OpenFlow 交换机与控制器交互步骤

1. 利用Mininet仿真平台构建如下图所示的网络拓扑,配置主机h1和h2的IP地址(h1:10.0.0.1,h2:10.0.0.2),测试两台主机之间的网络连通性

  • miniedit.py设置

    • start CLI
    • 支持OpenFlow 1.0 1.1 1.2 1.3
    • 其他使用默认设置(Controller选择默认的openflow reference)

2. 利用Wireshark工具,捕获拓扑中交换机与控制器之间的通信数据,对OpenFlow协议类型的各类报文进行分析,写出你的分析内容。

  • hello

    控制器6633端口(我最高能支持OpenFlow 1.0) ---> 交换机35534端口



    交换机35534端口(我最高能支持OpenFlow 1.3)---> 控制器6633端口



    于是双方建立连接,并使用OpenFlow 1.0

  • Features Request

    控制器6633端口(我需要你的特征信息) ---> 交换机35534端口

  • Set Config

    控制器6633端口(请按照我给你的flag和max bytes of packet进行配置) ---> 交换机35534端口

  • Features Reply

    交换机35534端口(这是我的特征信息,请查收)--- 控制器6633端口



    Features 消息包括 OpenFlow Header 和 Features Reply Message

    对照Features Reply Message结构

  1. struct ofp_switch_features{
  2.     struct ofp_header header;
  3.     uint64_t datapath_id; /*唯一标识 id 号*/
  4.     uint32_t n_buffers; /*交缓冲区可以缓存的最大数据包个数*/
  5.     uint8_t n_tables; /*流表数量*/
  6.     uint8_t pad[3]; /*align to 64 bits*/
  7.     uint32_t capabilities; /*支持的特殊功能,具体见 ofp_capabilities*/
  8.     uint32_t actions; /*支持的动作,具体见 ofp_actions_type*/
  9.     struct ofp_phy_port ports[0]; /*物理端口描述列表,具体见 ofp_phy_port*/
  10. };

