ovs-ofctl
用于监控和管理OpenFlow交换机。同时可以展示OpeFlow交换机的特性、配置、表记录。它可以工作在任何OpenFlow交换机,而不仅仅是ovs
语法
ovs−ofctl [options] command [switch] [args...]
COMMANDS
OpenFlow Switch Management Commands
用于OpenFlow交换机流表和端口的管理
# 向控制台打印交换机信息,包括了流表和端口号
# show switch
ovs-ofctl show s1
# Tables
# 打印交换机使用流表的统计信息
# dump-tables switch
ovs-ofctl dump-tables s1
# 打印交换机使用流表的特性(可以看到max_entries属性,这里看到的是100000)
# 该命令需要OpenFlow协议版本大于1.3
# dump−table-features switch
ovs-ofctl dump-table-features s1 -O Openflow13
# 打印OpenFlow交换机使用流表的配置,用于OpenFlow14
# dump−table−desc switch
# 通过以下语句修改OpenFlow版本
# ovs-vsctl set bridge s1 protocols=OpenFlow14
ovs-ofctl dump-table-desc s1 -O OpenFlow14
# 配置OpenFlow流表设置
# mod-table switch table setting
# OpenFlow 1.1及1.2支持的setting(用于当流无匹配后的操作)
# drop 丢弃
# continue 给pipeline中的下个表
# controller 发送给控制器
ovs-ofctl mod-table s1 10 drop
# OpenFlow 1.3及以上
# 修改表名(这里不知道为啥无效)
ovs-ofctl mod-table s1 10 name:table-10
# OpenFlow 1.4及以上,需要加上-O 版本号
# setting支持
# evict 根据流表中描述的算法从指定流表删除流
ovs-ofctl mod-table s1 10 evict -O OpenFlow14
# noevict 拒绝加入新流
ovs-ofctl mod-table s1 10 noevict -O OpenFlow14
# vacancy:low,high 允许使用TABLE_STATUS消息根据高低百分比阈值向控制器发送空缺事件
ovs-ofctl mod-table s1 10 vacancy:10,20 -O OpenFlow14
# novacancy 取消按阈值发送空缺事件
ovs-ofctl mod-table s1 10 novacancy -O OpenFlow14
#------------------------------------------------------
# Ports
# 打印交换机端口的统计信息(如果指定设备,只有指定网络设备的通信信息会被打印),
# 统计信息包括收到、发送的包、字节数量,端口存活时间
# dump−ports switch [netdev]
ovs-ofctl dump-ports s1 -O OpenFlow14
ovs-ofctl dump-ports s1 s1-eth1 -O OpenFlow14
# 打印细节信息
# 细节信息包括状态、当前支持的端口速率、支持最大的端口速率等
# OpenFlow 1.5支持dump指定port,其它早先版本只能列出所有
# dump−ports−desc switch [port]
ovs-ofctl dump-ports-desc s1 -O OpenFlow14
# 修改指定交换机端口特性
# mod−port switch port action
# action 支持如下:
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## 端口启动和关闭
# up
ovs-ofctl mod-port s1 s1-eth1 up -O OpenFlow14
# down
ovs-ofctl mod-port s1 s1-eth1 down -O OpenFlow14
## 端口stp协议支持
# stp
ovs-ofctl mod-port s1 s1-eth1 stp -O OpenFlow14
# no-stp
ovs-ofctl mod-port s1 s1-eth1 no-stp -O OpenFlow14
## 接口接收处理
## 从该接口接收的数据包(除stp)是否直接丢弃,不交给流表处理。
# receive
ovs-ofctl mod-port s1 s1-eth1 receive -O OpenFlow14
# no−receive
ovs-ofctl mod-port s1 s1-eth1 no-receive -O OpenFlow14
## 从该接口接收的stp数据包是否直接丢弃
# receive−stp
ovs-ofctl mod-port s1 s1-eth1 receive-stp -O OpenFlow14
# no−receive−stp
ovs-ofctl mod-port s1 s1-eth1 no-receive-stp -O OpenFlow14
## 接口流量转发,是否允许将流量转发给该接口
# forward
ovs-ofctl mod-port s1 s1-eth1 forward -O OpenFlow14
# no-forward
ovs-ofctl mod-port s1 s1-eth1 no-forward -O OpenFlow14
## 接口是否允许洪泛
# flood
ovs-ofctl mod-port s1 s1-eth1 flood -O OpenFlow14
# no-flood
ovs-ofctl mod-port s1 s1-eth1 no-flood -O OpenFlow14
## 控制该接口接收的数据包是否在流表匹配时产生packet-in数据包
# packet-in
ovs-ofctl mod-port s1 s1-eth2 packet-in -O OpenFlow14
# no-packet-in
ovs-ofctl mod-port s1 s1-eth2 no-packet-in -O OpenFlow14
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 打印交换机分段处理mod
# get−frags switch
ovs-ofctl get-frags switch
# 分段处理mod
# normal 分段包像非分段包一样在流表中处理(TCP、UDP端口号、ICMP类型以及code 字段被设置为0)
# drop 分段包不通过流表处理,直接丢弃
# reassemble 分段包重组后交给流表处理(未实现)
# nx-match 分段包像非分段包一样在流表中处理(TCP端口、UDP端口和ICMP类型和代码字段可用于匹配偏移量为0的片段,并在非零偏移量的片段中设置为0。)
# 显示流
# dump-flows switch
ovs-ofctl dump-flows s1 -O OpenFlow14
