openvswitch vlan网络实践

最新推荐文章于 2024-03-18 14:39:15 发布
最新推荐文章于 2024-03-18 14:39:15 发布
阅读量1.3k 收藏 4
点赞数
分类专栏: openstack 虚拟化网络 文章标签: openvswitch linux ovs bond port 云原生
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u013743253/article/details/120207123
版权

1.建立ovs接口连接两个namespace组成二层网络

   br0
            +--------------------------------------+
            +--+                                +--+
        +---+  | tap1                       tap2|  +---+
        |   +--+                                +--+   |
        |   |                                      |   |
        |   +--------------------------------------+   |
        |                                              |
        |                                              |
        |                                              |
        |                                              |
+------------------+                      +-------------------+
|      tap1        |                      |           tap2    |
|192.168.1.102/24  |                      | 192.168.1.102/24  |
|                  |                      |                   |
|                  |                      |                   |
|                  |                      |                   |
|  namespace ns1   |                      |    namespace ns1  |
|                  |                      |                   |
+------------------+                      +-------------------+
 ip netns add ns1
 ip netns add ns2
 ovs-vsctl add-br br0
 ovs-vsctl add-port br0 tap1 -- set Interface tap1 type=internal
 ip link set tap1 netns ns1
 ip netns exec ns1 ip link set dev tap1 up
 ovs-vsctl add-port br0 tap2 -- set Interface tap2 type=internal
 ip link set tap2 netns ns2
 ip netns exec ns2 ip link set dev tap2 up
 ip netns exec ns1 ip addr add 192.168.1.102/24 dev tap1
 ip netns exec ns2 ip addr add 192.168.1.101/24 dev tap2
 ip netns exec ns1 ip link set lo up
 ip netns exec ns2 ip link set lo up

 ip netns exec ns1 ping -c 4 192.168.1.101
 ip netns exec ns1 ping -c 4 192.168.1.102

验证结果:OK

 2 vlan二层网络

ip netns add ns1
ip netns add ns2

ovs-vsctl add-br br0
ovs-vsctl add-port br0 tap1 -- set Interface tap1 type=internal

ovs-vsctl set Port tap1  tag=10

ip link set tap1 netns ns1
ip netns exec ns1 ip link set dev tap1 up

ovs-vsctl add-port br0 tap2 -- set Interface tap2 type=internal
ovs-vsctl set Port tap2  tag=11

ip link set tap2 netns ns2
ip netns exec ns2 ip link set dev tap2 up

ip netns exec ns1 ip addr add 192.168.1.101/24 dev tap1
ip netns exec ns2 ip addr add 192.168.1.102/24 dev tap2

ip netns exec ns1 ip link set lo up
ip netns exec ns2 ip link set lo up
-------------------------------------------------------------------------------
以上是第一个测试配置内容
-------------------------------------------------------------------------------
把两个tap加入不同的vlan中
ovs-vsctl set Port tap1  tag=10
ovs-vsctl set Port tap2  tag=11

--------------------------------------------------------------------------------
再次进行测试
ip netns exec ns1 ping -c 4 192.168.1.102 发现不通,符合预期,因为两个口属于不同vlan
新增br1,然后创建namesapce ns3,并在里面创建tap3,vlan属于tag10
ovs-vsctl add-br br1
ovs-vsctl add-port br1 tap3 -- set Interface tap3 type=internal

ovs-vsctl add-port br0 trunk_br0 trunks=10,11  -- set Interface trunk_br0 type=patch options:peer=trunk_br1
ovs-vsctl add-port br1 trunk_br1 trunks=10,11 -- set Interface trunk_br1 type=patch options:peer=trunk_br0

ip netns add ns3
ip link set tap3 netns ns3
ip netns exec ns3 ip addr add 192.168.1.103/24 dev tap3
ip netns exec ns3 ip link set dev tap3 up
ovs-vsctl set Port tap3 tag=10
---------------------------------------------------------------------------------
发现跟tap1口能通,跟tap2口不通
符合预期
---------------------------------------------------------------------------------

3 测试vlan 原理

结论:

