centos ovn 搭建测试（六：DHCP）

DHCP 功能测试

参考链接：

https://blog.oddbit.com/post/2019-12-19-ovn-and-dhcp/

https://lk668.github.io/2020/09/21/2020-09-21-ovn-dhcp-for-external-host/

https://www.jianshu.com/p/bf5c754b2a9a

1）server_id – the ip address of the virtual dhcp server
2）server_mac – the MAC address of the virtual dhcp server
3）lease_time – the lifetime of DHCP leases

 # 创建DHCP选项

//创建 dhcp 选项，网段为 1.1.1.0/24
ovn-nbctl dhcp-options-create 1.1.1.0/24

// 用下面的命令来获取DHCP option的uuid
CIDR_UUID=$(ovn-nbctl --bare --columns=_uuid find dhcp_options cidr="1.1.1.0/24")

//查看刚创建的 dhcp 选项UUID//通过 UUID 设置此 dhcp 选项的其他参数
ovn-nbctl dhcp-options-set-options $CIDR_UUID server_id=1.1.1.1 server_mac=00:00:00:00:00:01 lease_time=3600 router=1.1.1.1

# 查看DHCP选项

[root@ovn-master ~]# ovn-nbctl list dhcp_options
_uuid               : 4fdee846-b3d9-47d4-bcae-8209d07f84be
cidr                : "1.1.1.0/24"
external_ids        : {}
options             : {lease_time="3600", router="1.1.1.1", server_id="1.1.1.1", server_mac="00:00:00:00:00:01"}

# 创建逻辑port并关联上DHCP

//设置 logical_switch_port 的 dhcp 字段，指向上面创建的 dhcp 选项
ovn-nbctl ls-add ls
ovn-nbctl set logical_switch ls other_config:subnet="1.1.1.0/24" other_config:exclude_ips="1.1.1.1..1.1.1.10"
ovn-nbctl lsp-add ls ls-veth1
ovn-nbctl lsp-set-dhcpv4-options ls-veth1 $CIDR_UUID
ovn-nbctl lsp-set-addresses ls-veth1 "00:00:00:11:22:33 dynamic"

# 查看逻辑port信息

[root@ovn-master ~]#  ovn-nbctl list logical_switch_port
_uuid               : 7450afaf-3972-47f1-b6c7-5b9522d1c855
addresses           : ["00:00:00:11:22:33 dynamic"]
dhcpv4_options      : 4fdee846-b3d9-47d4-bcae-8209d07f84be
dhcpv6_options      : []
dynamic_addresses   : "00:00:00:11:22:33 1.1.1.11"
enabled             : []
external_ids        : {}
ha_chassis_group    : []
name                : "ls-veth1"
options             : {}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : false

# 查看OVN配置

[root@ovn-master ~]# ovn-nbctl show
switch d721282c-8ed3-450a-9364-319fd2511ed7 (ls)
    port ls-veth1
        addresses: ["00:00:00:11:22:33 dynamic"]

# 创建命名空间测试

ip netns add ns1
ip link add veth1 type veth peer name veth2
ifconfig veth1 up
ifconfig veth2 up
ip link set veth2 netns ns1
ip netns exec ns1 ip link set veth2 address 00:00:00:11:22:33
ip netns exec ns1 ip link set veth2 up

ovs-vsctl add-port br-int  veth1
ovs-vsctl set Interface veth1 external_ids:iface-id=ls-veth1 

 # 命名空间使用dhclient获取IP地址

[root@ovn-master ~]# ip netns exec ns1 dhclient -v -i veth2 --no-pid
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/veth2/00:00:00:11:22:33
Sending on   LPF/veth2/00:00:00:11:22:33
Sending on   Socket/fallback
DHCPDISCOVER on veth2 to 255.255.255.255 port 67 interval 6 (xid=0x2dfa6d8e)
DHCPREQUEST on veth2 to 255.255.255.255 port 67 (xid=0x2dfa6d8e)
DHCPOFFER from 1.1.1.1
DHCPACK from 1.1.1.1 (xid=0x2dfa6d8e)
bound to 1.1.1.11 -- renewal in 1715 seconds.

# ovn-trace 分析

[root@ovn-master ~]#  ovn-trace --detailed ls 'inport=="ls-veth1" && eth.src==00:00:00:11:22:33 && ip4.src==0.0.0.0 && ip.ttl==1 && ip4.dst==255.255.255.255 &&  udp.src==68 && udp.dst==67'
# udp,reg14=0x1,vlan_tci=0x0000,dl_src=00:00:00:11:22:33,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=0,nw_ecn=0,nw_ttl=1,tp_src=68,tp_dst=67

ingress(dp="ls", inport="ls-veth1")
-----------------------------------
 0. ls_in_port_sec_l2 (ovn-northd.c:4843): inport == "ls-veth1", priority 50, uuid 22d6b189
    next;
12. ls_in_dhcp_options (ovn-northd.c:5091): inport == "ls-veth1" && eth.src == 00:00:00:11:22:33 && ip4.src == 0.0.0.0 && ip4.dst == 255.255.255.255 && udp.src == 68 && udp.dst == 67, priority 100, uuid 885ada30
    reg0[3] = put_dhcp_opts(offerip = 1.1.1.11, lease_time = 3600, netmask = 255.255.255.0, router = 1.1.1.1, server_id = 1.1.1.1);
    /* We assume that this packet is DHCPDISCOVER or DHCPREQUEST. */
    next;
13. ls_in_dhcp_response (ovn-northd.c:5135): inport == "ls-veth1" && eth.src == 00:00:00:11:22:33 && ip4 && udp.src == 68 && udp.dst == 67 && reg0[3], priority 100, uuid a2b828b5
    eth.dst = eth.src;
    eth.src = 00:00:00:00:00:01;
    ip4.dst = 1.1.1.11;
    ip4.src = 1.1.1.1;
    udp.src = 67;
    udp.dst = 68;
    outport = inport;
    flags.loopback = 1;
    output;

egress(dp="ls", inport="ls-veth1", outport="ls-veth1")
------------------------------------------------------
 4. ls_out_acl (ovn-northd.c:4458): outport == "ls-veth1" && eth.src == 00:00:00:00:00:01 && ip4.src == 1.1.1.1 && udp && udp.src == 67 && udp.dst == 68, priority 34000, uuid ed03ee7b
    next;
 9. ls_out_port_sec_l2 (ovn-northd.c:5503): outport == "ls-veth1", priority 50, uuid 616f3e20
    output;
    /* output to "ls-veth1", type "" */

# 流表分析

// dhcp request

 cookie=0x885ada30, duration=1833.223s, table=20, n_packets=2, n_bytes=684, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21)
 cookie=0x10668e38, duration=1833.223s, table=20, n_packets=0, n_bytes=0, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=1.1.1.11,nw_dst=1.1.1.1,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21)

// dhcp discover
cookie=0x885ada30, duration=1833.223s, table=20, n_packets=2, n_bytes=684, priority=100,udp,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.63.01.01.01.0b.33.04.00.00.0e.10.01.04.ff.ff.ff.00.03.04.01.01.01.01.36.04.01.01.01.01,pause),resubmit(,21)

// 所有的包回复 
cookie=0xa2b828b5, duration=1816.443s, table=21, n_packets=2, n_bytes=636, priority=100,udp,reg0=0x8/0x8,reg14=0x1,metadata=0xa,dl_src=00:00:00:11:22:33,tp_src=68,tp_dst=67 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:00:00:00:00:00:01,mod_nw_dst:1.1.1.11,mod_nw_src:1.1.1.1,mod_tp_src:67,mod_tp_dst:68,move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)