场景:
创建一个Virtual Switch,支持VLAN,支持MAC-Learning
包含下面四个Port:
包含五个flow table:
Table 0: Admission control.
Table 1: VLAN input processing.
Table 2: Learn source MAC and VLAN for ingress port.
Table 3: Look up learned port for destination MAC and VLAN.
Table 4: Output processing
首先创建一个bridge
sudo ovs-vsctl add-br helloworld -- set bridge helloworld fail-mode=secure
然后我们查看这个bridge
$ sudo ovs-vsctl
show
c24322e6-8453-402a-afaf-64757ef231e9
Bridge
helloworld
fail_mode:
secure
Port
helloworld
Interface
helloworld
type: internal
ovs_version: "2.0.1"
$ sudo ovs-ofctl show helloworld
OFPT_FEATURES_REPLY (xid=0x2):
dpid:00003ad44a48c646
n_tables:254, n_buffers:256
capabilities: FLOW_STATS
TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID
SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS
SET_TP_SRC SET_TP_DST ENQUEUE
LOCAL(helloworld):
addr:3a:d4:4a:48:c6:46
config: 0
state: 0
speed: 0 Mbps
now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal
miss_send_len=0
$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
如果设为fail-secure mode,则初始情况下flow table是空的,否则会有normal
$ sudo ovs-vsctl add-br helloworld1
$ sudo ovs-ofctl show
helloworld1
OFPT_FEATURES_REPLY (xid=0x2):
dpid:00008a2f1d184941
n_tables:254, n_buffers:256
capabilities: FLOW_STATS
TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID
SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS
SET_TP_SRC SET_TP_DST ENQUEUE
LOCAL(helloworld1):
addr:8a:2f:1d:18:49:41
config: 0
state: 0
speed: 0 Mbps
now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal
miss_send_len=0
$ sudo ovs-ofctl dump-flows helloworld1
NXST_FLOW reply
(xid=0x4):
cookie=0x0, duration=31.467s, table=0, n_packets=8, n_bytes=648,
idle_age=21, priority=0 actions=NORMAL
接下来,创建四个veth pair
sudo ip link add first_br type veth peer name first_if
sudo ip link add
second_br type veth peer name second_if
sudo ip link add
third_br type veth peer name third_if
sudo ip link add forth_br type veth peer name forth_if
xxx_br将是添加到bridge上的。
我们添加四个端口port
sudo ovs-vsctl add-port helloworld first_br -- set Interface first_br
ofport_request=1
sudo ovs-vsctl add-port helloworld second_br -- set
Interface second_br ofport_request=2
sudo ovs-vsctl add-port helloworld
third_br -- set Interface third_br ofport_request=3
sudo ovs-vsctl add-port
helloworld forth_br -- set Interface forth_br ofport_request=4
ofport_request是指定端口号
新添加的port都是出于DOWN的状态
$ ip addr
22: first_if: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
state DOWN group default qlen 1000
link/ether
ca:d4:fd:47:a6:ce brd ff:ff:ff:ff:ff:ff
23: first_br:
<BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN
group default qlen 1000
link/ether f2:ac:70:72:49:61 brd
ff:ff:ff:ff:ff:ff
24: second_if: <BROADCAST,MULTICAST> mtu 1500 qdisc
noop state DOWN group default qlen 1000
link/ether
76:fa:16:61:d7:0e brd ff:ff:ff:ff:ff:ff
25: second_br:
<BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN
group default qlen 1000
link/ether 66:63:74:a9:0e:f2 brd
ff:ff:ff:ff:ff:ff
26: third_if: <BROADCAST,MULTICAST> mtu 1500 qdisc
noop state DOWN group default qlen 1000
link/ether
1e:6c:0e:6f:8c:cb brd ff:ff:ff:ff:ff:ff
27: third_br:
<BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN
group default qlen 1000
link/ether 7e:4e:87:28:33:93 brd
ff:ff:ff:ff:ff:ff
28: forth_if: <BROADCAST,MULTICAST> mtu 1500 qdisc
noop state DOWN group default qlen 1000
link/ether
9a:0d:44:fc:6b:51 brd ff:ff:ff:ff:ff:ff
29: forth_br:
<BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN
group default qlen 1000
link/ether ea:01:d1:6a:2a:07 brd
ff:ff:ff:ff:ff:ff
30: helloworld: <BROADCAST,UP,LOWER_UP> mtu 1500
qdisc noqueue state UNKNOWN group default
link/ether
ee:04:95:bd:a3:4b brd ff:ff:ff:ff:ff:ff
inet6
fe80::b42d:a4ff:fe49:ba75/64 scope link
valid_lft forever preferred_lft forever
$ sudo ovs-ofctl show helloworld
