- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
楼主 |
发表于 2019-10-25 10:00:35
|
显示全部楼层
实现第一个Table 0,Admission control
, }% t0 v/ I9 Y/ W
$ t: F3 m3 T# @- n包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。7 I. g- q* e2 _: z! x7 w
% \1 D& h j1 }比如,如果source address是multicast的就不允许进入。$ h6 H; |2 B6 A* `- K
* i1 y$ W$ q6 {9 K" `' H. Z+ n- n! e* Q- b01:00:00:00:00:00/01:00:00:00:00:00是广播地址
0 T" n) i2 E+ x: T4 n& I3 g2 y00:00:00:00:00:00/01:00:00:00:00:00是单播地址% Z/ g$ y* k2 W3 i8 o' o
这种表示形式类似CIDR q3 ?) |5 h7 j& V$ {
于是我们添加下面的规则:. ^3 Q( S; t/ n% p* I
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
7 M* o ~% \" l _# m( B$ ` VSTP的也不接受
, `' F- B; C: K2 |. E/ F0 { esudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
& ~2 A3 `1 s+ y/ w我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
9 s6 ^6 Q% k& a+ i5 I2 isudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"/ u" u# C" B5 J8 I c: y
我们查看一下所有的flow1 B7 x' j l0 K, m1 j6 z1 h( {/ @9 {
$ sudo ovs-ofctl dump-flows helloworld
" M2 y1 ]- v/ W. L2 X+ BNXST_FLOW reply (xid=0x4):
* ^. a) `0 Y E: B9 L% u2 _. {6 Vcookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0, idle_age=42, priority=0 actions=resubmit(,1) ! B/ a, R+ d3 @- ]* b! a2 X
cookie=0x0, duration=232.121s, table=0, n_packets=0, n_bytes=0, idle_age=232, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop : v+ R6 x# d. |
cookie=0x0, duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
4 f f0 h" T% R9 |4 Y# @( ^* C1 V* Q7 H$ u9 E: P
测试Table 0+ h4 y/ c% J! F* |3 z6 A1 N1 b
0 W; ?! ^. h7 r- }有个很好的工具ovs-appctl ofproto/trace
- T, }* @$ ~( n( H( B Z2 c* s8 x; s) S% b0 t* l- @3 ]
不满足条件DROP# B- d7 ^9 q% V5 E8 H; ^
# m! R4 T5 [0 ]
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:05
$ U; s6 d! R, x. b" j# H1 R# rFlow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000 ) o4 x3 @ e' H* c2 ?
Rule: table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 9 |1 k4 V/ d; V
OpenFlow actions=drop
8 s6 F2 g# D1 e( d! t4 C) d; [0 z0 O, c
Final flow: unchanged . d( o7 D& q, t( V, {5 l$ D
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
7 V/ _* a' T& R+ F( `+ yDatapath actions: drop: H5 P# R1 x% {# ]* I. f& ~ q
: j8 g( w4 N4 `9 r* j6 n- X满足条件RESUBMIT
& s+ I' i# r% [& H3 [6 D
; w/ l6 K1 E1 g( Q2 I# C$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=01:80:c2:00:00:10 2 S5 r% {6 B) R" ^/ h C
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000 , r9 m, q' C% U6 [
Rule: table=0 cookie=0 priority=0 - l; I& t4 T& c' N# e" L$ a$ j% T
OpenFlow actions=resubmit(,1)
" G" S4 w8 _. n' a$ b O& o$ U
5 Y7 K- t" M" c2 M$ [5 V Resubmitted flow: unchanged 7 e2 Z/ u5 ~* `9 ?
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! w4 e, R, w( n
Resubmitted odp: drop 8 L+ {3 ]/ L- J! \6 ` V
No match
% g9 ~" l9 \; N& ^2 t$ f3 C7 R8 z. B# m/ V* `/ A8 R
Final flow: unchanged
2 _3 D3 @3 L2 Q# Q* aRelevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no 1 m$ L5 `8 U4 b1 ^' D/ `& Z
Datapath actions: drop4 B- k! k/ b7 b" f& G
5 J7 D ?6 D' e& W实现第二个Table 1:VLAN Input Processing
$ N0 V1 Z* V$ M8 {: v& k. I0 d* A
! W7 ^& @0 ?. z- O首先添加一个最低优先级的DROP的规则% G# C8 _5 J& C( a; ?
3 E. b+ S$ U2 }/ |- `0 e! ?
sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"6 S t9 }% @8 y) X
( ~" \! \" M$ C5 j {
对于port 1,是trunk口,无论有没有VLAN Header都接受。1 X; x4 T, J6 e, Q" e) `% @, I
! b( w1 g8 ^1 O! N6 ]5 M" U6 q
sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"
1 c* [' X8 R% N: a' H! [. B
& b$ W4 _. f% ], y. F对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag: x' ~) v: ^0 D& K% |/ ]
; O7 V, Z. |& q" w) o$ O6 V$ m2 E9 C$ sudo ovs-ofctl add-flows helloworld - <<'EOF' ) N) u1 S1 d# U% }' j
table=1, priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20, resubmit(,2) ' f1 i' O' D! E$ u! y
table=1, priority=99, in_port=3, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) 4 ^2 F. d' _" s) l/ X6 E* J& t
table=1, priority=99, in_port=4, vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2) " g5 Q% h% }% d* K" C3 ~
EOF' p8 q7 L) e4 H0 R8 ^. a
$ [* C4 m) U' P
$ sudo ovs-ofctl dump-flows helloworld
) _! S, n2 Z3 d- ONXST_FLOW reply (xid=0x4):
5 y) [. Y# P& {8 y, C: i8 I# Xcookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478, priority=0 actions=resubmit(,1)
8 A" e6 {/ P- C6 w7 R+ Y5 ~cookie=0x0, duration=4668.541s, table=0, n_packets=0, n_bytes=0, idle_age=4668, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
1 T3 E0 W9 J8 q }, wcookie=0x0, duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
. W1 x3 g' e: X& | S- Dcookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) * V t8 i6 Q) l
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
1 n$ Q' w" `8 R* G" @; U" g5 c% [cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) ! f& p( r' W `! L
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220, priority=99,in_port=1 actions=resubmit(,2)
& r" o$ ^# L0 f/ [2 Ocookie=0x0, duration=298.739s, table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop
