opendaylight-O版本与openstack集成

feature:list list (Lists all existing features available from the defined repositories)
feature:list | grep northbound
odl-neutron-northbound-api │ 0.10.4 │ │ Uninstalled │ odl-neutron-northbound-api-0.10.4 │ OpenDaylight :: Neutron :: Northbound

feature:install odl-neutron-northbound-api
feature:install odl-netvirt-openstack odl-dlux-core odl-mdsal-apidocs
feature:install odl-ovsdb-openstack

odl-netvirt-sfc

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
CLASSPATH=.:$JAVA_HOME/lib/tools.jar
PATH=$JAVA_HOME/bin:$PATH
JVM_OPTS="-Xms256m -XX:PermSize=256m -XX:MaxPermSize=512m"
MAVEN_OPTS="$MAVEN_OPTS -Xms512m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m"
export MAVEN_OPTS JAVA_HOME CLASSPATH JVM_OPTS PATH

[root@localhost ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3327/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3620/master
tcp6 0 0 :::6633 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:1099 :::* LISTEN 868/java
tcp6 0 0 :::6640 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:6644 :::* LISTEN 868/java
tcp6 0 0 :::8181 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:2550 :::* LISTEN 868/java
tcp6 0 0 :::22 :::* LISTEN 3327/sshd
tcp6 0 0 :::8185 :::* LISTEN 868/java
tcp6 0 0 127.0.0.1:44601 :::* LISTEN 868/java
tcp6 0 0 :::33273 :::* LISTEN 868/java
tcp6 0 0 ::1:25 :::* LISTEN 3620/master
tcp6 0 0 :::44444 :::* LISTEN 868/java
tcp6 0 0 :::6653 :::* LISTEN 868/java
tcp6 0 0 :::39169 :::* LISTEN 868/java
tcp6 0 0 :::8101 :::* LISTEN 868/java
tcp6 0 0 :::6886 :::* LISTEN 868/java

openstack配置

openstack的networking-odl插件安装方式
https://docs.openstack.org/networking-odl/latest/install/installation.html#odl-installation
yum install python-networking-odl.noarch -y

https://docs.openstack.org/networking-odl/latest/install/installation.html#networking-odl-configuration
systemctl restart neutron-server
/etc/neutron/plugins/ml2

测试端口可连接性
curl -u admin:admin http://10.13.80.34:8181/controller/nb/v2/neutron/networks
odl配置文件修改
etc/custom.properties
ovsdb.l3.fwd.enabled=yes
ovsdb.l3gateway.mac=0a:00:27:00:00:0d

telnet 10.13.80.34 8181
netstat -nlp | grep 8181
telnet 127.0.0.1 8181
telnet 10.13.80.34 8181
systemctl status firewall
iptables
iptables -nvL
iptables -F 清空iptables
openstack server create --flavor tiny --image cirros --nic net-id=24449ee2-b84e-493f-8d76-139ac3e4f3cd --key-name mykey provider-instance

nova service-list
nova show ae5e26d1-c84d-40fa-bb27-f0b46d6a7061 查看虚机详情

ovs-vsctl set Open_vSwitch 89444614-3bf8-4d7a-b3a0-df5d20b48b7a other_config={'local_ip'='192.168.56.102'}
ovs-vsctl set Open_vSwitch b084eccf-b92e-470c-8dff-8549e92c2104 other_config={'local_ip'='192.168.56.122'}
ovs-vsctl list interface eth0
ovs-appctl fdb/show br-int
[root@rcontroller01 ~]# openstack security group rule list 2e19a748-9086-49f8-9498-01abc1a964fe

一个神奇的命令

+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+
| 0184e6b3-4f7f-4fd5-8125-b80682e7ee48 | None | None | | 2e19a748-9086-49f8-9498-01abc1a964fe |
| 1e0bfedc-8f25-408a-9328-708113bbbc52 | icmp | 0.0.0.0/0 | | None |
| 39116d39-454b-4d82-867e-bbfd3ea63182 | None | None | | None |
| 4032366f-3ac9-4862-85a7-c7411a8b7678 | None | None | | 2e19a748-9086-49f8-9498-01abc1a964fe |
| dc7bc251-f0d0-456a-9102-c5b66646aa84 | tcp | 0.0.0.0/0 | 22:22 | None |
| ddacf7ea-57ea-4c8a-8b68-093766284595 | None | None | | None |
+--------------------------------------+-------------+-----------+------------+--------------------------------------+