1. second_br和thrid_br之间互通

2.first_br与tap1之间互通

3.port 1 和port 4属于turnk口,默认加入所有vlan中

4.创建的interal类型的端口,默认加入vlan 0中

[root@slb1 weiyanhua]# ovs-appctl fdb/show br0
 port  VLAN  MAC                Age
    1    10  de:6a:2a:72:9c:a1  230
    4    10  fa:dd:15:95:04:d8  158
    4     0  3a:a8:43:c2:1e:88   12
    2     0  66:ae:6a:f5:56:8e   12
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# ovs-appctl fdb/show br1
 port  VLAN  MAC                Age
    1    10  de:6a:2a:72:9c:a1  232
    2    10  fa:dd:15:95:04:d8  160
    3     0  3a:a8:43:c2:1e:88   14
    1     0  66:ae:6a:f5:56:8e   14

[root@slb1 weiyanhua]# ovs-ofctl dump-ports-desc br0
OFPST_PORT_DESC reply (xid=0x2):
 1(first_br): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 2(second_br): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 4(trunk_br0): addr:9a:ff:ff:71:5e:ab
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br0): addr:6e:e4:dd:55:1a:4b
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# ovs-ofctl dump-ports-desc br1
OFPST_PORT_DESC reply (xid=0x2):
 1(trunk_br1): addr:b6:bf:f7:6b:15:67
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(tap1): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 3(third_br): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br1): addr:16:64:c6:1c:e0:4b
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
[root@slb1 weiyanhua]#

 4 ovs bonding链路冗余

ovs-vsctl add-br br0
ovs-vsctl add-br br1
ip link add br0_tap0 type veth peer name br1_tap0
ip link add br0_tap1 type veth peer name br1_tap1
ip link set br0_tap0 up
ip link set br0_tap1 up
ip link set br1_tap0 up
ip link set br1_tap1 up

ovs-vsctl add-bond br0 bond0 br0_tap0 br0_tap1 
ovs-vsctl add-bond br1 bond1 br1_tap0 br1_tap1


ip netns add ns1
ip netns add ns2
ovs-vsctl add-port br0 tap1 -- set Interface tap1 type=internal
ip link set tap1 netns ns1
ip netns exec ns1 ip link set dev tap1 up
ip netns exec ns1 ip addr add 192.168.1.101/24 dev tap1


ovs-vsctl add-port br1 tap2 -- set Interface tap2 type=internal
ip link set tap2 netns ns2
ip netns exec ns2 ip link set dev tap2 up
ip netns exec ns2 ip addr add 192.168.1.102/24 dev tap2

 

 [root@slb1 weiyanhua]# ovs-appctl bond/show
---- bond1 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
lacp_status: off
lacp_fallback_ab: false
active slave mac: 12:da:b4:4f:d3:aa(br1_tap0)

slave br1_tap0: enabled
  active slave
  may_enable: true

slave br1_tap1: enabled
  may_enable: true

---- bond0 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
lacp_status: off
lacp_fallback_ab: false
active slave mac: f6:ab:b8:a1:4d:c2(br0_tap0)

slave br0_tap0: enabled
  active slave
  may_enable: true

slave br0_tap1: enabled
  may_enable: true

[root@slb1 weiyanhua]# 

默认建立的bond为主备模式(bond_mode: active-backup)
br1_tap0和br0_tap0 流量走这对口

开启lacp

[root@slb1 weiyanhua]# ovs-appctl bond/show
---- bond1 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
lacp_status: negotiated
lacp_fallback_ab: false
active slave mac: 12:da:b4:4f:d3:aa(br1_tap0)

slave br1_tap0: enabled
  active slave
  may_enable: true

slave br1_tap1: enabled
  may_enable: true

---- bond0 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
lacp_status: negotiated
lacp_fallback_ab: false
active slave mac: f6:ab:b8:a1:4d:c2(br0_tap0)

slave br0_tap0: enabled
  active slave
  may_enable: true

slave br0_tap1: enabled
  may_enable: true

[root@slb1 weiyanhua]# 

 能抓到lacp报文:

查看lacp信息 

[root@slb1 weiyanhua]# ovs-appctl lacp/show
---- bond0 ----
  status: active negotiated
  sys_id: 2e:70:0d:3f:10:4f
  sys_priority: 65534
  aggregation key: 1
  lacp_time: slow

slave: br0_tap0: current attached
  port_id: 2
  port_priority: 65535
  may_enable: true

  actor sys_id: 2e:70:0d:3f:10:4f
  actor sys_priority: 65534
  actor port_id: 2
  actor port_priority: 65535
  actor key: 1
  actor state: activity aggregation synchronized collecting distributing

  partner sys_id: 06:ca:c4:5c:ce:47
  partner sys_priority: 65534
  partner port_id: 1
  partner port_priority: 65535
  partner key: 1
  partner state: activity aggregation synchronized collecting distributing

slave: br0_tap1: current attached
  port_id: 1
  port_priority: 65535
  may_enable: true

  actor sys_id: 2e:70:0d:3f:10:4f
  actor sys_priority: 65534
  actor port_id: 1
  actor port_priority: 65535
  actor key: 1
  actor state: activity aggregation synchronized collecting distributing

  partner sys_id: 06:ca:c4:5c:ce:47
  partner sys_priority: 65534
  partner port_id: 2
  partner port_priority: 65535
  partner key: 1
  partner state: activity aggregation synchronized collecting distributing
---- bond1 ----
  status: active negotiated
  sys_id: 06:ca:c4:5c:ce:47
  sys_priority: 65534
  aggregation key: 1
  lacp_time: slow

slave: br1_tap0: current attached
  port_id: 1
  port_priority: 65535
  may_enable: true

  actor sys_id: 06:ca:c4:5c:ce:47
  actor sys_priority: 65534
  actor port_id: 1
  actor port_priority: 65535
  actor key: 1
  actor state: activity aggregation synchronized collecting distributing

  partner sys_id: 2e:70:0d:3f:10:4f
  partner sys_priority: 65534
  partner port_id: 2
  partner port_priority: 65535
  partner key: 1
  partner state: activity aggregation synchronized collecting distributing

slave: br1_tap1: current attached
  port_id: 2
  port_priority: 65535
  may_enable: true

  actor sys_id: 06:ca:c4:5c:ce:47
  actor sys_priority: 65534
  actor port_id: 2
  actor port_priority: 65535
  actor key: 1
  actor state: activity aggregation synchronized collecting distributing

  partner sys_id: 2e:70:0d:3f:10:4f
  partner sys_priority: 65534
  partner port_id: 1
  partner port_priority: 65535
  partner key: 1
  partner state: activity aggregation synchronized collecting distributing
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# 

  • active-backup 主-备 无法提升吞吐

  • balance-slb, 根据包的 source MAC + vlan tag來均衡流量

  • banlnce-tcp, 根据包的 L2/L3/L4 header来均衡流量

    banlance-tcp必须让硬件交换机设置802.3ad,balance-slb则设不设均可,设了流量提高比较大。

  • ovs-vsctl set Port bond0 bond_mode=balance-slb

  • 观察流量命令 cat /proc/net/dev

修改hash模式

[root@slb1 weiyanhua]# ovs-vsctl set Port bond0 bond_mode=balance-slb
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# ovs-vsctl set Port bond1 bond_mode=balance-slb
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# ovs-appctl bond/show
---- bond1 ----
bond_mode: balance-slb
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
next rebalance: 1024 ms
lacp_status: negotiated
lacp_fallback_ab: false
active slave mac: 12:da:b4:4f:d3:aa(br1_tap0)

slave br1_tap0: enabled
  active slave
  may_enable: true

slave br1_tap1: enabled
  may_enable: true

---- bond0 ----
bond_mode: balance-slb
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
updelay: 0 ms
downdelay: 0 ms
next rebalance: 7531 ms
lacp_status: negotiated
lacp_fallback_ab: false
active slave mac: f6:ab:b8:a1:4d:c2(br0_tap0)

