opendaylight-O版本與openstack集成


feature:list list (Lists all existing features available from the defined repositories)
feature:list | grep northbound
odl-neutron-northbound-api │ 0.10.4 │ │ Uninstalled │ odl-neutron-northbound-api-0.10.4 │ OpenDaylight :: Neutron :: Northbound

feature:install odl-neutron-northbound-api
feature:install odl-netvirt-openstack odl-dlux-core odl-mdsal-apidocs
feature:install odl-ovsdb-openstack

odl-netvirt-sfc


JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
CLASSPATH=.:$JAVA_HOME/lib/tools.jar
PATH=$JAVA_HOME/bin:$PATH
JVM_OPTS="-Xms256m -XX:PermSize=256m -XX:MaxPermSize=512m"
MAVEN_OPTS="$MAVEN_OPTS -Xms512m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m"
export MAVEN_OPTS JAVA_HOME CLASSPATH JVM_OPTS PATH

 


[root@localhost ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3327/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3620/master
tcp6 0 0 :::6633 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:1099 :::* LISTEN 868/java
tcp6 0 0 :::6640 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:6644 :::* LISTEN 868/java
tcp6 0 0 :::8181 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:2550 :::* LISTEN 868/java
tcp6 0 0 :::22 :::* LISTEN 3327/sshd
tcp6 0 0 :::8185 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:44601 :::* LISTEN 868/java
tcp6 0 0 :::33273 :::* LISTEN 868/java
tcp6 0 0 ::1:25 :::* LISTEN 3620/master
tcp6 0 0 :::44444 :::* LISTEN 868/java
tcp6 0 0 :::6653 :::* LISTEN 868/java
tcp6 0 0 :::39169 :::* LISTEN 868/java
tcp6 0 0 :::8101 :::* LISTEN 868/java
tcp6 0 0 :::6886 :::* LISTEN 868/java

openstack配置


openstack的networking-odl插件安裝方式
https://docs.openstack.org/networking-odl/latest/install/installation.html#odl-installation
yum install python-networking-odl.noarch -y


https://docs.openstack.org/networking-odl/latest/install/installation.html#networking-odl-configuration
systemctl restart neutron-server
/etc/neutron/plugins/ml2

測試端口可連接性
curl -u admin:admin http://10.13.80.34:8181/controller/nb/v2/neutron/networks
odl配置文件修改
etc/custom.properties
ovsdb.l3.fwd.enabled=yes
ovsdb.l3gateway.mac=0a:00:27:00:00:0d

telnet 10.13.80.34 8181
netstat -nlp | grep 8181
telnet 127.0.0.1 8181
telnet 10.13.80.34 8181
systemctl status firewall
iptables
iptables -nvL
iptables -F 清空iptables
openstack server create --flavor tiny --image cirros --nic net-id=24449ee2-b84e-493f-8d76-139ac3e4f3cd --key-name mykey provider-instance

nova service-list
nova show ae5e26d1-c84d-40fa-bb27-f0b46d6a7061 查看虛機詳情


ovs-vsctl set Open_vSwitch 89444614-3bf8-4d7a-b3a0-df5d20b48b7a other_config={'local_ip'='192.168.56.102'}
ovs-vsctl set Open_vSwitch b084eccf-b92e-470c-8dff-8549e92c2104 other_config={'local_ip'='192.168.56.122'}
ovs-vsctl list interface eth0
ovs-appctl fdb/show br-int
[root@rcontroller01 ~]# openstack security group rule list 2e19a748-9086-49f8-9498-01abc1a964fe


一個神奇的命令

+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| 0184e6b3-4f7f-4fd5-8125-b80682e7ee48 | None | None | | 2e19a748-9086-49f8-9498-01abc1a964fe |
| 1e0bfedc-8f25-408a-9328-708113bbbc52 | icmp | 0.0.0.0/0 | | None |
| 39116d39-454b-4d82-867e-bbfd3ea63182 | None | None | | None |
| 4032366f-3ac9-4862-85a7-c7411a8b7678 | None | None | | 2e19a748-9086-49f8-9498-01abc1a964fe |
| dc7bc251-f0d0-456a-9102-c5b66646aa84 | tcp | 0.0.0.0/0 | 22:22 | None |
| ddacf7ea-57ea-4c8a-8b68-093766284595 | None | None | | None |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+


dpif/dump-flows dp 想控制端打印dp中流表的所有條目。 這個命令主要來與debugOpen Vswitch.它所打印的流表不是openFlow的流條目。
它打印的是由dp模塊維護的簡單的流。
如果你想查看OpenFlow條目,請使用ovs-ofctl dump-flows。dpif/del-fow dp 刪除指定dp上所有流表。同上所述,這些不是OpenFlow流表。


ovs-appctl dpif/dump-flows br-int

 