7 Q6 m9 T' m3 P: S# ]0 L8 o2 ?
+ |- K. R+ m: ?( o' g% n测试一个从port 1进入,tag为5的3 n1 [, d( }4 X( v2 p/ X: s
/ K/ T3 q @% S* D( f
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
( O! X; W! O9 F G2 c" [Flow: metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000 - D' O- q$ N8 I* K0 P
Rule: table=0 cookie=0 priority=0
6 Q5 i4 j! _- ~0 g I. u nOpenFlow actions=resubmit(,1)
& }+ R5 S8 q* N: w9 y7 s" ^' I" r# Y2 h) U! U: N) ~& m' }' P
Resubmitted flow: unchanged
- u( ]) [ S( _ Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 8 D4 n q; s) u8 t
Resubmitted odp: drop
0 b- Y- P6 t" u, T Rule: table=1 cookie=0 priority=99,in_port=1
* @! O$ J' U. W OpenFlow actions=resubmit(,2)
6 B1 q. V2 d7 c7 [+ w0 R8 q5 `, H8 _
Resubmitted flow: unchanged
( U+ B' k7 Z N Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
- X4 F$ E$ H4 F0 @# L+ i Resubmitted odp: drop
0 _9 ~3 x6 @" v% m0 E% L7 X$ q3 C! w e* \ No match
- v' L) j( g P. p
) y" U6 N4 c" d# R* q( OFinal flow: unchanged ; ^/ a! W( l9 g% j; ^
Relevant fields: skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
$ k8 \6 v5 Z2 O/ O& b% N9 IDatapath actions: drop) q$ ] [: ]6 g9 G
1 M& W' I6 B G0 N6 S+ ?% Y4 d; x
测试二,从port 2进入,没有打Tag的
$ x: x P9 d* X( N, z# A' T0 H g* j# \$ A9 ?4 h4 b8 X4 k
$ sudo ovs-appctl ofproto/trace helloworld in_port=2 : X% }0 r0 H4 {: |
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
$ m! C( n8 U' h/ m. q: zRule: table=0 cookie=0 priority=0 ; o, l- C. g! s |- c
OpenFlow actions=resubmit(,1)7 u1 R$ q! p( h0 V: v3 g
: w9 s) S* B$ `( r Resubmitted flow: unchanged : [! [" n m4 u8 }. H" ?
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 ! F% H7 T2 p* z: Z- P% m5 h8 G
Resubmitted odp: drop 0 j& M7 ?* r0 s; l# l
Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000 , `* A) H+ @: N" e5 a
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)% P# e. w2 R9 l7 Y7 F
2 z5 _: Y9 C, j G: \ Resubmitted flow: metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
7 W7 {" ~* v, o4 d, s/ X' b3 f Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
2 g2 c1 K Z- l- h) E: R Resubmitted odp: drop # f% {/ x) b q2 n5 O
No match$ v w+ N8 B0 }# y
. ~0 x! C5 n# {. a
Final flow: unchanged \& M% \, U2 a+ t4 H$ j3 n8 X( `
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no : H/ [, O' z/ J: g) E
Datapath actions: drop
3 J, X j _; H K& Z. C
$ Q- A2 G$ ]+ O, g测试三:从port进入,带Tag 5的
, [4 [( N5 K. a7 G+ C
; o. M7 T) i S) U% Q0 M3 _$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
; o5 U) R3 B* L3 C2 `4 M" l8 BFlow: metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
" M1 P/ y( \" VRule: table=0 cookie=0 priority=0 ; a! s! a7 W. s! L
OpenFlow actions=resubmit(,1)
* I9 {- C3 a- W- O8 r- C* ^: @: c w" r5 Y
Resubmitted flow: unchanged
& m3 i" a* n4 f1 o: ?0 P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 " a% D$ z) H9 I3 e
Resubmitted odp: drop 2 }# ]0 _* N' A0 O4 C+ y
Rule: table=1 cookie=0 priority=0 % x, G a/ H+ Z
OpenFlow actions=drop
1 Y4 M6 s' b5 K1 }; ^8 D* K o
% w! m. O" r5 ]1 \- ]2 a/ r8 H* |- IFinal flow: unchanged + |! b1 b" M8 E1 K1 ^ L
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
( A* b! o# c$ z2 B6 NDatapath actions: drop! z3 A4 e% Z3 w
5 F! u$ L+ c8 \ b( |$ B1 n/ N实现第三个Table 2: MAC, VLAN learning for ingress port
. ^1 [3 ^) X9 E8 ?- |2 j; G
9 O- W. r. o: x对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。/ R9 _0 T# O$ R. ?: m5 ?
4 d* Q- y) M' ^- G( {- o) m, ?
这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。
3 v: {- V3 X6 s$ O1 M: ?1 F& N
7 M G) T& I* i1 V! eOVS也要学习这个,并维护三个之间的mapping关系。. L6 [; A% k" w& m; Y- b+ P
5 x: T* @9 l# ^/ E: F- K) w
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。, P6 f7 F& z [1 {
6 x4 @5 { ^0 m
sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)". M3 @5 \2 I% V8 y
% F5 @2 b4 B; r2 @2 c3 p& Z' y, n/ _
这一句比较难理解。, X) C1 P. T; i. j* D
6 i9 u1 O8 W( L9 v
learn表示这是一个学习的action0 w2 F5 ?# B, T6 P9 @1 a
6 D- a7 Z6 A2 L0 `: a: U' K- E- btable 10,这是一个MAC learning table,学习的结果会放在这个table中。
* h4 V7 K+ n( a! ?- p2 |8 M3 n1 t1 T! r6 I! T5 y) d# u
NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。/ M7 d0 t; q9 z/ s* P" z
1 [1 Z; ~" J: CNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。
/ C$ V1 ?' m7 U' Q9 p z' i1 ^- A0 G( d! O- J9 a- [$ N4 \
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
0 I$ t$ d1 U# z! E3 }' K$ p# J- n* ^) p
一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。
! T3 e1 {0 ]0 n! X: v2 B
0 ~: l3 P6 M1 V我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。/ S1 B1 \" g) ]8 o) ]+ |8 T
" L4 @, ^# _3 `9 h0 W* H/ ~. y) J4 pcookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
2 I9 j, `$ |/ icookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,21)
" j, R C( s T6 F: E cookie=0x0, duration=802038.514s, table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534, priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc actions=strip_vlan,set_tunnel:0x3e9,output:2 * _* u( q) Z9 F7 t3 ~3 R6 c% n. u
cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop
( O6 b k7 c4 b8 ]0 v* t) Jcookie=0x0, duration=802055.878s, table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1 actions=strip_vlan,set_tunnel:0x3e9,output:2
2 o9 Z: @! `3 B( x! T! [6 g1 T# w+ R, p0 ?1 e9 K0 Z% ^# s8 G% H, G$ f
这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.# X% |2 q1 X6 X" N. \
: p% K5 c4 E1 m9 o/ }. N
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
* `) y( z, A; V+ j' W) A
: Y. ^1 ~9 O, V7 k2 ^; T上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
, }( J: l* A% P" A8 P4 ~
9 D, S( k( v7 l" G5 A/ T5 ^: T5 Jtable 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int
0 V* y: y9 I/ `5 W
+ u4 w, ]! y8 C' E5 r( w# y ]3 bNXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1' Z q$ C4 D @ H! o; z& ^& B
7 r/ w8 k+ S. SNXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc4 L& Q3 `2 e/ Q$ ?