slave br0_tap0: enabled
  active slave
  may_enable: true

slave br0_tap1: enabled
  may_enable: true

[root@slb1 weiyanhua]# 

 配置层显示interface和port

 [root@slb1 weiyanhua]# ovs-vsctl show
1015cc09-a996-41e6-9c77-b2259e969a49
    Bridge "br0"
        Port "tap1"
            Interface "tap1"
                type: internal
        Port "br0"
            Interface "br0"
                type: internal
        Port "bond0"
            Interface "br0_tap1"
            Interface "br0_tap0"
    Bridge "br1"
        Port "tap2"
            Interface "tap2"
                type: internal
        Port "br1"
            Interface "br1"
                type: internal
        Port "bond1"
            Interface "br1_tap0"
            Interface "br1_tap1"
    ovs_version: "2.11.0"
[root@slb1 weiyanhua]# 

 openflow层只显示interface 不会显示port

[root@slb1 weiyanhua]# ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00002e700d3f104f
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(br0_tap1): addr:3a:66:82:56:6a:68
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 2(br0_tap0): addr:f6:ab:b8:a1:4d:c2
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 4(tap1): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br0): addr:2e:70:0d:3f:10:4f
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@slb1 weiyanhua]#  

 datapath层也只显示interface,不显示port

 [root@slb1 weiyanhua]# ovs-dpctl show
2021-09-10T01:23:10Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
system@ovs-system:
  lookups: hit:42 missed:12002 lost:0
  flows: 0
  masks: hit:10098 total:0 hit/pkt:0.84
  port 0: ovs-system (internal)
  port 1: br0 (internal)
  port 2: br1 (internal)
  port 3: br0_tap1
  port 4: br0_tap0
  port 5: br1_tap0
  port 6: br1_tap1
  port 7: tap1 (internal)
  port 8: tap2 (internal)
[root@slb1 weiyanhua]# 

ovs代码结构中,大概分为如下三个层面:配置层,openflow层和转换层 

配置层      openflow层                          xlate转换层
bridge   -> ofproto                          -> xbridge
port     -> ofproto_dpif->bundles: ofbundle  -> xbundle
iface    -> ofproto->ports: ofport           -> xport

a. 通过ovs-vsctl配置的网桥,端口和接口等信息都认为是在配置层,可以使用ovs-vsctl show查看所有的配置。
b. 在bridge_reconfigure函数中,会将配置层信息传递到openflow层,每个iface分配openflow端口号,可以使用ovs-ofctl show br1查看。
c. 在type_run函数中,将openflow层信息转换到xlate层。

需要注意的是,在openflow层和datapath层只能看到iface,看不到port信息。所以对于bond口,在添加流表信息时,只能指定出端口为slave口。

展示下datapatch下报文路径,经过的port口

[root@slb1 weiyanhua]# ovs-dpctl show 
2021-09-10T01:44:29Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
system@ovs-system:
  lookups: hit:1085 missed:12395 lost:0
  flows: 12
  masks: hit:12776 total:2 hit/pkt:0.95
  port 0: ovs-system (internal)
  port 1: br0 (internal)
  port 2: br1 (internal)
  port 3: br0_tap1
  port 4: br0_tap0
  port 5: br1_tap0
  port 6: br1_tap1
  port 7: tap1 (internal)
  port 8: tap2 (internal)
[root@slb1 weiyanhua]# 
[root@slb1 weiyanhua]# ovs-dpctl dump-flows
2021-09-10T01:44:36Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
recirc_id(0),in_port(8),eth(src=c6:18:15:7f:86:05,dst=f2:ce:eb:63:45:e4),eth_type(0x0800),ipv4(frag=no), packets:262, bytes:25676, used:0.303s, actions:5
recirc_id(0),in_port(7),eth(src=f2:ce:eb:63:45:e4,dst=c6:18:15:7f:86:05),eth_type(0x0800),ipv4(frag=no), packets:262, bytes:25676, used:0.303s, actions:4
recirc_id(0),in_port(4),eth(src=c6:18:15:7f:86:05,dst=f2:ce:eb:63:45:e4),eth_type(0x0800),ipv4(frag=no), packets:262, bytes:25676, used:0.303s, actions:7
recirc_id(0),in_port(5),eth(src=f2:ce:eb:63:45:e4,dst=c6:18:15:7f:86:05),eth_type(0x0800),ipv4(frag=no), packets:262, bytes:25676, used:0.303s, actions:8
[root@slb1 weiyanhua]# 