dpif/dump-flows dp 想控制端打印dp中流表的所有条目。 这个命令主要来与debugOpen Vswitch.它所打印的流表不是openFlow的流条目。
它打印的是由dp模块维护的简单的流。
如果你想查看OpenFlow条目，请使用ovs-ofctl dump-flows。dpif/del-fow dp 删除指定dp上所有流表。同上所述，这些不是OpenFlow流表。

ovs-appctl dpif/dump-flows br-int

创建网络
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
$ openstack subnet create --network provider
--allocation-pool start=192.168.56.100,end=192.168.56.200
--dns-nameserver 8.8.8.8 --gateway 192.168.56.1
--subnet-range 192.168.56.0/24 provider

openstack network create selfservice
$ openstack subnet create --network selfservice
--dns-nameserver 8.8.8.8 --gateway 192.168.1.1
--subnet-range 192.168.1.0/24 selfservice

openstack router create router
openstack router add subnet router selfservice
openstack router set router --external-gateway provider
openstack port list --router router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| bff6605d-824c-41f9-b744-21d128fc86e1 | | fa:16:3e:2f:34:9b | ip_address='172.16.1.1', subnet_id='3482f524-8bff-4871-80d4-5774c2730728' | ACTIVE |
| d6fe98db-ae01-42b0-a860-37b1661f5950 | | fa:16:3e:e8:c1:41 | ip_address='203.0.113.102', subnet_id='5cc70da8-4ee7-4565-be53-b9c011fca011' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
$ ping -c 4 203.0.113.102

创建虚机
openstack keypair list

$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

openstack flavor list
openstack image list
openstack network list

openstack server create --flavor tiny --image cirros --nic net-id=27616098-0374-4ab4-95a8-b5bf4839dcf8 --key-name mykey provider-instance


网络配置
python /usr/lib/python2.7/site-packages/networking_odl/cmd/set_ovs_hostconfigs.py --ovs_hostconfigs='{
"ODL L2": {
"allowed_network_types": [
"flat",
"vlan",
"vxlan"
],
"bridge_mappings": {
"provider": "br-int"
},
"supported_vnic_types": [
{
"vnic_type": "normal",
"vif_type": "ovs",
"vif_details": {}
}
]
},
"ODL L3": {}
}'

ovs-vsctl list open .


[‎2019/‎1/‎16 19:09] 高正伟:
ovs-vsctl set Open_vSwitch . other_config:local_ip=hostip
ovs-vsctl set Open_vSwitch . other_config:local_ip=192.168.56.122
#ovs-vsctl set Open_vSwitch . other_config:remote_ip=192.168.56.122
#ovs-vsctl remove interface tunca7b782f232 options remote_ip

ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provider:br-ex
ovs-vsctl set Open_vSwitch . external_ids:provider_mappings="{"provider": "br-ex"}"
清空
ovs-vsctl clear Open_vSwitch . external_ids


ovs-vsctl set-manager tcp:10.13.80.34:6640
ovs-vsctl set-controller br-ex tcp:10.13.80.34:6640
ovs-vsctl del-controller br-ex
sudo neutron-odl-ovs-hostconfig
ovs-vsctl show

ovs-vsctl add-port <bridge name> <port name>
ovs-vsctl add-port br-ex enp0s10
ovs-vsctl del-port br-ex phy-br-ex

ovs-vsctl del-port br-ex tun2ad7e9e91e4

重启odl后
systemctl restart openvswitch.service
systemctl restart neutron-server.service
systemctl stop neutron-server.service

创建虚机
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=192.168.56.2,end=192.168.56.100 --dns-nameserver 8.8.8.8 --gateway 192.168.56.1 --subnet-range 192.168.56.0/24 provider
nova boot --image cirros --flavor tiny --nic net-id= --availability-zone nova:rcontroller01 vm-01
openstack server create --flavor tiny --image cirros --nic net-id= --key-name mykey test

nova boot --image cirros --flavor tiny --nic net-id=0fe983c2-8178-403b-a00e-e8561580b210 --availability-zone nova:rcontroller01 vm-01

