其他分享
首页 > 其他分享> > OVS learn学习

OVS learn学习

作者:互联网

OVS Learn流表学习

交换机可以进行数据高效转发得益于mac地址表,每当有数据包经过交换机都会有个学习的过程,由于包里面有MAC,VLAN Tag,以及从哪个口进来的这个信息,交换机会记下数据包源mac地址,从交换机哪个口进入,所属vlan,维护了一个表格port –> MAC –> VLAN Tag,当然也会有老化时间,以备设备更新或下线
这样以后如果有需要发给这个MAC的包,不用ARP,交换机知道应该发给哪个port,应该打什么VLAN Tag。

OVS中的learn功能也是这个原理,当收到数据包后都会匹配learn去学习数据包的源mac地址和进入的端口

# 当从编号1口收到数据包,跳转到table1去分析这个包把源mac记录下来
 ovs-ofctl add-flow br-int 'table=0,in_port=1 actions=goto_table:1'
 
# 已知源mac的数据包经过ovs时要学习源mac地址
 ovs-ofctl add-flow br-int 'table=1,priority=100,dl_src=xx:xx:xx:xx:xx:xx actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],OXM_OF_METADATA[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,3)'
 
# 对于未知单播帧(优先级低)首先到table2中查找learn table entry,如果找不到则到table3
ovs-ofctl add-flow br-int 'table=1, actions=resubmit(,2),resubmit(,3)
搭建环境验证可行性:

在这里插入图片描述

1、原理分析
ns1 -> ns2: table0 -> table1 -> table4 说明:在table1中ovs learn会记录下ns1的mac地址和接口生成table2流表
ns2 -> ns1: table0 -> table1 -> table2 -> table3 说明:在table2中学习到ns1的mac和出接口记录在reg2中,然后从table3转发给ns1

2、创建ns模拟虚拟机

ip netns add ns1
ip l a veth0 type veth peer name ovs-veth0
ip l s veth0 netns ns1
ovs-vsctl add-br br-int
ovs-vsctl add-port br-int ovs-veth0
ip l s ovs-veth0 up
ip netns exec ns1 ip add a 10.0.0.1/24 dev veth0
ip netns exec ns1 ip l s veth0 up
ip netns exec ns1 ifconfig veth0 hw ether fe:fe:fe:fe:fe:aa
ip netns exec ns1 arp -s 10.0.0.2 fe:fe:fe:fe:fe:bb

ip netns add ns2
ip l a veth0 type veth peer name ovs-veth1
ip l s veth0 netns ns2
ovs-vsctl add-port br-int ovs-veth1
ip l s ovs-veth1 up
ip netns exec ns2 ip add a 10.0.0.2/24 dev veth0
ip netns exec ns2 ip l s veth0 up
ip netns exec ns2 ifconfig veth0 hw ether fe:fe:fe:fe:fe:bb
ip netns exec ns2 arp -s 10.0.0.1 fe:fe:fe:fe:fe:aa

3、下发流表学习mac地址

ovs-ofctl add-flow br-int 'table=0,in_port=1 actions=load:0x1->NXM_NX_REG1[],goto_table:1'
ovs-ofctl add-flow br-int 'table=0,in_port=2 actions=load:0x2->NXM_NX_REG1[],goto_table:1'

ovs-ofctl add-flow br-int 'table=1,priority=100,dl_src=fe:fe:fe:fe:fe:aa actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,4)'
ovs-ofctl add-flow br-int 'table=1,priority=100 actions=resubmit(,2),resubmit(,3)'
ovs-ofctl add-flow br-int 'table=3,priority=100 actions=output:NXM_NX_REG2[]'
ovs-ofctl add-flow br-int 'table=3,priority=10 actions=drop'
ovs-ofctl add-flow br-int 'table=4,priority=100 actions=output:2'

4、连通性验证

# ip netns exec ns1 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.542 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.064 ms

5、在ns2抓包结果

# ip netns exec ns2 tcpdump -i veth0 -nn -vv -e
tcpdump: listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:11:38.572847 fe:fe:fe:fe:fe:aa > fe:fe:fe:fe:fe:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 55186, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.1 > 10.0.0.2: ICMP echo request, id 19457, seq 1, length 64
19:11:38.572899 fe:fe:fe:fe:fe:bb > fe:fe:fe:fe:fe:aa, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 31625, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.2 > 10.0.0.1: ICMP echo reply, id 19457, seq 1, length 64

6、流表匹配

ovs-ofctl dump-flows br-int
 cookie=0x0, duration=102.846s, table=0, n_packets=3, n_bytes=294, in_port="ovs-veth0" actions=load:0x1->NXM_NX_REG1[],resubmit(,1)
 cookie=0x0, duration=102.841s, table=0, n_packets=3, n_bytes=294, in_port="ovs-veth1" actions=load:0x2->NXM_NX_REG1[],resubmit(,1)
 cookie=0x0, duration=134.827s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
 cookie=0x0, duration=102.835s, table=1, n_packets=3, n_bytes=294, priority=100,dl_src=fe:fe:fe:fe:fe:aa actions=learn(table=2,hard_timeout=30,priority=100,delete_learned,cookie=0x1010000000001,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_REG1[]->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]),resubmit(,4)
 cookie=0x0, duration=68s, table=1, n_packets=3, n_bytes=294, priority=100 actions=resubmit(,2),resubmit(,3)
 cookie=0x1, duration=15.764s, table=2, n_packets=3, n_bytes=294, hard_timeout=30, priority=100,dl_dst=fe:fe:fe:fe:fe:aa actions=load:0x1->NXM_NX_REG2[],load:0x1->NXM_NX_REG0[31]
 cookie=0x0, duration=67.996s, table=3, n_packets=3, n_bytes=294, priority=100 actions=output:NXM_NX_REG2[]
 cookie=0x0, duration=67.992s, table=3, n_packets=0, n_bytes=0, priority=10 actions=drop
 cookie=0x0, duration=67.124s, table=4, n_packets=3, n_bytes=294, priority=100 actions=output:"ovs-veth1"

7、结论
可以看到新生成的table2流表,抓包发现符合预期

标签:OVS,ovs,ip,学习,fe,learn,NXM,table,NX
来源: https://blog.csdn.net/ambzheng/article/details/122650072