对应到抓取到的报文,逐项查看报文内容

  1. OpenFlow 1.0
  2.     .000 0001 = Version: 1.0 (0x01)
  3.     Type: OFPT_FEATURES_REPLY (6)
  4.     Length: 176
  5.     Transaction ID: 3488621760
  6.     Datapath unique ID: 0x0000000000000002
  7.         MAC addr: 00:00:00_00:00:00 (00:00:00:00:00:00)
  8.         Implementers part: 0x0002
  9.     n_buffers: 256
  10.     n_tables: 254
  11.     Pad: 000000
  12.     capabilities: 0x000000c7
  13.         .... .... .... .... .... .... .... ...1 = Flow statistics: True
  14.         .... .... .... .... .... .... .... ..1. = Table statistics: True
  15.         .... .... .... .... .... .... .... .1.. = Port statistics: True
  16.         .... .... .... .... .... .... .... 0... = Group statistics: False
  17.         .... .... .... .... .... .... ..0. .... = Can reassemble IP fragments: False
  18.         .... .... .... .... .... .... .1.. .... = Queue statistics: True
  19.         .... .... .... .... .... ...0 .... .... = Switch will block looping ports: False
  20.     actions: 0x00000fff
  21.         .... .... .... .... .... .... .... ...1 = Output to switch port: True
  22.         .... .... .... .... .... .... .... ..1. = Set the 802.1q VLAN id: True
  23.         .... .... .... .... .... .... .... .1.. = Set the 802.1q priority: True
  24.         .... .... .... .... .... .... .... 1... = Strip the 802.1q header: True
  25.         .... .... .... .... .... .... ...1 .... = Ethernet source address: True
  26.         .... .... .... .... .... .... ..1. .... = Ethernet destination address: True
  27.         .... .... .... .... .... .... .1.. .... = IP source address: True
  28.         .... .... .... .... .... .... 1... .... = IP destination address: True
  29.         .... .... .... .... .... ...1 .... .... = IP ToS (DSCP field, 6 bits): True
  30.         .... .... .... .... .... ..1. .... .... = TCP/UDP source port: True
  31.         .... .... .... .... .... .1.. .... .... = TCP/UDP destination port: True
  32.         .... .... .... .... .... 1... .... .... = Output to queue: True
  33.     Port data 1
  34.         Port number: 65534
  35.         HW Address: e6:73:a1:3c:74:c0 (e6:73:a1:3c:74:c0)
  36.         Port Name: s2
  37.         Config flags: 0x00000001
  38.             .... .... .... .... .... .... .... ...1 = Port is administratively down: True
  39.             .... .... .... .... .... .... .... ..0. = Disable 802.1D spanning tree on port: False
  40.             .... .... .... .... .... .... .... .0.. = Drop all packets except 802.1D spanning tree packets: False
  41.             .... .... .... .... .... .... .... 0... = Drop received 802.1D STP packets: False
  42.             .... .... .... .... .... .... ...0 .... = Do not include this port when flooding: False
  43.             .... .... .... .... .... .... ..0. .... = Drop packets forwarded to port: False
  44.             .... .... .... .... .... .... .0.. .... = Do not send packet-in msgs for port: False
  45.         State flags: 0x00000001
  46.             .... .... .... .... .... .... .... ...1 = No physical link present: True
  47.         Current features: 0x00000000
  48.             .... .... .... .... .... .... .... ...0 = 10 Mb half-duplex rate support: False
  49.             .... .... .... .... .... .... .... ..0. = 10 Mb full-duplex rate support: False
  50.             .... .... .... .... .... .... .... .0.. = 100 Mb half-duplex rate support: False
  51.             .... .... .... .... .... .... .... 0... = 100 Mb full-duplex rate support: False
  52.             .... .... .... .... .... .... ...0 .... = 1 Gb half-duplex rate support: False
  53.             .... .... .... .... .... .... ..0. .... = 1 Gb full-duplex rate support: False
  54.             .... .... .... .... .... .... .0.. .... = 10 Gb full-duplex rate support: False
  55.             .... .... .... .... .... .... 0... .... = Copper medium: False
  56.             .... .... .... .... .... ...0 .... .... = Fiber medium: False
  57.             .... .... .... .... .... ..0. .... .... = Auto-negotiation: False
  58.             .... .... .... .... .... .0.. .... .... = Pause: False
  59.             .... .... .... .... .... 0... .... .... = Asymmetric pause: False
  60.         Advertised features: 0x00000000
  61.         Features supported: 0x00000000
  62.         Features advertised by peer: 0x00000000
  63.     Port data 2
  64.         Port number: 1
  65.         HW Address: 2a:ca:66:29:0e:ae (2a:ca:66:29:0e:ae)
  66.         Port Name: s2-eth1
