原文地址:http://www.cnblogs.com/puremans/p/6562392.html
OVS常用操作:
1.添加网桥:ovs-vsctl add-br 交换机名
2.删除网桥:ovs-vsctl del-br 交换机名 3.添加端口:ovs-vsctl add-port 交换机名 端口名(网卡名) 4.删除端口:ovs-vsctl del-port 交换机名 端口名(网卡名) 5.连接控制器:ovs-vsctl set-controller 交换机名 tcp:IP地址:端口号 6.断开控制器:ovs-vsctl del-controller 交换机名 7.列出所有网桥:ovs-vsctl list-br 8.列出网桥中的所有端口:ovs-vsctl list-ports 交换机名 9.列出所有挂接到网卡的网桥:ovs-vsctl port-to-br 端口名(网卡名) 10.查看open vswitch的网络状态:ovs-vsctl show 11.查看 Open vSwitch 中的端口信息(交换机对应的 dpid,以及每个端口的 OpenFlow 端口编号,端口名称,当前状态等等):ovs-ofctl show 交换机名 12.修改dpid:ovs-vsctl set bridge 交换机名 other_config:datapath-id=新DPID 13.修改端口号:ovs-vsctl set Interface 端口名 ofport_request=新端口号 14.查看交换机中的所有 Table:ovs-ofctl dump-tables ovs-switch 15.查看交换机中的所有流表项:ovs−ofctl dump−flows ovs-switch 16.删除编号为 100 的端口上的所有流表项:ovs-ofctl del-flows ovs-switch “in_port=100” 17.添加流表项(以“添加新的 OpenFlow 条目,修改从端口 p0 收到的数据包的源地址为 9.181.137.1”为例): ovs-ofctl add-flow ovs-switch “priority=1 idle_timeout=0,in_port=100,actions=mod_nw_src:9.181.137.1,normal” 18.查看 OVS 的版本信息:ovs-appctl –version 19.查看 OVS 支持的 OpenFlow 协议的版本:ovs-ofctl –versionmatch部分:
flow有很多syntax, 一半来说actions之前都是match的部分,常用的一般是
in_port: switch的端口dl_src: 源mac地址dl_dst: 目的mac地址 nw_src: 源IP nw_dst: 目的ip dl_type: 以太网协议类型 0x0806是arp packet 0x0800是ip packet nw_proto: 协议类型,需要和dl_type一起使用,比如dl_type是0x0800,nw_proto=1就表示icmp packet tp_src: tcp udp源端口 tp_dst: tcp udp目的端口
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
ip Same as dl_type=0x0800.icmp Same as dl_type=0x0800,nw_proto=1. tcp Same as dl_type=0x0800,nw_proto=6. udp Same as dl_type=0x0800,nw_proto=17. arp Same as dl_type=0x0806. rarp Same as dl_type=0x8035.
- 1
- 2
- 3
- 4
- 5
- 6
- 1
- 2
- 3
- 4
- 5
- 6
actions:
output:port
controller(key=value) 送到controller作为packet-in 消息,括号内的key value pair可以是: reason=reason ,reason 可以是action,no_match,invalid_ttl id=controller-id 默认是0,特殊的controller会有一个16位的idmod_dl_src:mac Sets the source Ethernet address to mac.mod_dl_dst:mac Sets the destination Ethernet address to mac.mod_nw_src:ip Sets the IPv4 source address to ip. mod_nw_dst:ip Sets the IPv4 destination address to ip. mod_tp_src:port Sets the TCP or UDP source port to port. mod_tp_dst:port Sets the TCP or UDP destination port to port.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
完整设定:
查表
ovs-vsctl list bridge ovs-br
關於 Brdige 及 Port
新增 Brdige ovs-vsctl add-br ovs-br在 ovs-br 上對應 interface ovs-vsctl add-port ovs-br eth0(1) + (2) 的寫法可為 ovs−vsctl add−br ovs-br -- add−port ovs-br eth0移除 Bridge ovs-vsctl del-br ovs-br #如果不存在的話, 會有error log ovs-vsctl --if-exists del-br ovs-br更改 ofport (openflow port number) 為 100 ovs-vsctl add-port ovs-br eth0 -- set Interface eth0 ofport_request=100設定 port 為 internal ovs-vsctl set Interface eth0 type=internal
關於 Controller
設定 Controller ovs-vsctl set-controller ovs-br tcp:1.2.3.4:6633設定 multi controller ovs-vsctl set-controller ovs-br tcp:1.2.3.4:6633 tcp:5.6.7.8:6633查詢 Controller 設定 ovs-vsctl show 如果有成功連到 controller 則會顯示 is_connected:true, 反之則未連上 ovs-vsctl get-controller ovs-br移除 Controller ovs-vsctl del-controller ovs-br
關於 STP (Spanning Tree Protocol)
開啟 STP ovs-vsctl set bridge ovs-br stp_enable=true關閉 STP ovs-vsctl set bridge ovs-br stp_enable=false查詢 STP 設定值 ovs-vsctl get bridge ovs-br stp_enable設定 Priority ovs−vsctl set bridge br0 other_config:stp-priority=0x7800設定 Cost ovs−vsctl set port eth0 other_config:stp-path-cost=10移除 STP 設定 ovs−vsctl clear bridge ovs-br other_config
關於 Openflow Version
支援 OpenFlow Version 1.3 ovs-vsctl set bridge ovs-br protocols=OpenFlow13支援 OpenFlow Version 1.3 1.2 ovs-vsctl set bridge ovs-br protocols=OpenFlow12,OpenFlow13移除 OpenFlow 支援設定 ovs-vsctl clear bridge ovs-br protocols
關於 VLAN