! [9 w i, b# \# y) q- D
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan
5 J* U4 R+ W. I9 f8 o$ t; M5 v. x; G* P% f" p* c, w
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9! n U/ Z0 L# G [( S
* _: a! g0 o: c" B
output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2
! T0 l. @' y5 a( s
6 a+ X& Z* J* D- r2 ~测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包
( ^! i/ u' v/ z. v" p' C# y! b* c% t. O! y0 L+ x! M7 O3 R
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate 3 r* Z& e% Z" g. c: i
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000
5 e6 _, P' [% V: IRule: table=0 cookie=0 priority=0
" `6 L1 e% `! L& X' d: Q# q9 ZOpenFlow actions=resubmit(,1)/ d8 F; D; x3 i, b
u6 U8 M7 e$ ^" j/ I$ o' g0 C Resubmitted flow: unchanged - G, S' e. v! {5 O. ]
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ n' t |. B) G5 V Resubmitted odp: drop 0 {! j& d7 |! S+ i' H) w
Rule: table=1 cookie=0 priority=99,in_port=1
9 B- O: I( G/ U! a; \ d3 L* T) a OpenFlow actions=resubmit(,2)7 K1 I; K: f* l- n! Y" D: z
4 S) C$ {( t' n: ~$ [# f
Resubmitted flow: unchanged & X9 b. u: S+ v6 b
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 N9 \5 Z; w/ K* Z- W, P, N
Resubmitted odp: drop
) B2 P9 a7 d0 X9 |% W Rule: table=2 cookie=0 D' [" r6 P" ]% o( s0 ~
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- C/ s% \; W8 W& D9 J, N# x+ U0 p ]* O! Q0 c# `4 K
Resubmitted flow: unchanged & G( z- J# Q9 {2 t @. P% O( z5 ?, B
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , T' x) d% g' `/ U6 k
Resubmitted odp: drop
) r3 o; Q2 J q! W- B# |2 k1 c No match+ t3 \4 c- g. X. q9 K( e
) A0 ~4 x& U/ c3 y+ v: N7 R; v/ J! FFinal flow: unchanged
# \% B' {9 | L0 @& u5 P% g6 Q7 |Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
, q6 N! F$ Y5 z& H2 f9 Z# M9 l. qDatapath actions: drop+ j4 M8 ^- y' W* I4 _' n8 }
P. }0 Q' y1 H! z% r- Q! p$ sudo ovs-ofctl dump-flows helloworld ) b; M; {& u2 T- Q+ _
NXST_FLOW reply (xid=0x4): # L# w+ e( `1 R
cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
+ ]; w# v$ {, Ccookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
0 Y, ]6 r# q# f& p, y' `cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
$ i1 P9 h9 c, X. V( S5 u" l$ Ycookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) * |" h" a6 M7 H6 d2 {& k
cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
" E `# l d( f3 Rcookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
: A( z1 X6 T* d, Q/ P* m* qcookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) 7 F3 j" P' N" ]" s# P8 Z' d2 J, O
cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop ; n& k/ G& l \! H2 ~- O9 N
cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- g7 v. M) a. f cookie=0x0, duration=31.258s, table=10, n_packets=0, n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
+ ?1 P- W! c' T5 Q* c! \! J% Z$ q1 h$ f1 E# D
table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。2 |9 K9 g0 [" [ _
* t; L& N4 {8 x$ ^
测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02) I o7 a9 {) ]1 [5 `
$ A0 w, ?7 R1 z1 u) I. d3 x
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate
& q* _% X3 H- r+ s4 jFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
" h4 ]3 o: _4 z; Q0 TRule: table=0 cookie=0 priority=0 , p5 `3 Q0 }$ O+ a) M: q: i* l
OpenFlow actions=resubmit(,1)/ r) K: z8 R( ]/ |+ f
2 [/ y: J% O) x3 f/ L5 _
Resubmitted flow: unchanged 3 \9 [6 _+ Q' d4 F
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 u2 ]6 }0 d& V; {. a Resubmitted odp: drop
& k ?/ e5 G/ A' o8 Y Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
- Z8 B% Q6 g2 M8 f0 I$ w: R( ^ OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
. _$ Z( y A: S$ {
0 j' _: y+ o! W0 l4 I9 S3 ~ Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000
7 I: u" X; ]5 y+ M' Q3 ` Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 , G" u A) ?7 L) |9 u2 D- h
Resubmitted odp: drop
4 ]# `, x2 N( E0 N- j, ]$ ~ Rule: table=2 cookie=0
: _1 f& F" K5 ?) r) a/ w( ~ OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
8 ^7 E9 P- T8 d% F
8 \5 T$ Y1 u7 O Resubmitted flow: unchanged - U6 F6 h$ V$ E' ?
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
% m+ a ]& K% F Resubmitted odp: drop ; O! s& V( \" _
No match
; q8 `0 L- Y l, L5 j7 m/ E) W3 S# ]" [: J, D8 h
Final flow: unchanged 4 U! c4 Y. L) N! V% E& `9 ?" {
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
- I# }0 a' s7 i0 {( sDatapath actions: drop) s% A4 Z3 l# S5 r% s( e5 d
6 [, N0 m. J/ S/ _" N R# _' k1 ]
$ sudo ovs-ofctl dump-flows helloworld + Y% k" {0 v. `2 s
NXST_FLOW reply (xid=0x4): i4 [8 I& C; _. U8 h
cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
9 W/ R4 ~4 b) h; I# Z( _3 T9 p2 Ncookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop 0 u8 C \" G' j! N w9 H E
cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop 6 s$ P" k* S+ f" H! G
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) : k( N$ R. E, f: M H
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 9 X. E: r6 v$ N2 y0 |
cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
/ [2 n6 ^/ y, ]( Bcookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) / E* y" R7 z0 Y( S1 }
cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop 0 \# ]$ ?/ L& A" {& b. X, P
cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3) 1 V% M) x* c9 \& S$ N8 `/ A% {
cookie=0x0, duration=4.472s, table=10, n_packets=0, n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] # q6 j; @2 ~6 h5 ]! S# [
cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0, idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
