赵占旭的博客

OVN Logical Flows to Openflows

ovn会根据逻辑流表,翻译为自己适合本节点的流表。

逻辑流表


逻辑流表这里不贴了,去看看之前的帖子最后那里

openflow流表


因为我们的拓扑相对简单,所以网络节点没有功能,不用看,计算节点也很相似,所以我们只要看其中一个计算节点就可以了,我们只看计算节点1的流表,当然为了方便查看,一些意义不大的流表我们就删除了,想看详细的流表,请这里下载计算节点1计算节点2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
//cookie没有值表示不是直接从逻辑流表转换而来的
//两个虚拟机进来的报文进行一些寄存器的操作,这个不是根据逻辑流表来的,但是和逻辑拓扑还是有关系的,具体这些寄存器的意义和获取我们下面介绍
cookie=0x0, table=0, priority=100,in_port=4 actions=load:0x1->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x8->NXM_NX_REG12[],load:0x3->OXM_OF_METADATA[],load:0x2->NXM_NX_REG14[],resubmit(,16)
cookie=0x0, table=0, priority=100,in_port=3 actions=load:0x2->NXM_NX_REG13[],load:0x7->NXM_NX_REG11[],load:0x5->NXM_NX_REG12[],load:0x2->OXM_OF_METADATA[],load:0x2->NXM_NX_REG14[],resubmit(,16)
//表示从其他宿主机发送过来的报文应该如何处理,这里的tun_id分别表示从两个逻辑交换中的哪一个发送过来的
cookie=0x0, table=0, priority=100,tun_id=0x3,in_port=7 actions=move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23],load:0x3->NXM_NX_REG14[0..14],load:0x1->NXM_NX_REG10[1],resubmit(,16)
cookie=0x0, table=0, priority=100,tun_id=0x2,in_port=7 actions=move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23],load:0x3->NXM_NX_REG14[0..14],load:0x1->NXM_NX_REG10[1],resubmit(,16)

//一些我们不关注的流表主要是一些错误报文的丢弃操作,相关流表已经删除了
//以下metadata不是1表示从逻辑交换发过来的报文怎么处理,前面的reg14表示从哪个逻辑端口发送过来的
cookie=0xa7c014e8, table=16, priority=50,reg14=0x2,metadata=0x3,dl_src=52:54:00:c1:68:71 actions=resubmit(,17)
cookie=0x3ed26758, table=16, priority=50,reg14=0x2,metadata=0x2,dl_src=52:54:00:c1:68:70 actions=resubmit(,17)
cookie=0x11dd5c04, table=16, priority=50,reg14=0x3,metadata=0x2,dl_src=52:54:00:c1:68:72 actions=resubmit(,17)
cookie=0x6126e3c1, table=16, priority=50,reg14=0x3,metadata=0x3,dl_src=52:54:00:c1:68:73 actions=resubmit(,17)
cookie=0x75e7ab7b, table=16, priority=50,reg14=0x1,metadata=0x2 actions=resubmit(,17)
cookie=0x8c78254f, table=16, priority=50,reg14=0x1,metadata=0x3 actions=resubmit(,17)
//以下metadata为1表示从逻辑路由过来的报文,需要进行怎样的操作
cookie=0xd9caf1fd, table=16, priority=50,reg14=0x1,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,17)
cookie=0xeac605df, table=16, priority=50,reg14=0x2,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,17)
cookie=0x819b5118, table=16, priority=50,reg14=0x1,metadata=0x1,dl_dst=52:54:00:c1:68:50 actions=resubmit(,17)
cookie=0xbe725a2b, table=16, priority=50,reg14=0x2,metadata=0x1,dl_dst=52:54:00:c1:68:60 actions=resubmit(,17)