設定 VLAN tag ovs-vsctl add-port ovs-br vlan3 tag=3 -- set interface vlan3 type=internal移除 VLAN ovs-vsctl del-port ovs-br vlan3查詢 VLAN ovs-vsctl show ifconfig vlan3設定 Vlan trunk ovs-vsctl add-port ovs-br eth0 trunk=3,4,5,6設定已 add 的 port 為 access port, vlan id 9 ovs-vsctl set port eth0 tag=9ovs-ofctl add-flow 設定 vlan 100 ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=mod_vlan_vid:100,output:3 ovs-ofctl add-flow ovs-br in_port=1,dl_vlan=0xffff,actions=push_vlan:0x8100,set_field:100-\>vlan_vid,output:3ovs-ofctl add-flow 拿掉 vlan tag ovs-ofctl add-flow ovs1 in_port=3,dl_vlan=100,actions=strip_vlan,output:1 two_vlan exampleovs-ofctl add-flow pop-vlan ovs-ofctl add-flow ovs-br in_port=3,dl_vlan=0xffff,actions=pop_vlan,output:1
關於 GRE Tunnel
設定 GRE tunnel ovs−vsctl add−port ovs-br ovs-gre -- set interface ovs-gre type=gre options:remote_ip=1.2.3.4查詢 GRE Tunnel ovs-vsctl show
關於 Dump flows
Dumps OpenFlow flows 不含 hidden flows (常用) ovs-ofctl dump-flows ovs-brDumps OpenFlow flows 包含 hidden flows ovs-appctl bridge/dump-flows ovs-brDump 特定 bridge 的 datapath flows 不論任何 type ovs-appctl dpif/dump-flows ovs-brDump 在 Linux kernel 裡的 datapath flow table (常用) ovs-dpctl dump-flows [dp]Top like behavior for ovs-dpctl dump-flows ovs-dpctl-top
XenServer 開啓 OpenvSwitch 方式
檢查開啟與否 service openvswitch status開啓 xe-switch-network-backend openvswitch關閉 xe-switch-network-backend bridge
關於 Log
查詢 log level list ovs-appctl vlog/list設定 log level (以 stp 設定 file 為 dbg level 為例) ovs-appctl vlog/set stp:file:dbg ovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg} 關於 Fallback
Controller connection: false 的時候, 會自動調成 legacy switch mode ovs-vsctl set-fail-mode ovs-br standalone無論 Controller connection status 為何, 都必須通過 OpenFlow 來進行網路行為 (default) ovs-vsctl set-fail-mode ovs-br secure移除 ovs-vsctl del-fail-mode ovs-br查詢 ovs-vsctl get-fail-mode ovs-br
關於 sFlow
查詢 ovs-vsctl list sflow新增 Set sFlow刪除 ovs-vsctl -- clear Bridge ovs-br sflow
關於 NetFlow
查詢 ovs-vsctl list netflow新增 Set NetFlow刪除 ovs-vsctl -- clear Bridge ovs-br netflow
設定 Out-of-band 和 in-band
查詢 ovs-vsctl get controller ovs-br connection-modeOut-of-band ovs-vsctl set controller ovs-br connection-mode=out-of-bandIn-band (default) ovs-vsctl set controller ovs-br connection-mode=in-band移除 hidden flow ovs-vsctl set bridge br0 other-config:disable-in-band=true
關於 ssl
查詢 ovs-vsctl get-ssl設定 ovs-vsctl set-ssl sc-privkey.pem sc-cert.pem cacert.pem OpenvSwitch Lab 6$ TLS SSL刪除 ovs-vsctl del-ssl
關於 SPAN
詳細設定
ovs-vsctl add-br ovs-br
ovs-vsctl add-port ovs-br eth0 ovs-vsctl add-port ovs-br eth1 ovs-vsctl add-port ovs-br tap0 \ – –id=@p get port tap0 \ – –id=@m create mirror name=m0 select-all=true output-port=@p \ – set bridge ovs-br mirrors=@m將 ovs-br 上 add-port {eth0,eth1} mirror 至 tap0刪除 ovs-vsctl clear bridge ovs-br mirrors # 關於 Table查 table ovs-ofctl dump-tables ovs-br 關於 Group Table
參考 hwchiu - Multipath routing with Group table at mininet
建立 Group id 及對應的 bucket ovs-ofctl -O OpenFlow13 add-group ovs-br group_id=5566,type=select,bucket=output:1,bucket=output:2,bucket=output:3 type 共有 All, Select, Indirect, FastFailover, 詳細規格使用 Group Table ovs-ofctl -O OpenFlow13 add-flow ovs-br in_port=4,actions=group:5566
關於 VXLAN
參考 rascov - Bridge Remote Mininets using VXLAN
建立 VXLAN Network ID (VNI) 和指定的 OpenFlow port number, eg: VNI=5566, OF_PORT=9 ovs-vsctl set interface vxlan type=vxlan option:remote_ip=x.x.x.x option:key=5566 ofport_request=9VNI flow by flow ovs-vsctl set interface vxlan type=vxlan option:remote_ip=140.113.215.200 option:key=flow ofport_request=9設定 VXLAN tunnel id ovs-ofctl add-flow ovs-br in_port=1,actions=set_field:5566->tun_id,output:2 ovs-ofctl add-flow s1 in_port=2,tun_id=5566,actions=output:1
關於 OVSDB Manager
參考 OVSDB Integration:Mininet OVSDB Tutorial
Active Listener 設定 ovs-vsctl set-manager tcp:1.2.3.4:6640Passive Listener 設定 ovs-vsctl set-manager ptcp:6640
OpenFlow Trace
Generate pakcet trace ovs-appctl ofproto/trace ovs-br in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 -generate
其它
查詢 OpenvSwitch 版本 ovs-ofctl -V查詢下過的指令歷史記錄 ovsdb-tool show-log [-mmm]