$ R. A1 `, Z4 x S" J# Q, w+ @4 V6 Q. Q) s$ z
实现第四个table 3: Look Up Destination Port; V) k& m e4 T% } _8 e
2 a6 O3 }, m4 z% Q& \) `
在table 2中,vswtich通过进入的包,学习了vlanid –> mac –> port的映射后,对于要发送的包,可以根据学习到的table 10里面的内容,根据destination mac和vlan,来找到相应的port发送出去,而不用每次都flood
3 S8 ^3 A" l! {, w' Z6 J
8 ]4 c- L- Y2 |sudo ovs-ofctl add-flow helloworld "table=3 priority=50 actions=resubmit(,10), resubmit(,4)"1 G7 x! G$ E8 }' {2 w. x
) K1 k4 g" i1 U% m: g2 W添加这条规则,首先到table 10中查找learn table entry,如果找不到则到table 4( j6 t4 W1 m' G/ F% o9 {! q
( H: i1 _3 R7 f! m) [$ ^# c8 |如果包本身就是multicast的或者broadcast的,则不用去table 10里面取查找。
3 @" u( T9 `* w/ Y" X9 |
+ |/ m9 M$ b/ O2 {) Usudo ovs-ofctl add-flow helloworld "table=3 priority=99 dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)"
, p% r, f& B8 S+ W& X0 G
: H1 {0 g: ?. E+ c, N" n我们进行一项测试. j) a9 f- c5 f" Z" m
' j0 n& N8 v3 ^( u7 G
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate 1 I. q) H: f2 _- |
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
" U. N, N0 V# R0 l5 f) k! SRule: table=0 cookie=0 priority=0 q2 z6 {: |( g8 T! }
OpenFlow actions=resubmit(,1)& M9 e; ?$ S: ~; s+ r( Z/ ^
/ \9 }# a2 x' ]% A& G! H; L& |
Resubmitted flow: unchanged , I7 a; S! O6 k
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
: J1 e3 o, N8 U Resubmitted odp: drop
( i) F" ?- m! Q, i, ?1 ^ Rule: table=1 cookie=0 priority=99,in_port=1
8 {0 ?1 ^8 N2 t+ ]! |/ K/ I6 L OpenFlow actions=resubmit(,2)7 f# N5 f5 C, I+ {& M7 ` M1 |+ C
% Z4 g5 t: e+ E6 \* Z Resubmitted flow: unchanged ) D9 \5 z$ M! k- C
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 z% ]) H7 H q6 h- G9 a Resubmitted odp: drop
& B% D5 r; z1 l2 W# J Rule: table=2 cookie=0 0 ]; c4 T6 y0 f6 \
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)6 f# j; E) s& y
; ] `$ F8 R- A5 \4 Y* | Resubmitted flow: unchanged
" ]' X- d) t) S2 a Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
9 f6 Y* f8 T" C Resubmitted odp: drop
' U# h, d* J( v! Z* r1 D- Z$ I Rule: table=3 cookie=0 priority=50 8 C" M, Z* m0 ]1 y# Q7 E( [, D+ [/ {
OpenFlow actions=resubmit(,10),resubmit(,4)- Y4 }/ B" K0 E( u z" a
8 U# b. u# z* Y G$ m7 K1 D" H
Resubmitted flow: unchanged
/ P7 H3 \8 G3 s# P Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
, r6 L4 D/ l& @9 @ Resubmitted odp: drop % K) s9 j A! [; \
No match
" G% @* W* T$ g1 h8 K$ r+ g& R; Z* B, ]
Resubmitted flow: unchanged % G1 u/ d) h$ H7 z, G ^) I C
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ u. |/ U. d, S L Resubmitted odp: drop
\) z! H6 Y2 [/ e, f" O No match
2 \2 h' y& m* p" }1 X" e' j8 c d. }
Final flow: unchanged
1 }7 r" e7 ]2 X, z" _# H9 f( wRelevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no & v4 Y" \5 p* L V3 e8 e# C
Datapath actions: drop
' D1 O$ E" Q r! V* o' L2 Y: {+ I* ~) _8 e
由于目标地址f0:00:00:00:00:01没有在table 10中找到,因而到达table 4.1 G9 L- P4 ^7 H
% @9 ~1 r ]4 f6 N( D
但是这次测试使得table 10中学习到了mac地址90:00:00:00:00:01, m% u% i+ {0 ?! @
0 T! |! x4 k m& l$ sudo ovs-ofctl dump-flows helloworld : K! C" [2 w! ~
NXST_FLOW reply (xid=0x4):
0 i' t5 W6 c2 fcookie=0x0, duration=91588.452s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1) : L6 e! k5 f r# `% z
cookie=0x0, duration=91778.411s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
( J5 ~# H7 D7 t1 |: H- N8 z* ]cookie=0x0, duration=91713.926s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
- i7 p3 \7 {1 |% R: ?7 [& m* j# L/ x4 ycookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 9 L! ~2 z8 s. U" l
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2) 3 y0 v1 w6 h" \" q6 v& ?
cookie=0x0, duration=87199.143s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
+ v, u8 ]0 s. z6 Ccookie=0x0, duration=87330.188s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) 7 w7 f7 `1 c4 a" O6 X5 @2 q1 m _9 s
cookie=0x0, duration=87408.609s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop + a+ _! u- K& Q
cookie=0x0, duration=84638.483s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
6 y: G& ^: N+ ?cookie=0x0, duration=352.841s, table=3, n_packets=0, n_bytes=0, idle_age=352, priority=50 actions=resubmit(,10),resubmit(,4)
/ k7 e# V3 A# A8 s) R$ Acookie=0x0, duration=212.704s, table=3, n_packets=0, n_bytes=0, idle_age=212, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4)
K# z4 v) K5 ~5 g cookie=0x0, duration=117.364s, table=10, n_packets=0, n_bytes=0, idle_age=117, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15] 9 q) P0 a! d/ G
cookie=0x0, duration=769.784s, table=10, n_packets=0, n_bytes=0, idle_age=769, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15]
5 n# M9 s6 q a' B% B/ }cookie=0x0, duration=1082.46s, table=10, n_packets=0, n_bytes=0, idle_age=1082, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]1 }( F% {9 U5 q% V
: z5 X ]5 R# C. n Q
下面我们进行另一个测试, S% d- A# H0 C @3 H9 A
# N9 z+ C) S/ V+ l% |+ J
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01 -generate
# ^$ r+ d6 J0 FFlow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
]) O, ^! r8 Y' {Rule: table=0 cookie=0 priority=0 2 ?" ]2 a1 q: e) B* i3 b- D
OpenFlow actions=resubmit(,1)6 Q! k0 r$ x$ x6 z$ `! f9 A
2 `8 L7 W* [* E8 Q' g% K8 |- M8 I Resubmitted flow: unchanged ( h3 k+ S& ?$ I! x% B: Q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 N3 A/ r4 ^; y* m2 v Resubmitted odp: drop
# B( ^4 e# V$ X1 z Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000
]. G) Q+ G! J, V3 ~" W5 o6 r OpenFlow actions=mod_vlan_vid:20,resubmit(,2)6 v! E, u7 b+ w+ r& ?
) B% B5 D' A# c. n {, x2 ?
