溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

追蹤openvswitch對(duì)特定數(shù)據(jù)報(bào)文的流表匹配與處理結(jié)果的實(shí)例

發(fā)布時(shí)間:2020-07-17 12:54:22 來源:網(wǎng)絡(luò) 閱讀:1546 作者:灬落魄灬 欄目:云計(jì)算

SDN環(huán)境中,每一個(gè)openvswitch的datapath實(shí)例中都會(huì)有大量的流表項(xiàng),無論是使用各種關(guān)鍵字的grep手段或者是其他方法來確認(rèn)是否由控制器下發(fā)了預(yù)期正確流表項(xiàng),還是看關(guān)于特定數(shù)據(jù)包的匹配與最終action都是一件非常繁瑣和頭疼的事情。使用ovs-appctl工具結(jié)合linux自帶的tcpdump抓包工具就可以很輕松直觀的最終流表匹配情況,來完成自己繁瑣的查找工作,還能避免自己的判斷的錯(cuò)誤。

?? 主要步驟如下:
? ? 1、確認(rèn)你需要跟蹤的數(shù)據(jù)包的各項(xiàng)參數(shù);

? ? 2、將其轉(zhuǎn)化成openflow的match域的描述;

? ? 3、使用openvswitch提供的ofproto/trace功能跟蹤流表匹配情況;

如何獲取包特征參數(shù)?
? ? 可以找到自己需要驗(yàn)證的虛擬機(jī),在其上發(fā)出需要驗(yàn)證的協(xié)議數(shù)據(jù)包,在物理計(jì)算節(jié)點(diǎn)上找到該虛擬機(jī)的后端虛擬網(wǎng)卡,在該虛擬網(wǎng)卡上使用tcpdump抓包,也可以從已有的抓包文件中獲取,當(dāng)然,也可以完全由自己指定openflow match域的內(nèi)容。比如我讀一下事先抓好的數(shù)據(jù)包。

[root@vdc ~]# tcpdump -ennvv -r /home/vnet31.0.pcap 

<code?class="language-plain">reading?from?file?/home/vnet31.0.pcap,?link-type?EN10MB?(Ethernet)??
10:25:17.693773?fa:16:3e:8c:eb:5b?>?fa:16:3e:a5:15:f3,?ethertype?IPv4?(0x0800),?length?74:?(tos?0x0,?ttl?128,?id?8060,?offset?0,?flags?[none],?proto?ICMP?(1),?length?60)??
????20.20.20.104?>?20.20.20.101:?ICMP?echo?request,?id?1,?seq?40197,?length?40</code>??

轉(zhuǎn)換成openflow的描述就是:

dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1

由于該虛擬網(wǎng)卡連接openvswitch的ofport 是37,所以要加上?in_port=37,完整的就如下所示:

in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1

確定了數(shù)據(jù)包的openflow的特征描述,就可以使用ovs-appctl提供的ofproto/trace功能來跟蹤啦,命令如下:

[root@vdc ~]# ovs-appctl ofproto/trace dvs2_dp in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1 -generat

其中dvs2_dp是我實(shí)測(cè)環(huán)境中的bridge名稱,-generate的意思是構(gòu)造該數(shù)據(jù)報(bào)文,此時(shí)是確實(shí)有一個(gè)該報(bào)文通過ovs被處理了的。最終跟蹤的效果下:

[root@vdc ~]# ovs-appctl ofproto/trace dvs2_dp in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1 -generate

Bridge: dvs2_dp
Flow: icmp,metadata=0,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Rule: table=0 cookie=0xd4 priority=0
OpenFlow actions=goto_table:1

        Resubmitted flow: unchanged
        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
        Resubmitted  odp: drop
        Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no

        Rule: table=1 cookie=0x616 priority=221,in_port=37
        OpenFlow actions=write_metadata:0x3000009c4,goto_table:4

                Resubmitted flow: icmp,metadata=0x3000009c4,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmitted  odp: drop
                Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no

                Rule: table=4 cookie=0x617 priority=161,dl_src=fa:16:3e:8c:eb:5b
                OpenFlow actions=write_metadata:0x3000009c4,goto_table:5

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmitted  odp: drop
                        Resubmitted  megaflow:
     recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no

                        Rule: table=5 cookie=0xd9 priority=0
                        OpenFlow actions=goto_table:6

                                Resubmitted flow: unchanged
                                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                                Resubmitted  odp: drop
                                Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffff,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no

                                Rule: table=6 cookie=0x5e8 priority=102,metadata=0x9c4/0xffffff,dl_dst=fa:16:3e:a5:15:f3
                                OpenFlow actions=write_actions(set_field:0x9c4->tun_id,output:12)

Final flow: icmp,tun_id=0x9c4,metadata=0x3000009c4,in_port=37,vlan_tci=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: recirc_id=0,skb_priority=0,icmp,tun_id=0,metadata=0/0xffffff,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_ecn=0,nw_frag=no
Datapath actions: set(tunnel(tun_id=0x9c4,src=172.47.205.45,dst=172.47.205.46,tos=0x0,ttl=64,flags(df,key))),11

上面的例子是最終數(shù)據(jù)包被打上了tun_id并從隧道端口被轉(zhuǎn)發(fā)的跟蹤,下面再舉一個(gè)table miss被丟棄的例子:

[root@localhost ~]# ovs-appctl ofproto/trace sdn_dvs_dp in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,ip,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_proto=1 -generate
Bridge: sdn_dvs_dp
Flow: icmp,metadata=0,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Rule: table=0 cookie=0x1ea priority=0
OpenFlow actions=goto_table:1

        Resubmitted flow: unchanged
        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
        Resubmitted  odp: drop
        Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
        Rule: table=1 cookie=0x294 priority=221,in_port=127
        OpenFlow actions=write_metadata:0xa00000191,goto_table:4

                Resubmitted flow: icmp,metadata=0xa00000191,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                Resubmitted  odp: drop
                Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
                Rule: table=4 cookie=0x295 priority=161,dl_src=fa:16:3e:a5:85:78
                OpenFlow actions=write_metadata:0xa00000191,goto_table:5

                        Resubmitted flow: unchanged
                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                        Resubmitted  odp: drop
                        Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
                        Rule: table=5 cookie=0x1ef priority=0
                        OpenFlow actions=goto_table:6

                                Resubmitted flow: unchanged
                                Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                                Resubmitted  odp: drop
                                Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
                                Rule: table=6 cookie=0x1f4 priority=111,dl_dst=00:d0:d0:1c:3d:2d
                                OpenFlow actions=goto_table:7

                                        Resubmitted flow: unchanged
                                        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
                                        Resubmitted  odp: drop
                                        Resubmitted megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
                                        Rule: table=7 cookie=0x1f1 priority=0
                                        OpenFlow actions=CONTROLLER:65535

Final flow: icmp,metadata=0xa00000191,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no
Datapath actions: drop
This flow is handled by the userspace slow path because it:
        - Sends "packet-in" messages to the OpenFlow controller.
向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI