首先,openflow流表都是使用ovs-ofctl命令进行添加的。
1.
看 ovs-ofctl 的man手册
man ovs-ofctl
或者,这个地方也有:http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html
主要就是用,这几个命令:
dump-flows 、add-flow 、del-flows
等。
另外,有关actions的命令也在这个手册里。
2.
有关how to match见如下的man手册
man ovs-fields
或这个:http://www.openvswitch.org/support/dist-docs/ovs-fields.7.html
该手册,文档层次清晰,可以方便的速查。按照逻辑分了如下几个段落,非常清晰:
TUNNEL / METADATA / CONNECTION TRACKING / REGISTER / L2 / L3 / L4
3.
举个栗子:
[root@host100 ~]# ovs-ofctl dump-ports-desc br200-1 OFPST_PORT_DESC reply (xid=0x2): 2(tap200-1): addr:b2:8a:36:20:22:56 config: 0 state: 0 current: 10MB-FD COPPER speed: 10 Mbps now, 0 Mbps max 3(vxlan101): addr:1a:b7:86:d6:09:32 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 4(vxlan102): addr:32:3e:e2:aa:c3:7c config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max LOCAL(br200-1): addr:a6:42:63:b5:55:47 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max [root@host100 ~]# ovs-ofctl add-flow br200-1 'in_port=2,ip_dst=10.200.0.10 actions=output:4' [root@host100 ~]# ovs-ofctl dump-flows br200-1 cookie=0x0, duration=1257.771s, table=0, n_packets=676, n_bytes=50080, in_port="tap200-1" actions=output:vxlan102 cookie=0x0, duration=428469.306s, table=0, n_packets=12605, n_bytes=1002794, priority=0 actions=NORMAL
又举了一个栗子
ovs-ofctl add-flow br200-1 'cookie=0x01,table=0,ip_dst=10.200.0.2 actions=move:NXM_NX_TUN_ID[0..23]->NXM_NX_REG0[0..23],resubmit(,1)' ovs-ofctl add-flow br200-1 'cookie=0x02,table=1 actions=move:NXM_NX_REG0[0..23]->NXM_OF_ETH_SRC[24..47],output:vxlan101'
举一个NAT的栗子
# DROUTE up 221 ovs-ofctl -O openflow13 add-flow br220-1 'cookie=0x11,table=0,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01/00:00:00:ff:ff:ff actions=mod_dl_dst:00:01:02:02:21:01,ct(zone=10,table=1)' ovs-ofctl -O openflow13 add-flow br220-1 'cookie=0x12,table=1,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01,ct_state=+new actions=ct(zone=10,nat(dst=10.200.0.11:80),commit),output:tap221-1' ovs-ofctl -O openflow13 add-flow br220-1 'cookie=0x13,table=1,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01,ct_state=+trk+est actions=ct(zone=10,nat),output:tap221-1' # DROUTE down 221 ovs-ofctl -O openflow13 add-flow br220-1 'cookie=0x14,table=0,in_port=tap221-1,ip,tcp,actions=ct(zone=10,table=1,nat)' ovs-ofctl -O openflow13 add-flow br220-1 'cookie=0x15,table=1,in_port=tap221-1,ct_zone=10,ct_state=+trk+est,ip_src=10.200.0.2,actions=mod_dl_src:00:00:00:ff:00:10,output:vxlan101'
举一个ARP代答的栗子(别人写的,我目前还没看懂)
cookie=0x15608eadfa234623, duration=1522.586s, table=25, n_packets=33, n_bytes=1386, priority=100,arp,metadata=0xc400000001,arp_tpa=10.0.0.57,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:fa:16:3e:25:05:c4->eth_src,set_field:2->arp_op,set_field:10.0.0.57->arp_spa,set_field:fa:16:3e:25:05:c4->arp_sha,IN_PORT cookie=0x15608eadfa234693, duration=1468.078s, table=25, n_packets=0, n_bytes=0, priority=100,arp,metadata=0xc400000001,arp_tpa=10.0.0.59,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:fa:16:3e:8a:d4:93->eth_src,set_field:2->arp_op,set_field:10.0.0.59->arp_spa,set_field:fa:16:3e:8a:d4:93->arp_sha,IN_PORT cookie=0x15608eadfa22ed3f, duration=508715.364s, table=25, n_packets=1216086, n_bytes=51075612, priority=1 actions=set_field:0x19->reg8,goto_table:200