Resubmitted flow: metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
* J& Z' S( `; J8 b n7 Q& N Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
1 N7 M8 t( v% d) W/ F0 H: t Resubmitted odp: drop 4 b! {# N {. g/ h- N
Rule: table=2 cookie=0 * M9 X2 f- c! H. Q; R1 p
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)8 B, R* S7 ]2 F4 ^+ S
8 h7 Y- r g1 o# F* A) ~
Resubmitted flow: unchanged & d% {+ Z' j/ f/ S
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 - {, i) J7 [& l" m
Resubmitted odp: drop 7 L1 e+ h0 H$ d
Rule: table=3 cookie=0 priority=50 - r& k5 [7 N) g3 e- J! a# _$ U U
OpenFlow actions=resubmit(,10),resubmit(,4)
9 t% T/ c% H5 }, D( s; \0 `6 Y8 b( ^& n
Resubmitted flow: unchanged 3 O J4 V6 _3 o
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
8 |3 b2 \" M( t$ \7 [ Resubmitted odp: drop # u. p# T8 b( _1 Y
Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 ! q: F: t0 k9 T) G
OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
9 j1 H( @1 i& V% B# K. N5 \4 v" u3 q" [* V% p+ z
Resubmitted flow: reg0=0x1,metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000
6 E5 K' W; q6 H: S4 W( Z Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ y! |, g. g; O+ g( v" f, E1 C
Resubmitted odp: drop
1 S1 M& x8 `" J0 P No match. I) |5 J* B5 Z) A; R
" L+ y z; G# U* g4 A% u, xFinal flow: unchanged , n- X6 J8 A5 y" K( r4 G
Relevant fields: skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=90:00:00:00:00:01,dl_dst=f0:00:00:00:00:01,dl_type=0x0000,nw_frag=no ; _- B0 `8 V8 o* g$ y" ]$ J* Y
Datapath actions: drop% K( J5 [( ]* L. w
8 P% }, v. `2 d( [
因为刚才学习到了mac地址f0:00:00:00:00:01,所以这次在table 10中找到了这条记录,这次同时也学习到了mac地址90:00:00:00:00:01 d- D. b1 S$ @1 p6 T" O- V7 c
) t9 r9 N. ?$ t! C8 i1 r8 Y, G" d
下面我们再发送第一次的包
7 u# n; k- l1 [
/ ?$ z, z" w1 N# G$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=20,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01 -generate ) z. n2 i5 {/ z6 P8 N2 I
Flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000 1 m( ?4 z9 U W& e% |7 l
Rule: table=0 cookie=0 priority=0
1 ?+ N, I2 N1 L, _- v$ P. OOpenFlow actions=resubmit(,1)
6 | R/ P; A2 N% X9 I
& W0 D1 s6 ~$ k8 ?9 c Resubmitted flow: unchanged
: T0 ]% {, ~: ~5 y. u; O$ i Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & \, [5 M( p1 E& L0 N0 x8 ^
Resubmitted odp: drop
; P$ }$ Y& O+ u6 j2 k Rule: table=1 cookie=0 priority=99,in_port=1 5 f& q2 G- V8 K
OpenFlow actions=resubmit(,2)8 q: d7 T0 L: h) L2 c+ ^: ^. x
. J( L2 ?* @( I Resubmitted flow: unchanged
* _- f/ O g3 s Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 $ g3 }) w8 \/ j# C. E% _
Resubmitted odp: drop * v; U- h' |1 v! g; T& G# C
Rule: table=2 cookie=0
5 T( H: @3 M8 n" Y OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3): b8 K p4 T7 V L( H) k
, p7 z- a& Z. u* Q+ g7 M9 a) n4 f
Resubmitted flow: unchanged \9 U) u; R, b E5 B: v( |4 _
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
( X1 Z8 k' Q( } Resubmitted odp: drop
7 S9 n3 W/ Q" B0 b& P4 a Rule: table=3 cookie=0 priority=50 : ^% @4 z4 H, z4 P' m
OpenFlow actions=resubmit(,10),resubmit(,4)
, ]; E0 h2 I$ a7 p
4 b+ C& j9 v! @; F0 T) g3 n: R( t Resubmitted flow: unchanged + ` q% [) n% Z+ f4 n
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
, h$ a. K3 ?6 A4 m9 r Resubmitted odp: drop
- K1 Q9 |% {% P Rule: table=10 cookie=0 vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 1 ?5 [ K6 p* c3 D6 n) f
OpenFlow actions=load:0x2->NXM_NX_REG0[0..15]
! O6 d5 \3 z2 r( V# g+ a4 Q
$ x/ J; F0 ]6 l8 i4 l8 P Resubmitted flow: reg0=0x2,metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000
6 x4 ~+ K% G/ Y6 `; A' B: H Resubmitted regs: reg0=0x2 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
5 I7 z8 A; X2 P7 N) v Resubmitted odp: drop
. h- b9 ?: f' k" y No match$ s, I- {" s* b( \' k. _7 S
; l( ?9 z* w5 B6 L0 ^. g4 I {2 V
Final flow: unchanged & r0 p4 e3 e# |; t% Q
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=f0:00:00:00:00:01,dl_dst=90:00:00:00:00:01,dl_type=0x0000,nw_frag=no " L, q) c* c7 o' A( f- u
Datapath actions: drop
4 K% l# |; f1 T0 m+ [9 W
( k% U% U: ~8 Y! e# W发现也在table 10中找到了记录
, u+ p' u! u; d* t' q; V
$ x$ y) M* P3 f5 T* J实现第五个table 4: Output Processing- s* d) h4 i6 q( e* d6 h* V+ L f
9 n( t" z# h, K" ]这个时候,register 0中包含了output port,如果是0则说明是flood。
6 D0 ?0 b4 }3 i" J
8 D+ J9 n6 b1 o4 @对于port 1来讲,是trunk port,所以携带的vlan tag就让他带着,从port 1出去。2 e8 Y" N, q4 v5 @' Z @* R2 @
% b& v" [" n" r3 S# c- M
sudo ovs-ofctl add-flow helloworld "table=4 reg0=1 actions=1"
: |9 A N2 e8 N" r5 k. g& r4 z
对于port 2来讲,是vlan 20的,然而出去的时候,vlan tag会被抹掉,从port 2发出去1 a/ G( z0 q. f! j* Q; h: P& s6 j0 i+ B
" k% Z! Z3 i e, ]) O5 t A. Y( g* b
对于port 3, 4来讲,是vlan 30的,然而出去的时候,vlan tag会被抹掉,从port 3, 4出去
# x. Y7 w( |: u5 M, r
6 j! c# g M3 h# @. U3 _5 w3 J$ sudo ovs-ofctl add-flows helloworld - <<'EOF' - @2 E% x& o' s" `% u
table=4 reg0=2 actions=strip_vlan,2 % Y9 h) u* O1 A3 U( M/ z$ ~1 d
table=4 reg0=3 actions=strip_vlan,3 / W) \9 K& F1 z9 a S: r" m" n
table=4 reg0=4 actions=strip_vlan,4 4 H1 n$ E/ M5 w. Q! O
EOF3 Z& n* }0 X, {9 x0 \
( l/ w1 R/ @. I- I+ D3 @* g3 k对于broadcast来讲,我们希望一个vlan的broadcast仅仅在这个vlan里面发送,不影响其他的vlan。' d" G/ w5 W2 L
% [ ^, C: w8 o0 `" ?