//arp代答的流表
cookie=0xf4ca156, table=17, priority=90,arp,reg14=0x2,metadata=0x1,arp_tpa=192.168.2.1,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:52:54:00:c1:68:60,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x525400c16860->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xc0a80201->NXM_OF_ARP_SPA[],load:0x2->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0xb5d8c2e4, table=17, priority=90,arp,reg14=0x1,metadata=0x1,arp_tpa=192.168.1.1,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:52:54:00:c1:68:50,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x525400c16850->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xc0a80101->NXM_OF_ARP_SPA[],load:0x1->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
//arp回复报文的信息存入MAC_Binding
cookie=0x92af5d1c, table=17, priority=90,arp,metadata=0x1,arp_op=2 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
//icmp代答
cookie=0x815a3063, table=17, priority=90,icmp,metadata=0x1,nw_dst=192.168.1.1,icmp_type=8,icmp_code=0 actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,18)
cookie=0xf3d609b1, table=17, priority=90,icmp,metadata=0x1,nw_dst=192.168.2.1,icmp_type=8,icmp_code=0 actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,18)
//三个逻辑设备的流量继续往下走
cookie=0x56295f89, table=17, priority=0,metadata=0x1 actions=resubmit(,18)
cookie=0x791195e0, table=17, priority=0,metadata=0x3 actions=resubmit(,18)
cookie=0x4b1c93d4, table=17, priority=0,metadata=0x2 actions=resubmit(,18)

//arp通过
cookie=0x4a80a501, table=18, priority=90,arp,reg14=0x3,metadata=0x3,dl_src=52:54:00:c1:68:73,arp_sha=52:54:00:c1:68:73 actions=resubmit(,19)
cookie=0xc6c881ee, table=18, priority=90,arp,reg14=0x3,metadata=0x2,dl_src=52:54:00:c1:68:72,arp_sha=52:54:00:c1:68:72 actions=resubmit(,19)
cookie=0x9e2a7562, table=18, priority=90,arp,reg14=0x2,metadata=0x2,dl_src=52:54:00:c1:68:70,arp_sha=52:54:00:c1:68:70 actions=resubmit(,19)
cookie=0x686267fe, table=18, priority=90,arp,reg14=0x2,metadata=0x3,dl_src=52:54:00:c1:68:71,arp_sha=52:54:00:c1:68:71 actions=resubmit(,19)
//继续
cookie=0xb76a420f, table=18, priority=0,metadata=0x2 actions=resubmit(,19)
cookie=0x3ecbeeec, table=18, priority=0,metadata=0x1 actions=resubmit(,19)
cookie=0x78c16fb8, table=18, priority=0,metadata=0x3 actions=resubmit(,19)

//继续
cookie=0x76f9414c, table=19, priority=0,metadata=0x3 actions=resubmit(,20)
cookie=0xff75779d, table=19, priority=0,metadata=0x2 actions=resubmit(,20)
cookie=0xa4a71b19, table=19, priority=0,metadata=0x1 actions=resubmit(,20)

//继续
cookie=0x4c209f08, table=20, priority=0,metadata=0x3 actions=resubmit(,21)
cookie=0xc99c5154, table=20, priority=0,metadata=0x1 actions=resubmit(,21)
cookie=0xe187a6b4, table=20, priority=0,metadata=0x2 actions=resubmit(,21)

//conntrack记录
cookie=0x5c49d2d2, table=21, priority=100,ip,reg0=0x1/0x1,metadata=0x3 actions=ct(table=22,zone=NXM_NX_REG13[0..15])
cookie=0x596e0c95, table=21, priority=100,ip,reg0=0x1/0x1,metadata=0x2 actions=ct(table=22,zone=NXM_NX_REG13[0..15])
//模拟过网关时的操作
cookie=0xaea49216, table=21, priority=49,ip,metadata=0x1,nw_dst=192.168.1.0/24 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0xc0a80101->NXM_NX_XXREG0[64..95],mod_dl_src:52:54:00:c1:68:50,load:0x1->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,22)
cookie=0x3ebae949, table=21, priority=49,ip,metadata=0x1,nw_dst=192.168.2.0/24 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0xc0a80201->NXM_NX_XXREG0[64..95],mod_dl_src:52:54:00:c1:68:60,load:0x2->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,22)
//继续
cookie=0xe3a08e2b, table=21, priority=0,metadata=0x3 actions=resubmit(,22)
cookie=0x80407476, table=21, priority=0,metadata=0x2 actions=resubmit(,22)

