions=resubmit(,4)
; l2 \: }& H1 Z a
% E& o: o5 T! M L+ |, P4 y2 @- \ Resubmitted flow: unchanged & N f# ^( O! ?, x" g4 L) t
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & b" H+ a5 C) ^2 v8 G
Resubmitted odp: drop
" E8 h& J: s+ Q* h; f4 L Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 / b1 _# q# J1 f
OpenFlow actions=output:1,strip_vlan,output:3,output:4
* p1 e! \# w: x3 G4 _ skipping output to input port
R4 W: M1 Y, _6 D0 d3 z7 ?. {4 c$ W- d" P
Final flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 1 T6 y$ z# \6 j+ r) J+ B
Relevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no ) v- k' _4 X+ d6 B
Datapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13
$ f/ i# s% d7 L, |, h1 Q9 s/ H7 E z- t, s
接着我们测试mac learning& H, p, y8 U4 `, P( P; i6 M2 V+ ^
) c0 o$ a: P; r/ ^& |5 M$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate ! J" a( X+ ?0 a. ]; A
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
5 |+ P7 V. r6 d; vRule: table=0 cookie=0 priority=0 - }8 x: e; [7 H& u
OpenFlow actions=resubmit(,1)
y0 M' g- Q+ R. `+ k" I: p. M
Resubmitted flow: unchanged
/ J8 J( _( i% p% I Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 3 s% h$ H% J+ M9 h k
Resubmitted odp: drop & e+ W" A1 [4 f+ S
Rule: table=1 cookie=0 priority=99,in_port=1
. i0 D! Z5 C# x t9 ~ OpenFlow actions=resubmit(,2): X( x7 P1 k; o* Y' l6 ^6 L
, L% P0 y# p1 Q: t
Resubmitted flow: unchanged ; d1 O5 d0 b2 ~4 E1 H4 a" X
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 : w6 _! W X" F7 O& c) s
Resubmitted odp: drop ( x4 Q% K8 ], }8 J
Rule: table=2 cookie=0 * c6 ]( Y, Q9 ]5 }# s) Z
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)# O8 p7 Y" E6 r$ d5 v0 z# I
3 K ]' m( h7 p' y9 L$ w1 U% G Resubmitted flow: unchanged / ^ I+ H9 e, w2 n1 g+ O, s
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
O" G' g, q4 h8 E# O Resubmitted odp: drop 5 }2 C( U1 N0 L0 F
Rule: table=3 cookie=0 priority=50 " y6 O9 L5 j( I( |) S: q
OpenFlow actions=resubmit(,10),resubmit(,4)+ r! M7 y: i; w
% k* W- G3 R- D& Y Resubmitted flow: unchanged
9 A, n$ Q8 d4 V. u Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
! A3 F: r, O4 B+ C& G( E0 H1 ] Resubmitted odp: drop 7 _# Y# N( Q+ w* T) o
No match$ o$ n$ A; N4 F- s
- D# h G) |0 o
Resubmitted flow: unchanged
3 |8 M+ J' N- T; m3 U$ M+ s Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % y. A' O/ M& N6 f6 S0 [
Resubmitted odp: drop 6 N3 T" E8 q/ N/ L- [
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 5 n0 ]/ W# x J% r
OpenFlow actions=output:1,strip_vlan,output:3,output:4 9 t' }, J: Q+ H3 H
skipping output to input port
- v% b, s" w J
) U$ v. i8 X8 L' \$ F. IFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
4 U$ J- E1 B3 Y" W F, pRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
7 d) N/ a' t" X; g5 l" Y9 y% sDatapath actions: pop_vlan,12,135 c1 [3 ?" k# n# g% j* `7 _7 Z6 |
" a- |. ?, H( Q5 K9 Q- Z1 m
由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4" d5 ]0 X% `2 S2 H1 o. B( C" {
* v4 u3 v+ D0 i1 k- C o5 `$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate 5 E2 k% R- [4 K7 a
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 : y* @, S ^4 U' B
Rule: table=0 cookie=0 priority=0
: H5 U$ ^. I# N7 T8 @ X% sOpenFlow actions=resubmit(,1)
' P! G* w1 ]4 _- n! g3 c0 g" a, n8 O
Resubmitted flow: unchanged * y& Z+ F3 p! j+ P3 u
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Q+ B3 G# c2 N2 h# [, X
Resubmitted odp: drop
& q5 v6 m& ^3 U: c9 k Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000
9 H% J( z0 k7 @8 k7 B6 d/ e6 q8 d OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
; L* v3 a2 y; B( W4 n9 _( D3 ~8 r; d5 R' r& V
Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
' L6 w0 B1 d& ?% a$ I Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 1 J0 r% P- A% |* O" G- h
Resubmitted odp: drop : W# h$ P$ B% h& j3 J$ L' W" M2 {
Rule: table=2 cookie=0
! |2 J+ |1 } s( }4 d% i OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
' b, `3 `$ V" V- P& ?