創建網絡
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
$ openstack subnet create --network provider \
--allocation-pool start=192.168.56.100,end=192.168.56.200 \
--dns-nameserver 8.8.8.8 --gateway 192.168.56.1 \
--subnet-range 192.168.56.0/24 provider

openstack network create selfservice
$ openstack subnet create --network selfservice \
--dns-nameserver 8.8.8.8 --gateway 192.168.1.1 \
--subnet-range 192.168.1.0/24 selfservice

openstack router create router
openstack router add subnet router selfservice
openstack router set router --external-gateway provider
openstack port list --router router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| bff6605d-824c-41f9-b744-21d128fc86e1 | | fa:16:3e:2f:34:9b | ip_address='172.16.1.1', subnet_id='3482f524-8bff-4871-80d4-5774c2730728' | ACTIVE |
| d6fe98db-ae01-42b0-a860-37b1661f5950 | | fa:16:3e:e8:c1:41 | ip_address='203.0.113.102', subnet_id='5cc70da8-4ee7-4565-be53-b9c011fca011' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
$ ping -c 4 203.0.113.102

 

創建虛機
openstack keypair list

$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

openstack flavor list
openstack image list
openstack network list

openstack server create --flavor tiny --image cirros --nic net-id=27616098-0374-4ab4-95a8-b5bf4839dcf8 --key-name mykey provider-instance


網絡配置
python /usr/lib/python2.7/site-packages/networking_odl/cmd/set_ovs_hostconfigs.py --ovs_hostconfigs='{
"ODL L2": {
"allowed_network_types": [
"flat",
"vlan",
"vxlan"
],
"bridge_mappings": {
"provider": "br-int"
},
"supported_vnic_types": [
{
"vnic_type": "normal",
"vif_type": "ovs",
"vif_details": {}
}
]
},
"ODL L3": {}
}'

ovs-vsctl list open .


[‎2019/‎1/‎16 19:09] 高正偉:
ovs-vsctl set Open_vSwitch . other_config:local_ip=hostip
ovs-vsctl set Open_vSwitch . other_config:local_ip=192.168.56.122
#ovs-vsctl set Open_vSwitch . other_config:remote_ip=192.168.56.122
#ovs-vsctl remove interface tunca7b782f232 options remote_ip

ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provider:br-ex
ovs-vsctl set Open_vSwitch . external_ids:provider_mappings="{\"provider\": \"br-ex\"}"
清空
ovs-vsctl clear Open_vSwitch . external_ids


ovs-vsctl set-manager tcp:10.13.80.34:6640
ovs-vsctl set-controller br-ex tcp:10.13.80.34:6640
ovs-vsctl del-controller br-ex
sudo neutron-odl-ovs-hostconfig
ovs-vsctl show

ovs-vsctl add-port <bridge name> <port name>
ovs-vsctl add-port br-ex enp0s10
ovs-vsctl del-port br-ex phy-br-ex


ovs-vsctl del-port br-ex tun2ad7e9e91e4

 

重啟odl后
systemctl restart openvswitch.service
systemctl restart neutron-server.service
systemctl stop neutron-server.service


創建虛機
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=192.168.56.2,end=192.168.56.100 --dns-nameserver 8.8.8.8 --gateway 192.168.56.1 --subnet-range 192.168.56.0/24 provider
nova boot --image cirros --flavor tiny --nic net-id= --availability-zone nova:rcontroller01 vm-01
openstack server create --flavor tiny --image cirros --nic net-id= --key-name mykey test

nova boot --image cirros --flavor tiny --nic net-id=0fe983c2-8178-403b-a00e-e8561580b210 --availability-zone nova:rcontroller01 vm-01

 

 