OFPT_FEATURES_REPLY (xid=0x2):
dpid:0000ee0495bda34b
n_tables:254, n_buffers:256
capabilities: FLOW_STATS
TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID
SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS
SET_TP_SRC SET_TP_DST ENQUEUE
1(first_br):
addr:f2:ac:70:72:49:61
config: PORT_DOWN
state: LINK_DOWN
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
2(second_br):
addr:66:63:74:a9:0e:f2
config: PORT_DOWN
state: LINK_DOWN
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
3(third_br):
addr:7e:4e:87:28:33:93
config: PORT_DOWN
state: LINK_DOWN
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
4(forth_br):
addr:ea:01:d1:6a:2a:07
config: PORT_DOWN
state: LINK_DOWN
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
LOCAL(helloworld):
addr:ee:04:95:bd:a3:4b
config: 0
state: 0
speed: 0 Mbps
now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
把它们设为UP
sudo ip link set first_if up
sudo ip link set first_br up
sudo ip link
set second_br up
sudo ip link set second_if
up
sudo ip link set third_if up
sudo ip
link set third_br up
sudo ip link set forth_br
up
sudo ip link set forth_if
up
也可以用下面的命令
ovs-ofctl mod-port helloworld first_br up
$ sudo ip addr
22: first_if: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether ca:d4:fd:47:a6:ce brd ff:ff:ff:ff:ff:ff
inet6
fe80::c8d4:fdff:fe47:a6ce/64 scope link
valid_lft forever preferred_lft forever
23: first_br:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
ovs-system state UP group default qlen 1000
link/ether
f2:ac:70:72:49:61 brd ff:ff:ff:ff:ff:ff
inet6
fe80::f0ac:70ff:fe72:4961/64 scope link
valid_lft forever preferred_lft forever
24: second_if:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
link/ether 76:fa:16:61:d7:0e brd
ff:ff:ff:ff:ff:ff
inet6 fe80::74fa:16ff:fe61:d70e/64 scope
link
valid_lft forever preferred_lft
forever
25: second_br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master ovs-system state UP group default qlen
1000
link/ether 66:63:74:a9:0e:f2 brd
ff:ff:ff:ff:ff:ff
inet6 fe80::6463:74ff:fea9:ef2/64 scope
link
valid_lft forever preferred_lft
forever
26: third_if: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000
link/ether
1e:6c:0e:6f:8c:cb brd ff:ff:ff:ff:ff:ff
inet6
fe80::1c6c:eff:fe6f:8ccb/64 scope link
valid_lft forever preferred_lft forever
27: third_br:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master
ovs-system state UP group default qlen 1000
link/ether
7e:4e:87:28:33:93 brd ff:ff:ff:ff:ff:ff
inet6
fe80::7c4e:87ff:fe28:3393/64 scope link
valid_lft forever preferred_lft forever
28: forth_if:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
link/ether 9a:0d:44:fc:6b:51 brd
ff:ff:ff:ff:ff:ff
inet6 fe80::980d:44ff:fefc:6b51/64 scope
link
valid_lft forever preferred_lft
forever
29: forth_br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master ovs-system state UP group default qlen
1000
link/ether ea:01:d1:6a:2a:07 brd
ff:ff:ff:ff:ff:ff
inet6 fe80::e801:d1ff:fe6a:2a07/64 scope
link
valid_lft forever preferred_lft
forever
30: helloworld: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default
link/ether ee:04:95:bd:a3:4b
brd ff:ff:ff:ff:ff:ff
inet6 fe80::b42d:a4ff:fe49:ba75/64
scope link
valid_lft forever
preferred_lft forever
$ sudo ovs-ofctl show helloworld
OFPT_FEATURES_REPLY (xid=0x2):
dpid:0000ee0495bda34b
n_tables:254, n_buffers:256
capabilities: FLOW_STATS
TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID
SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS
SET_TP_SRC SET_TP_DST ENQUEUE
1(first_br):
addr:f2:ac:70:72:49:61
config: 0
state: 0
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
2(second_br):
addr:66:63:74:a9:0e:f2
config: 0
state: 0
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
3(third_br):
addr:7e:4e:87:28:33:93
config: 0
state: 0
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
