Open vSwitch in the packet trace

Others 2019-07-04 23:26:06 views: null

Open vSwitch (OVS) is a programmable software switch operation may be performed for each level of text in the message. This document describes how to use tracking tools to understand which processes the packet occurred while the data plane.

ovs-vswitchd(8)Manual page describes ofproto / trace command, the basic usage tracking in the Open vSwitch. For OVN can track packet switch logic, ofproto / trace similar tool, see ovn-trace(8)_.

Message tracking

In order to understand the tools, let's use the stream flowas an example:

table=3,ip,tcp,tcp_dst=80,action=output:2
table=2,ip,tcp,tcp_dst=22,action=output:1
table=0,in_port=3,ip,nw_src=192.0.2.0/24,action=resubmit(,2)
table=0,in_port=3,ip,nw_src=198.51.100.0/24,action=resubmit(,3)

Note :
If you can not use the "real" OVS environment, can be used ovs-sandbox, such as official documents: /tutorials/ovs-advancedin the, it also provides additional tracking example.

The first row in table 3 adds a rule that matches the destination port 80 (HTTP) of the TCP / IP packets. If the packet matches, the operation of the packet is output to the port 2 OpenFlow.

Similarly the second row, but the matching destination port 22 (SSH). If the packet matches, the packet is an operation to output port 1 OpenFlow.

The next two lines match the source IP address. If they match, the packet is resubmitted to the specified table Table, which is determined by the operation parameter resubmit.

Now, let's take a look at 192.0.2.2, destination port number from the IP address being true to whether OpenFlow 22 Port 1:

    $ ovs-appctl ofproto/trace br0 in_port=3,tcp,nw_src=192.0.2.2,tcp_dst=22
    Flow: tcp,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=192.0.2.2,nw_dst=0.0.0.0,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=22,tcp_flags=0

    bridge("br0")
    -------------
     0. ip,in_port=3,nw_src=192.0.2.0/24, priority 32768
        resubmit(,2)
     2. tcp,tp_dst=22, priority 32768
        output:1

    Final flow: unchanged
    Megaflow: recirc_id=0,tcp,in_port=3,nw_src=192.0.2.0/24,nw_frag=no,tp_dst=22
    Datapath actions: 1

The first line is the trace command. br0It is the message to go through the bridge. The following parameters describe the message itself. For example, nw_srca field with a source IP address matching. All packet field are well described in ovs-fields(7)_ man page.

The second row displays the command line by the previously described packet stream abstracted. Unspecified message fields to zero.

The next few lines display messages on a journey through br0 bridge. We saw, in the table 0, the matching fields OpenFlow stream flow, and a priority, then it moves. In the current situation, we see that this packet matches the packet stream flow will resubmit it to the table 2. "Resubmit" action causes a second lookup table in OpenFlow table 2, that is less to "2" at the beginning of the lines. In the second look, we see the stream flow and packet matches the packet to the OpenFlow output port # 1.

In short, the trace stream flow entries and their action until a final decision is possible. Finally, tracking tools Megaflow display information, which contains all the relevant match field, and the last operation of the data path.

Let us look more packets but TCP destination port to modify what happens after 80 to:

    $ ovs-appctl ofproto/trace br0 in_port=3,tcp,nw_src=192.0.2.2,tcp_dst=80
    Flow: tcp,in_port=3,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=192.0.2.2,nw_dst=0.0.0.0,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=80,tcp_flags=0

    bridge("br0")
    -------------
     0. ip,in_port=3,nw_src=192.0.2.0/24, priority 32768
        resubmit(,2)
     2. No match.
        drop

    Final flow: unchanged
    Megaflow: recirc_id=0,tcp,in_port=3,nw_src=192.0.2.0/24,nw_frag=no,tp_dst=0x40/0xffc0
    Datapath actions: drop

In the second portion of the lines, the table 0 in the table, you can see the packets that match the rule source IP address, so it is to be resubmitted, as shown in the preceding table table 2. However, it does not meet any rules in table 2. When any rule packet flow table does not match, called a table miss. Misses behavior Openvswitch switches can be configured, depending on the version you are using OpenFlow. In this example, the default action is to drop the packet.

Guess you like

Origin blog.csdn.net/sinat_20184565/article/details/94590422
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com