- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2019-10-18 10:50:26
|
显示全部楼层
关于 VLAN* l g- Q0 z9 {9 a# l
设置 VLAN tag
6 d$ ]' K* S# K( D2 k9 Q5 _4 j1 y+ M- O. G
ovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal1 X" F3 z" e2 N: K: N# W
移除 VLAN
* R7 }+ m7 D' G5 h) g! v4 _: W4 J7 Q' z+ L- h8 h
ovs-vsctl del-port ovs-br vlan3
# v# W) x$ p+ |1 M5 ]# h查询 VLAN
: m) ?: q+ D' r; z; d. h4 [8 E% l. M* x/ ^+ }3 L% h
ovs-vsctl show+ e2 ^* x% c+ B# |+ [: v- I$ F7 V
ifconfig vlan39 g- d- J) z; i3 V* |
设置 Vlan trunk
" l7 }# O( B7 R- D) Xovs-vsctl add-port ovs-br eth0 trunk=3,4,5,6
3 ~# v3 l) M% j/ @9 h' c+ G8 I4 j1 P! t9 E6 I R
设置已 add 的 port 为 access port, vlan id 9
\6 z& t0 Z" Z
, K; A* d+ m, i" Fovs-vsctl set port eth0 tag=9
$ |: k. ], S Fovs-ofctl add-flow 设置 vlan 1003 S( a6 j4 Z0 Y/ X
0 ]/ X3 C; _& ~: a* B- ^4 C
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3- n$ x |# e; }, Z% H9 a$ u/ e
ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3* N; M4 k' E0 t- p; V
ovs-ofctl add-flow 拿掉 vlan tag ]2 X0 ] I7 e2 n
$ y/ P* S" M; _ovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1' P+ ^& w8 u& a8 _
two_vlan example: T: a% w5 r/ s# T2 V
ovs-ofctl add-flow pop-vlan p6 X8 W, _5 }6 |
# r" o0 O+ p" [. A+ U& @ovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1
: ]8 r* I# w2 \6 p& k
, t; c8 W! t- M& t% K
# t, \) m9 M. S关于 GRE Tunnel
/ O& B( Y+ W7 d S; n1 M1 k设置 GRE tunnel8 j a. I7 `" l) e
9 Z) N' @) Z4 @, {4 L* x
ovs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.49 J+ V) u' _7 }1 }4 V+ [9 b
查询 GRE Tunnel' ~8 h* b8 s# i- c; n, {* G/ R
! w: f# u, O. A4 w. [ovs-vsctl show" L4 {) Z0 v& ?5 x, n0 I8 x
( y0 O& A1 L4 i& O8 g2 {( j3 J
关于 Dump flows
* S2 a7 Q/ V6 h' T( v5 M: TDumps OpenFlow flows 不含 hidden flows (常用)$ f( @) Y& O6 ?
0 g* K9 o7 b2 G. x& Y
ovs-ofctl dump-flows ovs-br6 ]2 A9 \% y8 S; S, p, G i
Dumps OpenFlow flows 包含 hidden flows2 C, C# n5 O( \
+ v- e$ ]7 b& V& ~3 a/ t
ovs-appctl bridge/dump-flows ovs-br
, w1 ?0 Z, g4 U' c Y# s3 p3 A% ?Dump 特定 bridge 的 datapath flows 不論任何 type
, M* f0 E% {, D2 p* `3 k2 D1 N: \7 ], ^. m* N% X
ovs-appctl dpif/dump-flows ovs-br. S( y, j: B$ l( F+ U
Dump 在 Linux kernel 裡的 datapath flow table (常用). p- E2 X5 \ f4 w b
' Q9 K+ P% t; M8 G3 B& R* `, p! f
ovs-dpctl dump-flows [dp]
) } H$ S: C$ Z6 ]2 M# `Top like behavior for ovs-dpctl dump-flows$ g. c, H$ k" n
8 z: Y8 ^. Q5 d: ]
ovs-dpctl-top" U2 {1 L' j, E
1 p3 ~. P; |& ?1 {' N, Q3 l) \7 v: g! @
z8 U: n5 f6 j' L1 N B) L$ d( S% P4 j' [2 J1 C
XenServer 开启 OpenvSwitch 方式# [ L6 O) M" N
检查是否启动openvswitch服务:
- m! [3 \. J0 P# z+ o5 z
: U" {8 q6 g- [( R$ I& ]3 |% J2 Fservice openvswitch status
% Q+ V( V8 N6 A" s# l# Z2 J/ u启动服务
& K( b5 m8 q/ Y) q/ @/ s4 S. ]- G, L$ `" k N9 A
xe-switch-network-backend openvswitch7 V0 w7 v& e! b* h; k V* k
关闭服务; D' ^' c3 a- W0 f: ]' W
2 r9 M! C) d: x5 C" Z2 \
xe-switch-network-backend bridge
2 A* N4 e2 d9 b. S0 k/ J* ^
$ {0 |) c1 f. S& E' w* z4 G. [) ?- e4 J3 }0 A# ?