虚机可以学习到mac但是ping不通
抓包，先在虚机网卡上抓包，
然后在br-int上抓包
发现虚拟网卡上是发送了icmp请求报文的，但是br-int上没有
查看报文情况
[root@rcontroller01 ~]# ovs-appctl dpif/dump-flows br-int

recirc_id(0),tunnel(tun_id=0x0,src=192.168.56.102,dst=192.168.56.122,flags(-df-csum+key)),in_port(4),eth(),eth_type(0x0800),ipv4(proto=17,frag=no),udp(dst=3784), packets:266436, bytes:17584776, used:0.591s, actions:userspace(pid=4294962063,slow_path(bfd))
recirc_id(0xa0),in_port(5),ct_state(+new-est-rel-inv+trk),ct_mark(0/0x1),eth(),eth_type(0x0800),ipv4(frag=no), packets:148165, bytes:14520170, used:0.566s, actions:drop
recirc_id(0),in_port(3),eth(),eth_type(0x0806), packets:1, bytes:60, used:5.228s, actions:drop
recirc_id(0),tunnel(tun_id=0xb,src=192.168.56.102,dst=192.168.56.122,flags(-df-csum+key)),in_port(4),eth(dst=fa:16:3e:ab:ba:7e),eth_type(0x0806), packets:0, bytes:0, used:never, actions:5
recirc_id(0),in_port(5),eth(src=fa:16:3e:ab:ba:7e),eth_type(0x0800),ipv4(src=192.168.0.16,proto=1,frag=no), packets:148165, bytes:14520170, used:0.566s, actions:ct(zone=5004),recirc(0xa0)
recirc_id(0),in_port(3),eth(),eth_type(0x0800),ipv4(frag=no), packets:886646, bytes:316947183, used:0.210s, flags:SFPR., actions:drop
recirc_id(0),in_port(5),eth(src=fa:16:3e:ab:ba:7e,dst=fa:16:3e:7d:95:75),eth_type(0x0806),arp(sip=192.168.0.16,tip=192.168.0.5,op=1/0xff,sha=fa:16:3e:ab:ba:7e), packets:0, bytes:0, used:never, actions:userspace(pid=4294961925,controller(reason=4,dont_send=0,continuation=0,recirc_id=4618,rule_cookie=0x822002d,controller_id=0,max_len=65535)),set(tunnel(tun_id=0xb,src=192.168.56.122,dst=192.168.56.102,ttl=64,tp_dst=4789,flags(df|key))),4
安全组设置
openstack security group rule create --proto tcp 2e19a748-9086-49f8-9498-01abc1a964fe
openstack security group rule create --proto tcp 6095293d-c2cd-433d-8a8f-e77ecb03609e
openstack security group rule create --proto udp 2e19a748-9086-49f8-9498-01abc1a964fe
openstack security group rule create --proto udp 6095293d-c2cd-433d-8a8f-e77ecb03609e

ovs-vsctl add-port br-ex "ex-patch-int"
ovs-vsctl set interface "ex-patch-int" type=patch
ovs-vsctl set interface "ex-patch-int" options:peer=int-patch-ex

ovs-vsctl add-port br-int "int-patch-ex"
ovs-vsctl set interface "int-patch-ex" type=patch
ovs-vsctl set interface "int-patch-ex" options:peer=ex-patch-int

ovs-vsctl del-port br-ex "ex-patch-int"
ovs-vsctl del-port br-int "int-patch-ex"
ovs-vsctl del-port br-ex enp0s9
ovs-vsctl add-port br-int enp0s9

ovs-appctl ofproto/trace
重要命令
sudo ovs-ofctl -O OpenFlow13 show br-int
sudo ovs-appctl ofproto/trace br-int "in_port=5,ip,nw_src=192.168.0.16,nw_dst=192.168.0.5"
ovs-appctl dpctl/dump-conntrack


11.查看接口id等
ovs-appctl dpif/show
12.查看接口统计
ovs-ofctl dump-ports br-int
查看接口
sudo ovs-ofctl show br-int -O OpenFlow13

ovs常用命令
控制管理类
1.查看网桥和端口

ovs-vsctl show
1
2.创建一个网桥

ovs-vsctl add-br br0
ovs-vsctl set bridge br0 datapath_type=netdev
1
2
3.添加/删除一个端口