虛機可以學習到mac但是ping不通
抓包,先在虛機網卡上抓包,
然后在br-int上抓包
發現虛擬網卡上是發送了icmp請求報文的,但是br-int上沒有
查看報文情況
[root@rcontroller01 ~]# ovs-appctl dpif/dump-flows br-int

recirc_id(0),tunnel(tun_id=0x0,src=192.168.56.102,dst=192.168.56.122,flags(-df-csum+key)),in_port(4),eth(),eth_type(0x0800),ipv4(proto=17,frag=no),udp(dst=3784), packets:266436, bytes:17584776, used:0.591s, actions:userspace(pid=4294962063,slow_path(bfd))
recirc_id(0xa0),in_port(5),ct_state(+new-est-rel-inv+trk),ct_mark(0/0x1),eth(),eth_type(0x0800),ipv4(frag=no), packets:148165, bytes:14520170, used:0.566s, actions:drop
recirc_id(0),in_port(3),eth(),eth_type(0x0806), packets:1, bytes:60, used:5.228s, actions:drop
recirc_id(0),tunnel(tun_id=0xb,src=192.168.56.102,dst=192.168.56.122,flags(-df-csum+key)),in_port(4),eth(dst=fa:16:3e:ab:ba:7e),eth_type(0x0806), packets:0, bytes:0, used:never, actions:5
recirc_id(0),in_port(5),eth(src=fa:16:3e:ab:ba:7e),eth_type(0x0800),ipv4(src=192.168.0.16,proto=1,frag=no), packets:148165, bytes:14520170, used:0.566s, actions:ct(zone=5004),recirc(0xa0)
recirc_id(0),in_port(3),eth(),eth_type(0x0800),ipv4(frag=no), packets:886646, bytes:316947183, used:0.210s, flags:SFPR., actions:drop
recirc_id(0),in_port(5),eth(src=fa:16:3e:ab:ba:7e,dst=fa:16:3e:7d:95:75),eth_type(0x0806),arp(sip=192.168.0.16,tip=192.168.0.5,op=1/0xff,sha=fa:16:3e:ab:ba:7e), packets:0, bytes:0, used:never, actions:userspace(pid=4294961925,controller(reason=4,dont_send=0,continuation=0,recirc_id=4618,rule_cookie=0x822002d,controller_id=0,max_len=65535)),set(tunnel(tun_id=0xb,src=192.168.56.122,dst=192.168.56.102,ttl=64,tp_dst=4789,flags(df|key))),4
安全組設置
openstack security group rule create --proto tcp 2e19a748-9086-49f8-9498-01abc1a964fe
openstack security group rule create --proto tcp 6095293d-c2cd-433d-8a8f-e77ecb03609e
openstack security group rule create --proto udp 2e19a748-9086-49f8-9498-01abc1a964fe
openstack security group rule create --proto udp 6095293d-c2cd-433d-8a8f-e77ecb03609e

ovs-vsctl add-port br-ex "ex-patch-int"
ovs-vsctl set interface "ex-patch-int" type=patch
ovs-vsctl set interface "ex-patch-int" options:peer=int-patch-ex

ovs-vsctl add-port br-int "int-patch-ex"
ovs-vsctl set interface "int-patch-ex" type=patch
ovs-vsctl set interface "int-patch-ex" options:peer=ex-patch-int

 

ovs-vsctl del-port br-ex "ex-patch-int"
ovs-vsctl del-port br-int "int-patch-ex"
ovs-vsctl del-port br-ex enp0s9
ovs-vsctl add-port br-int enp0s9

ovs-appctl ofproto/trace
重要命令
sudo ovs-ofctl -O OpenFlow13 show br-int
sudo ovs-appctl ofproto/trace br-int "in_port=5,ip,nw_src=192.168.0.16,nw_dst=192.168.0.5"
ovs-appctl dpctl/dump-conntrack


11.查看接口id等
ovs-appctl dpif/show
12.查看接口統計
ovs-ofctl dump-ports br-int
查看接口
sudo ovs-ofctl show br-int -O OpenFlow13

 


ovs常用命令
控制管理類
1.查看網橋和端口

ovs-vsctl show
1
2.創建一個網橋

ovs-vsctl add-br br0
ovs-vsctl set bridge br0 datapath_type=netdev
1
2
3.添加/刪除一個端口