# 向控制台打印交换机表中与流匹配的流的聚合统计信息
# dump-aggregate switch [flows]
ovs-ofctl dump-aggregate s1 -O OpenFlow14
# Queue
# 将交换机内端口上指定队列的统计信息打印到控制台
# queue-stats switch [port [queue]]
ovs-ofctl queue-stats s1 s1-eth1 -O OpenFlow14
# 将交换机端口上的队列配置打印到控制台。
# queue-get-config switch [port [queue]]
ovs-ofctl queue-get-config s1 s1-eth1 -O OpenFlow14
# ------------------------------------
# 用于ovs 2.6及以上版本
# 将交换机桥接ipfix统计信息打印到控制台
# dump−ipfix−bridge switch
ovs-ofctl dump-ipfix-bridge s1
# 将基于流的pfix统计信息打印到控制台
# dump−ipfix−flow switch
ovs-ofctl dump-ipfix-flow s1
# 在zone中flush交换机switch的连接追踪
# ct-flush-zone switch zone
OpenFlow Switch Flow Table Commands
用于流表管理。–bundle参数表明命令为单一的原子事务
测试拓扑
s1 - s2
| |
h1 h2
端口连接情况
s1-eth1 ———— s2-eth1
s1-eth2 s2-eth2
| |
h1-eth0 h2-eth0
| host | mac | ip |
|---|---|---|
| h1 | 00:00:00:00:00:01 | 10.0.1.1/16 |
| h2 | 00:00:00:00:00:02 | 10.0.2.1/16 |
测试mininet脚本
#!/usr/bin/python
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, OVSController
from mininet.node import CPULimitedHost, Host, Node
from mininet.node import OVSKernelSwitch, UserSwitch
from mininet.node import IVSSwitch
from mininet.cli import CLI
from mininet.log import setLogLevel, info
from mininet.link import TCLink, Intf
from subprocess import call
def myNetwork():
net = Mininet( topo=None,
build=False)
info( '*** Adding controller\n' )
c0=net.addController(name='c0',
controller=RemoteController,
ip='192.168.40.129',
protocol='tcp',
port=6653)
info( '*** Add switches\n')
s1 = net.addSwitch('s1', dpid="0000000000000a1", cls=OVSKernelSwitch)
s2 = net.addSwitch('s2', dpid="0000000000000a2", cls=OVSKernelSwitch)
info( '*** Add hosts\n')
h1 = net.addHost('h1', cls=Host, mac='00:00:00:00:00:01', ip='10.0.1.1/24', defaultRoute="h1-eth0")
h2 = net.addHost('h2', cls=Host, mac='00:00:00:00:00:02', ip='10.0.2.1/24', defaultRoute="h2-eth0")
info( '*** Add links\n')
net.addLink(s1, s2)
net.addLink(s1, h1)
net.addLink(s2, h2)
info( '*** Starting network\n')
net.build()
info( '*** Starting controllers\n')
for controller in net.controllers:
controller.start()
info( '*** Starting switches\n')
net.get('s2').start([c0])
net.get('s1').start([c0])
info( '*** Post configure switches and hosts\n')
# net.get('s1').dpctl("")
CLI(net)
net.stop()
if __name__ == '__main__':
setLogLevel( 'info' )
myNetwork()
# Add
# [−−bundle] add−flow switch flow
# add ARP
# s1->s2 s2->s1
sudo ovs-ofctl add-flow s1 priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:1 -O OpenFlow13
sudo ovs-ofctl add-flow s2 priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2 -O OpenFlow13
sudo ovs-ofctl add-flow s2 priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1 -O OpenFlow13
sudo ovs-ofctl add-flow s1 priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:2 -O OpenFlow13
# add IPv4
sudo ovs-ofctl add-flow s1 priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:1 -O OpenFlow13
sudo ovs-ofctl add-flow s2 priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2 -O OpenFlow13
sudo ovs-ofctl add-flow s2 priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1 -O OpenFlow13
sudo ovs-ofctl add-flow s1 priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:2 -O OpenFlow13
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# [−−bundle] add−flow switch − < file