3 [0 h" T: J; X6 ~! [7 t, r1 D+ N Resubmitted flow: unchanged 5 J8 _( B7 W* |) p L
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 q [+ [, }( r( `( z6 n8 n Resubmitted odp: drop
6 K* Z# n8 I/ B' u1 s; ~ Rule: table=3 cookie=0 priority=50
( X0 L2 d3 D. ^+ B/ u OpenFlow actions=resubmit(,10),resubmit(,4)( O$ {' A) x, x6 \0 k" Y0 S
5 E, y7 x" W y3 Q! E+ o Resubmitted flow: unchanged 5 G2 }8 H; ?' o, |+ U
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 H9 l$ l4 Y& w: L: T1 j3 y Resubmitted odp: drop * e/ s) T+ z. |$ {# t
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
$ S( @# T$ M5 @& q) \2 ~ OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]9 T+ I z9 q8 u: z# X- ^
% x* s) @6 \8 i6 o3 W+ H' G Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
4 h9 a8 I! f- t3 O Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 8 k( e- C$ v- F- z" z2 v l
Resubmitted odp: drop ) v6 P$ J' T) i$ `$ ^, _- g
Rule: table=4 cookie=0 reg0=0x1 1 y8 O* @: x0 `
OpenFlow actions=output:1$ w$ q9 x S0 d0 N5 C9 D& `% P
$ s; R4 V: i! r6 G$ k) l3 ?Final flow: unchanged
& l3 X# P, j) oRelevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no ( k6 s" {) X) E
Datapath actions: push_vlan(vid=30,pcp=0),10/ I' K$ O/ L; x$ h6 B" N. Z7 x
9 o- q; ^- \+ }( ?" T
回复的时候,由于学习过了,则仅仅从port 1发送出去。% p0 \7 j, O5 J3 f" a
- Z4 \* w3 Q* l: y% C% S
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate " P2 _" ~0 {: e1 L, l
Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 9 Z9 v, |* j2 h. m" c0 D
Rule: table=0 cookie=0 priority=0 / Z, x ?0 F* v/ R* U& L2 ~2 V" _
OpenFlow actions=resubmit(,1); k7 Z$ J6 Z$ c- R9 l) Z* U9 m
1 c8 `, B+ ?0 h$ R- U2 A5 e% }0 I9 P Resubmitted flow: unchanged - o0 |" [9 v) x3 J
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % Y7 m1 m7 I' G! u2 @6 \6 Y* Y
Resubmitted odp: drop
, Y; E, q1 J" ?6 e6 x9 L; x) F P Rule: table=1 cookie=0 priority=99,in_port=1 1 @8 Y' l) m$ ]+ d- G
OpenFlow actions=resubmit(,2)- ~" `; T( R$ l; U
; Y0 x% c& U) o6 ?; W; u4 ^
Resubmitted flow: unchanged 1 m1 V1 R1 W3 L( {! i( Z
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 / J- E4 k6 s( j$ C2 q
Resubmitted odp: drop
, I+ U/ |$ B2 J+ [ Rule: table=2 cookie=0 % }3 a- f; o% f! s: z7 J
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
4 |6 h" D8 u9 c1 R; ^& |
$ `( z5 H( W$ S: m- p. _2 k5 e Resubmitted flow: unchanged
1 _" |0 _& s# s K8 {8 E( I+ N- ~ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , v4 M( l" F) P8 j0 B T
Resubmitted odp: drop
9 i9 T9 R* f$ u+ p Rule: table=3 cookie=0 priority=50 j- @, _! J I) \+ b% I0 G: A
OpenFlow actions=resubmit(,10),resubmit(,4)( A' v Q7 n; m+ A* l6 M
1 Y% b% I7 J$ D+ t9 `( E/ j Resubmitted flow: unchanged , F8 T: F" N' V- w! M# x. H1 S: M
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 : \9 J* z% B2 Z! d
Resubmitted odp: drop
% E8 M* A2 e* C5 U3 [4 `" N' e Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01 $ o& y! v$ z: [ a& e1 n
OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]0 d0 z# Y" o/ S& ~7 K6 l
$ E5 b1 B3 ~$ @+ \
Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 . c; g( ]; f3 q4 Z1 }+ Y
Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
7 H. Q' |- h! l9 A6 N Resubmitted odp: drop
' q0 b4 F: A8 k% n _ Rule: table=4 cookie=0 reg0=0x4
4 \# V0 l3 |& ~) J7 G. ] OpenFlow actions=strip_vlan,output:4
6 _5 c/ s( x3 c) ^% k6 ~8 B/ T) C) y
+ c/ h+ R" ?3 @- |! t: `Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
8 s2 v/ r g/ x0 }Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
# P9 O( K) N" C9 b: u$ J" hDatapath actions: pop_vlan,13, ^) e9 K+ ~( o6 Z' h; \
% L# Q p0 m7 F
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2019-10-25 10:00:33
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