对于普通的switch,都会有这个学习的过程,当一个包到来的时候,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息。于是switch学习后,维护了一个表格port –> MAC –> VLAN Tag。

这样以后如果有需要发给这个MAC的包,不用ARP,switch自然之道应该发给哪个port,应该打什么VLAN Tag。

OVS也要学习这个,并维护三个之间的mapping关系。

在我们的例子中,无论是从port进来的本身就带Tag的,还是从port 2, 3, 4进来的后来被打上Tag的,都需要学习。

sudo ovs-ofctl add-flow helloworld "table=2 actions=learn(table=10, NXM_OF_VLAN_TCI[0..11], NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[], load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]), resubmit(,3)"

这一句比较难理解。

learn表示这是一个学习的action

table 10,这是一个MAC learning table,学习的结果会放在这个table中。

NXM_OF_VLAN_TCI这个是VLAN Tag,在MAC Learning table中,每一个entry都是仅仅对某一个VLAN来说的,不同VLAN的learning table是分开的。在学习的结果的entry中,会标出这个entry是对于哪个VLAN的。

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。这是因为每个switch都是通过Ingress包来学习,某个MAC从某个 port进来,switch就应该记住以后发往这个MAC的包要从这个port出去,因而MAC source address就被放在了Mac destination address里面,因为这是为发送用的。

NXM_OF_IN_PORT[]->NXM_NX_REG0将portf放入register.

一般对于学习的entry还需要有hard_timeout,这是的每个学习结果都会expire,需要重新学习。

我们再来分析一个实践中,openstack中使用openvswitch的情况,这是br-tun上的规则。

cookie=0x0, duration=802188.071s, table=10, n_packets=4885, n_bytes=347789, idle_age=730, hard_age=65534, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
cookie=0x0, duration=802187.786s, table=20,
n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0
actions=resubmit(,21)

cookie=0x0, duration=802038.514s, table=20,
n_packets=1239, n_bytes=83620, idle_age=735, hard_age=65534,
priority=2,dl_vlan=1,dl_dst=fa:16:3e:7e:ab:cc
actions=strip_vlan,set_tunnel:0x3e9,output:2

cookie=0x0, duration=802187.653s, table=21, n_packets=17, n_bytes=1426, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=802055.878s, table=21, n_packets=40,
n_bytes=1736, idle_age=65534, hard_age=65534, dl_vlan=1
actions=strip_vlan,set_tunnel:0x3e9,output:2

这里table 10是用来学习的。table 20是learning table。如果table 20是空的,也即还没有学到什么,则会通过priority=0的规则resubmit到table 21.

table 21是发送规则,将br-int上的vlan tag消除,然后打上gre tunnel的id。

上面的情况中,table 20不是空的,也即发送给dl_dst=fa:16:3e:7e:ab:cc的包不用走默认规则,直接通过table 20就发送出去了。

table 20的规则是通过table 10学习得到的,table 10是一个接受规则。最终output 1,发送给了br-int

NXM_OF_VLAN_TCI[0..11]是记录vlan tag,所以学习结果中有dl_vlan=1

NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]是将mac source address记录,所以结果中有dl_dst=fa:16:3e:7e:ab:cc

load:0->NXM_OF_VLAN_TCI[]意思是发送出去的时候,vlan tag设为0,所以结果中有actions=strip_vlan

load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[]意思是发出去的时候,设置tunnul id,所以结果中有set_tunnel:0x3e9

output:NXM_OF_IN_PORT[]意思是发送给哪个port,由于是从port2进来的,因而结果中有output:2

测试一:从port 1来一个vlan为20的mac为50:00:00:00:00:01的包

$ sudo ovs-appctl ofproto/trace helloworld in_port=1,vlan_tci=20,dl_src=50:00:00:00:00:01 -generate  
Flow: metadata=0,in_port=1,vlan_tci=0x0014,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Rule: table=0 cookie=0 priority=0

OpenFlow actions=resubmit(,1)

Resubmitted flow: unchanged

        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=1 cookie=0 priority=99,in_port=1

OpenFlow actions=resubmit(,2)