//获取MAC_Binding表里的数据,回复arp
cookie=0x5dbc664, table=22, priority=0,ip,metadata=0x1 actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],mod_dl_dst:00:00:00:00:00:00,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,23)
//继续
cookie=0x66236a1, table=22, priority=0,metadata=0x2 actions=resubmit(,23)
cookie=0xefaed143, table=22, priority=0,metadata=0x3 actions=resubmit(,23)

//继续
cookie=0x3998ed82, table=23, priority=0,metadata=0x1 actions=resubmit(,24)
cookie=0xc475a7b3, table=23, priority=0,metadata=0x3 actions=resubmit(,24)
cookie=0xacda159d, table=23, priority=0,metadata=0x2 actions=resubmit(,24)

//????发送arp?
cookie=0xe51fffad, table=24, priority=100,ip,metadata=0x1,dl_dst=00:00:00:00:00:00 actions=controller(userdata=00.00.00.00.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.40.00.00.00.01.de.10.00.00.20.04.ff.ff.00.18.00.00.23.20.00.06.00.20.00.60.00.00.00.01.de.10.00.00.22.04.00.19.00.10.80.00.2a.02.00.01.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.20.00.00.00)
//继续
cookie=0xd9c9912b, table=24, priority=0,metadata=0x1 actions=resubmit(,32)
cookie=0x9b703aff, table=24, priority=0,metadata=0x2 actions=resubmit(,25)
cookie=0xd44f4b41, table=24, priority=0,metadata=0x3 actions=resubmit(,25)

//conntrack lb
cookie=0xed10c525, table=25, priority=100,ip,reg0=0x4/0x4,metadata=0x3 actions=ct(table=26,zone=NXM_NX_REG13[0..15],nat)
cookie=0xb0869023, table=25, priority=100,ip,reg0=0x4/0x4,metadata=0x2 actions=ct(table=26,zone=NXM_NX_REG13[0..15],nat)
//conntrack
cookie=0xc8dfda6d, table=25, priority=100,ip,reg0=0x2/0x2,metadata=0x2 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,26)
cookie=0xf71a37ba, table=25, priority=100,ip,reg0=0x2/0x2,metadata=0x3 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,26)
//继续
cookie=0x3c4b37a7, table=25, priority=0,metadata=0x2 actions=resubmit(,26)
cookie=0x315f30b3, table=25, priority=0,metadata=0x3 actions=resubmit(,26)

//继续
cookie=0x4368d2e8, table=26, priority=0,metadata=0x3 actions=resubmit(,27)
cookie=0xf906a487, table=26, priority=0,metadata=0x2 actions=resubmit(,27)
cookie=0x1ab8df97, table=27, priority=0,metadata=0x3 actions=resubmit(,28)
cookie=0x8592b902, table=27, priority=0,metadata=0x2 actions=resubmit(,28)
cookie=0xe3f59b41, table=28, priority=0,metadata=0x3 actions=resubmit(,29)
cookie=0xba22fb48, table=28, priority=0,metadata=0x2 actions=resubmit(,29)

