Open vswitch (mini how-to) — различия между версиями

Материал из wiki
Перейти к: навигация, поиск
(Новая страница: «OVS на ubuntu 12.04 В системе присутствует два сетевых адаптера eth1 и eth2. <code> sudo ovs-vsctl add-br br1 sudo o…»)
 
(DNS query sniff)
 
(не показаны 3 промежуточные версии этого же участника)
Строка 14: Строка 14:
 
</code>
 
</code>
  
 +
<code>
 
   269  sudo ovs-ofctl add-flow br1 "arp actions=NORMAL"
 
   269  sudo ovs-ofctl add-flow br1 "arp actions=NORMAL"
 
   270  sudo ovs-ofctl add-flow br1 "ip actions=NORMAL"
 
   270  sudo ovs-ofctl add-flow br1 "ip actions=NORMAL"
Строка 51: Строка 52:
 
  cookie=0x0, duration=23.098s, table=0, n_packets=14, n_bytes=1296, in_port=3 actions=output:4
 
  cookie=0x0, duration=23.098s, table=0, n_packets=14, n_bytes=1296, in_port=3 actions=output:4
 
  cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3
 
  cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3
 +
</code>
 +
 +
 +
http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/
 +
 +
==VLAN rewrite==
 +
OVS cannot output packet on port it was received from.
 +
 +
port 12 - Trunk
 +
 +
port 15 - Trunk
 +
 +
VLAN rewrite 185<>568  (port 12<>15)
 +
 +
<code>
 +
 +
system@br1:
 +
        lookups: hit:215846 missed:19069 lost:0
 +
        flows: 2
 +
        port 0: br1 (internal)
 +
        port 12: eth1
 +
        port 15: eth2
 +
 +
in_port(15),eth(src=00:50:56:bf:5b:26,dst=00:50:56:bf:07:c3),eth_type(0x8100),vlan(vid=568,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.102,dst=10.15.1.103,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=185,pcp=0),12
 +
in_port(12),eth(src=00:50:56:bf:07:c3,dst=00:50:56:bf:5b:26),eth_type(0x8100),vlan(vid=185,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.103,dst=10.15.1.102,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=568,pcp=0),15
 +
 +
NXST_FLOW reply (xid=0x4):
 +
cookie=0x0, duration=530.644s, table=0, n_packets=724, n_bytes=70122, in_port=12,dl_vlan=185 actions=mod_vlan_vid:568,output:15
 +
cookie=0x0, duration=516.862s, table=0, n_packets=710, n_bytes=69282, in_port=15,dl_vlan=568 actions=mod_vlan_vid:185,output:12
 +
 +
</code>
 +
 +
== DNS query sniff ==
 +
<code>
 +
NXST_FLOW reply (xid=0x4):
 +
cookie=0x0, duration=87513.213s, table=0, n_packets=4930284, n_bytes=326457512, priority=50,in_port=15,dl_vlan=1505 actions=mod_vlan_vid:1511,output:12
 +
cookie=0x0, duration=88136.931s, table=0, n_packets=6278117, n_bytes=62790046791, priority=50,in_port=12,dl_vlan=1511 actions=resubmit(,1)
 +
cookie=0x0, duration=88140.614s, table=0, n_packets=120103252, n_bytes=174971831213, priority=0 actions=drop
 +
cookie=0x0, duration=83060.663s, table=1, n_packets=169, n_bytes=12845, priority=70,udp,tp_dst=53 actions=resubmit(,2),resubmit(,7)
 +
cookie=0x0, duration=84301.393s, table=1, n_packets=651, n_bytes=41564, priority=50,arp actions=resubmit(,2)
 +
cookie=0x0, duration=84294.502s, table=1, n_packets=342161, n_bytes=6033408212, priority=50,ip actions=resubmit(,2)
 +
cookie=0x0, duration=87922.723s, table=2, n_packets=3175420, n_bytes=62586207144, priority=50 actions=mod_vlan_vid:1505,resubmit(,3)
 +
cookie=0x0, duration=87891.889s, table=3, n_packets=8781056, n_bytes=63023000641, priority=50 actions=output:15
 +
cookie=0x0, duration=83077.373s, table=7, n_packets=169, n_bytes=12845, priority=50 actions=mod_vlan_vid:1512,resubmit(,3)
 +
 +
</code>
 +
 +
    in_port
 +
                    Outputs the packet on the port from which it was received.
  