  67.         Config flags: 0x00000000
  68.             .... .... .... .... .... .... .... ...0 = Port is administratively down: False
  69.             .... .... .... .... .... .... .... ..0. = Disable 802.1D spanning tree on port: False
  70.             .... .... .... .... .... .... .... .0.. = Drop all packets except 802.1D spanning tree packets: False
  71.             .... .... .... .... .... .... .... 0... = Drop received 802.1D STP packets: False
  72.             .... .... .... .... .... .... ...0 .... = Do not include this port when flooding: False
  73.             .... .... .... .... .... .... ..0. .... = Drop packets forwarded to port: False
  74.             .... .... .... .... .... .... .0.. .... = Do not send packet-in msgs for port: False
  75.         State flags: 0x00000000
  76.             .... .... .... .... .... .... .... ...0 = No physical link present: False
  77.         Current features: 0x000000c0
  78.             .... .... .... .... .... .... .... ...0 = 10 Mb half-duplex rate support: False
  79.             .... .... .... .... .... .... .... ..0. = 10 Mb full-duplex rate support: False
  80.             .... .... .... .... .... .... .... .0.. = 100 Mb half-duplex rate support: False
  81.             .... .... .... .... .... .... .... 0... = 100 Mb full-duplex rate support: False
  82.             .... .... .... .... .... .... ...0 .... = 1 Gb half-duplex rate support: False
  83.             .... .... .... .... .... .... ..0. .... = 1 Gb full-duplex rate support: False
  84.             .... .... .... .... .... .... .1.. .... = 10 Gb full-duplex rate support: True
  85.             .... .... .... .... .... .... 1... .... = Copper medium: True
  86.             .... .... .... .... .... ...0 .... .... = Fiber medium: False
  87.             .... .... .... .... .... ..0. .... .... = Auto-negotiation: False
  88.             .... .... .... .... .... .0.. .... .... = Pause: False
  89.             .... .... .... .... .... 0... .... .... = Asymmetric pause: False
  90.         Advertised features: 0x00000000
  91.         Features supported: 0x00000000
  92.         Features advertised by peer: 0x00000000
  93.     Port data 3
  94.         Port number: 2
  95.         HW Address: 66:01:64:ad:24:89 (66:01:64:ad:24:89)
  96.         Port Name: s2-eth2
  97.         Config flags: 0x00000000
  98.             .... .... .... .... .... .... .... ...0 = Port is administratively down: False
  99.             .... .... .... .... .... .... .... ..0. = Disable 802.1D spanning tree on port: False
  100.             .... .... .... .... .... .... .... .0.. = Drop all packets except 802.1D spanning tree packets: False
  101.             .... .... .... .... .... .... .... 0... = Drop received 802.1D STP packets: False
  102.             .... .... .... .... .... .... ...0 .... = Do not include this port when flooding: False
  103.             .... .... .... .... .... .... ..0. .... = Drop packets forwarded to port: False
  104.             .... .... .... .... .... .... .0.. .... = Do not send packet-in msgs for port: False
  105.         State flags: 0x00000000
  106.             .... .... .... .... .... .... .... ...0 = No physical link present: False
  107.         Current features: 0x000000c0
  108.             .... .... .... .... .... .... .... ...0 = 10 Mb half-duplex rate support: False
  109.             .... .... .... .... .... .... .... ..0. = 10 Mb full-duplex rate support: False
  110.             .... .... .... .... .... .... .... .0.. = 100 Mb half-duplex rate support: False
  111.             .... .... .... .... .... .... .... 0... = 100 Mb full-duplex rate support: False
  112.             .... .... .... .... .... .... ...0 .... = 1 Gb half-duplex rate support: False
  113.             .... .... .... .... .... .... ..0. .... = 1 Gb full-duplex rate support: False
  114.             .... .... .... .... .... .... .1.. .... = 10 Gb full-duplex rate support: True
  115.             .... .... .... .... .... .... 1... .... = Copper medium: True
  116.             .... .... .... .... .... ...0 .... .... = Fiber medium: False
  117.             .... .... .... .... .... ..0. .... .... = Auto-negotiation: False
  118.             .... .... .... .... .... .0.. .... .... = Pause: False
  119.             .... .... .... .... .... 0... .... .... = Asymmetric pause: False
  120.         Advertised features: 0x00000000
  121.         Features supported: 0x00000000
  122.         Features advertised by peer: 0x00000000
  • Packet_in