//泛洪
cookie=0x159f7998, table=29, priority=100,metadata=0x3,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=load:0xffff->NXM_NX_REG15[],resubmit(,32)
cookie=0xcbb8e72a, table=29, priority=100,metadata=0x2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=load:0xffff->NXM_NX_REG15[],resubmit(,32)
//出口流量
cookie=0xc0e4e6a6, table=29, priority=50,metadata=0x2,dl_dst=52:54:00:c1:68:72 actions=load:0x3->NXM_NX_REG15[],resubmit(,32)
cookie=0x13381c84, table=29, priority=50,metadata=0x3,dl_dst=52:54:00:c1:68:73 actions=load:0x3->NXM_NX_REG15[],resubmit(,32)
cookie=0x23555b13, table=29, priority=50,metadata=0x2,dl_dst=52:54:00:c1:68:50 actions=load:0x1->NXM_NX_REG15[],resubmit(,32)
cookie=0x3f8b4ff9, table=29, priority=50,metadata=0x2,dl_dst=52:54:00:c1:68:70 actions=load:0x2->NXM_NX_REG15[],resubmit(,32)
cookie=0x615dbb2a, table=29, priority=50,metadata=0x3,dl_dst=52:54:00:c1:68:71 actions=load:0x2->NXM_NX_REG15[],resubmit(,32)
cookie=0xb88437bc, table=29, priority=50,metadata=0x3,dl_dst=52:54:00:c1:68:60 actions=load:0x1->NXM_NX_REG15[],resubmit(,32)

//????没有flags为2的标志
cookie=0x0, table=32, priority=150,reg10=0x2/0x2 actions=resubmit(,33)
//到逻辑路由的流量
cookie=0x0, table=32, priority=100,reg15=0xffff,metadata=0x3 actions=load:0x1->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[],load:0x3->NXM_NX_TUN_ID[0..23],output:7,resubmit(,33)
cookie=0x0, table=32, priority=100,reg15=0xffff,metadata=0x2 actions=load:0x1->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[],load:0x2->NXM_NX_TUN_ID[0..23],output:7,resubmit(,33)
//到逻辑交换的流量
cookie=0x0, table=32, priority=100,reg15=0x3,metadata=0x2 actions=load:0x2->NXM_NX_TUN_ID[0..23],output:7
cookie=0x0, table=32, priority=100,reg15=0x3,metadata=0x3 actions=load:0x3->NXM_NX_TUN_ID[0..23],output:7
//继续
cookie=0x0, table=32, priority=0 actions=resubmit(,33)

//????到网络节点需要NAT的流量,可是我们没有相应的配置
cookie=0x0, table=33, priority=100,reg15=0x1,metadata=0x3 actions=load:0x6->NXM_NX_REG11[],load:0x8->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, table=33, priority=100,reg15=0x2,metadata=0x1 actions=load:0x3->NXM_NX_REG11[],load:0x4->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, table=33, priority=100,reg15=0x2,metadata=0x2 actions=load:0x2->NXM_NX_REG13[],load:0x7->NXM_NX_REG11[],load:0x5->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, table=33, priority=100,reg15=0x1,metadata=0x2 actions=load:0x7->NXM_NX_REG11[],load:0x5->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, table=33, priority=100,reg15=0x1,metadata=0x1 actions=load:0x3->NXM_NX_REG11[],load:0x4->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, table=33, priority=100,reg15=0x2,metadata=0x3 actions=load:0x1->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x8->NXM_NX_REG12[],resubmit(,34)
//继续
cookie=0x0, table=33, priority=100,reg15=0xffff,metadata=0x2 actions=load:0x2->NXM_NX_REG13[],load:0x2->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[]
cookie=0x0, table=33, priority=100,reg15=0xffff,metadata=0x3 actions=load:0x1->NXM_NX_REG13[],load:0x2->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[]

//继续
cookie=0x0, table=34, priority=0 actions=load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],resubmit(,48)

//继续
cookie=0x38579acc, table=48, priority=0,metadata=0x1 actions=resubmit(,49)
cookie=0x402567e, table=48, priority=0,metadata=0x3 actions=resubmit(,49)
cookie=0x7e6e093d, table=48, priority=0,metadata=0x2 actions=resubmit(,49)

//继续
cookie=0xbce65dae, table=49, priority=0,metadata=0x2 actions=resubmit(,50)
cookie=0xf6e47c0e, table=49, priority=0,metadata=0x1 actions=resubmit(,50)
cookie=0xa630e910, table=49, priority=0,metadata=0x3 actions=resubmit(,50)

