ovs 流表机制(一)

ip netns add ns1
ip netns add ns2
ip link add tap0 type veth peer name tap0_br
ip link add tap3 type veth peer name tap3_br
ip link set tap0 netns ns1
ip link set tap3 netns ns2
ovs-vsctl add-br vswitch0
# 启动tap0和tap3、lo及它们的对端
ip netns exec ns1 ip link set tap0 up
ip netns exec ns1 ip link set lo up
ip netns exec ns2 ip link set lo up
ip netns exec ns2 ip link set tap3 up
ip link set tap0_br up
ip link set tap3_br up

# 设置tap0和tap3的ip地址
ip netns exec ns1 ip addr add 192.168.1.100 dev tap0
ip netns exec ns2 ip addr add 192.168.1.200 dev tap3

# 添加路由
ip netns exec ns1 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap0
ip netns exec ns2 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap3

ovs-vsctl add-port vswitch0 tap0_br
ovs-vsctl add-port vswitch0 tap3_br

rtt min/avg/max/mdev = 0.024/0.779/1.534/0.755 ms
[root@kunpeng82 devuser]# ovs-vsctl list interface tap0_br | grep "ofport "
ofport              : 1
[root@kunpeng82 devuser]# ovs-vsctl list interface tap3_br | grep "ofport "
ofport              : 2

[root@kunpeng82 devuser]# ovs-vsctl get Interface tap0_br ofport
1
[root@kunpeng82 devuser]# ovs-vsctl get Interface tap3_br ofport
2

查看vswitch0的flow

[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0

 cookie=0x0, duration=1256.469s, table=0, n_packets=9, n_bytes=630, priority=0 actions=NORMAL

[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
 cookie=0x0, duration=3554.662s, table=0, n_packets=32, n_bytes=2352, priority=0 actions=NORMAL

[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.322 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.035 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.035/0.178/0.322/0.144 ms

删除flow
[root@kunpeng82 devuser]# ovs-ofctl del-flows vswitch0

无法ping通了
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1068ms
添加如下两条flow,又可以ping通了

[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=1,in_port=1,actions=output:2"
[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=1,in_port=2,actions=output:1"
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.310 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.031 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1038ms
rtt min/avg/max/mdev = 0.031/0.170/0.310/0.140 ms

[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
 cookie=0x0, duration=165.599s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap0_br" actions=output:"tap3_br"
 cookie=0x0, duration=159.352s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap3_br" actions=output:"tap0_br"

再添加一条更高优先级的flow，把从tap0_br收到的数据包drop

[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=3,in_port=1,actions=drop"

又不可以ping通了

[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2108ms

查看datapath
[root@kunpeng82 devuser]# ovs-dpctl show
2020-04-03T02:40:23Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
system@ovs-system:
  lookups: hit:3 missed:9 lost:0
  flows: 0
  masks: hit:13 total:0 hit/pkt:1.08
  port 0: ovs-system (internal)
  port 1: vswitch0 (internal)
  port 2: tap0_br
  port 3: tap3_br

查看mac地址
[root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0
 port  VLAN  MAC                Age
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.372 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.032 ms
64 bytes from 192.168.1.200: icmp_seq=3 ttl=64 time=0.018 ms
64 bytes from 192.168.1.200: icmp_seq=4 ttl=64 time=0.018 ms
^C
--- 192.168.1.200 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3158ms
rtt min/avg/max/mdev = 0.018/0.110/0.372/0.151 ms
[root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0
 port  VLAN  MAC                Age
    2     0  8a:6a:5f:bb:b0:9a    0
    1     0  ca:03:87:45:02:90    0

[root@kunpeng82 devuser]# ip netns exec ns1 ip a | grep ca:03:87:45:02:90 -B 2
valid_lft forever preferred_lft forever
7: tap0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ca:03:87:45:02:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@kunpeng82 devuser]# ip netns exec ns2 ip a | grep 8a:6a:5f:bb:b0:9a -B 2
valid_lft forever preferred_lft forever
9: tap3@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 8a:6a:5f:bb:b0:9a brd ff:ff:ff:ff:ff:ff link-netnsid 0

[root@kunpeng82 devuser]# ovs-ofctl show vswitch0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00000613a93fae46
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(tap0_br): addr:72:69:5a:e8:0c:9f
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 2(tap3_br): addr:52:85:e1:a0:f2:69
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(vswitch0): addr:06:13:a9:3f:ae:46
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

[root@kunpeng82 devuser]# ovs-ofctl dump-ports-desc vswitch0
OFPST_PORT_DESC reply (xid=0x2):
1(tap0_br): addr:72:69:5a:e8:0c:9f
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
2(tap3_br): addr:52:85:e1:a0:f2:69
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
LOCAL(vswitch0): addr:06:13:a9:3f:ae:46
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max

查看所有table

[root@kunpeng82 devuser]# ovs-ofctl dump-tables vswitch0
OFPST_TABLE reply (xid=0x2):
  table 0:
    active=1, lookup=24, matched=24
    max_entries=1000000
    matching:
      in_port: exact match or wildcard
      eth_src: exact match or wildcard
      eth_dst: exact match or wildcard
      eth_type: exact match or wildcard
      vlan_vid: exact match or wildcard
      vlan_pcp: exact match or wildcard
      ip_src: exact match or wildcard
      ip_dst: exact match or wildcard
      nw_proto: exact match or wildcard
      nw_tos: exact match or wildcard
      tcp_src: exact match or wildcard
      tcp_dst: exact match or wildcard

  table 1:
    active=0, lookup=0, matched=0
    (same features)

  tables 2...253: ditto