Resubmitted flow: unchanged

                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=2 cookie=0

OpenFlow
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

Resubmitted flow: unchanged

                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

No match

Final flow: unchanged

Relevant fields:
skb_priority=0,in_port=1,vlan_tci=0x0014/0x0fff,dl_src=50:00:00:00:00:01,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no

Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld

NXST_FLOW reply (xid=0x4):

cookie=0x0, duration=90537.25s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)

cookie=0x0, duration=90727.209s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop

cookie=0x0, duration=90662.724s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000
actions=mod_vlan_vid:20,resubmit(,2)

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86147.941s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86278.986s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=1
actions=resubmit(,2)

cookie=0x0, duration=86357.407s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=83587.281s, table=2, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

cookie=0x0, duration=31.258s, table=10, n_packets=0,
n_bytes=0, idle_age=31, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01
actions=load:0x1->NXM_NX_REG0[0..15]

table 10多了一条,vlan为20,dl_dst为50:00:00:00:00:01,发送的时候从port 1出去。

测试二:从port 2进来,被打上了vlan 20,mac为50:00:00:00:00:02

$ sudo ovs-appctl ofproto/trace helloworld in_port=2,dl_src=50:00:00:00:00:02 -generate  
Flow: metadata=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Rule: table=0 cookie=0 priority=0

OpenFlow actions=resubmit(,1)

Resubmitted flow: unchanged

        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=1 cookie=0 priority=99,in_port=2,vlan_tci=0x0000

OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

Resubmitted flow:
metadata=0,in_port=2,dl_vlan=20,dl_vlan_pcp=0,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00,dl_type=0x0000

Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

Rule: table=2 cookie=0

OpenFlow
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

Resubmitted flow: unchanged

                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0

Resubmitted  odp: drop

No match

Final flow: unchanged

Relevant fields:
skb_priority=0,in_port=2,vlan_tci=0x0000,dl_src=50:00:00:00:00:02,dl_dst=00:00:00:00:00:00/ff:ff:ff:ff:ff:f0,dl_type=0x0000,nw_frag=no

Datapath actions: drop

$ sudo ovs-ofctl dump-flows helloworld                                                
NXST_FLOW reply (xid=0x4):

cookie=0x0, duration=90823.14s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=resubmit(,1)

cookie=0x0, duration=91013.099s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop

cookie=0x0, duration=90948.614s, table=0, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=2,vlan_tci=0x0000
actions=mod_vlan_vid:20,resubmit(,2)

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=4,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86433.831s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=3,vlan_tci=0x0000
actions=mod_vlan_vid:30,resubmit(,2)

cookie=0x0, duration=86564.876s, table=1, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534, priority=99,in_port=1
actions=resubmit(,2)

cookie=0x0, duration=86643.297s, table=1, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop

cookie=0x0, duration=83873.171s, table=2, n_packets=0, n_bytes=0,
idle_age=65534, hard_age=65534,
actions=learn(table=10,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15]),resubmit(,3)

cookie=0x0, duration=4.472s, table=10, n_packets=0,
n_bytes=0, idle_age=4, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:02
actions=load:0x2->NXM_NX_REG0[0..15]

cookie=0x0, duration=317.148s, table=10, n_packets=0, n_bytes=0,
idle_age=317, vlan_tci=0x0014/0x0fff,dl_dst=50:00:00:00:00:01
actions=load:0x1->NXM_NX_REG0[0..15]

摘录自http://www.cnblogs.com/popsuper1982/p/3800535.html

openvswitch——mac和vlan learning for ingress port的更多相关文章

  1. Openvswitch手册(5): VLAN and Bonding

    我们这一节来看Port 一般来说一个Port就是一个Interface,当然也有一个Port对应多个Interface的情况,成为Bond VLAN Configuration Port的一个重要的方 ...

  2. OpenvSwitch系列之六 vlan隔离

    局域网游戏代表:红色警戒 Open vSwitch系列之一 Open vSwitch诞生 Open vSwitch系列之二 安装指定版本ovs Open vSwitch系列之三 ovs-vsctl命令 ...

  3. Openvswtich 学习笔记

    场景: 创建一个Virtual Switch,支持VLAN,支持MAC-Learning 包含下面四个Port: P1, truck port P2, VLAN 20 P3, P4 VLAN 30 包 ...

  4. OpenFlow Switch学习笔记(三)——Flow Tables

    这次我们主要讨论下OpenFlow Switch的核心组件之一——Flow Tables,以了解其内部的 matching 以及 action handling 机制.下文将会分为几个部分来逐步详述O ...

  5. Openvswitch手册(1): 架构,SSL, Manager, Bridge

    Openvswitch是一个virutal swtich, 支持Open Flow协议,当然也有一些硬件Switch也支持Open Flow协议,他们都可以被统一的Controller管理,从而实现物 ...

  6. OpenvSwitch/OpenFlow 架构解析与实践案例

    目录 文章目录 目录 前言 软件定义网络(SDN) 虚拟交换机(vSwitch) 为什么说云计算时代的 SDN 非常重要 OpenFlow 简介 Open vSwitch Open vSwitch 的 ...

  7. Neutron 理解 (2): 使用 Open vSwitch + VLAN 组网 [Netruon Open vSwitch + VLAN Virutal Network]

    学习 Neutron 系列文章: (1)Neutron 所实现的虚拟化网络 (2)Neutron OpenvSwitch + VLAN 虚拟网络 (3)Neutron OpenvSwitch + GR ...

  8. 802.1Q VLAN技术原理

    文章出处:http://hi.baidu.com/x278384/item/d56b0edfd4f56a4eddf9be79 在数据通信和宽带接入设备里,只要涉及到二层技术的,就会遇到VLAN.而且, ...

  9. VLAN模式

    一 二层基础知识 1.1 vlan介绍 本小节重点: vlan的含义 vlan的类型 交换机端口类型 vlan的不足 1.1.1:vlan的含义 局域网LAN的发展是VLAN产生的基础,因而先介绍一下 ...

随机推荐

  1. jdk、jre、jvm的关系

    JDK里面的工具也是用JAVA编写的,它们本身运行的时候也需要一套JRE,如C:\Program Files\Java\jdk1.5.x\目录下的JRE.而C:\Program Files\Java\ ...

  2. js中Array自定义contains, indexOf, delete方法.

    Array.prototype.contains = function (elem) { for (var i = 0; i < this.length; i++) { if (this[i] ...

  3. 使用NuGet时的一个乌龙

    问题描述 最近自己做的一个项目,计划开始使用NuGet来管理dll,但是遇到一个奇怪,但是结果证明是个乌龙的问题. 新建一个WebApi项目,使用NuGet管理第三方dll,其中有引用Newtonso ...

  4. Shell脚本:使用rsync备份文件/目录

    本文我们介绍一个shell脚本,用来使用rsync命令将你本地Linux机器上的文件/目录备份到远程Linux服务器上.使用该脚本会以交互的方式实施备份,你需要提供远程备份服务器的主机名/ip地址和文 ...

  5. if语句使用

    package yuan; public class Yuan { public static void main(String[] args) { int a = 1; int b = 8; int ...

  6. NSString length的坑。

    说坑,可能过头了,是我理所当然的把OC看作C了, char* cstr = "zh中文12"; NSString* s = [NSString stringWithUTF8Stri ...

  7. 去除Sql Server中回车换行符

    这里使用了,sql 函数.replace(string_expression , string_pattern , string_replacement), 第一个参数:要查找的字段. 第二个参数:要 ...

  8. Android打开新的Activity并同时关闭当前Activity

    Intent it = new Intent(); it.setClass(EditActivity.this, MainActivity.class); it.setFlags(Intent.FLA ...

  9. 本节向大家介绍一下UML建模误区

    本节向大家介绍一下UML建模误区,这里向大家介绍九个误区,希望通过本节的学习,你对UML建模有清晰的认识,以免在以后使用过程中产生不必要的麻烦.下面让我们一起来看一下这些建模误区吧. UML建模误区 ...

  10. Repeater控件的分页效果

    <webdiyer:AspNetPager ID="AspNetPager1" runat="server" HorizontalAlign=" ...