# for system interfaces
ovs-vsctl add-port br0 eth1
ovs-vsctl del-port br0 eth1
# for DPDK
ovs-vsctl add-port br0 dpdk1 -- set interface dpdk1 type=dpdk options:dpdk-devargs=0000:01:00.0
# for DPDK bonds
ovs-vsctl add-bond br0 dpdkbond0 dpdk1 dpdk2 \
-- set interface dpdk1 type=dpdk options:dpdk-devargs=0000:01:00.0 \
-- set interface dpdk2 type=dpdk options:dpdk-devargs=0000:02:00.0
1
2
3
4
5
6
7
8
9
4.設置/清除網橋的openflow協議版本

ovs-vsctl set bridge br0 protocols=OpenFlow13
ovs-vsctl clear bridge br0 protocols
1
2
5.查看某網橋當前流表

ovs-ofctl dump-flows br0
ovs-ofctl -O OpenFlow13 dump-flows br0
ovs-appctl bridge/dump-flows br0
1
2
3
6.設置/刪除控制器

ovs-vsctl set-controller br0 tcp:1.2.3.4:6633
ovs-vsctl del-controller br0
1
2
7.查看控制器列表

ovs-vsctl list controller
1
8.設置/刪除被動連接控制器

ovs-vsctl set-manager tcp:1.2.3.4:6640
ovs-vsctl get-manager
ovs-vsctl del-manager
1
2
3
9.設置/移除可選選項

ovs-vsctl set Interface eth0 options:link_speed=1G
ovs-vsctl remove Interface eth0 options link_speed
1
2
10.設置fail模式,支持standalone或者secure
standalone(default):清除所有控制器下發的流表,ovs自己接管
secure:按照原來流表繼續轉發

ovs-vsctl del-fail-mode br0
ovs-vsctl set-fail-mode br0 secure
ovs-vsctl get-fail-mode br0
1
2
3
11.查看接口id等

ovs-appctl dpif/show
1
12.查看接口統計

ovs-ofctl dump-ports br0
1
流表類
流表操作
1.添加普通流表

ovs-ofctl add-flow br0 in_port=1,actions=output:2
1
2.刪除所有流表

ovs-ofctl del-flows br0
1
3.按匹配項來刪除流表

ovs-ofctl del-flows br0 "in_port=1"
1
匹配項
1.匹配vlan tag,范圍為0-4095

ovs-ofctl add-flow br0 priority=401,in_port=1,dl_vlan=777,actions=output:2
1
2.匹配vlan pcp,范圍為0-7

ovs-ofctl add-flow br0 priority=401,in_port=1,dl_vlan_pcp=7,actions=output:2
1
3.匹配源/目的MAC

ovs-ofctl add-flow br0 in_port=1,dl_src=00:00:00:00:00:01/00:00:00:00:00:01,actions=output:2
ovs-ofctl add-flow br0 in_port=1,dl_dst=00:00:00:00:00:01/00:00:00:00:00:01,actions=output:2
1
2
4.匹配以太網類型,范圍為0-65535

ovs-ofctl add-flow br0 in_port=1,dl_type=0x0806,actions=output:2
1
5.匹配源/目的IP
條件:指定dl_type=0x0800,或者ip/tcp

ovs-ofctl add-flow br0 ip,in_port=1,nw_src=10.10.0.0/16,actions=output:2
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.20.0.0/16,actions=output:2
1
2
6.匹配協議號,范圍為0-255
條件:指定dl_type=0x0800或者ip

# ICMP
ovs-ofctl add-flow br0 ip,in_port=1,nw_proto=1,actions=output:2
7.匹配IP ToS/DSCP,tos范圍為0-255,DSCP范圍為0-63
條件:指定dl_type=0x0800/0x86dd,並且ToS低2位會被忽略(DSCP值為ToS的高6位,並且低2位為預留位)

ovs-ofctl add-flow br0 ip,in_port=1,nw_tos=68,actions=output:2
ovs-ofctl add-flow br0 ip,in_port=1,ip_dscp=62,actions=output:2
8.匹配IP ecn位,范圍為0-3
條件:指定dl_type=0x0800/0x86dd

ovs-ofctl add-flow br0 ip,in_port=1,ip_ecn=2,actions=output:2
9.匹配IP TTL,范圍為0-255

ovs-ofctl add-flow br0 ip,in_port=1,nw_ttl=128,actions=output:2
10.匹配tcp/udp,源/目的端口,范圍為0-65535