在流表中显示port的name,便于观察
[root@slb1 weiyanhua]# ovs-dpctl dump-flows --names
2021-09-10T04:57:47Z|00001|dpif_netlink|INFO|The kernel module does not support meters.
recirc_id(0),in_port(br0_tap0),eth(),eth_type(0x8809), packets:0, bytes:0, used:never, actions:userspace(pid=4294962660,slow_path(lacp))
recirc_id(0),in_port(br1_tap1),eth(),eth_type(0x8809), packets:0, bytes:0, used:never, actions:userspace(pid=4294962660,slow_path(lacp))
recirc_id(0),in_port(tap1),eth(src=f2:ce:eb:63:45:e4,dst=c6:18:15:7f:86:05),eth_type(0x0800),ipv4(frag=no), packets:11853, bytes:1161594, used:0.913s, actions:br0_tap0
recirc_id(0),in_port(br1_tap0),eth(src=f2:ce:eb:63:45:e4,dst=c6:18:15:7f:86:05),eth_type(0x0800),ipv4(frag=no), packets:11853, bytes:1161594, used:0.913s, actions:tap2
recirc_id(0),in_port(tap2),eth(src=c6:18:15:7f:86:05,dst=f2:ce:eb:63:45:e4),eth_type(0x0800),ipv4(frag=no), packets:11853, bytes:1161594, used:0.913s, actions:br1_tap0
recirc_id(0),in_port(br0_tap1),eth(),eth_type(0x8809), packets:0, bytes:0, used:never, actions:userspace(pid=4294962660,slow_path(lacp))
recirc_id(0),in_port(br0_tap0),eth(src=c6:18:15:7f:86:05,dst=f2:ce:eb:63:45:e4),eth_type(0x0800),ipv4(frag=no), packets:11853, bytes:1161594, used:0.913s, actions:tap1
recirc_id(0),in_port(br1_tap0),eth(),eth_type(0x8809), packets:0, bytes:0, used:never, actions:userspace(pid=4294962660,slow_path(lacp))
[root@slb1 weiyanhua]#

 4.1 bond实现说明

4.1.1 bond口出方向报文处理

如果出端口为bond的slave口,应该怎么选择slave口呢?
分为两种情况,如果流表直接指定了出端口为slave口,则报文只会从此slave口发出,另一种情况是流表没有指定slave口,而是通过normal动作进行转发,这个情况bond转发才会生效


static void
output_normal(struct xlate_ctx *ctx, const struct xbundle *out_xbundle,
              const struct xvlan *xvlan)
{
    uint16_t vid;
    union flow_vlan_hdr old_vlans[FLOW_MAX_VLAN_HEADERS];
    struct xport *xport;
    struct xlate_bond_recirc xr;
    bool use_recirc = false;
    struct xvlan out_xvlan;

    check_and_set_cvlan_mask(ctx->wc, out_xbundle);

    xvlan_output_translate(out_xbundle, xvlan, &out_xvlan);
    if (out_xbundle->use_priority_tags) {
        out_xvlan.v[0].pcp = ntohs(ctx->xin->flow.vlans[0].tci) &
                             VLAN_PCP_MASK;
    }
    vid = out_xvlan.v[0].vid;
    if (ovs_list_is_empty(&out_xbundle->xports)) {
        /* Partially configured bundle with no slaves.  Drop the packet. */
        return;
    } else if (!out_xbundle->bond) {
        xport = CONTAINER_OF(ovs_list_front(&out_xbundle->xports), struct xport,
                             bundle_node);
    } else {
        struct flow_wildcards *wc = ctx->wc;
        struct ofport_dpif *ofport;