  

Текущая версия на 11:54, 8 декабря 2014

OVS на ubuntu 12.04

В системе присутствует два сетевых адаптера eth1 и eth2.

  sudo ovs-vsctl add-br br1
  sudo ovs-vsctl add-port br1 eth1
  sudo ovs-vsctl add-port br1 eth2

OVS начнет бриджевать трафик между двумя портами.

Посмтореть data plane записи позволяет такая утилита

  sudo ovs-dpctl dump-flows br1
  269  sudo ovs-ofctl add-flow br1 "arp actions=NORMAL"
  270  sudo ovs-ofctl add-flow br1 "ip actions=NORMAL"
  274  sudo ovs-ofctl dump-flows br1
  282  sudo ovs-ofctl del-flows br1 "ip"
  283  sudo ovs-ofctl dump-flows br1
  284  sudo ovs-ofctl add-flow br1 "ip tcp tp_src=22 action=normal"
  285  sudo ovs-ofctl add-flow br1 "ip tcp tp_dst=22 action=normal"
  293  sudo ovs-ofctl add-flow br1 "icmp action=normal"

sudo ovs-ofctl show br1
OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000005056bf0e5e
n_tables:255, n_buffers:256
features: capabilities:0xc7, actions:0xfff
 3(eth1): addr:00:50:56:bf:0e:5e
     config:     0
     state:      0
     current:    1GB-FD COPPER AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 4(eth2): addr:00:50:56:bf:46:86
     config:     0
     state:      0
     current:    1GB-FD COPPER AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
 LOCAL(br1): addr:00:50:56:bf:0e:5e
     config:     PORT_DOWN
     state:      LINK_DOWN
OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0

sudo ovs-ofctl del-flows br1
sudo ovs-ofctl add-flow br1 "in_port=3 action=output:4"
sudo ovs-ofctl add-flow br1 "in_port=4 action=output:3"
sudo ovs-ofctl dump-flows br1
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=23.098s, table=0, n_packets=14, n_bytes=1296, in_port=3 actions=output:4
 cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3


http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/

VLAN rewrite

OVS cannot output packet on port it was received from.

port 12 - Trunk

port 15 - Trunk

VLAN rewrite 185<>568 (port 12<>15)


system@br1:
        lookups: hit:215846 missed:19069 lost:0
        flows: 2
        port 0: br1 (internal)
        port 12: eth1
        port 15: eth2

in_port(15),eth(src=00:50:56:bf:5b:26,dst=00:50:56:bf:07:c3),eth_type(0x8100),vlan(vid=568,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.102,dst=10.15.1.103,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=185,pcp=0),12
in_port(12),eth(src=00:50:56:bf:07:c3,dst=00:50:56:bf:5b:26),eth_type(0x8100),vlan(vid=185,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.103,dst=10.15.1.102,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=568,pcp=0),15

NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=530.644s, table=0, n_packets=724, n_bytes=70122, in_port=12,dl_vlan=185 actions=mod_vlan_vid:568,output:15
 cookie=0x0, duration=516.862s, table=0, n_packets=710, n_bytes=69282, in_port=15,dl_vlan=568 actions=mod_vlan_vid:185,output:12

DNS query sniff

NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=87513.213s, table=0, n_packets=4930284, n_bytes=326457512, priority=50,in_port=15,dl_vlan=1505 actions=mod_vlan_vid:1511,output:12
 cookie=0x0, duration=88136.931s, table=0, n_packets=6278117, n_bytes=62790046791, priority=50,in_port=12,dl_vlan=1511 actions=resubmit(,1)
 cookie=0x0, duration=88140.614s, table=0, n_packets=120103252, n_bytes=174971831213, priority=0 actions=drop
 cookie=0x0, duration=83060.663s, table=1, n_packets=169, n_bytes=12845, priority=70,udp,tp_dst=53 actions=resubmit(,2),resubmit(,7)
 cookie=0x0, duration=84301.393s, table=1, n_packets=651, n_bytes=41564, priority=50,arp actions=resubmit(,2)
 cookie=0x0, duration=84294.502s, table=1, n_packets=342161, n_bytes=6033408212, priority=50,ip actions=resubmit(,2)
 cookie=0x0, duration=87922.723s, table=2, n_packets=3175420, n_bytes=62586207144, priority=50 actions=mod_vlan_vid:1505,resubmit(,3)
 cookie=0x0, duration=87891.889s, table=3, n_packets=8781056, n_bytes=63023000641, priority=50 actions=output:15
 cookie=0x0, duration=83077.373s, table=7, n_packets=169, n_bytes=12845, priority=50 actions=mod_vlan_vid:1512,resubmit(,3)

   in_port
                    Outputs the packet on the port from which it was received.