关于 Log
2 z) p' s; {5 D( i3 I9 }/ H查询 log level list
/ C" Z8 G c# p" L4 @/ `( Y% P& o1 [; i' f7 |) S6 T
ovs-appctl vlog/list
5 X' I( W V# Y, t% @3 p设置 log level (以 stp 设置 file 为 dbg level 为例)
# } ]) ^( I* C+ |$ l
- V% @; D$ N9 M, G) f; Zovs-appctl vlog/set stp:file:dbg Y& y* W/ i+ u4 w5 t9 Z. g( l
ovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}1 b8 S5 _' P- L! X4 g
2 ]! B8 N. k$ E; v7 p" w3 C# U" e
& l8 A* A: y' t% C1 t/ _8 c 关于 Fallback( q2 Q z( J5 ?5 K8 b
Controller connection: false 的时候, 会自动调成 legacy switch mode5 Y4 Q% g6 R2 r! }; ?7 _: u
u, i/ j& _ j$ B
ovs-vsctl set-fail-mode ovs-br standalone+ m, c- \1 q+ F( l- W, i
无论 Controller connection status 为何, 都必须通过 OpenFlow 进行网络行为 (default)
' f2 {. S) P) I. n0 |2 d; B, @5 O9 O+ Y
ovs-vsctl set-fail-mode ovs-br secure
+ N+ r* Y0 ~& h0 l, P3 m5 i9 U8 E8 y0 r移除7 g& c0 m; P* f
! V6 F( C; b7 P( c, n# T/ c. ~ovs-vsctl del-fail-mode ovs-br+ `0 }! l2 q" _* p" A3 f
查询
! c# Y" |( K' Y. `
# _# z$ V% W& `8 d0 Y- n2 eovs-vsctl get-fail-mode ovs-br
" l+ U6 }% M# h! R4 r7 U9 c) {8 P6 A& k' C( ~2 B
$ {$ M: Z: f1 P$ Z关于 sFlow/ |0 d+ J; E& o" y
查询
* U, U2 ]) a4 v- U4 Y- o1 c; U" _3 b0 u t7 Q# R
ovs-vsctl list sflow1 y5 W8 Q: o2 _
新增
" h9 M- q/ s% E+ }3 U* ?0 S N6 j" a9 y3 f
Set sFlow 缺7 X" d3 X! [+ F
刪除
( y1 m& O9 s8 T8 Y6 ?3 k5 O
9 H$ [: r5 ^- l3 k1 W3 B, s5 povs-vsctl -- clear Bridge ovs-br sflow+ D8 z( e& Z" i2 o! u
7.13关于 NetFlow
/ U6 f; ]1 \; G$ u& m查询" ~8 d: F; M. ?
5 v3 c) ~2 P9 u4 P3 G covs-vsctl list netflow6 X5 m2 z4 l( C
新增
& u4 @/ a/ X2 R
1 l. s9 w7 c- A/ E* {1 QSet NetFlow 缺6 n A8 `3 U# X5 H. i
刪除2 ]) @. R, t t& u& A
: M5 T: f. b$ J
ovs-vsctl -- clear Bridge ovs-br netflow. p; W) M, S: o# s
7.14 设置 Out-of-band 和 in-band/ m( I; Y! n' R0 v0 S
查询
$ v8 g" f) u* r, V' ^1 k" ~( W. Y/ ?, i
ovs-vsctl get controller ovs-br connection-mode
9 E' c; U5 e4 C! _- P0 pOut-of-band
# @& }* t5 m: |* x; g. h% \/ w, o- ]2 l- Y0 R. J7 ~
ovs-vsctl set controller ovs-br connection-mode=out-of-band" d" d; V) q, b$ z7 m6 G
In-band (default)
H1 Y2 ^( K# j9 Q7 M5 ?5 E0 J4 C( _; G# e- ?