//conntrack
cookie=0xe6e35197, table=50, priority=100,ipv6,reg0=0x1/0x1,metadata=0x3 actions=ct(table=51,zone=NXM_NX_REG13[0..15])
cookie=0xa7a5e5f3, table=50, priority=100,ipv6,reg0=0x1/0x1,metadata=0x2 actions=ct(table=51,zone=NXM_NX_REG13[0..15])
cookie=0xa7a5e5f3, table=50, priority=100,ip,reg0=0x1/0x1,metadata=0x2 actions=ct(table=51,zone=NXM_NX_REG13[0..15])
cookie=0xe6e35197, table=50, priority=100,ip,reg0=0x1/0x1,metadata=0x3 actions=ct(table=51,zone=NXM_NX_REG13[0..15])
//继续
cookie=0x4e268323, table=50, priority=0,metadata=0x1 actions=resubmit(,51)
cookie=0x2e28bd0c, table=50, priority=0,metadata=0x2 actions=resubmit(,51)
cookie=0x7cca0b71, table=50, priority=0,metadata=0x3 actions=resubmit(,51)

//需要输出到逻辑路由的流量
cookie=0x1c84ef4, table=51, priority=100,reg15=0x2,metadata=0x1 actions=resubmit(,64)
cookie=0x83ce9e62, table=51, priority=100,reg15=0x1,metadata=0x1 actions=resubmit(,64)
//继续
cookie=0x51c9cccf, table=51, priority=0,metadata=0x2 actions=resubmit(,52)
cookie=0x7778d918, table=51, priority=0,metadata=0x3 actions=resubmit(,52)

//继续
cookie=0xa9ae4aaa, table=52, priority=0,metadata=0x2 actions=resubmit(,53)
cookie=0xe190604a, table=52, priority=0,metadata=0x3 actions=resubmit(,53)
cookie=0x934c95d9, table=53, priority=0,metadata=0x3 actions=resubmit(,54)
cookie=0x828e0c10, table=53, priority=0,metadata=0x2 actions=resubmit(,54)

//conntrack lb
cookie=0xb1d05c18, table=54, priority=100,ip,reg0=0x4/0x4,metadata=0x3 actions=ct(table=55,zone=NXM_NX_REG13[0..15],nat)
cookie=0x4b8234d9, table=54, priority=100,ip,reg0=0x4/0x4,metadata=0x2 actions=ct(table=55,zone=NXM_NX_REG13[0..15],nat)
//conntrack
cookie=0x6027420b, table=54, priority=100,ip,reg0=0x2/0x2,metadata=0x3 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,55)
cookie=0x76bd97bd, table=54, priority=100,ip,reg0=0x2/0x2,metadata=0x2 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,55)
//继续
cookie=0x390ebf5f, table=54, priority=0,metadata=0x2 actions=resubmit(,55)
cookie=0x6537ab93, table=54, priority=0,metadata=0x3 actions=resubmit(,55)
cookie=0x13159847, table=55, priority=0,metadata=0x3 actions=resubmit(,56)
cookie=0x439f6726, table=55, priority=0,metadata=0x2 actions=resubmit(,56)

//多播流量
cookie=0xb5641b45, table=56, priority=100,metadata=0x2,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,64)
cookie=0x7b1296c4, table=56, priority=100,metadata=0x3,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,64)
//到某个虚拟机的流量
cookie=0xcfbbf747, table=56, priority=50,reg15=0x3,metadata=0x2,dl_dst=52:54:00:c1:68:72 actions=resubmit(,64)
cookie=0xd39cd78f, table=56, priority=50,reg15=0x3,metadata=0x3,dl_dst=52:54:00:c1:68:73 actions=resubmit(,64)
cookie=0x46f7518d, table=56, priority=50,reg15=0x2,metadata=0x3,dl_dst=52:54:00:c1:68:71 actions=resubmit(,64)
cookie=0x10683faf, table=56, priority=50,reg15=0x2,metadata=0x2,dl_dst=52:54:00:c1:68:70 actions=resubmit(,64)
//继续
cookie=0xdf1a835, table=56, priority=50,reg15=0x1,metadata=0x3 actions=resubmit(,64)
cookie=0x69d25440, table=56, priority=50,reg15=0x1,metadata=0x2 actions=resubmit(,64)