4(forth_br):
addr:ea:01:d1:6a:2a:07
config: 0
state: 0
current: 10GB-FD COPPER
speed:
10000 Mbps now, 0 Mbps max
LOCAL(helloworld):
addr:ee:04:95:bd:a3:4b
config: 0
state: 0
speed: 0 Mbps
now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
实现第一个Table 0,Admission control
包进入vswitch的时候首先进入Table 0,我们在这里可以设定规则,控制那些包可以进入,那些包不可以进入。
比如,如果source address是multicast的就不允许进入。
01:00:00:00:00:00/01:00:00:00:00:00是广播地址
00:00:00:00:00:00/01:00:00:00:00:00是单播地址
这种表示形式类似CIDR
于是我们添加下面的规则:
sudo ovs-ofctl add-flow helloworld "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"
STP的也不接受
sudo ovs-ofctl add-flow helloworld "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"
我们在添加最后一个flow,这个flow的priority低于default,如果上面两个不匹配,则我们进入table 1
sudo ovs-ofctl add-flow helloworld "table=0, priority=0, actions=resubmit(,1)"
我们查看一下所有的flow
$ sudo ovs-ofctl dump-flows
helloworld
NXST_FLOW reply
(xid=0x4):
cookie=0x0, duration=42.162s, table=0, n_packets=0, n_bytes=0,
idle_age=42, priority=0 actions=resubmit(,1)
cookie=0x0, duration=232.121s,
table=0, n_packets=0, n_bytes=0, idle_age=232,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0,
duration=167.636s, table=0, n_packets=0, n_bytes=0, idle_age=167,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
测试Table 0
有个很好的工具ovs-appctl ofproto/trace
不满足条件DROP
$ sudo ovs-appctl ofproto/trace helloworld
in_port=1,dl_dst=01:80:c2:00:00:05
Flow:
metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:05,dl_type=0x0000
Rule:
table=0 cookie=0 dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0
OpenFlow
actions=drop
Final flow: unchanged
Relevant fields:
skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath
actions: drop
满足条件RESUBMIT
$ sudo ovs-appctl ofproto/trace helloworld
in_port=1,dl_dst=01:80:c2:00:00:10
Flow:
metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=01:80:c2:00:00:10,dl_type=0x0000
Rule:
table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)
Resubmitted flow:
unchanged
Resubmitted regs:
reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
No match
Final flow: unchanged
Relevant fields:
skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=01:80:c2:00:00:10/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath
actions: drop
实现第二个Table 1:VLAN Input Processing
首先添加一个最低优先级的DROP的规则
sudo ovs-ofctl add-flow helloworld "table=1, priority=0, actions=drop"
对于port 1,是trunk口,无论有没有VLAN Header都接受。
sudo ovs-ofctl add-flow helloworld "table=1, priority=99, in_port=1, actions=resubmit(,2)"
对于port 2, 3, 4, 我们希望没有VLAN Tag,然后我们给打上VLAN Tag
$ sudo ovs-ofctl add-flows helloworld - <<‘EOF‘
table=1,
priority=99, in_port=2, vlan_tci=0, actions=mod_vlan_vid:20,
resubmit(,2)
table=1, priority=99, in_port=3, vlan_tci=0,
actions=mod_vlan_vid:30, resubmit(,2)
table=1, priority=99, in_port=4,
vlan_tci=0, actions=mod_vlan_vid:30, resubmit(,2)
EOF
$ sudo ovs-ofctl dump-flows helloworld
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=4478.582s, table=0, n_packets=0, n_bytes=0, idle_age=4478,
priority=0 actions=resubmit(,1)
cookie=0x0, duration=4668.541s, table=0,
n_packets=0, n_bytes=0, idle_age=4668,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x0,
duration=4604.056s, table=0, n_packets=0, n_bytes=0, idle_age=4604,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x0,
duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89,
priority=99,in_port=2,vlan_tci=0x0000 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89,
priority=99,in_port=4,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=89.273s, table=1, n_packets=0, n_bytes=0, idle_age=89,
priority=99,in_port=3,vlan_tci=0x0000 actions=mod_vlan_vid:30,resubmit(,2)
cookie=0x0, duration=220.318s, table=1, n_packets=0, n_bytes=0, idle_age=220,
priority=99,in_port=1 actions=resubmit(,2)
cookie=0x0, duration=298.739s,
table=1, n_packets=0, n_bytes=0, idle_age=298, priority=0 actions=drop