# 匹配源tcp端口179
ovs-ofctl add-flow br0 tcp,tcp_src=179/0xfff0,actions=output:2
# 匹配目的tcp端口179
ovs-ofctl add-flow br0 tcp,tcp_dst=179/0xfff0,actions=output:2
# 匹配源udp端口1234
ovs-ofctl add-flow br0 udp,udp_src=1234/0xfff0,actions=output:2
# 匹配目的udp端口1234
ovs-ofctl add-flow br0 udp,udp_dst=1234/0xfff0,actions=output:2

11.匹配tcp flags
tcp flags=fin,syn,rst,psh,ack,urg,ece,cwr,ns

ovs-ofctl add-flow br0 tcp,tcp_flags=ack,actions=output:2
12.匹配icmp code,范圍為0-255
條件:指定icmp

ovs-ofctl add-flow br0 icmp,icmp_code=2,actions=output:2
13.匹配vlan TCI
TCI低12位為vlan id,高3位為priority,例如tci=0xf123則vlan_id為0x123和vlan_pcp=7

ovs-ofctl add-flow br0 in_port=1,vlan_tci=0xf123,actions=output:2
14.匹配mpls label
條件:指定dl_type=0x8847/0x8848

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_label=7,actions=output:2
15.匹配mpls tc,范圍為0-7
條件:指定dl_type=0x8847/0x8848

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_tc=7,actions=output:2
1
16.匹配tunnel id,源/目的IP

# 匹配tunnel id
ovs-ofctl add-flow br0 in_port=1,tun_id=0x7/0xf,actions=output:2
# 匹配tunnel源IP
ovs-ofctl add-flow br0 in_port=1,tun_src=192.168.1.0/255.255.255.0,actions=output:2
# 匹配tunnel目的IP
ovs-ofctl add-flow br0 in_port=1,tun_dst=192.168.1.0/255.255.255.0,actions=output:2

一些匹配項的速記符

速記符 匹配項
ip dl_type=0x800
ipv6 dl_type=0x86dd
icmp dl_type=0x0800,nw_proto=1
icmp6 dl_type=0x86dd,nw_proto=58
tcp dl_type=0x0800,nw_proto=6
tcp6 dl_type=0x86dd,nw_proto=6
udp dl_type=0x0800,nw_proto=17
udp6 dl_type=0x86dd,nw_proto=17
sctp dl_type=0x0800,nw_proto=132
sctp6 dl_type=0x86dd,nw_proto=132
arp dl_type=0x0806
rarp dl_type=0x8035
mpls dl_type=0x8847
mplsm dl_type=0x8848
指令動作
1.動作為出接口
從指定接口轉發出去

ovs-ofctl add-flow br0 in_port=1,actions=output:2
1
2.動作為指定group
group id為已創建的group table

ovs-ofctl add-flow br0 in_port=1,actions=group:666
1
3.動作為normal
轉為L2/L3處理流程

ovs-ofctl add-flow br0 in_port=1,actions=normal
1
4.動作為flood
從所有物理接口轉發出去,除了入接口和已關閉flooding的接口

ovs-ofctl add-flow br0 in_port=1,actions=flood
1
5.動作為all
從所有物理接口轉發出去,除了入接口

ovs-ofctl add-flow br0 in_port=1,actions=all
1
6.動作為local
一般是轉發給本地網橋

ovs-ofctl add-flow br0 in_port=1,actions=local
1
7.動作為in_port
從入接口轉發回去

ovs-ofctl add-flow br0 in_port=1,actions=in_port
1
8.動作為controller
以packet-in消息上送給控制器

ovs-ofctl add-flow br0 in_port=1,actions=controller
1
9.動作為drop
丟棄數據包操作

ovs-ofctl add-flow br0 in_port=1,actions=drop
1
10.動作為mod_vlan_vid
修改報文的vlan id,該選項會使vlan_pcp置為0

ovs-ofctl add-flow br0 in_port=1,actions=mod_vlan_vid:8,output:2
1
11.動作為mod_vlan_pcp
修改報文的vlan優先級,該選項會使vlan_id置為0

ovs-ofctl add-flow br0 in_port=1,actions=mod_vlan_pcp:7,output:2
1
12.動作為strip_vlan
剝掉報文內外層vlan tag

ovs-ofctl add-flow br0 in_port=1,actions=strip_vlan,output:2
1
13.動作為push_vlan
在報文外層壓入一層vlan tag,需要使用openflow1.1以上版本兼容

ovs-ofctl add-flow -O OpenFlow13 br0 in_port=1,actions=push_vlan:0x8100,set_field:4097-\>vlan_vid,output:2
1
ps: set field值為4096+vlan_id,並且vlan優先級為0,即4096-8191,對應的vlan_id為0-4095

