ovs-ofctl dump-flows br-int
查看ovs的流表处理。
sudo ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x9c869d9a8de98c57, duration=147238.155s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=10,icmp6,in_port=7,icmp_type=136 actions=resubmit(,24)
cookie=0x9c869d9a8de98c57, duration=147238.133s, table=0, n_packets=50, n_bytes=2100, idle_age=901, hard_age=65534, priority=10,arp,in_port=7 actions=resubmit(,24)
cookie=0x9c869d9a8de98c57, duration=148750.891s, table=0, n_packets=669828, n_bytes=119643190, idle_age=0, hard_age=65534, priority=3,in_port=1,vlan_tci=0x0000 actions=mod_vlan_vid:2,NORMAL
cookie=0x9c869d9a8de98c57, duration=148781.700s, table=0, n_packets=85, n_bytes=15357, idle_age=65534, hard_age=65534, priority=2,in_port=1 actions=drop
cookie=0x9c869d9a8de98c57, duration=148781.895s, table=0, n_packets=7722, n_bytes=852318, idle_age=40, hard_age=65534, priority=0 actions=NORMAL
cookie=0x9c869d9a8de98c57, duration=148781.885s, table=23, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
cookie=0x9c869d9a8de98c57, duration=147238.180s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=2,icmp6,in_port=7,icmp_type=136,nd_target=fd61:19a:66c8:0:f816:3eff:fefa:477a actions=NORMAL
cookie=0x9c869d9a8de98c57, duration=147238.167s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=2,icmp6,in_port=7,icmp_type=136,nd_target=fe80::f816:3eff:fefa:477a actions=NORMAL
cookie=0x9c869d9a8de98c57, duration=147238.143s, table=24, n_packets=50, n_bytes=2100, idle_age=901, hard_age=65534, priority=2,arp,in_port=7,arp_spa=10.0.0.3 actions=NORMAL
cookie=0x9c869d9a8de98c57, duration=148781.875s, table=24, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
以vm发出arp报文为例:arp报文从br-int的7号口(qvod6acfbb9-49)进入,先查table=0的,然后查priority高的,然后再找匹配规则,于是找到了 cookie=0x9c869d9a8de98c57, duration=147238.133s, table=0, n_packets=50, n_bytes=2100, idle_age=901, hard_age=65534, priority=10,arp,in_port=7 actions=resubmit(,24)
,执行的动作是转到table=24中处理,进而找到 cookie=0x9c869d9a8de98c57, duration=147238.143s, table=24, n_packets=50, n_bytes=2100, idle_age=901, hard_age=65534, priority=2,arp,in_port=7,arp_spa=10.0.0.3 actions=NORMAL
可以看出,flow entry遇到从7口进入的arp,并且arp来源(arp_spa)是10.0.0.3的,就放行。
再以vm发出icmp报文为例:icmp报文从br-int的7号口(qvod6acfbb9-49)进入,先查table=0的,然后查priority高的,然后再找匹配规则,于是找到了 cookie=0x9c869d9a8de98c57, duration=148781.895s, table=0, n_packets=7722, n_bytes=852318, idle_age=40, hard_age=65534, priority=0 actions=NORMAL
,于是放行,然后报文根据mac地址,转发给了4号口,进而发到了router的10.0.0.1的qr-79cbf0f1-a2插口。
ip netns exec qrouter-f157f1eb-d257-4637-b3ae-79febebbf102 ip addr
查看router namespace中有哪些if
sudo ip netns exec qrouter-f157f1eb-d257-4637-b3ae-79febebbf102 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
37: qr-79cbf0f1-a2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:0e:c4:6d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-79cbf0f1-a2
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe0e:c46d/64 scope link
valid_lft forever preferred_lft forever
38: qg-6b71d14f-27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:ef:bb:b2 brd ff:ff:ff:ff:ff:ff
inet 172.17.140.201/24 brd 172.17.140.255 scope global qg-6b71d14f-27
valid_lft forever preferred_lft forever
inet6 2001:db8::3/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:feef:bbb2/64 scope link
valid_lft forever preferred_lft forever
sudo ip netns exec qrouter-f157f1eb-d257-4637-b3ae-79febebbf102 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.140.90 0.0.0.0 UG 0 0 0 qg-6b71d14f-27
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-79cbf0f1-a2
172.17.140.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-6b71d14f-27
sudo ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000005056b4c237
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth0): addr:00:50:56:b4:c2:37
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
2(phy-br-ex): addr:c2:85:db:67:32:20
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ex): addr:00:50:56:b4:c2:37
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
sudo ovs-ofctl dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=151116.933s, table=0, n_packets=4105, n_bytes=339647, idle_age=41, hard_age=65534, priority=4,in_port=2,dl_vlan=2 actions=strip_vlan,NORMAL
cookie=0x0, duration=151147.726s, table=0, n_packets=3381, n_bytes=484696, idle_age=3267, hard_age=65534, priority=2,in_port=2 actions=drop
cookie=0x0, duration=151147.820s, table=0, n_packets=1301567, n_bytes=484025430, idle_age=0, hard_age=65534, priority=0 actions=NORMAL