ip netns add ns1 ip netns add ns2 ip link add tap0 type veth peer name tap0_br ip link add tap3 type veth peer name tap3_br ip link set tap0 netns ns1 ip link set tap3 netns ns2 ovs-vsctl add-br vswitch0 # 启动tap0和tap3、lo及它们的对端 ip netns exec ns1 ip link set tap0 up ip netns exec ns1 ip link set lo up ip netns exec ns2 ip link set lo up ip netns exec ns2 ip link set tap3 up ip link set tap0_br up ip link set tap3_br up # 设置tap0和tap3的ip地址 ip netns exec ns1 ip addr add 192.168.1.100 dev tap0 ip netns exec ns2 ip addr add 192.168.1.200 dev tap3 # 添加路由 ip netns exec ns1 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap0 ip netns exec ns2 route add -net 192.168.1.0 netmask 255.255.255.0 dev tap3 ovs-vsctl add-port vswitch0 tap0_br ovs-vsctl add-port vswitch0 tap3_br
rtt min/avg/max/mdev = 0.024/0.779/1.534/0.755 ms [root@kunpeng82 devuser]# ovs-vsctl list interface tap0_br | grep "ofport " ofport : 1 [root@kunpeng82 devuser]# ovs-vsctl list interface tap3_br | grep "ofport " ofport : 2
[root@kunpeng82 devuser]# ovs-vsctl get Interface tap0_br ofport
1
[root@kunpeng82 devuser]# ovs-vsctl get Interface tap3_br ofport
2
查看vswitch0的flow
[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0
cookie=0x0, duration=1256.469s, table=0, n_packets=9, n_bytes=630, priority=0 actions=NORMAL
[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0 cookie=0x0, duration=3554.662s, table=0, n_packets=32, n_bytes=2352, priority=0 actions=NORMAL
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.322 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.035 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.035/0.178/0.322/0.144 ms
删除flow [root@kunpeng82 devuser]# ovs-ofctl del-flows vswitch0
无法ping通了 [root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200 PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data. ^C --- 192.168.1.200 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1068ms
添加如下两条flow,又可以ping通了
[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=1,in_port=1,actions=output:2"
[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=1,in_port=2,actions=output:1"
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.310 ms
64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.031 ms
^C
--- 192.168.1.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1038ms
rtt min/avg/max/mdev = 0.031/0.170/0.310/0.140 ms
[root@kunpeng82 devuser]# ovs-ofctl dump-flows vswitch0 cookie=0x0, duration=165.599s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap0_br" actions=output:"tap3_br" cookie=0x0, duration=159.352s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="tap3_br" actions=output:"tap0_br"
再添加一条更高优先级的flow,把从tap0_br收到的数据包drop
[root@kunpeng82 devuser]# ovs-ofctl add-flow vswitch0 "priority=3,in_port=1,actions=drop"
又不可以ping通了
[root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200
PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data.
^C
--- 192.168.1.200 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2108ms
查看datapath
[root@kunpeng82 devuser]# ovs-dpctl show 2020-04-03T02:40:23Z|00001|dpif_netlink|INFO|The kernel module does not support meters. system@ovs-system: lookups: hit:3 missed:9 lost:0 flows: 0 masks: hit:13 total:0 hit/pkt:1.08 port 0: ovs-system (internal) port 1: vswitch0 (internal) port 2: tap0_br port 3: tap3_br
查看mac地址
[root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0 port VLAN MAC Age [root@kunpeng82 devuser]# ip netns exec ns1 ping 192.168.1.200 PING 192.168.1.200 (192.168.1.200) 56(84) bytes of data. 64 bytes from 192.168.1.200: icmp_seq=1 ttl=64 time=0.372 ms 64 bytes from 192.168.1.200: icmp_seq=2 ttl=64 time=0.032 ms 64 bytes from 192.168.1.200: icmp_seq=3 ttl=64 time=0.018 ms 64 bytes from 192.168.1.200: icmp_seq=4 ttl=64 time=0.018 ms ^C --- 192.168.1.200 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3158ms rtt min/avg/max/mdev = 0.018/0.110/0.372/0.151 ms [root@kunpeng82 devuser]# ovs-appctl fdb/show vswitch0 port VLAN MAC Age 2 0 8a:6a:5f:bb:b0:9a 0 1 0 ca:03:87:45:02:90 0
[root@kunpeng82 devuser]# ip netns exec ns1 ip a | grep ca:03:87:45:02:90 -B 2
valid_lft forever preferred_lft forever
7: tap0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ca:03:87:45:02:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@kunpeng82 devuser]# ip netns exec ns2 ip a | grep 8a:6a:5f:bb:b0:9a -B 2
valid_lft forever preferred_lft forever
9: tap3@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 8a:6a:5f:bb:b0:9a brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@kunpeng82 devuser]# ovs-ofctl show vswitch0 OFPT_FEATURES_REPLY (xid=0x2): dpid:00000613a93fae46 n_tables:254, n_buffers:0 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst 1(tap0_br): addr:72:69:5a:e8:0c:9f config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 2(tap3_br): addr:52:85:e1:a0:f2:69 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max LOCAL(vswitch0): addr:06:13:a9:3f:ae:46 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@kunpeng82 devuser]# ovs-ofctl dump-ports-desc vswitch0
OFPST_PORT_DESC reply (xid=0x2):
1(tap0_br): addr:72:69:5a:e8:0c:9f
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
2(tap3_br): addr:52:85:e1:a0:f2:69
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
LOCAL(vswitch0): addr:06:13:a9:3f:ae:46
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
查看所有table
[root@kunpeng82 devuser]# ovs-ofctl dump-tables vswitch0 OFPST_TABLE reply (xid=0x2): table 0: active=1, lookup=24, matched=24 max_entries=1000000 matching: in_port: exact match or wildcard eth_src: exact match or wildcard eth_dst: exact match or wildcard eth_type: exact match or wildcard vlan_vid: exact match or wildcard vlan_pcp: exact match or wildcard ip_src: exact match or wildcard ip_dst: exact match or wildcard nw_proto: exact match or wildcard nw_tos: exact match or wildcard tcp_src: exact match or wildcard tcp_dst: exact match or wildcard table 1: active=0, lookup=0, matched=0 (same features) tables 2...253: ditto