14.動作為push_mpls
修改報文的ethertype,並且壓入一個MPLS LSE

ovs-ofctl add-flow br0 in_port=1,actions=push_mpls:0x8847,set_field:10-\>mpls_label,output:2
1
15.動作為pop_mpls
剝掉最外層mpls標簽,並且修改ethertype為非mpls類型

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_label=20,actions=pop_mpls:0x0800,output:2
1
16.動作為修改源/目的MAC,修改源/目的IP

# 修改源MAC
ovs-ofctl add-flow br0 in_port=1,actions=mod_dl_src:00:00:00:00:00:01,output:2
# 修改目的MAC
ovs-ofctl add-flow br0 in_port=1,actions=mod_dl_dst:00:00:00:00:00:01,output:2
# 修改源IP
ovs-ofctl add-flow br0 in_port=1,actions=mod_nw_src:192.168.1.1,output:2
# 修改目的IP
ovs-ofctl add-flow br0 in_port=1,actions=mod_nw_dst:192.168.1.1,output:2

17.動作為修改TCP/UDP/SCTP源目的端口

# 修改TCP源端口
ovs-ofctl add-flow br0 tcp,in_port=1,actions=mod_tp_src:67,output:2
# 修改TCP目的端口
ovs-ofctl add-flow br0 tcp,in_port=1,actions=mod_tp_dst:68,output:2
# 修改UDP源端口
ovs-ofctl add-flow br0 udp,in_port=1,actions=mod_tp_src:67,output:2
# 修改UDP目的端口
ovs-ofctl add-flow br0 udp,in_port=1,actions=mod_tp_dst:68,output:2

18.動作為mod_nw_tos
條件:指定dl_type=0x0800
修改ToS字段的高6位,范圍為0-255,值必須為4的倍數,並且不會去修改ToS低2位ecn值

ovs-ofctl add-flow br0 ip,in_port=1,actions=mod_nw_tos:68,output:2
1
19.動作為mod_nw_ecn
條件:指定dl_type=0x0800,需要使用openflow1.1以上版本兼容
修改ToS字段的低2位,范圍為0-3,並且不會去修改ToS高6位的DSCP值

ovs-ofctl add-flow br0 ip,in_port=1,actions=mod_nw_ecn:2,output:2
1
20.動作為mod_nw_ttl
修改IP報文ttl值,需要使用openflow1.1以上版本兼容

ovs-ofctl add-flow -O OpenFlow13 br0 in_port=1,actions=mod_nw_ttl:6,output:2
1
21.動作為dec_ttl
對IP報文進行ttl自減操作

ovs-ofctl add-flow br0 in_port=1,actions=dec_ttl,output:2
1
22.動作為set_mpls_label
對報文最外層mpls標簽進行修改,范圍為20bit值

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_label:666,output:2
1
23.動作為set_mpls_tc
對報文最外層mpls tc進行修改,范圍為0-7

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_tc:7,output:2
1
24.動作為set_mpls_ttl
對報文最外層mpls ttl進行修改,范圍為0-255

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_ttl:255,output:2
1
25.動作為dec_mpls_ttl
對報文最外層mpls ttl進行自減操作

ovs-ofctl add-flow br0 in_port=1,actions=dec_mpls_ttl,output:2
1
26.動作為move NXM字段
使用move參數對NXM字段進行操作

# 將報文源MAC復制到目的MAC字段,並且將源MAC改為00:00:00:00:00:01
ovs-ofctl add-flow br0 in_port=1,actions=move:NXM_OF_ETH_SRC[]-\>NXM_OF_ETH_DST[],mod_dl_src:00:00:00:00:00:01,output:2
1
2
ps: 常用NXM字段參照表

