追踪openvswitch对特定数据报文的流表匹配与处理结果的实例
来源:互联网 发布:台式电脑推荐2017 知乎 编辑:程序博客网 时间:2024/05/21 20:24
SDN环境中,每一个openvswitch的datapath实例中都会有大量的流表向,无论是使用各种关键字的grep手段或者是其他方法来确认是否由控制器下发了预期正确流表向,还是看关于特定数据包的匹配与最终action都是一件非常繁琐和头疼的事情。使用ovs-appctl工具结合linux自带的tcpdump抓包工具就可以很轻松直观的最终流表匹配情况,来完成自己繁琐的查找工作,还能避免自己的判断的错误。
首先确认你需要跟踪的数据包的各项参数,然后转化成openflow的match域的描述。可以找到自己需要验证的虚拟机,在其上发出需要验证的协议数据包,在屋里计算节点上找到该虚拟机的后端虚拟网卡,在该虚拟网卡上使用tcpdump抓包,也可以从已有的抓包文件中获取,当然,也可以完全由自己指定openflow match域的内容。
比如我读一下事先抓好的数据包。
[root@vdc ~]# tcpdump -ennvv -r /home/vnet31.0.pcap reading from file /home/vnet31.0.pcap, link-type EN10MB (Ethernet)10:25:17.693773 fa:16:3e:8c:eb:5b > fa:16:3e:a5:15:f3, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 128, id 8060, offset 0, flags [none], proto ICMP (1), length 60) 20.20.20.104 > 20.20.20.101: ICMP echo request, id 1, seq 40197, length 40
转换成openflow的描述就是:
dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1
由于该虚拟网卡连接openvswitch的ofport 是37,所以要加上 in_port=37,完整的就如下所示:
in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1
确定了数据包的openflow的特征描述,就可以使用ovs-appctl提供的ofproto/trace功能来跟踪啦,命令如下:
[root@vdc ~]# ovs-appctl ofproto/trace dvs2_dp in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1 -generat
其中dvs2_dp是我实测环境中的bridge名称,-generate的意思是构造该数据报文,此时是确实有一个该报文通过ovs被处理了的。最终跟踪的效果下:
[root@vdc ~]# ovs-appctl ofproto/trace dvs2_dp in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1 -generateBridge: dvs2_dpFlow: icmp,metadata=0,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0Rule: table=0 cookie=0xd4 priority=0OpenFlow actions=goto_table:1 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no Rule: table=1 cookie=0x616 priority=221,in_port=37 OpenFlow actions=write_metadata:0x3000009c4,goto_table:4 Resubmitted flow: icmp,metadata=0x3000009c4,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no Rule: table=4 cookie=0x617 priority=161,dl_src=fa:16:3e:8c:eb:5b OpenFlow actions=write_metadata:0x3000009c4,goto_table:5 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no Rule: table=5 cookie=0xd9 priority=0 OpenFlow actions=goto_table:6 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffff,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no Rule: table=6 cookie=0x5e8 priority=102,metadata=0x9c4/0xffffff,dl_dst=fa:16:3e:a5:15:f3 OpenFlow actions=write_actions(set_field:0x9c4->tun_id,output:12)Final flow: icmp,tun_id=0x9c4,metadata=0x3000009c4,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0Megaflow: recirc_id=0,skb_priority=0,icmp,tun_id=0,metadata=0/0xffffff,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_ecn=0,nw_frag=noDatapath actions: set(tunnel(tun_id=0x9c4,src=172.47.205.45,dst=172.47.205.46,tos=0x0,ttl=64,flags(df,key))),11
上面的例子是最终数据包被打上了tun_id并从隧道端口被转发的跟踪,下面再举一个table miss被丢弃的例子:
[root@localhost ~]# ovs-appctl ofproto/trace sdn_dvs_dp in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,ip,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_proto=1 -generateBridge: sdn_dvs_dpFlow: icmp,metadata=0,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0Rule: table=0 cookie=0x1ea priority=0OpenFlow actions=goto_table:1 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Rule: table=1 cookie=0x294 priority=221,in_port=127 OpenFlow actions=write_metadata:0xa00000191,goto_table:4 Resubmitted flow: icmp,metadata=0xa00000191,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Rule: table=4 cookie=0x295 priority=161,dl_src=fa:16:3e:a5:85:78 OpenFlow actions=write_metadata:0xa00000191,goto_table:5 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Rule: table=5 cookie=0x1ef priority=0 OpenFlow actions=goto_table:6 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Rule: table=6 cookie=0x1f4 priority=111,dl_dst=00:d0:d0:1c:3d:2d OpenFlow actions=goto_table:7 Resubmitted flow: unchanged Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted odp: drop Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Rule: table=7 cookie=0x1f1 priority=0 OpenFlow actions=CONTROLLER:65535Final flow: icmp,metadata=0xa00000191,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0Megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=noDatapath actions: dropThis flow is handled by the userspace slow path because it: - Sends "packet-in" messages to the OpenFlow controller.
1 0
- 追踪openvswitch对特定数据报文的流表匹配与处理结果的实例
- Kinect 骨骼追踪数据的处理方法
- 对应答报文中实体信息的处理(json数据解析)
- 查找数组中和的特定值的匹配对
- 对特定汉字和半角数字的匹配
- 对成对数据的排序与处理
- 对openvSwitch中不同类型端口的理解
- 对DNS应答报文的解析及简单处理代码
- Nat 对 tcp , udp , icmp 报文的处理
- Strust2通过“流”下载文件时对结果的处理
- oledb对多结果集的处理
- Hibernate对查询结果的简单处理
- mondrian 对计算结果 Infinity 的处理
- Hibernate对查询结果的简单处理
- JDBC 对 结果集的处理
- Insight springmvc 对controller 结果的处理
- Struts2对结果类型的处理
- OpenVSwitch与OpenDayLight的连接过程
- 使用NSURLConnection实现简单的单点下载
- Queue
- linux用户登陆显示:could not open session .
- 蓄水池算法
- 大型网站架构演化
- 追踪openvswitch对特定数据报文的流表匹配与处理结果的实例
- 为什么要学习Android开发?
- ORA-01012: not logged on
- 113. Path Sum II
- 蓝桥杯 算法训练 动态数组使用 大小写转换
- 从keystore获取debug,正式,签名
- 单元测试
- Python——debug(二)
- 校园网&openwrt记(十三)断网重连的循环版本