# for system interfaces
ovs-vsctl add-port br0 eth1
ovs-vsctl del-port br0 eth1
# for DPDK
ovs-vsctl add-port br0 dpdk1 -- set interface dpdk1 type=dpdk options:dpdk-devargs=0000:01:00.0
# for DPDK bonds
ovs-vsctl add-bond br0 dpdkbond0 dpdk1 dpdk2
-- set interface dpdk1 type=dpdk options:dpdk-devargs=0000:01:00.0
-- set interface dpdk2 type=dpdk options:dpdk-devargs=0000:02:00.0
1
2
3
4
5
6
7
8
9
4.设置/清除网桥的openflow协议版本

ovs-vsctl set bridge br0 protocols=OpenFlow13
ovs-vsctl clear bridge br0 protocols
1
2
5.查看某网桥当前流表

ovs-ofctl dump-flows br0
ovs-ofctl -O OpenFlow13 dump-flows br0
ovs-appctl bridge/dump-flows br0
1
2
3
6.设置/删除控制器

ovs-vsctl set-controller br0 tcp:1.2.3.4:6633
ovs-vsctl del-controller br0
1
2
7.查看控制器列表

ovs-vsctl list controller
1
8.设置/删除被动连接控制器

ovs-vsctl set-manager tcp:1.2.3.4:6640
ovs-vsctl get-manager
ovs-vsctl del-manager
1
2
3
9.设置/移除可选选项

ovs-vsctl set Interface eth0 options:link_speed=1G
ovs-vsctl remove Interface eth0 options link_speed
1
2
10.设置fail模式，支持standalone或者secure
standalone(default)：清除所有控制器下发的流表，ovs自己接管
secure：按照原来流表继续转发

ovs-vsctl del-fail-mode br0
ovs-vsctl set-fail-mode br0 secure
ovs-vsctl get-fail-mode br0
1
2
3
11.查看接口id等

ovs-appctl dpif/show
1
12.查看接口统计

ovs-ofctl dump-ports br0
1
流表类
流表操作
1.添加普通流表

ovs-ofctl add-flow br0 in_port=1,actions=output:2
1
2.删除所有流表

ovs-ofctl del-flows br0
1
3.按匹配项来删除流表

ovs-ofctl del-flows br0 "in_port=1"
1
匹配项
1.匹配vlan tag，范围为0-4095

ovs-ofctl add-flow br0 priority=401,in_port=1,dl_vlan=777,actions=output:2
1
2.匹配vlan pcp，范围为0-7

ovs-ofctl add-flow br0 priority=401,in_port=1,dl_vlan_pcp=7,actions=output:2
1
3.匹配源/目的MAC

ovs-ofctl add-flow br0 in_port=1,dl_src=00:00:00:00:00:01/00:00:00:00:00:01,actions=output:2
ovs-ofctl add-flow br0 in_port=1,dl_dst=00:00:00:00:00:01/00:00:00:00:00:01,actions=output:2
1
2
4.匹配以太网类型，范围为0-65535

ovs-ofctl add-flow br0 in_port=1,dl_type=0x0806,actions=output:2
1
5.匹配源/目的IP
条件：指定dl_type=0x0800，或者ip/tcp

ovs-ofctl add-flow br0 ip,in_port=1,nw_src=10.10.0.0/16,actions=output:2
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.20.0.0/16,actions=output:2
1
2
6.匹配协议号，范围为0-255
条件：指定dl_type=0x0800或者ip

# ICMP
ovs-ofctl add-flow br0 ip,in_port=1,nw_proto=1,actions=output:2
7.匹配IP ToS/DSCP，tos范围为0-255，DSCP范围为0-63
条件：指定dl_type=0x0800/0x86dd，并且ToS低2位会被忽略(DSCP值为ToS的高6位，并且低2位为预留位)

ovs-ofctl add-flow br0 ip,in_port=1,nw_tos=68,actions=output:2
ovs-ofctl add-flow br0 ip,in_port=1,ip_dscp=62,actions=output:2
8.匹配IP ecn位，范围为0-3
条件：指定dl_type=0x0800/0x86dd

ovs-ofctl add-flow br0 ip,in_port=1,ip_ecn=2,actions=output:2
9.匹配IP TTL，范围为0-255

ovs-ofctl add-flow br0 ip,in_port=1,nw_ttl=128,actions=output:2
10.匹配tcp/udp，源/目的端口，范围为0-65535

