OVS learn学习
作者:互联网
OVS Learn流表学习
交换机可以进行数据高效转发得益于mac地址表,每当有数据包经过交换机都会有个学习的过程,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息,交换机会记下数据包源mac地址,从交换机哪个口进入,所属vlan,维护了一个表格port –> MAC –> VLAN Tag,当然也会有老化时间,以备设备更新或下线
这样以后如果有需要发给这个MAC的包,不用ARP,交换机知道应该发给哪个port,应该打什么VLAN Tag。
OVS中的learn功能也是这个原理,当收到数据包后都会匹配learn去学习数据包的源mac地址和进入的端口
# 当从编号1口收到数据包,跳转到table1去分析这个包把源mac记录下来
ovs-ofctl add-flow br-int 'table=0,in_port=1 actions=goto_table:1'
# 已知源mac的数据包经过ovs时要学习源mac地址
ovs-ofctl add-flow br-int 'table=1,priority=100,dl_src=xx:xx:xx:xx:xx:xx actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],OXM_OF_METADATA[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,3)'
# 对于未知单播帧(优先级低)首先到table2中查找learn table entry,如果找不到则到table3
ovs-ofctl add-flow br-int 'table=1, actions=resubmit(,2),resubmit(,3)
-
learn表示这是一个学习的action
-
table 2是一个MAC learning table,学习的结果会放在这个table中。
-
hard_timeout:这是的每个学习结果都会expire,需要重新学习。
-
NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[]这个的意思是当前包里面的MAC Source Address会被放在学习结果的entry里面的dl_dst里面。
因为每个交换机都是通过Ingress包来学习,某个MAC从某个port进来,交换机就会记住以后发往这个MAC的包要从这个port出去,
因而MAC source address就被放在了Mac destination address里面 -
load:NXM_NX_REG1[]->NXM_NX_REG2[]:将入接口编号放入出接口编号
-
load:0x1->NXM_NX_REG0[31]:单播标记,learn的流表table2不可以跳转,只能打标记,到table3可以区分
搭建环境验证可行性:
1、原理分析
ns1 -> ns2: table0 -> table1 -> table4 说明:在table1中ovs learn会记录下ns1的mac地址和接口生成table2流表
ns2 -> ns1: table0 -> table1 -> table2 -> table3 说明:在table2中学习到ns1的mac和出接口记录在reg2中,然后从table3转发给ns1
2、创建ns模拟虚拟机
ip netns add ns1
ip l a veth0 type veth peer name ovs-veth0
ip l s veth0 netns ns1
ovs-vsctl add-br br-int
ovs-vsctl add-port br-int ovs-veth0
ip l s ovs-veth0 up
ip netns exec ns1 ip add a 10.0.0.1/24 dev veth0
ip netns exec ns1 ip l s veth0 up
ip netns exec ns1 ifconfig veth0 hw ether fe:fe:fe:fe:fe:aa
ip netns exec ns1 arp -s 10.0.0.2 fe:fe:fe:fe:fe:bb
ip netns add ns2
ip l a veth0 type veth peer name ovs-veth1
ip l s veth0 netns ns2
ovs-vsctl add-port br-int ovs-veth1
ip l s ovs-veth1 up
ip netns exec ns2 ip add a 10.0.0.2/24 dev veth0
ip netns exec ns2 ip l s veth0 up
ip netns exec ns2 ifconfig veth0 hw ether fe:fe:fe:fe:fe:bb
ip netns exec ns2 arp -s 10.0.0.1 fe:fe:fe:fe:fe:aa
3、下发流表学习mac地址
ovs-ofctl add-flow br-int 'table=0,in_port=1 actions=load:0x1->NXM_NX_REG1[],goto_table:1'
ovs-ofctl add-flow br-int 'table=0,in_port=2 actions=load:0x2->NXM_NX_REG1[],goto_table:1'
ovs-ofctl add-flow br-int 'table=1,priority=100,dl_src=fe:fe:fe:fe:fe:aa actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,4)'
ovs-ofctl add-flow br-int 'table=1,priority=100 actions=resubmit(,2),resubmit(,3)'
ovs-ofctl add-flow br-int 'table=3,priority=100 actions=output:NXM_NX_REG2[]'
ovs-ofctl add-flow br-int 'table=3,priority=10 actions=drop'
ovs-ofctl add-flow br-int 'table=4,priority=100 actions=output:2'
4、连通性验证
# ip netns exec ns1 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.542 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.064 ms
5、在ns2抓包结果
# ip netns exec ns2 tcpdump -i veth0 -nn -vv -e
tcpdump: listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:11:38.572847 fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 55186, offset 0, flags [DF], proto ICMP (1), length 84)
10.0.0.1 > 10.0.0.2: ICMP echo request, id 19457, seq 1, length 64
19:11:38.572899 fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 31625, offset 0, flags [none], proto ICMP (1), length 84)
10.0.0.2 > 10.0.0.1: ICMP echo reply, id 19457, seq 1, length 64
6、流表匹配
ovs-ofctl dump-flows br-int
cookie=0x0, duration=102.846s, table=0, n_packets=3, n_bytes=294, in_port="ovs-veth0" actions=load:0x1->NXM_NX_REG1[],resubmit(,1)
cookie=0x0, duration=102.841s, table=0, n_packets=3, n_bytes=294, in_port="ovs-veth1" actions=load:0x2->NXM_NX_REG1[],resubmit(,1)
cookie=0x0, duration=134.827s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
cookie=0x0, duration=102.835s, table=1, n_packets=3, n_bytes=294, priority=100,dl_src=fe:fe:fe:fe:fe:aa actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1010000000001,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,4)
cookie=0x0, duration=68s, table=1, n_packets=3, n_bytes=294, priority=100 actions=resubmit(,2),resubmit(,3)
cookie=0x1, duration=15.764s, table=2, n_packets=3, n_bytes=294, hard_timeout=30, priority=100,dl_dst=fe:fe:fe:fe:fe:aa actions=load:0x1->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]
cookie=0x0, duration=67.996s, table=3, n_packets=3, n_bytes=294, priority=100 actions=output:NXM_NX_REG2[]
cookie=0x0, duration=67.992s, table=3, n_packets=0, n_bytes=0, priority=10 actions=drop
cookie=0x0, duration=67.124s, table=4, n_packets=3, n_bytes=294, priority=100 actions=output:"ovs-veth1"
7、结论
可以看到新生成的table2流表,抓包发现符合预期
标签:OVS,ovs,ip,学习,fe,learn,NXM,table,NX 来源: https://blog.csdn.net/ambzheng/article/details/122650072