    交换机35534端口(有数据包进来,请指示)--- 控制器6633端口



    结合Packet_in的结构
  1. struct ofp_packet_in {
  2.     struct ofp_header header;
  3.     uint32_t buffer_id; /*Packet-in消息所携带的数据包在交换机缓存区中的ID*/
  4.     uint16_t total_len; /*data字段的长度*/
  5.     uint16_t in_port; /*数据包进入交换机时的端口号*/
  6.     uint8_t reason; /*发送Packet-in消息的原因,具体见 ofp_packet_in_reason*/
  7.     uint8_t pad;
  8.     uint8_t data[0]; /*携带的数据包*/
  9. };

分析抓取的数据包,可以发现是因为交换机发现此时自己并没有匹配的流表(Reason: No matching flow (table-miss flow entry) (0)),所以要问控制器如何处理

  1. OpenFlow 1.0
  2.     .000 0001 = Version: 1.0 (0x01)
  3.     Type: OFPT_PACKET_IN (10)
  4.     Length: 108
  5.     Transaction ID: 0
  6.     Buffer Id: 0x00000100
  7.     Total length: 90
  8.     In port: 1
  9.     Reason: No matching flow (table-miss flow entry) (0)
  10.     Pad: 00
  11.     Ethernet II, Src: 96:3f:21:4c:f5:0e (96:3f:21:4c:f5:0e), Dst: IPv6mcast_16 (33:33:00:00:00:16)
  12.         Destination: IPv6mcast_16 (33:33:00:00:00:16)
  13.             Address: IPv6mcast_16 (33:33:00:00:00:16)
  14.             .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  15.             .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  16.         Source: 96:3f:21:4c:f5:0e (96:3f:21:4c:f5:0e)
  17.             Address: 96:3f:21:4c:f5:0e (96:3f:21:4c:f5:0e)
  18.             .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  19.             .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  20.         Type: IPv6 (0x86dd)
  21.     Internet Protocol Version 6, Src: ::, Dst: ff02::16
  22.         0110 .... = Version: 6
  23.         .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
  24.             .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
  25.             .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  26.         .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
  27.         Payload Length: 36
  28.         Next Header: IPv6 Hop-by-Hop Option (0)
  29.         Hop Limit: 1
  30.         Source: ::
  31.         Destination: ff02::16
  32.         IPv6 Hop-by-Hop Option
  33.             Next Header: ICMPv6 (58)
  34.             Length: 0
  35.             [Length: 8 bytes]
  36.             Router Alert
  37.                 Type: Router Alert (0x05)
  38.                     00.. .... = Action: Skip and continue (0)
  39.                     ..0. .... = May Change: No
  40.                     ...0 0101 = Low-Order Bits: 0x05
  41.                 Length: 2
  42.                 Router Alert: MLD (0)
  43.             PadN
  44.                 Type: PadN (0x01)
  45.                     00.. .... = Action: Skip and continue (0)
  46.                     ..0. .... = May Change: No
  47.                     ...0 0001 = Low-Order Bits: 0x01
  48.                 Length: 0
  49.                 PadN: <none>
  50.     Internet Control Message Protocol v6
  51.         Type: Multicast Listener Report Message v2 (143)
  52.         Code: 0
  53.         Checksum: 0x7a2f [correct]
  54.         [Checksum Status: Good]
  55.         Reserved: 0000
  56.         Number of Multicast Address Records: 1
  57.         Multicast Address Record Changed to exclude: ff02::1:ff4c:f50e
  58.             Record Type: Changed to exclude (4)
  59.             Aux Data Len: 0
  60.             Number of Sources: 0
  61.             Multicast Address: ff02::1:ff4c:f50e
  • Packet_out

    控制器6633端口(请按照我给你的action进行处理) ---> 交换机35534端口



    结合Packet_out的结构
  1. struct ofp_packet_out {
  2.     struct ofp_header header;
  3.     uint32_t buffer_id; /*交换机缓存区id,如果为-1则指定的为packet-out消息携带的data字段*/
  4.     uint16_t in_port; /*如果buffer_id为‐1,并且action列表中指定了Output=TABLE的动作,in_port将作为data段数据包的额外匹配信息进行流表查询*/
  5.     uint16_t actions_len; /*action列表的长度,可以用来区分actions和data段*/
  6.     struct ofp_action_header actions[0]; /*动作列表*/
  7.     uint8_t data[0]; /*数据缓存区,可以存储一个以太网帧,可选*/
  8. }

告诉输出到交换机的65531端口

  1. OpenFlow 1.0
  2.     .000 0001 = Version: 1.0 (0x01)
  3.     Type: OFPT_PACKET_OUT (13)
  4.     Length: 24
  5.     Transaction ID: 0
  6.     Buffer Id: 0x00000100
  7.     In port: 1
  8.     Actions length: 8
  9.     Actions type: Output to switch port (0)
  10.     Action length: 8
  11.     Output port: 65531
  12.     Max length: 0

接下来是另一台交换机(端口35536)与控制器(端口6633)的交互过程

h1 ping h2

  • packet_in

  • flow_mod

    结合flow_mod结构
  1. struct ofp_flow_mod {
  2.     struct ofp_header header;
  3.     struct ofp_match match; /*流表的匹配域*/
  4.     uint64_t cookie; /*流表项标识符*/
  5.     uint16_t command; /*可以是ADD,DELETE,DELETE-STRICT,MODIFY,MODIFY-STRICT*/
  6.     uint16_t idle_timeout; /*空闲超时时间*/
  7.     uint16_t hard_timeout; /*最大生存时间*/
  8.     uint16_t priority; /*优先级,优先级高的流表项优先匹配*/
  9.     uint32_t buffer_id; /*缓存区ID ,用于指定缓存区中的一个数据包按这个消息的action列表处理*/
  10.     uint16_t out_port; /*如果这条消息是用于删除流表则需要提供额外的匹配参数*/
  11.     uint16_t flags; /*标志位,可以用来指示流表删除后是否发送flow‐removed消息,添加流表时是否检查流表重复项,添加的流表项是否为应急流表项。*/
  12.     struct ofp_action_header actions[0]; /*action列表*/
  13. };

分析抓取的flow_mod数据包,控制器通过6633端口向交换机35334端口、交换机35336端口下发流表项,指导数据的转发处理







PS.把控制器从openflow reference改成ovs controller



在hello报文中可以发现控制器支持的OpenFlow版本从1.0变成了1.3,因此,经过协商交换机和控制器之间将通过1.3版本的OpenFlow协议进行通信

  • flow_mod

利用Wireshark抓取并分析OpenFlow协议报文的更多相关文章

  1. 利用wireshark抓取远程linux上的数据包

    原文发表在我的博客主页,转载请注明出处. 前言 因为出差,前后准备总结了一周多,所以博客有所搁置.出差真是累人的活计,不过确实可以学习到很多东西,跟着老板学习做人,学习交流的技巧.入正题~ wires ...

  2. 利用wireshark抓取Telnet的用户名和密码

    使用wireshark抓取Telnet   目标ip地址(telnet  192.168.88.1 ) 1,首先打开wireshark,然后选择网卡,点击开始. 2,为了在filter中输入telne ...

  3. 利用wireshark抓取TCP的整个过程分析。

    原文地址:https://www.cnblogs.com/NickQ/p/9226579.html 最近,已经很久都没有更新博客了.看看时间,想想自己做了哪些事情,突然发现自己真的是太贪心,到头来却一 ...

  4. SNMP报文抓取与分析(二)

    SNMP报文抓取与分析(二) SNMP报文抓取与分析(二) 1.SNMP报文表示简介 基本编码规则BER 标识域Tag表示 长度域length表示 2.SNMP报文详细分析(以一个get-respon ...

  5. Android利用tcpdump和wireshark抓取网络数据包

    Android利用tcpdump和wireshark抓取网络数据包 主要介绍如何利用tcpdump抓取andorid手机上网络数据请求,利用Wireshark可以清晰的查看到网络请求的各个过程包括三次 ...

  6. 使用wireshark抓取TCP包分析1

    使用wireshark抓取TCP包分析1 前言 介绍 目的 准备工作 传输 创建连接 握手 生成密钥 发送数据 断开连接 结论 前言 介绍 本篇文章是使用wireshrak对某个https请求的tcp ...

  7. Ubuntu下用wireshark抓取802.11封包并进行过滤分析

    要用wireshark抓802.11的包 需要在linux下进行. 要在linux下抓802.11的包 需要在linux下安装无线网卡驱动. 所以 在正式抓取之前先把这两样东西搞起来. *没有特殊说明 ...

  8. 使用wireshark 抓取 http https tcp ip 协议进行学习

    使用wireshark 抓取 http https tcp ip 协议进行学习 前言 本节使用wireshark工具抓包学习tcp ip http 协议 1. tcp 1.1 tcp三次握手在wire ...

  9. 深入理解USB流量数据包的抓取与分析

    0x01 问题提出 在一次演练中,我们通过wireshark抓取了一个如下的数据包,我们如何对其进行分析? 0x02 问题分析 流量包是如何捕获的? 首先我们从上面的数据包分析可以知道,这是个USB的 ...

随机推荐

  1. arm9的中断

    GPIO 习惯了stm32的GPIO,发现高端处理器arm在这方面反而简单了. ARM9控制GPIO只有三种寄存器. GPxCON:配置引脚功能,GPACON用一位控制一个GPIO,分别是0为输出引脚 ...

  2. SQL SERVER-修改实例的排序规则

    系统库是无法直接修改的,只能修改用户数据库排序规则(要先解决依赖项.如表函数): ALTER DATABASE [xx] COLLATE Chinese_PRC_CI_AS 修改实例的排序规则,使用安 ...

  3. Android笔记(七十) AlertDialog

    alertdialog可以在当前界面中弹出一个对话框,这个对话框在界面所有元素之上,可以屏蔽掉其他控件的交互能力,因此alertdialog常用于一些重要的内容警告. 使用AlertDialog.Bu ...

  4. ssh无密码连接

    1. 生成密钥对文件 [root@centos2 ~]# -t 指定加密类型 -b 指定密钥对加密长度 询问1:执行过程中会询问保存位置,一般默认保存在当前用户家目录下的.ssh/目录下 询问2:是否 ...

  5. springboot项目搭建及常用技术整合

    一.在你建立的工程下创建 Module 选择Spring initializr创建. 二.在Type处选择: Maven Project(项目的构建工具) 三.创建依赖时勾上web,mybatis,m ...

  6. 农业银行网上支付平台-商户接口编程-demo调试

    调试的时候会报一个这样的错误. ReturnCode = [1999]ErrorMessage = [系统发生无法预期的错误 - 第1个证书无法读取证书文档] 网上其他资料说是权限问题,有的人可能是权 ...

  7. 2019-2020-1 20199301《Linux内核原理与分析》第四周作业

    Week4 MenuOS的构造 一.上周复习 计算机的三大法宝: 存储程序计算机: 函数调用堆栈: 中断. 操作系统的两把宝剑: 中断上下文-保存现场和恢复现场 进程上下文 二.Linux内核源代码简 ...

  8. eclipse 安装反编译工具

    jd-gui是我最喜欢使用的java反编译工具.它是一款用c++开发的轻量级的java反编译工具,无须安装即可以使用,你甚至都不需要安装jre环境就可以实现反编译:支持最新的jdk,目前是jdk 1. ...

  9. 面试官常问的20道Java题目(附答案)-来自Java1234

    1. 以下代码的输出结果是(A) int i =3; i = i++; System.out.println(i); A .3  B.4  C.5 a=b++是先将b值赋值给a后b再自增. 2. Ma ...

  10. light,node.js,webStorm 安装项目搭建

    light,是一个移动应用开发平台,旨在降低H5.APP的开发门槛.运维成本.提升移动应用产品的持续交付能力. 用light可以做什么 快速组织移动H5应用的协作开发.调试.应用发布,发布的应用可直接 ...