$ sudo ovs-ofctl add-flows helloworld - <<'EOF'
+ O- ?$ ~8 S0 r# i2 _! E) d table=4 reg0=0 priority=99 dl_vlan=20 actions=1,strip_vlan,2
6 `1 Q' G% ~, g& x9 X table=4 reg0=0 priority=99 dl_vlan=30 actions=1,strip_vlan,3,4
+ r/ Q' t4 z; u* V table=4 reg0=0 priority=50 actions=1
8 n- q+ n) {* N: c& P& b8 P0 O' c, @EOF
: e' ^$ J: W) R1 k8 I) |2 O5 c+ w0 K5 E
所以对于register = 0的,也即是broadcast的,属于vlan 20的,则从port 1, 2出去,属于vlan 30的,则从port 1, 3, 4出去。4 Z( T" J' z$ E. H. b& [
" i; L- v1 Z' y' F$ sudo ovs-ofctl dump-flows helloworld 0 F& U2 j- c* d8 ?+ F# X: B; H
NXST_FLOW reply (xid=0x4):
2 w+ ?6 u! T* I7 qcookie=0x0, duration=92909.119s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)
8 }8 C+ T2 f0 S7 W$ h C6 i2 Ccookie=0x0, duration=93099.078s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
) [* a& j$ G2 g0 H6 zcookie=0x0, duration=93034.593s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
7 V' p. _' g7 C- ?, K8 ecookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2) 8 z0 m" j9 h3 T
cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
6 p* B8 h* l* ]cookie=0x0, duration=88519.81s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
# o* R& M0 D( h% ^6 r \cookie=0x0, duration=88650.855s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=99,in_port=1 actions=resubmit(,2) / u% n5 j- m& p7 }9 o9 I9 L% C2 f; I
cookie=0x0, duration=88729.276s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
; M9 S8 Q0 l! e0 K" @cookie=0x0, duration=85959.15s, table=2, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
& v$ Y4 e( q. K$ ~0 u, ^cookie=0x0, duration=1673.508s, table=3, n_packets=0, n_bytes=0, idle_age=1673, priority=50 actions=resubmit(,10),resubmit(,4) ! W" o# H% r/ c8 }; x5 m
cookie=0x0, duration=1533.371s, table=3, n_packets=0, n_bytes=0, idle_age=1533, priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,4) 9 c: u4 o/ w; G4 B- j: c
cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x3 actions=strip_vlan,output:3
+ W$ n# Z5 P5 N6 S2 e* G" W) Pcookie=0x0, duration=228.839s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=50,reg0=0x0 actions=output:1 " |( d ?; y7 g
cookie=0x0, duration=483.068s, table=4, n_packets=0, n_bytes=0, idle_age=483, reg0=0x1 actions=output:1
% U- X# @. ~- b" g* K8 I U& c* a: ^cookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x4 actions=strip_vlan,output:4
9 n. d/ M% x/ E3 [/ Lcookie=0x0, duration=332.478s, table=4, n_packets=0, n_bytes=0, idle_age=332, reg0=0x2 actions=strip_vlan,output:2 0 v% a1 e/ b f" o& V6 N. D/ n; f
cookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=30 actions=output:1,strip_vlan,output:3,output:4
2 ?- v" x9 a2 Mcookie=0x0, duration=228.84s, table=4, n_packets=0, n_bytes=0, idle_age=228, priority=99,reg0=0x0,dl_vlan=20 actions=output:1,strip_vlan,output:2 ' l* v. ^1 ^9 H2 A) ~ N
cookie=0x0, duration=1438.031s, table=10, n_packets=0, n_bytes=0, idle_age=1438, hard_age=1109, vlan_tci=0x0014/0x0fff,dl_dst=f0:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]
+ y% P5 c5 h- \1 a) a/ \cookie=0x0, duration=2090.451s, table=10, n_packets=0, n_bytes=0, idle_age=2090, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02 actions=load:0x2->NXM_NX_REG0[0..15] 5 o4 E3 g0 n6 y. o7 W. @
cookie=0x0, duration=1258.881s, table=10, n_packets=0, n_bytes=0, idle_age=1258, vlan_tci=0x0014/0x0fff,dl_dst=90:00:00:00:00:01 actions=load:0x2->NXM_NX_REG0[0..15] 0 { f& d/ M; Z2 z" l! h
cookie=0x0, duration=2403.127s, table=10, n_packets=0, n_bytes=0, idle_age=2403, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01 actions=load:0x1->NXM_NX_REG0[0..15]- m: O3 n$ a3 x
# J! q/ A! o# l# k
首先来测试一个multicast和broadcast. A# ]: v7 x% K* T
' B: Y- R% \$ R5 Z( R9 t6 |" C/ r
如果是一个port 1来的vlan 30的broadcast
; P0 ~5 q& {3 h1 k
% M4 o- \/ T! Y) I0 K$ A: T3 M$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_dst=ff:ff:ff:ff:ff:ff,dl_vlan=30
6 L9 Y# C1 K: G4 n, EFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
$ [) Z5 w% f" zRule: table=0 cookie=0 priority=0 $ P; V# X/ p* ]7 V
OpenFlow actions=resubmit(,1)
9 M8 D/ a% \& V0 L4 Y7 r1 a1 y+ [9 \3 i. f8 x
Resubmitted flow: unchanged ) X9 N, E c: \8 y: f
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
/ g$ t" {$ V. J% X Resubmitted odp: drop * u" U1 Z3 _1 m E
Rule: table=1 cookie=0 priority=99,in_port=1 , a/ ]7 @/ b( [0 `
OpenFlow actions=resubmit(,2). p' B5 c% u; ~. f& X1 K9 y, M
. w: A" T& ?+ J$ K' H+ f2 x* ^
Resubmitted flow: unchanged ( O# f2 m B( Q1 Y
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 & @% F, j2 d) k* o+ g/ L- n9 j
Resubmitted odp: drop
; Z$ I# W2 E$ ~; m" d4 w$ y M$ [ Rule: table=2 cookie=0
! A# R, ^" b; J% G6 G1 M( ? OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
2 D' B7 H/ p4 N7 `6 w) d t0 y" W0 A% o( p
Resubmitted flow: unchanged
% F9 S1 W% W6 U Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 E# ]+ s9 I3 R6 i! H a
Resubmitted odp: drop . m( e7 i2 N/ L* K& s
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 2 l9 v. r; C- A1 U9 G
OpenFlow actions=resubmit(,4)
( D% N) f# E3 a7 r I
W2 S2 e4 |2 r/ ]3 J Resubmitted flow: unchanged
7 g/ T( F* O3 i0 a; s# m Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; `. F) D3 H$ c! W) a# p6 q Resubmitted odp: drop 6 h2 M5 a ~" ?7 V& n% C' {
