Open vswitch (mini how-to) — различия между версиями
Moiseevvi (обсуждение | вклад) |
Moiseevvi (обсуждение | вклад) (→DNS query sniff) |
||
(не показаны 2 промежуточные версии этого же участника) | |||
Строка 53: | Строка 53: | ||
cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3 | cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3 | ||
</code> | </code> | ||
+ | |||
+ | |||
+ | http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/ | ||
+ | |||
+ | ==VLAN rewrite== | ||
+ | OVS cannot output packet on port it was received from. | ||
+ | |||
+ | port 12 - Trunk | ||
+ | |||
+ | port 15 - Trunk | ||
+ | |||
+ | VLAN rewrite 185<>568 (port 12<>15) | ||
+ | |||
+ | <code> | ||
+ | |||
+ | system@br1: | ||
+ | lookups: hit:215846 missed:19069 lost:0 | ||
+ | flows: 2 | ||
+ | port 0: br1 (internal) | ||
+ | port 12: eth1 | ||
+ | port 15: eth2 | ||
+ | |||
+ | in_port(15),eth(src=00:50:56:bf:5b:26,dst=00:50:56:bf:07:c3),eth_type(0x8100),vlan(vid=568,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.102,dst=10.15.1.103,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=185,pcp=0),12 | ||
+ | in_port(12),eth(src=00:50:56:bf:07:c3,dst=00:50:56:bf:5b:26),eth_type(0x8100),vlan(vid=185,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.103,dst=10.15.1.102,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=568,pcp=0),15 | ||
+ | |||
+ | NXST_FLOW reply (xid=0x4): | ||
+ | cookie=0x0, duration=530.644s, table=0, n_packets=724, n_bytes=70122, in_port=12,dl_vlan=185 actions=mod_vlan_vid:568,output:15 | ||
+ | cookie=0x0, duration=516.862s, table=0, n_packets=710, n_bytes=69282, in_port=15,dl_vlan=568 actions=mod_vlan_vid:185,output:12 | ||
+ | |||
+ | </code> | ||
+ | |||
+ | == DNS query sniff == | ||
+ | <code> | ||
+ | NXST_FLOW reply (xid=0x4): | ||
+ | cookie=0x0, duration=87513.213s, table=0, n_packets=4930284, n_bytes=326457512, priority=50,in_port=15,dl_vlan=1505 actions=mod_vlan_vid:1511,output:12 | ||
+ | cookie=0x0, duration=88136.931s, table=0, n_packets=6278117, n_bytes=62790046791, priority=50,in_port=12,dl_vlan=1511 actions=resubmit(,1) | ||
+ | cookie=0x0, duration=88140.614s, table=0, n_packets=120103252, n_bytes=174971831213, priority=0 actions=drop | ||
+ | cookie=0x0, duration=83060.663s, table=1, n_packets=169, n_bytes=12845, priority=70,udp,tp_dst=53 actions=resubmit(,2),resubmit(,7) | ||
+ | cookie=0x0, duration=84301.393s, table=1, n_packets=651, n_bytes=41564, priority=50,arp actions=resubmit(,2) | ||
+ | cookie=0x0, duration=84294.502s, table=1, n_packets=342161, n_bytes=6033408212, priority=50,ip actions=resubmit(,2) | ||
+ | cookie=0x0, duration=87922.723s, table=2, n_packets=3175420, n_bytes=62586207144, priority=50 actions=mod_vlan_vid:1505,resubmit(,3) | ||
+ | cookie=0x0, duration=87891.889s, table=3, n_packets=8781056, n_bytes=63023000641, priority=50 actions=output:15 | ||
+ | cookie=0x0, duration=83077.373s, table=7, n_packets=169, n_bytes=12845, priority=50 actions=mod_vlan_vid:1512,resubmit(,3) | ||
+ | |||
+ | </code> | ||
+ | |||
+ | in_port | ||
+ | Outputs the packet on the port from which it was received. | ||
+ | |||
[[категория:Лекции]] | [[категория:Лекции]] | ||
[[Категория:Сети]] | [[Категория:Сети]] | ||
[[Category:SDN]] | [[Category:SDN]] |
Текущая версия на 11:54, 8 декабря 2014
OVS на ubuntu 12.04
В системе присутствует два сетевых адаптера eth1 и eth2.
sudo ovs-vsctl add-br br1
sudo ovs-vsctl add-port br1 eth1
sudo ovs-vsctl add-port br1 eth2
OVS начнет бриджевать трафик между двумя портами.