测试一个从port 1进入,tag为5的
$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=5
Flow:
metadata=0,in_port=1,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule:
table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)
Resubmitted flow:
unchanged
Resubmitted regs:
reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
Rule: table=1 cookie=0
priority=99,in_port=1
OpenFlow
actions=resubmit(,2)
Resubmitted flow:
unchanged
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
No match
Final flow: unchanged
Relevant fields:
skb_priority=0,in_port=1,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath
actions: drop
测试二,从port 2进入,没有打Tag的
$ sudo ovs-appctl ofproto/trace helloworld in_port=2
Flow:
metadata=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule:
table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)
Resubmitted flow:
unchanged
Resubmitted regs:
reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
Rule: table=1 cookie=0
priority=99,in_port=2,vlan_tci=0x0000
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
Resubmitted flow:
metadata=0,in_port=2,dl_vlan=20这里被打上了Tag,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
No match
Final flow: unchanged
Relevant fields:
skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath
actions: drop
测试三:从port进入,带Tag 5的
$ sudo ovs-appctl ofproto/trace helloworld in_port=2,vlan_tci=5
Flow:
metadata=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule:
table=0 cookie=0 priority=0
OpenFlow actions=resubmit(,1)
Resubmitted flow:
unchanged
Resubmitted regs:
reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0
reg7=0x0
Resubmitted odp:
drop
Rule: table=1 cookie=0
priority=0
OpenFlow actions=drop
Final flow: unchanged
Relevant fields:
skb_priority=0,in_port=2,vlan_tci=0x0005,dl_src=00:00:00:00:00:00/01:00:00:00:00:00,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no
Datapath
actions: drop
实现第三个Table 2: MAC, VLAN learning for ingress port
对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。
这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。
OVS也要学习这个,并维护三个之间的mapping关系。
在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。
sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"
这一句比较难理解。
learn表示这是一个学习的action
table 10,这是一个MAC learning table,学习的结果会放在这个table中。
NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。
NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.
一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。
我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。
cookie=0x0, duration=802188.071s, table=10, n_packets=4885,
n_bytes=347789, idle_age=730, hard_age=65534, priority=1
actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=802187.786s, table=20, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=0
actions=resubmit(,21)
cookie=0x0, duration=802038.514s,
table=20, n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534,
priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc
actions=strip_vlan,set_tunnel:0x3e9,output:2
cookie=0x0,
duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534,
hard_age=65534, priority=0 actions=drop
cookie=0x0, duration=802055.878s,
table=21, n_packets=40, n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1
actions=strip_vlan,set_tunnel:0x3e9,output:2
这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.
table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。
上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。
table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int
NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc
load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan
load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9
output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2
Openvswtich 学习笔记,布布扣,bubuko.com
原文地址:http://www.cnblogs.com/forfuture1978/p/3775126.html