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 8 x/ J# y r8 W' i" F" X) ]( h" \
OpenFlow actions=output:1,strip_vlan,output:3,output:4
' ~; y& U2 v' S skipping output to input port+ R' D" o9 p( A& f
( c4 Y3 u" G4 F3 R" \9 m4 T
Final flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 0 V9 p9 [& l+ j x8 I8 \8 V
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no " ?( d7 u& e9 H2 s/ v
Datapath actions: pop_vlan,12,13! }9 A2 X4 m8 v2 N# E
& R6 m! Y: H! a
结果是port 1就不发送了,发送给了port 3, 4
2 q% J+ f2 ]+ ?; A9 P- o$ i+ R: t0 y! C& }: [1 @+ \
$ sudo ovs-appctl ofproto/trace helloworld in_port=3,dl_dst=ff:ff:ff:ff:ff:ff ( v; X- n' j. x6 B4 x+ {/ s0 n
Flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 9 o4 `$ \9 x$ g5 S( d2 |
Rule: table=0 cookie=0 priority=0
& L5 Y7 E+ P- J+ C) s/ D/ Q8 @' QOpenFlow actions=resubmit(,1)4 Q! Q6 N+ F: a: y3 l; P
7 B2 K4 h0 l$ c4 O" q3 i* E Resubmitted flow: unchanged + \/ O% h) W5 ]: e: z, b
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 L: \! }# i2 g m0 V5 l& u1 K
Resubmitted odp: drop
. @- f; N, \3 q: I Rule: table=1 cookie=0 priority=99,in_port=3,vlan_tci=0x0000 # S3 N$ K0 o$ ^
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
3 Q+ c d. s3 d
' y$ |4 D6 @% x, D8 { Resubmitted flow: metadata=0,in_port=3,dl_vlan=30,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000 : ^% ^3 r8 K9 i/ z$ h9 k
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
6 U% O& w9 L3 Q8 N+ d; E Resubmitted odp: drop
( n! U5 n2 r L: y, F Rule: table=2 cookie=0 . B7 |4 G; d8 h- J# W' H7 F
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
- M9 G" n$ \7 ]7 n* j. o# ^- s$ D% s( Z1 w& e! N2 ~6 M6 ]7 c7 }5 i3 p. r' I
Resubmitted flow: unchanged
) U; r: c: F4 J8 J3 ]8 N8 T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 5 G0 O y* A- L2 R0 q, D' f
Resubmitted odp: drop 7 g q4 f X* w/ Y5 \
Rule: table=3 cookie=0 priority=99,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
. o/ c' d' c& Z# @! ~: E OpenFlow actions=resubmit(,4)
& C( n1 F* g' C7 u8 m9 X0 @* y+ f- _7 Z+ ]
Resubmitted flow: unchanged
8 h* E7 l6 F: G Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; w' K4 J& l! R" E/ X4 s Resubmitted odp: drop
+ G0 B% H* w, i' f0 b! `; Z Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30 8 N2 ?. C: Y! h9 A
OpenFlow actions=output:1,strip_vlan,output:3,output:4
0 [+ l$ w9 p( y1 H) W* C& n skipping output to input port
3 y/ e, k# b- k' j4 w
# {' L! T D$ w+ g9 DFinal flow: metadata=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:ff,dl_type=0x0000
1 B3 G" a- g6 S/ J1 k3 K& KRelevant fields: skb_priority=0,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=ff:ff:ff:ff:ff:f0/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
6 Q3 I0 Z8 ]+ A8 w; F( w4 H: c+ rDatapath actions: push_vlan(vid=30,pcp=0),10,pop_vlan,13; ^. v( F: ~7 O! f$ h7 t) x
' B: V; m# W$ ]1 c接着我们测试mac learning
) G' n, \+ e# {0 o
! K. R% s5 b. U$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
! ~4 ?1 Z% i) CFlow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 0 B) |8 [) x9 Y% z) v0 T
Rule: table=0 cookie=0 priority=0 8 c5 y+ A- x& A# h
OpenFlow actions=resubmit(,1)9 _, [" @! M* A/ P( Q
- h$ z9 t# X/ R& ` d7 k Resubmitted flow: unchanged # w; Q U) M* H3 E
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
' J9 V4 M# U: n0 d4 D Resubmitted odp: drop
, E4 W, T' p0 _5 E8 ~ { Rule: table=1 cookie=0 priority=99,in_port=1 9 n- o2 u% c- R1 n5 U
OpenFlow actions=resubmit(,2)
; Q" Y; E, f4 |+ u: B( ]3 l, P) y ^
Resubmitted flow: unchanged 1 X6 S2 R& y0 Z' c
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
+ q. V& [$ e0 ] Resubmitted odp: drop * y) ?( ?3 x5 ]
Rule: table=2 cookie=0 # B+ D* s! j# I6 `% M! e# ]/ R
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
, z3 o6 X k" R# d* P
& V5 `$ B; K0 H1 S& H. q; F Resubmitted flow: unchanged ( n. ~5 ?) e2 K: J! t/ q
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
, w1 ^% \9 q5 H1 _* q8 P Resubmitted odp: drop i' O2 }6 h: r
Rule: table=3 cookie=0 priority=50 * y. G! N# t' j# y; S: D
OpenFlow actions=resubmit(,10),resubmit(,4)2 Q$ H) H. \1 P2 i) c
4 [& ~2 ]* n( p& v2 \ m5 u0 `9 N! {0 I Resubmitted flow: unchanged
: g4 @, ]4 L, E& Q' |# Q Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 7 v8 U8 `" ^: R8 q1 ]0 k3 e# K
Resubmitted odp: drop ( |& }& g. j, s; H4 Q. i2 G
No match- q& V& j, W2 G$ i' j6 f' j- \
- g9 J% H& T. z# U2 f" j
Resubmitted flow: unchanged
. b( a2 S+ o2 K9 e" @( A Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 @4 v; I8 o V, Z! x
Resubmitted odp: drop ' ^) v; b; [. V
Rule: table=4 cookie=0 priority=99,reg0=0x0,dl_vlan=30
% P0 u# g0 c7 ? OpenFlow actions=output:1,strip_vlan,output:3,output:4 1 N# F5 M% w4 f' X! v
skipping output to input port
- \ _/ ]% @( y; ]
# v7 `( V2 c: e: M. s# wFinal flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000
# a5 B3 L o+ o! |+ f+ lRelevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no - S9 i( o B, _# x1 M
Datapath actions: pop_vlan,12,13
( Y" [) y! j7 u4 H$ d8 g! W2 q
( {- |6 C1 R5 }0 {$ \( d" V! a( l) o* e由于这两个地址没有出现过,则除了进行学习以外,广播发送给port 3,4
- [7 \8 p" o- P' _, S3 l( Z3 d0 w* d, w4 ~0 R
