对于从端口 p0 进入交换机的数据包,如果它不包含任何 VLAN tag,则自动为它添加 VLAN tag 101
ovs-ofctl add-flow ovs-switch "priority=3,in_port=100,dl_vlan=0xffff,\ actions=mod_vlan_vid:101,normal"再次尝试从端口 p0 发送一个不包含任何 VLAN tag 的数据包,发现数据包进入端口 p0 之后, 会被加上 VLAN tag101, 同时转发到端口 p1 上
# ovs-appctl ofproto/trace ovs-switch in_port=100,dl_src=d6:0f:7e:ed:11:e4,\ > dl_dst=f2:0d:06:ff:79:d7 -generate Flow: metadata=0,in_port=100,vlan_tci=0x0000,dl_src=d6:0f:7e:ed:11:e4,dl_dst=f2:0d:06:ff:79:d7,dl_type=0x0000 Rule: table=0 cookie=0 priority=1,in_port=100 OpenFlow actions=mod_nw_src:9.181.137.1,NORMAL no learned MAC for destination, flooding Final flow: unchanged Relevant fields: skb_priority=0,in_port=100,vlan_tci=0x0000/0x1fff,dl_src=d6:0f:7e:ed:11:e4,dl_dst=f2:0d:06:ff:79:d7,dl_type=0x0000,nw_src=0.0.0.0,nw_proto=0,nw_frag=no Datapath actions: 1,4 root@ovs:~# ovs-ofctl add-flow ovs-switch "priority=3,in_port=100,dl_vlan=0xffff,\ > actions=mod_vlan_vid:101,normal" root@ovs:~# ovs-appctl ofproto/trace ovs-switch in_port=100,dl_src=d6:0f:7e:ed:11:e4,\ > dl_dst=f2:0d:06:ff:79:d7 -generate Flow: metadata=0,in_port=100,vlan_tci=0x0000,dl_src=d6:0f:7e:ed:11:e4,dl_dst=f2:0d:06:ff:79:d7,dl_type=0x0000 Rule: table=0 cookie=0 priority=3,in_port=100,vlan_tci=0x0000 OpenFlow actions=mod_vlan_vid:101,NORMAL no learned MAC for destination, flooding Final flow: metadata=0,in_port=100,dl_vlan=101,dl_vlan_pcp=0,dl_src=d6:0f:7e:ed:11:e4,dl_dst=f2:0d:06:ff:79:d7,dl_type=0x0000 Relevant fields: skb_priority=0,in_port=100,vlan_tci=0x0000,dl_src=d6:0f:7e:ed:11:e4,dl_dst=f2:0d:06:ff:79:d7,dl_type=0x0000,nw_proto=0,nw_frag=no Datapath actions: push_vlan(vid=101,pcp=0),1,pop_vlan,3,push_vlan(vid=101,pcp=0),4反过来从端口 p1 发送数据包,由于 p1 现在是带有 VLAN tag 101 的 Access 类型的端口,所以数据包进入端口 p1 之后,会被 OVS 添加 VLAN tag 101 并发送到端口 p0
# ovs-appctl ofproto/trace ovs-switch in_port=101,dl_src=f2:0d:06:ff:79:d7,\ > dl_dst=d6:0f:7e:ed:11:e4 -generate Flow: metadata=0,in_port=101,vlan_tci=0x0000,dl_src=f2:0d:06:ff:79:d7,dl_dst=d6:0f:7e:ed:11:e4,dl_type=0x0000 Rule: table=0 cookie=0 priority=0 OpenFlow actions=NORMAL no learned MAC for destination, flooding Final flow: unchanged Relevant fields: skb_priority=0,in_port=101,vlan_tci=0x0000,dl_src=f2:0d:06:ff:79:d7,dl_dst=d6:0f:7e:ed:11:e4,dl_type=0x0000,nw_proto=0,nw_frag=no Datapath actions: push_vlan(vid=101,pcp=0),1,2,4 Floodlight新创建一个ubuntu 14.04的虚拟机。
apt-get update apt-get install git apt-get install ant apt-get install openjdk-7-jdk源码安装
git clone git://github.com/floodlight/floodlight.git cd floodlight/ ant java -jar target/floodlight.jar这个时候floodlight就启动起来,最后一条命令,就是启动floodlight。
登录OVS节点
设置ovs的控制器为floodlight,10.250.3.10,就是floodlight虚拟机的IP。
ovs-vsctl set-controller ovs-switch tcp:10.250.3.10:6633设置 OVS 的连接模式为 secure 模式
ovs-vsctl set Bridge ovs-switch fail-mode=secure查看
# ovs-vsctl show 6507c214-0c7a-4159-9813-977074f73aa1 Bridge ovs-switch Controller "tcp:10.250.3.10:6633" is_connected: true fail_mode: secure Port "p1" tag: 101 Interface "p1" type: internal Port "p2" Interface "p2" type: internal Port "p0" Interface "p0" type: internal Port ovs-switch Interface ovs-switch type: internal ovs_version: "2.0.2"通过访问 Floodlight 提供的 Web 管理界面 <Host Address>:8080/ui/index.html,我们可以查看 Floodlight 控制器的状态以及所有连接到 Floodlight 的交换机列表
通过 Floodlight 的 RESTAPI,添加两条新的规则让端口 p0 和 p1 可以相互通讯。注意:替换命令行中的 switch 的 ID 为交换机的 datapath ID
注意curl命令,尽量别用 / 换行
curl -d '{"switch": "00:00:d2:3b:94:ce:41:46", "name":"my-flow1", "cookie":"0","priority":"32768","ingress-port":"100","active":"true", "actions":"output=flood"}' http://10.250.3.10:8080/wm/staticflowentrypusher/json curl -d '{"switch": "00:00:d2:3b:94:ce:41:46", "name":"my-flow2", "cookie":"0","priority":"32768","ingress-port":"101","active":"true", "actions":"output=flood"}' :8080/wm/staticflowentrypusher/json