# 匹配源tcp端口179
ovs-ofctl add-flow br0 tcp,tcp_src=179/0xfff0,actions=output:2
# 匹配目的tcp端口179
ovs-ofctl add-flow br0 tcp,tcp_dst=179/0xfff0,actions=output:2
# 匹配源udp端口1234
ovs-ofctl add-flow br0 udp,udp_src=1234/0xfff0,actions=output:2
# 匹配目的udp端口1234
ovs-ofctl add-flow br0 udp,udp_dst=1234/0xfff0,actions=output:2

11.匹配tcp flags
tcp flags=fin，syn，rst，psh，ack，urg，ece，cwr，ns

ovs-ofctl add-flow br0 tcp,tcp_flags=ack,actions=output:2
12.匹配icmp code，范围为0-255
条件：指定icmp

ovs-ofctl add-flow br0 icmp,icmp_code=2,actions=output:2
13.匹配vlan TCI
TCI低12位为vlan id，高3位为priority，例如tci=0xf123则vlan_id为0x123和vlan_pcp=7

ovs-ofctl add-flow br0 in_port=1,vlan_tci=0xf123,actions=output:2
14.匹配mpls label
条件：指定dl_type=0x8847/0x8848

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_label=7,actions=output:2
15.匹配mpls tc，范围为0-7
条件：指定dl_type=0x8847/0x8848

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_tc=7,actions=output:2
1
16.匹配tunnel id，源/目的IP

# 匹配tunnel id
ovs-ofctl add-flow br0 in_port=1,tun_id=0x7/0xf,actions=output:2
# 匹配tunnel源IP
ovs-ofctl add-flow br0 in_port=1,tun_src=192.168.1.0/255.255.255.0,actions=output:2
# 匹配tunnel目的IP
ovs-ofctl add-flow br0 in_port=1,tun_dst=192.168.1.0/255.255.255.0,actions=output:2

一些匹配项的速记符

速记符 匹配项
ip dl_type=0x800
ipv6 dl_type=0x86dd
icmp dl_type=0x0800,nw_proto=1
icmp6 dl_type=0x86dd,nw_proto=58
tcp dl_type=0x0800,nw_proto=6
tcp6 dl_type=0x86dd,nw_proto=6
udp dl_type=0x0800,nw_proto=17
udp6 dl_type=0x86dd,nw_proto=17
sctp dl_type=0x0800,nw_proto=132
sctp6 dl_type=0x86dd,nw_proto=132
arp dl_type=0x0806
rarp dl_type=0x8035
mpls dl_type=0x8847
mplsm dl_type=0x8848
指令动作
1.动作为出接口
从指定接口转发出去

ovs-ofctl add-flow br0 in_port=1,actions=output:2
1
2.动作为指定group
group id为已创建的group table

ovs-ofctl add-flow br0 in_port=1,actions=group:666
1
3.动作为normal
转为L2/L3处理流程

ovs-ofctl add-flow br0 in_port=1,actions=normal
1
4.动作为flood
从所有物理接口转发出去，除了入接口和已关闭flooding的接口

ovs-ofctl add-flow br0 in_port=1,actions=flood
1
5.动作为all
从所有物理接口转发出去，除了入接口

ovs-ofctl add-flow br0 in_port=1,actions=all
1
6.动作为local
一般是转发给本地网桥

ovs-ofctl add-flow br0 in_port=1,actions=local
1
7.动作为in_port
从入接口转发回去

ovs-ofctl add-flow br0 in_port=1,actions=in_port
1
8.动作为controller
以packet-in消息上送给控制器

ovs-ofctl add-flow br0 in_port=1,actions=controller
1
9.动作为drop
丢弃数据包操作

ovs-ofctl add-flow br0 in_port=1,actions=drop
1
10.动作为mod_vlan_vid
修改报文的vlan id，该选项会使vlan_pcp置为0

ovs-ofctl add-flow br0 in_port=1,actions=mod_vlan_vid:8,output:2
1
11.动作为mod_vlan_pcp
修改报文的vlan优先级，该选项会使vlan_id置为0

ovs-ofctl add-flow br0 in_port=1,actions=mod_vlan_pcp:7,output:2
1
12.动作为strip_vlan
剥掉报文内外层vlan tag

ovs-ofctl add-flow br0 in_port=1,actions=strip_vlan,output:2
1
13.动作为push_vlan
在报文外层压入一层vlan tag，需要使用openflow1.1以上版本兼容

ovs-ofctl add-flow -O OpenFlow13 br0 in_port=1,actions=push_vlan:0x8100,set_field:4097->vlan_vid,output:2
1
ps: set field值为4096+vlan_id，并且vlan优先级为0，即4096-8191，对应的vlan_id为0-4095

14.动作为push_mpls
修改报文的ethertype，并且压入一个MPLS LSE

ovs-ofctl add-flow br0 in_port=1,actions=push_mpls:0x8847,set_field:10->mpls_label,output:2
1
15.动作为pop_mpls
剥掉最外层mpls标签，并且修改ethertype为非mpls类型

ovs-ofctl add-flow br0 mpls,in_port=1,mpls_label=20,actions=pop_mpls:0x0800,output:2
1
16.动作为修改源/目的MAC，修改源/目的IP

# 修改源MAC
ovs-ofctl add-flow br0 in_port=1,actions=mod_dl_src:00:00:00:00:00:01,output:2
# 修改目的MAC
ovs-ofctl add-flow br0 in_port=1,actions=mod_dl_dst:00:00:00:00:00:01,output:2
# 修改源IP
ovs-ofctl add-flow br0 in_port=1,actions=mod_nw_src:192.168.1.1,output:2
# 修改目的IP
ovs-ofctl add-flow br0 in_port=1,actions=mod_nw_dst:192.168.1.1,output:2

17.动作为修改TCP/UDP/SCTP源目的端口

# 修改TCP源端口
ovs-ofctl add-flow br0 tcp,in_port=1,actions=mod_tp_src:67,output:2
# 修改TCP目的端口
ovs-ofctl add-flow br0 tcp,in_port=1,actions=mod_tp_dst:68,output:2
# 修改UDP源端口
ovs-ofctl add-flow br0 udp,in_port=1,actions=mod_tp_src:67,output:2
# 修改UDP目的端口
ovs-ofctl add-flow br0 udp,in_port=1,actions=mod_tp_dst:68,output:2

18.动作为mod_nw_tos
条件：指定dl_type=0x0800
修改ToS字段的高6位，范围为0-255，值必须为4的倍数，并且不会去修改ToS低2位ecn值

ovs-ofctl add-flow br0 ip,in_port=1,actions=mod_nw_tos:68,output:2
1
19.动作为mod_nw_ecn
条件：指定dl_type=0x0800，需要使用openflow1.1以上版本兼容
修改ToS字段的低2位，范围为0-3，并且不会去修改ToS高6位的DSCP值

ovs-ofctl add-flow br0 ip,in_port=1,actions=mod_nw_ecn:2,output:2
1
20.动作为mod_nw_ttl
修改IP报文ttl值，需要使用openflow1.1以上版本兼容

ovs-ofctl add-flow -O OpenFlow13 br0 in_port=1,actions=mod_nw_ttl:6,output:2
1
21.动作为dec_ttl
对IP报文进行ttl自减操作

ovs-ofctl add-flow br0 in_port=1,actions=dec_ttl,output:2
1
22.动作为set_mpls_label
对报文最外层mpls标签进行修改，范围为20bit值

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_label:666,output:2
1
23.动作为set_mpls_tc
对报文最外层mpls tc进行修改，范围为0-7

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_tc:7,output:2
1
24.动作为set_mpls_ttl
对报文最外层mpls ttl进行修改，范围为0-255

ovs-ofctl add-flow br0 in_port=1,actions=set_mpls_ttl:255,output:2
1
25.动作为dec_mpls_ttl
对报文最外层mpls ttl进行自减操作

ovs-ofctl add-flow br0 in_port=1,actions=dec_mpls_ttl,output:2
1
26.动作为move NXM字段
使用move参数对NXM字段进行操作

# 将报文源MAC复制到目的MAC字段，并且将源MAC改为00:00:00:00:00:01
ovs-ofctl add-flow br0 in_port=1,actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:00:00:00:00:00:01,output:2
1
2
ps: 常用NXM字段参照表