//修改入端口,为重新循环做准备
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x1 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x2,metadata=0x3 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x2,metadata=0x2 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x3 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x2,metadata=0x1 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x2 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, table=64, priority=0 actions=resubmit(,65)

//将报文重新resubmit到表16,表示过完一个逻辑网元,需要进入下一个逻辑网元了
cookie=0x0, table=65, priority=100,reg15=0x2,metadata=0x1 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x8->NXM_NX_REG12[],load:0x3->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,16))
cookie=0x0, table=65, priority=100,reg15=0x1,metadata=0x2 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x3->NXM_NX_REG11[],load:0x4->NXM_NX_REG12[],load:0x1->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,16))
cookie=0x0, table=65, priority=100,reg15=0x1,metadata=0x1 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x7->NXM_NX_REG11[],load:0x5->NXM_NX_REG12[],load:0x2->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,16))
cookie=0x0, table=65, priority=100,reg15=0x1,metadata=0x3 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x3->NXM_NX_REG11[],load:0x4->NXM_NX_REG12[],load:0x1->OXM_OF_METADATA[],load:0x2->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,16))

//到本地某个虚拟机的直接发送
cookie=0x0, table=65, priority=100,reg15=0x2,metadata=0x2 actions=output:3
cookie=0x0, table=65, priority=100,reg15=0x2,metadata=0x3 actions=output:4

//通过MAC_Binding修改IP对应的MAC
cookie=0x0, table=66, priority=100,reg0=0xc0a8025c,reg15=0x2,metadata=0x1 actions=mod_dl_dst:52:54:00:c1:68:73
cookie=0x0, table=66, priority=100,reg0=0xc0a8025b,reg15=0x2,metadata=0x1 actions=mod_dl_dst:52:54:00:c1:68:71
cookie=0x0, table=66, priority=100,reg0=0xc0a8015b,reg15=0x1,metadata=0x1 actions=mod_dl_dst:52:54:00:c1:68:70
cookie=0x0, table=66, priority=100,reg0=0,reg1=0,reg2=0,reg3=0,reg15=0x2,metadata=0x1 actions=mod_dl_dst:00:00:00:00:00:00
cookie=0x0, table=66, priority=100,reg0=0,reg1=0,reg2=0,reg3=0,reg15=0x1,metadata=0x1 actions=mod_dl_dst:00:00:00:00:00:00

寄存器意义


详细信息查看这里

寄存器功能详解
metadata作为vni使用是ovn的Logical Datapath Field,命令ovn-sbctl list Datapath_Binding查看tunnel_key,封装到geneve或者stt中
reg14记录逻辑入端口是ovn的Logical InputPort Field,命令ovn-sbctl list Port_Binding查看tunnel_key,封装到geneve或者stt中
reg15记录逻辑出端口是ovn的Logical OutputPort Field,命令ovn-sbctl list Port_Binding查看tunnel_key,封装到geneve或者stt中
reg13逻辑端口的conntrack zonechassis内部有用,出了chassis无用
reg12SNAT的conntrack zone也是chassis内部使用
reg11DNAT的conntrack zone也是chassis内部使用
reg10逻辑流表标志可能是逻辑流表中的flags.loopback之类的标志

为了方便查看,我列出了一些信息的文件,如下所示
Datapath_Binding
Port_Binding
MAC_Binding

openflow流表怎么来的


table 0 主要工作如下:

  • 完成物理到逻辑的翻译,将逻辑信息,比如上面提到的信息记录到寄存器中。
  • VM中的容器的报文用VLAN进行区分
  • 别的chassis过来的报文,根据入端口和tunnel_id进行区分,然后获取出端口,这个在封装的时候已经有了

table 16-31 主要是将逻辑流表ingress pipeline 0-15 的操作部分转换为openflow流表,主要工作如下:

  • 每个逻辑流表会映射一个或者多个openflow流表,通常报文只是匹配其中一条流表。
  • ovn-controller使用逻辑流表的UUID的前32位作为openflow流表的cookie值。查看逻辑流表的UUID使用ovn-sbctl list Logical_Flow,对应上面cookie的逻辑流表的UUID的信息在这里
  • 一些逻辑流表可以映射到ovs的”conjunctive match”扩展名(参见这里),这时候因为一条openflow流表对应了多条逻辑流表,所以cookie为0。这里的”conjunctive match”表示一个集合的匹配,比如tcp_src ∈ {80, 443, 8080} and tcp_dst ∈ {80, 443, 8080}
  • 一些逻辑流表可能不会转换成openflow流表,如果交换机上虚拟接口没有添加到ovs中,添加命令ovs-vsctl set Interface veth2_b external_ids:iface-id=ls2-vm4,那么相应的openflow流表将不会生成。
  • 最后就是有一些逻辑流表和openflow流表很明显的对应操作关系,我们列一下
    • next对应resubmit
    • field = constant对应set_field
    • output,将报文resubmit到表32,如果逻辑流表有多个output操作,那么每个都要resubmit到表32。
    • get_arp(P, A)和get_nd(P, A),通过讲参数存储在openflow字段中(上面例子中存储在NXM_NX_REG0,流表cookie=0x5dbc664),然后resubmit到表66,然后ovn-controller从MAC_Binding表生成流填充,如果表66中有匹配项,其action将绑定的MAC存储在目的MAC地址字段中
    • put_arp(P, A, E)和put_nd(P, A, E)讲参数存储到openflow的字段中(字段太多,查看上面流表cookie=0x92af5d1c),然后更新MAC_Binding表中。

table 32-47 主要是将逻辑流表ingress pipeline的output action转换为openflow流表。以下详细介绍下:

  • 表32主要是处理到其他宿主机中虚拟机的报文,讲VNI设置到metadata,然后resubmit到表33
  • 表33主要是将报文resubmit到表34,对于多个逻辑output端口的时候,需要改为每个逻辑端口P,然后resubmit到表34
  • 表34检查报文的逻辑ingress和egress的端口是否一致,一致则丢弃。剩下的resubmit到表48

table 48-63 主要是讲逻辑流表的egress pipeline部分转换成openflow流表,这块属于报文发送之前的最后验证,最终resubmit到表64,最终没有执行output的报文将被丢弃。

table 64 貌似和loopback有关,修改逻辑入端口。

table 65 逻辑到物理的转换,和表0相反,主要是将找到逻辑端口对应的物理端口,然后发送,如果虚拟机中还有容器的话,需要添加vlan头。

table 66 主要是对应MAC_Binding中的数据,来修改目的IP对应的目的MAC,功能类似arp。

关键的逻辑设备


逻辑路由和逻辑patch口

逻辑路由和逻辑patch口都不是真是存在的,都是模拟出来的。当报文需要发送到不同子网的虚拟机中时,报文将遍历表0-65,将附加逻辑交换机的数据,最后出口是一个逻辑patch口,在2.6以及之前是真是存在的patch口,而在2.7以及以后中直接clone报文并且resubmit到表16,然后重新根据逻辑路由的路径遍历表16-65,然后继续出逻辑patch口,然后根据另外一个逻辑交换然后遍历一遍16-65的流表,最后根据另外一个虚拟机实在本机还是别的宿主机判定是不是需要封装,如果需要封装,将逻辑交换机的datapath tunnel_key和这个逻辑交换机的逻辑入端口和出端口的tunnel_key来封装geneve报文。

网关路由

网关路由器是通过一个逻辑交换和逻辑路由相连接,然后主要是通过SNAT和DNAT连接外网。

注意:所有文章非特别说明皆为原创。为保证信息与源同步,转载时请务必注明文章出处!谢谢合作 :-)

原始链接:http://zhaozhanxu.com/2017/02/26/SDN/OVN/2017-02-26-ovn-flows/

许可协议: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。