NXM字段 報文字段
NXM_OF_ETH_SRC 源MAC
NXM_OF_ETH_DST 目的MAC
NXM_OF_ETH_TYPE 以太網類型
NXM_OF_VLAN_TCI vid
NXM_OF_IP_PROTO IP協議號
NXM_OF_IP_TOS IP ToS值
NXM_NX_IP_ECN IP ToS ECN
NXM_OF_IP_SRC 源IP
NXM_OF_IP_DST 目的IP
NXM_OF_TCP_SRC TCP源端口
NXM_OF_TCP_DST TCP目的端口
NXM_OF_UDP_SRC UDP源端口
NXM_OF_UDP_DST UDP目的端口
NXM_OF_SCTP_SRC SCTP源端口
NXM_OF_SCTP_DST SCTP目的端口
27.動作為load NXM字段
使用load參數對NXM字段進行賦值操作

# push mpls label,並且把10(0xa)賦值給mpls label
ovs-ofctl add-flow br0 in_port=1,actions=push_mpls:0x8847,load:0xa-\>OXM_OF_MPLS_LABEL[],output:2
# 對目的MAC進行賦值
ovs-ofctl add-flow br0 in_port=1,actions=load:0x001122334455-\>OXM_OF_ETH_DST[],output:2
1
2
3
4
28.動作為pop_vlan
彈出報文最外層vlan tag

ovs-ofctl add-flow br0 in_port=1,dl_type=0x8100,dl_vlan=777,actions=pop_vlan,output:2
1
meter表
常用操作
由於meter表是openflow1.3版本以后才支持,所以所有命令需要指定OpenFlow1.3版本以上
ps: 在openvswitch-v2.8之前的版本中,還不支持meter
在v2.8版本之后已經實現,要正常使用的話,需要注意的是datapath類型要指定為netdev,band type暫時只支持drop,還不支持DSCP REMARK

1.查看當前設備對meter的支持

ovs-ofctl -O OpenFlow13 meter-features br0
2.查看meter表

ovs-ofctl -O OpenFlow13 dump-meters br0
3.查看meter統計

ovs-ofctl -O OpenFlow13 meter-stats br0
4.創建meter表

# 限速類型以kbps(kilobits per second)計算,超過20kb/s則丟棄
ovs-ofctl -O OpenFlow13 add-meter br0 meter=1,kbps,band=type=drop,rate=20
# 同上,增加burst size參數
ovs-ofctl -O OpenFlow13 add-meter br0 meter=2,kbps,band=type=drop,rate=20,burst_size=256
# 同上,增加stats參數,對meter進行計數統計
ovs-ofctl -O OpenFlow13 add-meter br0 meter=3,kbps,stats,band=type=drop,rate=20,burst_size=256
# 限速類型以pktps(packets per second)計算,超過1000pkt/s則丟棄
ovs-ofctl -O OpenFlow13 add-meter br0 meter=4,pktps,band=type=drop,rate=1000

5.刪除meter表

# 刪除全部meter表
ovs-ofctl -O OpenFlow13 del-meters br0
# 刪除meter id=1
ovs-ofctl -O OpenFlow13 del-meter br0 meter=1
6.創建流表

ovs-ofctl -O OpenFlow13 add-flow br0 in_port=1,actions=meter:1,output:2
group表
由於group表是openflow1.1版本以后才支持,所以所有命令需要指定OpenFlow1.1版本以上

常用操作
group table支持4種類型

all:所有buckets都執行一遍
select: 每次選擇其中一個bucket執行,常用於負載均衡應用
ff(FAST FAILOVER):快速故障修復,用於檢測解決接口等故障
indirect:間接執行,類似於一個函數方法,被另一個group來調用
1.查看當前設備對group的支持

ovs-ofctl -O OpenFlow13 dump-group-features br0
2.查看group表

ovs-ofctl -O OpenFlow13 dump-groups br0
3.創建group表

# 類型為all
ovs-ofctl -O OpenFlow13 add-group br0 group_id=1,type=all,bucket=output:1,bucket=output:2,bucket=output:3
# 類型為select
ovs-ofctl -O OpenFlow13 add-group br0 group_id=2,type=select,bucket=output:1,bucket=output:2,bucket=output:3
# 類型為select,指定hash方法(5元組,OpenFlow1.5+)
ovs-ofctl -O OpenFlow15 add-group br0 group_id=3,type=select,selection_method=hash,fields=ip_src,bucket=output:2,bucket=output:3
4.刪除group表