NXM字段 报文字段
NXM_OF_ETH_SRC 源MAC
NXM_OF_ETH_DST 目的MAC
NXM_OF_ETH_TYPE 以太网类型
NXM_OF_VLAN_TCI vid
NXM_OF_IP_PROTO IP协议号
NXM_OF_IP_TOS IP ToS值
NXM_NX_IP_ECN IP ToS ECN
NXM_OF_IP_SRC 源IP
NXM_OF_IP_DST 目的IP
NXM_OF_TCP_SRC TCP源端口
NXM_OF_TCP_DST TCP目的端口
NXM_OF_UDP_SRC UDP源端口
NXM_OF_UDP_DST UDP目的端口
NXM_OF_SCTP_SRC SCTP源端口
NXM_OF_SCTP_DST SCTP目的端口
27.动作为load NXM字段
使用load参数对NXM字段进行赋值操作

# push mpls label，并且把10(0xa)赋值给mpls label
ovs-ofctl add-flow br0 in_port=1,actions=push_mpls:0x8847,load:0xa->OXM_OF_MPLS_LABEL[],output:2
# 对目的MAC进行赋值
ovs-ofctl add-flow br0 in_port=1,actions=load:0x001122334455->OXM_OF_ETH_DST[],output:2
1
2
3
4
28.动作为pop_vlan
弹出报文最外层vlan tag

ovs-ofctl add-flow br0 in_port=1,dl_type=0x8100,dl_vlan=777,actions=pop_vlan,output:2
1
meter表
常用操作
由于meter表是openflow1.3版本以后才支持，所以所有命令需要指定OpenFlow1.3版本以上
ps: 在openvswitch-v2.8之前的版本中，还不支持meter
在v2.8版本之后已经实现，要正常使用的话，需要注意的是datapath类型要指定为netdev，band type暂时只支持drop，还不支持DSCP REMARK

1.查看当前设备对meter的支持

ovs-ofctl -O OpenFlow13 meter-features br0
2.查看meter表

ovs-ofctl -O OpenFlow13 dump-meters br0
3.查看meter统计

ovs-ofctl -O OpenFlow13 meter-stats br0
4.创建meter表

# 限速类型以kbps(kilobits per second)计算，超过20kb/s则丢弃
ovs-ofctl -O OpenFlow13 add-meter br0 meter=1,kbps,band=type=drop,rate=20
# 同上，增加burst size参数
ovs-ofctl -O OpenFlow13 add-meter br0 meter=2,kbps,band=type=drop,rate=20,burst_size=256
# 同上，增加stats参数,对meter进行计数统计
ovs-ofctl -O OpenFlow13 add-meter br0 meter=3,kbps,stats,band=type=drop,rate=20,burst_size=256
# 限速类型以pktps(packets per second)计算，超过1000pkt/s则丢弃
ovs-ofctl -O OpenFlow13 add-meter br0 meter=4,pktps,band=type=drop,rate=1000

5.删除meter表

# 删除全部meter表
ovs-ofctl -O OpenFlow13 del-meters br0
# 删除meter id=1
ovs-ofctl -O OpenFlow13 del-meter br0 meter=1
6.创建流表

ovs-ofctl -O OpenFlow13 add-flow br0 in_port=1,actions=meter:1,output:2
group表
由于group表是openflow1.1版本以后才支持，所以所有命令需要指定OpenFlow1.1版本以上

常用操作
group table支持4种类型

all：所有buckets都执行一遍
select： 每次选择其中一个bucket执行，常用于负载均衡应用
ff(FAST FAILOVER)：快速故障修复，用于检测解决接口等故障
indirect：间接执行，类似于一个函数方法，被另一个group来调用
1.查看当前设备对group的支持

ovs-ofctl -O OpenFlow13 dump-group-features br0
2.查看group表

ovs-ofctl -O OpenFlow13 dump-groups br0
3.创建group表

# 类型为all
ovs-ofctl -O OpenFlow13 add-group br0 group_id=1,type=all,bucket=output:1,bucket=output:2,bucket=output:3
# 类型为select
ovs-ofctl -O OpenFlow13 add-group br0 group_id=2,type=select,bucket=output:1,bucket=output:2,bucket=output:3
# 类型为select，指定hash方法(5元组，OpenFlow1.5+)
ovs-ofctl -O OpenFlow15 add-group br0 group_id=3,type=select,selection_method=hash,fields=ip_src,bucket=output:2,bucket=output:3
4.删除group表