$ sudo ovs-appctl ofproto/trace helloworld in_port=4,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01 -generate " _8 D: g2 C/ |! U, E& Q" A2 |$ C
Flow: metadata=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000 4 m+ [3 a5 D0 ?1 u* p6 }, q
Rule: table=0 cookie=0 priority=0
" y3 r) T- V/ |3 v8 ~OpenFlow actions=resubmit(,1)9 D n! h+ m+ {0 K# y+ j
- u0 @- m/ L! ] o4 w
Resubmitted flow: unchanged
. b' B. J5 {1 m* @* u9 Z- _, Y6 `: Z Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 9 t* I: X* ^) K+ ] y8 L
Resubmitted odp: drop
+ j2 P+ V" r6 R$ q& ] Rule: table=1 cookie=0 priority=99,in_port=4,vlan_tci=0x0000 + `) i! o: j7 ? A
OpenFlow actions=mod_vlan_vid:30,resubmit(,2)
# A* @/ w" J2 c7 I: e6 h* d
8 Z$ K: `, F4 U7 N0 ~1 q+ Z Resubmitted flow: metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
4 i( x+ ?3 G: U5 q; v+ X0 Y! ? Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 % x5 Q& @9 Y/ O# |9 V! m
Resubmitted odp: drop
) M- X1 |( B: B, p( L4 ^. s: c Rule: table=2 cookie=0
; W) u9 F9 g ] OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
2 E B/ r* T+ P" K3 L+ C( p
' t) M$ ]/ Z/ b" L$ a" u Resubmitted flow: unchanged
$ m$ p( W7 s+ Q6 X. h N. h Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
; b) T: D; q/ {/ R, q Resubmitted odp: drop $ b8 Q6 H+ m+ B2 C' m, {/ a
Rule: table=3 cookie=0 priority=50 ' G6 b; J$ X% ]/ y& ]: M
OpenFlow actions=resubmit(,10),resubmit(,4) ?6 p" t1 W. M# C6 f' |$ c( O( o! F
1 S' c1 I9 L, T9 w* f
Resubmitted flow: unchanged
; l$ H$ h; f9 P9 T Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 V0 C3 I( P6 D7 Y4 V: w
Resubmitted odp: drop , l5 h+ [+ t$ r$ V
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=10:00:00:00:00:01
' M4 k& k, N% l8 Y3 ?2 | OpenFlow actions=load:0x1->NXM_NX_REG0[0..15]
3 ]; i% {0 K( D0 s1 x
# ?+ i1 U' w- p% z7 E3 _* @! n Resubmitted flow: reg0=0x1,metadata=0,in_port=4,dl_vlan=30,dl_vlan_pcp=0,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000
& a2 C7 \; v" t" C Resubmitted regs: reg0=0x1 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
0 s6 L: {" H' X" N5 A: {+ | Resubmitted odp: drop
6 \3 K0 L, Q$ \0 @2 n, S' i- ^ Rule: table=4 cookie=0 reg0=0x1 D6 l' n& w \2 V5 k& r
OpenFlow actions=output:1
0 F+ C& m5 I- F0 Y) `/ H4 a8 j: d, V; F; e" ^+ ?
Final flow: unchanged . b/ z% F6 g% P
Relevant fields: skb_priority=0,in_port=4,vlan_tci=0x0000,dl_src=20:00:00:00:00:01,dl_dst=10:00:00:00:00:01,dl_type=0x0000,nw_frag=no 6 F0 a8 s5 x& n8 B$ W
Datapath actions: push_vlan(vid=30,pcp=0),101 J" W9 c5 Z6 _+ _4 F
9 q! e7 C/ a* A2 B2 P; `9 \
回复的时候,由于学习过了,则仅仅从port 1发送出去。
' y! M2 p3 ~: V, k, c
# l0 `" |9 T, `' h$ sudo ovs-appctl ofproto/trace helloworld in_port=1,dl_vlan=30,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01 -generate
1 X, o6 H5 H3 ^4 |Flow: metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 7 t) _- L, W6 Q
Rule: table=0 cookie=0 priority=0 / n. s) }. L4 Z
OpenFlow actions=resubmit(,1)( [6 P; |4 }. z, B6 F$ ~3 ^5 b
* F3 e$ Z0 b0 C# N
Resubmitted flow: unchanged # j9 m. L/ h0 f/ p5 _& t
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 2 t$ s6 e. o7 Q; o) g' Y' o8 r: a
Resubmitted odp: drop - w4 H9 p9 Z9 h# j
Rule: table=1 cookie=0 priority=99,in_port=1
8 k* R, U8 A$ e, Q! l5 m( U OpenFlow actions=resubmit(,2)
6 t5 T- i+ T" z5 e1 m7 f
2 x. b+ r b% i4 L Resubmitted flow: unchanged
3 b; h- T K9 Q. B) X/ j Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
j1 @+ q+ Z# B Resubmitted odp: drop
( A3 \0 \5 S. `1 o Rule: table=2 cookie=0 ( I+ }3 W4 S, B# A
OpenFlow actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)
4 w7 i9 K3 m& m+ F1 O$ r- R% C+ @( y3 u! q8 i9 n) p
Resubmitted flow: unchanged ) i# ]9 _; W0 F- u+ F
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 + ?( I6 o) W. a8 f' T o
Resubmitted odp: drop - G9 g3 _4 G' S
Rule: table=3 cookie=0 priority=50
4 H+ |9 G# P' X/ n% B OpenFlow actions=resubmit(,10),resubmit(,4)! j Z" X$ G& z
$ _9 w% U8 e* y+ E% L6 t+ g Resubmitted flow: unchanged * Y8 v* a# w: S, s6 G* i: V, p
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
& R8 x& g9 T8 V- h+ n- I Resubmitted odp: drop 5 U. J y/ N, f' e
Rule: table=10 cookie=0 vlan_tci=0x001e/0x0fff,dl_dst=20:00:00:00:00:01
) f/ ^! [5 g/ A, O1 d OpenFlow actions=load:0x4->NXM_NX_REG0[0..15]
' Y: \$ h6 O: B R8 H \/ I4 ?7 F; @: Q; }: L$ M
Resubmitted flow: reg0=0x4,metadata=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 ( r3 f% Q, o) c: T
Resubmitted regs: reg0=0x4 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
. G- | @) t. S' q5 b% ~" p Resubmitted odp: drop , [# Y# T$ f2 o. d* `* z
Rule: table=4 cookie=0 reg0=0x4 . { [+ B1 f9 w0 Z: e
OpenFlow actions=strip_vlan,output:40 m4 t: ~5 d8 o6 ^8 k; T6 U
0 u7 T: ?" u& K8 R. K( S
Final flow: reg0=0x4,metadata=0,in_port=1,vlan_tci=0x0000,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000 ( R( s: \! A) o# Z- m
Relevant fields: skb_priority=0,in_port=1,dl_vlan=30,dl_vlan_pcp=0,dl_src=10:00:00:00:00:01,dl_dst=20:00:00:00:00:01,dl_type=0x0000,nw_frag=no
5 @+ m5 A# D; [) @0 z4 ~Datapath actions: pop_vlan,136 v$ u+ J' B$ _8 _9 f
+ ?+ u, f8 M& W. I( a/ C
由于在回复中进行了学习,因而发送的时候,仅仅发送port 4 |
|
/4 
窥视卡
雷达卡
发表于 2019-10-25 10:00:33
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