ovs-ofctl -O OpenFlow13 del-groups br0 group_id=2
5.創建流表

ovs-ofctl -O OpenFlow13 add-flow br0 in_port=1,actions=group:2
goto table配置
數據流先從table0開始匹配,如actions有goto_table,再進行后續table的匹配,實現多級流水線,如需使用goto table,則創建流表時,指定table id,范圍為0-255,不指定則默認為table0
1.在table0中添加一條流表條目

ovs-ofctl add-flow br0 table=0,in_port=1,actions=goto_table=1
2.在table1中添加一條流表條目

ovs-ofctl add-flow br0 table=1,ip,nw_dst=10.10.0.0/16,actions=output:2
tunnel配置
如需配置tunnel,必需確保當前系統對各tunnel的remote ip網絡可達

gre
1.創建一個gre接口,並且指定端口id=1001

ovs-vsctl add-port br0 gre1 -- set Interface gre1 type=gre options:remote_ip=1.1.1.1 ofport_request=1001
2.可選選項
將tos或者ttl在隧道上繼承,並將tunnel id設置成123

ovs-vsctl set Interface gre1 options:tos=inherit options:ttl=inherit options:key=123
3.創建關於gre流表

# 封裝gre轉發
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.10.0.0/16,actions=output:1001
# 解封gre轉發
ovs-ofctl add-flow br0 in_port=1001,actions=output:1
vxlan
1.創建一個vxlan接口,並且指定端口id=2001

ovs-vsctl add-port br0 vxlan1 -- set Interface vxlan1 type=vxlan options:remote_ip=1.1.1.1 ofport_request=2001
2.可選選項
將tos或者ttl在隧道上繼承,將vni設置成123,UDP目的端為設置成8472(默認為4789)

ovs-vsctl set Interface vxlan1 options:tos=inherit options:ttl=inherit options:key=123 options:dst_port=8472
3.創建關於vxlan流表

# 封裝vxlan轉發
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.10.0.0/16,actions=output:2001
# 解封vxlan轉發
ovs-ofctl add-flow br0 in_port=2001,actions=output:1
sflow配置
1.對網橋br0進行sflow監控

agent: 與collector通信所在的網口名,通常為管理口
target: collector監聽的IP地址和端口,端口默認為6343
header: sFlow在采樣時截取報文頭的長度
polling: 采樣時間間隔,單位為秒
ovs-vsctl -- --id=@sflow create sflow agent=eth0 target=\"10.0.0.1:6343\" header=128 sampling=64 polling=10 -- set bridge br0 sflow=@sflow
2.查看創建的sflow

ovs-vsctl list sflow
3.刪除對應的網橋sflow配置,參數為sFlow UUID

ovs-vsctl remove bridge br0 sflow 7b9b962e-fe09-407c-b224-5d37d9c1f2b3
4.刪除網橋下所有sflow配置

ovs-vsctl -- clear bridge br0 sflow
1
QoS配置
ingress policing
1.配置ingress policing,對接口eth0入流限速10Mbps

ovs-vsctl set interface eth0 ingress_policing_rate=10000
ovs-vsctl set interface eth0 ingress_policing_burst=8000
2.清除相應接口的ingress policer配置

ovs-vsctl set interface eth0 ingress_policing_rate=0
ovs-vsctl set interface eth0 ingress_policing_burst=0
3.查看接口ingress policer配置

ovs-vsctl list interface eth0
4.查看網橋支持的Qos類型

ovs-appctl qos/show-types br0
端口鏡像配置
1.配置eth0收到/發送的數據包鏡像到eth1

ovs-vsctl -- set bridge br0 mirrors=@m \
-- --id=@eth0 get port eth0 \
-- --id=@eth1 get port eth1 \
-- --id=@m create mirror name=mymirror select-dst-port=@eth0 select-src-port=@eth0 output-port=@eth1
2.刪除端口鏡像配置

ovs-vsctl -- --id=@m get mirror mymirror -- remove bridge br0 mirrors @m
3.清除網橋下所有端口鏡像配置

ovs-vsctl clear bridge br0 mirrors
4.查看端口鏡像配置

ovs-vsctl get bridge br0 mirrors


Open vSwitch中有多個命令,分別有不同的作用,大致如下:

ovs-vsctl用於控制ovs db
ovs-ofctl用於管理OpenFlow switch 的 flow
ovs-dpctl用於管理ovs的datapath
ovs-appctl用於查詢和管理ovs daemon

 

 

 



注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
粤ICP备14056181号  © 2014-2020 ITdaan.com