ovs 流表机制(一)

ip netns add ns1
ip netns add ns2
ip link add tap0 type veth peer name tap0_br
ip link add tap3 type veth peer name tap3_br
ip link set tap0 netns ns1
ip link set tap3 netns ns2
ovs-vsctl add-br vswitch0
# 启动tap0和tap3、lo及它们的对端
ip netns exec ns1 ip link set tap0 up
ip netns exec ns1 ip link set lo up
ip netns exec ns2 ip link set lo up
ip netns exec ns2 ip link set tap3 up
ip link set tap0_br up
ip link set tap3_br up

# 设置tap0和tap3的ip地址
ip netns exec ns1 ip addr add 192.168.1.100 dev tap0
ip netns exec ns2 ip addr add 192.168.1.200 dev tap3

# 添加路由
ip netns exec ns1 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap0
ip netns exec ns2 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap3

ovs-vsctl add-port vswitch0 tap0_br
ovs-vsctl add-port vswitch0 tap3_br

rtt min/avg/max/mdev = 0.024/0.779/1.534/0.755 ms
[root@kunpeng82 devuser]# ovs-vsctl list interface tap0_br | grep "ofport "
ofport              : 1
[root@kunpeng82 devuser]# ovs-vsctl list interface tap3_br | grep "ofport "
ofport              : 2
[root@kunpeng82 devuser]# ovs-vsctl get Interface tap0_br ofport1[root@kunpeng82 devuser]# ovs-vsctl get Interface tap3_br  ofport2
查看vswitch0的flow
[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
 cookie=0x0, duration=1256.469s, table=0, n_packets=9, n_bytes=630, priority=0 actions=NORMAL

[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
 cookie=0x0, duration=3554.662s, table=0, n_packets=32, n_bytes=2352, priority=0 actions=NORMAL[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.322 ms64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.035 ms^C--- 192.168.1.200 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1008msrtt min/avg/max/mdev = 0.035/0.178/0.322/0.144 ms删除flow
[root@kunpeng82 devuser]# ovs-ofctl del-flows vswitch0无法ping通了
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1068ms添加如下两条flow,又可以ping通了[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=1,in_port=1,actions=output:2"[root@kunpeng82 devuser]#  ovs-ofctl add-flow vswitch0 "priority=1,in_port=2,actions=output:1"[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.310 ms64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.031 ms^C--- 192.168.1.200 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1038msrtt min/avg/max/mdev = 0.031/0.170/0.310/0.140 ms

[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
 cookie=0x0, duration=165.599s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap0_br" actions=output:"tap3_br"
 cookie=0x0, duration=159.352s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap3_br" actions=output:"tap0_br"再添加一条更高优先级的flow，把从tap0_br收到的数据包drop

[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=3,in_port=1,actions=drop"
又不可以ping通了
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.^C--- 192.168.1.200 ping statistics ---3 packets transmitted, 0 received, 100% packet loss, time 2108ms

查看datapath[root@kunpeng82 devuser]# ovs-dpctl show
2020-04-03T02:40:23Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
system@ovs-system:
  lookups: hit:3 missed:9 lost:0
  flows: 0
  masks: hit:13 total:0 hit/pkt:1.08
  port 0: ovs-system (internal)
  port 1: vswitch0 (internal)
  port 2: tap0_br
  port 3: tap3_br

查看mac地址[root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0
 port  VLAN  MAC                Age
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.372 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.032 ms
64 bytes from 192.168.1.200: icmp_seq=3 ttl=64 time=0.018 ms
64 bytes from 192.168.1.200: icmp_seq=4 ttl=64 time=0.018 ms
^C
--- 192.168.1.200 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3158ms
rtt min/avg/max/mdev = 0.018/0.110/0.372/0.151 ms
[root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0
 port  VLAN  MAC                Age
    2     0  8a:6a:5f:bb:b0:9a    0
    1     0  ca:03:87:45:02:90    0
[root@kunpeng82 devuser]# ip netns exec ns1 ip a | grep ca:03:87:45:02:90 -B 2       valid_lft forever preferred_lft forever7: tap0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether ca:03:87:45:02:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0[root@kunpeng82 devuser]# ip netns exec ns2  ip a | grep 8a:6a:5f:bb:b0:9a -B 2       valid_lft forever preferred_lft forever9: tap3@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000    link/ether 8a:6a:5f:bb:b0:9a brd ff:ff:ff:ff:ff:ff link-netnsid 0

学习地址：Dpdk/网络协议栈/vpp/OvS/DDos/NFV/虚拟化/高性能专家（免费订阅，永久学习）

【文章福利】需要更多DPDK/SPDK学习资料加群793599096（资料包括C/C++，Linux，golang技术，内核，Nginx，ZeroMQ，MySQL，Redis，fastdfs，MongoDB，ZK，CDN，P2P，K8S，Docker，TCP/IP，协程，DPDK，大厂面试题 等）可以自行添加学习交流群点击这里噢~

[root@kunpeng82 devuser]# ovs-ofctl show vswitch0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00000613a93fae46
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(tap0_br): addr:72:69:5a:e8:0c:9f
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 2(tap3_br): addr:52:85:e1:a0:f2:69
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(vswitch0): addr:06:13:a9:3f:ae:46
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@kunpeng82 devuser]# ovs-ofctl dump-ports-desc vswitch0OFPST_PORT_DESC reply (xid=0x2): 1(tap0_br): addr:72:69:5a:e8:0c:9f     config:     0     state:      0     current:    10GB-FD COPPER     speed: 10000 Mbps now, 0 Mbps max 2(tap3_br): addr:52:85:e1:a0:f2:69     config:     0     state:      0     current:    10GB-FD COPPER     speed: 10000 Mbps now, 0 Mbps max LOCAL(vswitch0): addr:06:13:a9:3f:ae:46     config:     PORT_DOWN     state:      LINK_DOWN     speed: 0 Mbps now, 0 Mbps max
查看所有table
[root@kunpeng82 devuser]# ovs-ofctl dump-tables vswitch0
OFPST_TABLE reply (xid=0x2):
  table 0:
    active=1, lookup=24, matched=24
    max_entries=1000000
    matching:
      in_port: exact match or wildcard
      eth_src: exact match or wildcard
      eth_dst: exact match or wildcard
      eth_type: exact match or wildcard
      vlan_vid: exact match or wildcard
      vlan_pcp: exact match or wildcard
      ip_src: exact match or wildcard
      ip_dst: exact match or wildcard
      nw_proto: exact match or wildcard
      nw_tos: exact match or wildcard
      tcp_src: exact match or wildcard
      tcp_dst: exact match or wildcard

  table 1:
    active=0, lookup=0, matched=0
    (same features)

  tables 2...253: ditto

转自：https://www.cnblogs.com/dream397/p/12625387.html