# file要以add、modify、delete等开头,后面跟流内容即可
# s1-flows.txt内容
add priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:1
add priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:2
add priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:1
add priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:2
sudo ovs-ofctl add-flow s1 -<s1-flows.txt
# s2-flows.txt内容
add priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2
add priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1
add priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2
add priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1
sudo ovs-ofctl add-flow s2 -<s2-flows.txt
# 这里的file应该是用的文件内容,直接用文件名不行
# [−−bundle] add−flows switch file
# --------------------------------------------------------------------
# Modify
# 修改指定交换机匹配指定流记录的动作
# −−strict 情况下匹配流时通配符不生效
# [−−bundle] [−−strict] mod−flows switch flow
sudo ovs-ofctl mod-flows s1 priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=drop -O OpenFlow13
# [−−bundle] [−−strict] mod−flows switch − < file
# s1-mod.txt内容
priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=drop
priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=drop
priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=drop
priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=drop
sudo ovs-ofctl mod-flows s1 -< s1-mod.txt
# --------------------------------------------------------------------
#Del
# [−−bundle] del−flows switch
sudo ovs-ofctl del-flows s1
# [−−bundle] [−−strict] del−flows switch [flow]
# 这里的delete flow不是所有的key都可以用,有些关键字不能用于删除匹配(priority,action,hard_time都不行,别的还没尝试)
sudo ovs-ofctl del-flows s1 ip,in_port=2,nw_src=10.0.1.1,nw_dst=10.0.2.1
# [−−bundle] [−−strict] del−flows switch − < file
# s1-del.txt内容
ip,in_port=2,nw_src=10.0.1.1,nw_dst=10.0.2.1
sudo ovs-ofctl del-flows s1 -< s1-del.txt
# 从file(或者stdin,如果file是−)读取流项,并从switch查询流表。然后,它修复所有差异,添加来自switch上丢失的流的流,删除不在文件中的switch流,以及更新在switch中操作、cookie或超时在文件中不同的流。
# [−−bundle] [−−readd] replace−flows switch fil
# Dif
# 从source1 和source2读取流比较差异
# diff−flows source1 source2
# s1-dif.txt内容
priority=10,in_port=1,dl_type=0x0800,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2
priority=10,in_port=2,dl_type=0x0800,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1
priority=10,in_port=1,dl_type=0x0806,nw_src=10.0.1.1,nw_dst=10.0.2.1,hard_timeout=60,actions=output:2
priority=10,in_port=2,dl_type=0x0806,nw_src=10.0.2.1,nw_dst=10.0.1.1,hard_timeout=60,actions=output:1
sudo ovs-ofctl diff-flows s1-mod.txt s1-dif.txt
# 连接到交换机并指示它执行packet-out消息,在包出语法部分中定义。
# packet−out switch packet-out
Group Table Commands
OpenFlow 1.3+ Switch Meter Table Commands
OpenFlow Switch Bundle Command
OpenFlow Switch Tunnel TLV Table Command
OpenFlow Switch Monitoring Commands
# 连接到交换机,打印出所有接收到的OpenFlow消息(此命令可用于查看交换机及其控制器之间的OpenFlow协议活动)
# snoop switch
sudo ovs-ofctl snoop s1
# 连接到交换机,打印所有收到的OpenFlow消息
# monitor switch [miss-len] [invalid_ttl] [watch:[spec...]]
Other Commands
# 将OpenFlow连接上使用的二进制格式将文件(或stdin)读取为一系列OpenFlow消息,并将它们打印到控制台。这对于打印从TCP流捕获的OpenFlow消息非常有用。
# ofp−parse file
# read文件必须是tcpdump或wireshark等网络捕获工具使用的PCAP格式,它提取OpenFlow连接的所有TCP流,并在stdout上以人类可读的格式打印这些连接中的OpenFlow消息。OpenFlow连接由TCP端口号区分。非openflow包被忽略。默认情况下,TCP端口6633和6653上的数据被认为是OpenFlow。指定一个或多个端口参数以覆盖默认值。此命令不能有效地打印SSL加密的流量。它不理解IPv6。
# ofp−parse−pcap file [port...]