ovs-ofctl -O OpenFlow13 del-groups br0 group_id=2
5.创建流表

ovs-ofctl -O OpenFlow13 add-flow br0 in_port=1,actions=group:2
goto table配置
数据流先从table0开始匹配，如actions有goto_table，再进行后续table的匹配，实现多级流水线，如需使用goto table，则创建流表时，指定table id，范围为0-255，不指定则默认为table0
1.在table0中添加一条流表条目

ovs-ofctl add-flow br0 table=0,in_port=1,actions=goto_table=1
2.在table1中添加一条流表条目

ovs-ofctl add-flow br0 table=1,ip,nw_dst=10.10.0.0/16,actions=output:2
tunnel配置
如需配置tunnel，必需确保当前系统对各tunnel的remote ip网络可达

gre
1.创建一个gre接口，并且指定端口id=1001

ovs-vsctl add-port br0 gre1 -- set Interface gre1 type=gre options:remote_ip=1.1.1.1 ofport_request=1001
2.可选选项
将tos或者ttl在隧道上继承，并将tunnel id设置成123

ovs-vsctl set Interface gre1 options:tos=inherit options:ttl=inherit options:key=123
3.创建关于gre流表

# 封装gre转发
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.10.0.0/16,actions=output:1001
# 解封gre转发
ovs-ofctl add-flow br0 in_port=1001,actions=output:1
vxlan
1.创建一个vxlan接口，并且指定端口id=2001

ovs-vsctl add-port br0 vxlan1 -- set Interface vxlan1 type=vxlan options:remote_ip=1.1.1.1 ofport_request=2001
2.可选选项
将tos或者ttl在隧道上继承，将vni设置成123，UDP目的端为设置成8472(默认为4789)

ovs-vsctl set Interface vxlan1 options:tos=inherit options:ttl=inherit options:key=123 options:dst_port=8472
3.创建关于vxlan流表

# 封装vxlan转发
ovs-ofctl add-flow br0 ip,in_port=1,nw_dst=10.10.0.0/16,actions=output:2001
# 解封vxlan转发
ovs-ofctl add-flow br0 in_port=2001,actions=output:1
sflow配置
1.对网桥br0进行sflow监控

agent: 与collector通信所在的网口名，通常为管理口
target: collector监听的IP地址和端口，端口默认为6343
header: sFlow在采样时截取报文头的长度
polling: 采样时间间隔，单位为秒
ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="10.0.0.1:6343" header=128 sampling=64 polling=10 -- set bridge br0 sflow=@sflow
2.查看创建的sflow

ovs-vsctl list sflow
3.删除对应的网桥sflow配置，参数为sFlow UUID

ovs-vsctl remove bridge br0 sflow 7b9b962e-fe09-407c-b224-5d37d9c1f2b3
4.删除网桥下所有sflow配置

ovs-vsctl -- clear bridge br0 sflow
1
QoS配置
ingress policing
1.配置ingress policing，对接口eth0入流限速10Mbps

ovs-vsctl set interface eth0 ingress_policing_rate=10000
ovs-vsctl set interface eth0 ingress_policing_burst=8000
2.清除相应接口的ingress policer配置

ovs-vsctl set interface eth0 ingress_policing_rate=0
ovs-vsctl set interface eth0 ingress_policing_burst=0
3.查看接口ingress policer配置

ovs-vsctl list interface eth0
4.查看网桥支持的Qos类型

ovs-appctl qos/show-types br0
端口镜像配置
1.配置eth0收到/发送的数据包镜像到eth1

ovs-vsctl -- set bridge br0 mirrors=@m
-- --id=@eth0 get port eth0
-- --id=@eth1 get port eth1
-- --id=@m create mirror name=mymirror select-dst-port=@eth0 select-src-port=@eth0 output-port=@eth1
2.删除端口镜像配置

ovs-vsctl -- --id=@m get mirror mymirror -- remove bridge br0 mirrors @m
3.清除网桥下所有端口镜像配置

ovs-vsctl clear bridge br0 mirrors
4.查看端口镜像配置

ovs-vsctl get bridge br0 mirrors

Open vSwitch中有多个命令，分别有不同的作用，大致如下：

ovs-vsctl用于控制ovs db
ovs-ofctl用于管理OpenFlow switch 的 flow
ovs-dpctl用于管理ovs的datapath
ovs-appctl用于查询和管理ovs daemon