ovs-vsctl set controller ovs-br connection-mode=in-band2 v! k- [! E4 Z5 l
移除 hidden flow7 v3 b" l$ i5 \- X- t
: S+ Z: `+ C2 g# r" g7 ~* ? s3 i+ Rovs-vsctl set bridge br0 other-config:disable-in-band=true
. C* v, M; Y' n* ~( J; q' o( A, B# g7.15 关于 ssl4 B' J1 c2 i% \# V0 m9 k# z0 a
查询
# W7 O# k1 e/ E4 I8 X/ u0 q/ Z2 n/ {0 f; e
ovs-vsctl get-ssl
- ?# Z1 J6 b7 i* D5 @设置8 p1 t( Y1 v x8 o; _
; f, r, N5 _7 I Q7 }; w- {
ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem
$ X0 m% u/ P" n" S$ {OpenvSwitch Lab 6$ TLS SSL : http://roan.logdown.com/posts/208707-openvswitch-lab-6-ssl( q7 m& X& O, q K
刪除
( s! s% M: I i: R9 m) o* R9 C% |, m$ n: R! U3 p9 s: r4 C
ovs-vsctl del-ssl* S9 ^# M8 ?+ m
7.16 关于 SPAN
5 G/ j, `5 l2 ^+ K1 D详细设置( p) x) b6 j, F, p
3 N) n5 }5 J1 [( u; K, g8 E
ovs-vsctl add-br ovs-br
1 L3 }2 _, n1 c- M3 o3 Covs-vsctl add-port ovs-br eth0/ }- c/ I" A, b4 x8 F: A
ovs-vsctl add-port ovs-br eth1
' k# f% h: X5 G5 Fovs-vsctl add-port ovs-br tap0 \
% S5 r' b, }: y# B -- --id=@p get port tap0 \6 S2 Y6 Y: G1 \
-- --id=@m create mirror name=m0 select-all=true output-port=@p \9 R$ A# r# v2 c+ m' W; d* }% p; J
-- set bridge ovs-br mirrors=@m$ j. S4 W! N' q# O" D; [5 b0 O, i
将 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0( i" M+ Q: ]4 P7 F, G0 w
$ [1 c, C3 i! ^0 Z刪除2 n' [1 z7 S: [* I6 I w. W6 u: m
& T! a6 ?( B5 f0 O M# K9 }9 L2 y2 r
ovs-vsctl clear bridge ovs-br mirrors # 關於 Table3 j' R( S# z Q" r
查 table ovs-ofctl dump-tables ovs-br
* m# R2 j4 l9 o
- X7 I1 a; _( S- ^7.17 关于 Group Table, N2 f; V7 P/ s' u* D; V) A+ p: E; u
参考 hwchiu – Multipath routing with Group table at mininet
4 P' F7 L; H3 O8 q+ p5 }) q
" f0 h3 `1 k3 ~# D( b9 o+ u1 N建立 Group id 及对应的 bucket% e: a, z5 e8 R2 Q' S1 ]. `
& g* Q1 |, g3 a+ ^: w7 ^) i+ {
ovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:39 [* R1 ~; B$ x% g% G
type 共有 All, Select, Indirect, FastFailover, 详细规格:http://flowgrammable.org/sdn/ope ... upmod/#GroupMod_1.3! I9 m2 _( M% j1 X7 E% R
0 r/ R a! U# ?) o
使用 Group Table
9 y: I$ Y4 ^/ J7 `+ I1 Q! u) f1 M7 R; _3 ^! ~3 O- `" q& j
ovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:5566& \: d1 Q+ o0 ?( h
7.18 关于 VXLAN
6 y% E* b" X, m参考 rascov – Bridge Remote Mininets using VXLAN6 R" B6 V4 n; O; {. E
! m. O; ~) q: w+ Z; h3 q9 e建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9
" W) I; o9 Q0 Z- C
- N; G# c4 [, {7 B, ~ P% T* y) fovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9; b% D% S5 B! A' g0 o! O+ o
VNI flow by flow @4 T) z, l! W! \0 ]2 P* a* H
0 G# j" R1 t& a# X# v/ k5 Uovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9& V. U, r) u" C
设置 VXLAN tunnel id
% F. U$ I# _6 ]: Z6 \ k \' h
v$ j* I* l- K1 |9 R {ovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:2
; E2 K) q! \* b$ i1 C/ Uovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1
6 A" b3 d+ @0 _0 w, g3 x8 d7.19 关于 OVSDB Manager
1 C' W) T5 Y# x" ~3 f2 N% }参考 OVSDB Integration:Mininet OVSDB Tutorial
+ D {0 S% n6 g o' k9 f$ P
) M7 Y/ \- {5 R( o% eActive Listener 设置
+ ]' Z. n* O6 i4 X6 J4 v/ ~. }* ^! p5 v" L
ovs-vsctl set-manager tcp:1.2.3.4:6640
7 V" Y: X7 P8 s1 L) g# h) g8 uPassive Listener 设置
' |3 @5 z8 s: O; e$ f4 v; h' r$ @& e+ j8 l
ovs-vsctl set-manager ptcp:6640
. O2 x' @" J3 |6 W7.20 OpenFlow Trace6 T) R5 E% a) _" E. o0 H+ a7 F8 D
Generate pakcet trace
: R: p' x: n- d c
& \8 _! m" D+ ?9 N; n* A+ J4 movs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate1 |' }4 s" l8 J! X0 n" s2 g- X
7.21 其它
* p: Q- y1 I$ c* G9 D/ U7 [# G查询 OpenvSwitch 版本
- h# U% Q, R" ^3 b, z* f
; c4 J S; F$ k9 u7 Fovs-ofctl -V: J- r. |3 d" ?
查询指令历史记录7 U' e* @% N3 k( i. T" `5 q, l9 Z
9 E. ]" P$ V: H ^5 a
ovsdb-tool show-log [-mmm]
/ _5 F# T% Z2 N9 V: ?# l( R |
|
/4 
窥视卡
雷达卡
发表于 2019-10-18 10:38:50
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