Посмтореть data plane записи позволяет такая утилита
sudo ovs-dpctl dump-flows br1
269 sudo ovs-ofctl add-flow br1 "arp actions=NORMAL"
270 sudo ovs-ofctl add-flow br1 "ip actions=NORMAL"
274 sudo ovs-ofctl dump-flows br1
282 sudo ovs-ofctl del-flows br1 "ip"
283 sudo ovs-ofctl dump-flows br1
284 sudo ovs-ofctl add-flow br1 "ip tcp tp_src=22 action=normal"
285 sudo ovs-ofctl add-flow br1 "ip tcp tp_dst=22 action=normal"
293 sudo ovs-ofctl add-flow br1 "icmp action=normal"
sudo ovs-ofctl show br1
OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000005056bf0e5e
n_tables:255, n_buffers:256
features: capabilities:0xc7, actions:0xfff
3(eth1): addr:00:50:56:bf:0e:5e
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
4(eth2): addr:00:50:56:bf:46:86
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
LOCAL(br1): addr:00:50:56:bf:0e:5e
config: PORT_DOWN
state: LINK_DOWN
OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0
sudo ovs-ofctl del-flows br1
sudo ovs-ofctl add-flow br1 "in_port=3 action=output:4"
sudo ovs-ofctl add-flow br1 "in_port=4 action=output:3"
sudo ovs-ofctl dump-flows br1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=23.098s, table=0, n_packets=14, n_bytes=1296, in_port=3 actions=output:4
cookie=0x0, duration=12.887s, table=0, n_packets=14, n_bytes=1296, in_port=4 actions=output:3
http://blog.scottlowe.org/2012/10/04/some-insight-into-open-vswitch-configuration/
VLAN rewrite
OVS cannot output packet on port it was received from.
port 12 - Trunk
port 15 - Trunk
VLAN rewrite 185<>568 (port 12<>15)
system@br1:
lookups: hit:215846 missed:19069 lost:0
flows: 2
port 0: br1 (internal)
port 12: eth1
port 15: eth2
in_port(15),eth(src=00:50:56:bf:5b:26,dst=00:50:56:bf:07:c3),eth_type(0x8100),vlan(vid=568,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.102,dst=10.15.1.103,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=185,pcp=0),12
in_port(12),eth(src=00:50:56:bf:07:c3,dst=00:50:56:bf:5b:26),eth_type(0x8100),vlan(vid=185,pcp=0),encap(eth_type(0x0800),ipv4(src=10.15.1.103,dst=10.15.1.102,proto=1,tos=0,ttl=64,frag=no),icmp(type=0,code=0)), packets:516, bytes:50568, used:0.056s, actions:pop_vlan,push_vlan(vid=568,pcp=0),15
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=530.644s, table=0, n_packets=724, n_bytes=70122, in_port=12,dl_vlan=185 actions=mod_vlan_vid:568,output:15
cookie=0x0, duration=516.862s, table=0, n_packets=710, n_bytes=69282, in_port=15,dl_vlan=568 actions=mod_vlan_vid:185,output:12
DNS query sniff
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=87513.213s, table=0, n_packets=4930284, n_bytes=326457512, priority=50,in_port=15,dl_vlan=1505 actions=mod_vlan_vid:1511,output:12
cookie=0x0, duration=88136.931s, table=0, n_packets=6278117, n_bytes=62790046791, priority=50,in_port=12,dl_vlan=1511 actions=resubmit(,1)
cookie=0x0, duration=88140.614s, table=0, n_packets=120103252, n_bytes=174971831213, priority=0 actions=drop
cookie=0x0, duration=83060.663s, table=1, n_packets=169, n_bytes=12845, priority=70,udp,tp_dst=53 actions=resubmit(,2),resubmit(,7)
cookie=0x0, duration=84301.393s, table=1, n_packets=651, n_bytes=41564, priority=50,arp actions=resubmit(,2)
cookie=0x0, duration=84294.502s, table=1, n_packets=342161, n_bytes=6033408212, priority=50,ip actions=resubmit(,2)
cookie=0x0, duration=87922.723s, table=2, n_packets=3175420, n_bytes=62586207144, priority=50 actions=mod_vlan_vid:1505,resubmit(,3)
cookie=0x0, duration=87891.889s, table=3, n_packets=8781056, n_bytes=63023000641, priority=50 actions=output:15
cookie=0x0, duration=83077.373s, table=7, n_packets=169, n_bytes=12845, priority=50 actions=mod_vlan_vid:1512,resubmit(,3)
in_port Outputs the packet on the port from which it was received.