对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。

这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。

OVS也要学习这个,并维护三个之间的mapping关系。

在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。

sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"

这一句比较难理解。

learn表示这是一个学习的action

table 10,这是一个MAC learning table,学习的结果会放在这个table中。

NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个 port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。

NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.

一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。

我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。

cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=802187.786s, table=20,
n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0
actions=resubmit(,21)

cookie=0x0, duration=802038.514s, table=20,
n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534,
priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc
actions=strip_vlan,set_tunnel:0x3e9,output:2

cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=802055.878s, table=21, n_packets=40,
n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1
actions=strip_vlan,set_tunnel:0x3e9,output:2

这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.

table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。

上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。

table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int

NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc

load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan

load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9

output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2

测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate  
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Rule: table=0 cookie=0 priority=0

OpenFlow actions=resubmit(,1)

Resubmitted flow: unchanged

        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=1 cookie=0 priority=99,in_port=1

OpenFlow actions=resubmit(,2)

Resubmitted flow: unchanged

                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=2 cookie=0

OpenFlow
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

Resubmitted flow: unchanged

                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

No match

Final flow: unchanged

Relevant fields:
skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no

Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld

NXST_FLOW reply (xid=0x4):

cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)

cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop

cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000
actions=mod_vlan_vid:20,resubmit(,2)

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=1
actions=resubmit(,2)

cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

cookie=0x0, duration=31.258s, table=10, n_packets=0,
n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01
actions=load:0x1->NXM_NX_REG0[0..15]

table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。

测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate  
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Rule: table=0 cookie=0 priority=0

OpenFlow actions=resubmit(,1)

Resubmitted flow: unchanged

        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000

OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

Resubmitted flow:
metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=2 cookie=0

OpenFlow
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

Resubmitted flow: unchanged

                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

No match

Final flow: unchanged

Relevant fields:
skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no

Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld                                                
NXST_FLOW reply (xid=0x4):

cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)

cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop

cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000
actions=mod_vlan_vid:20,resubmit(,2)

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=1
actions=resubmit(,2)

cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

cookie=0x0, duration=4.472s, table=10, n_packets=0,
n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02
actions=load:0x2->NXM_NX_REG0[0..15]

cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0,
idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01
actions=load:0x1->NXM_NX_REG0[0..15]

摘录自http://www.cnblogs.com/popsuper1982/p/3800535.html

openvswitch——mac和vlan learning for ingress port的更多相关文章

  1. Openvswitch手册(5): VLAN and Bonding

    我们这一节来看Port 一般来说一个Port就是一个Interface,当然也有一个Port对应多个Interface的情况,成为Bond VLAN Configuration Port的一个重要的方 ...

  2. OpenvSwitch系列之六 vlan隔离

    局域网游戏代表:红色警戒 Open vSwitch系列之一 Open vSwitch诞生 Open vSwitch系列之二 安装指定版本ovs Open vSwitch系列之三 ovs-vsctl命令 ...

  3. Openvswtich 学习笔记

    场景: 创建一个Virtual Switch,支持VLAN,支持MAC-Learning 包含下面四个Port: P1, truck port P2, VLAN 20 P3, P4 VLAN 30 包 ...

  4. OpenFlow Switch学习笔记(三)——Flow Tables

    这次我们主要讨论下OpenFlow Switch的核心组件之一——Flow Tables,以了解其内部的 matching 以及 action handling 机制.下文将会分为几个部分来逐步详述O ...

  5. Openvswitch手册(1): 架构,SSL, Manager, Bridge

    Openvswitch是一个virutal swtich, 支持Open Flow协议,当然也有一些硬件Switch也支持Open Flow协议,他们都可以被统一的Controller管理,从而实现物 ...

  6. OpenvSwitch/OpenFlow 架构解析与实践案例

    目录 文章目录 目录 前言 软件定义网络(SDN) 虚拟交换机(vSwitch) 为什么说云计算时代的 SDN 非常重要 OpenFlow 简介 Open vSwitch Open vSwitch 的 ...

  7. Neutron 理解 (2): 使用 Open vSwitch + VLAN 组网 [Netruon Open vSwitch + VLAN Virutal Network]

    学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  8. 802.1Q VLAN技术原理

    文章出处:http://hi.baidu.com/x278384/item/d56b0edfd4f56a4eddf9be79 在数据通信和宽带接入设备里,只要涉及到二层技术的,就会遇到VLAN.而且, ...

  9. VLAN模式

    一 二层基础知识 1.1 vlan介绍 本小节重点: vlan的含义 vlan的类型 交换机端口类型 vlan的不足 1.1.1:vlan的含义 局域网LAN的发展是VLAN产生的基础,因而先介绍一下 ...

随机推荐

  1. 如何管理好项目的DLL

    .net fx自带的dll net fx自带的dll,直接添加,注意.net fx版本即可. 第三方类库 如果是第三方类库,使用NuGet从NuGet官网下载,比如json.net,jQuery等. ...

  2. spring的bean管理

    1.所有的类都可以交给Spring管理 2.如何把一个类交给bean管理? (1)配置applicationContext.xml (2)在xml中写入bean节点配置要交给bean管理的类 3.程序 ...

  3. 10 notorious computer virus

    The history of computer virus is the same as computer history. With more and more powerful computers ...

  4. 【NOIP2015】提高组D1 解题报告

    P1978神奇的幻方 Accepted 描述 幻方是一种很神奇的 N ∗ N 矩阵:它由数字 1,2,3, … … , N ∗ N 构成,且每行.每列及两条对角线上的数字之和都相同. 当 N 为奇数时 ...

  5. exit(0)与exit(1)、return区别

    exit(0):正常运行程序并退出程序: exit(1):非正常运行导致退出程序: return():返回函数,若在主函数中,则会退出函数并返回一值. 详细说: 1. return返回函数值,是关键字 ...

  6. 13个优秀的开源UML工具介绍

    本文将为您介绍12个优秀的UML工具: 1. StarUML StarUML(简称SU),是一种创建UML类图,是一种生成类图和其他类型的统一建模语言(UML)图表的工具.StarUML是一个开源项目 ...

  7. Python的平凡之路(1)

    2016-07-26   一.Python简介   Python是一种解释型.面向对象.动态数据类型的高级程序设计语言.它的特点如下: 面向对象.解释语言.交互性.模块化.动态性.高级语言.可移植.可 ...

  8. ACM2013.9.7

    acm还是要好好做的,还有好多的东西要学呢!不能不认真对待了,该玩够了!

  9. new work

    果不其然,还是电子工程师适合我.

  10. 2016 - 1- 19 GCD单例模式

    一:单例模式的作用: 1.可以保证在程序运行过程中,一个类只有一个实例,而且易于外界访问.2 2.从而方便的控制了实例的个数,节约系统资源. 二:单例模式的应用场景: 代码: 1.在一个需要实现单例模 ...