        if (ctx->xbridge->support.odp.recirc) {
            /* In case recirculation is not actually in use, 'xr.recirc_id'
             * will be set to '0', since a valid 'recirc_id' can
             * not be zero.  */
            bond_update_post_recirc_rules(out_xbundle->bond,
                                          &xr.recirc_id,
                                          &xr.hash_basis);
            if (xr.recirc_id) {
                /* Use recirculation instead of output. */
                use_recirc = true;
                xr.hash_alg = OVS_HASH_ALG_L4;
                /* Recirculation does not require unmasking hash fields. */
                wc = NULL;
            }
        }

        ofport = bond_choose_output_slave(out_xbundle->bond,
                                          &ctx->xin->flow, wc, vid);
        xport = xport_lookup(ctx->xcfg, ofport);

        if (!xport) {
            /* No slaves enabled, so drop packet. */
            return;
        }

        /* If use_recirc is set, the main thread will handle stats
         * accounting for this bond. */
        if (!use_recirc) {
            if (ctx->xin->resubmit_stats) {
                bond_account(out_xbundle->bond, &ctx->xin->flow, vid,
                             ctx->xin->resubmit_stats->n_bytes);
            }
            if (ctx->xin->xcache) {
                struct xc_entry *entry;
                struct flow *flow;

                flow = &ctx->xin->flow;
                entry = xlate_cache_add_entry(ctx->xin->xcache, XC_BOND);
                entry->bond.bond = bond_ref(out_xbundle->bond);
                entry->bond.flow = xmemdup(flow, sizeof *flow);
                entry->bond.vid = vid;
            }
        }
    }

    memcpy(&old_vlans, &ctx->xin->flow.vlans, sizeof(old_vlans));
    xvlan_put(&ctx->xin->flow, &out_xvlan);

    compose_output_action(ctx, xport->ofp_port, use_recirc ? &xr : NULL,
                          false, false);
    memcpy(&ctx->xin->flow.vlans, &old_vlans, sizeof(old_vlans));
}

判断是bond口,在bond的slave中根据负载算法选择端口,bond_choose_output_slave


static struct bond_slave *
choose_output_slave(const struct bond *bond, const struct flow *flow,
                    struct flow_wildcards *wc, uint16_t vlan)
{
    struct bond_entry *e;
    int balance;

    balance = bond->balance;
    if (bond->lacp_status == LACP_CONFIGURED) {
        /* LACP has been configured on this bond but negotiations were
         * unsuccussful. If lacp_fallback_ab is enabled use active-
         * backup mode else drop all traffic. */
        if (!bond->lacp_fallback_ab) {
            return NULL;
        }
        balance = BM_AB;
    }

    switch (balance) {
    case BM_AB:
        return bond->active_slave;

    case BM_TCP:
        if (bond->lacp_status != LACP_NEGOTIATED) {
            /* Must have LACP negotiations for TCP balanced bonds. */
            return NULL;
        }
        if (wc) {
            flow_mask_hash_fields(flow, wc, NX_HASH_FIELDS_SYMMETRIC_L3L4_UDP);
        }
        /* Fall Through. */
    case BM_SLB:
        if (wc && balance == BM_SLB) {
            flow_mask_hash_fields(flow, wc, NX_HASH_FIELDS_ETH_SRC);
        }
        e = lookup_bond_entry(bond, flow, vlan);
        if (!e->slave || !e->slave->enabled) {
            e->slave = get_enabled_slave(CONST_CAST(struct bond*, bond));
        }
        return e->slave;

    default:
        OVS_NOT_REACHED();
    }
}

4.1.2 bond口入方向报文处理

在active-backup模式下,如果inactive slave收到组播/广播报文,并且走的是normal流表,就会被drop,代码流程如下。
do_xlate_actions->xlate_output_action->xlate_normal->is_admissible->bond_check_admissibility

enum bond_verdict
bond_check_admissibility(struct bond *bond, const void *slave_,
                         const struct eth_addr eth_dst)
{
    ...
    /* Drop all multicast packets on inactive slaves. */
    if (eth_addr_is_multicast(eth_dst)) {
        if (bond->active_slave != slave) {
            goto out;
        }
    }
    ...
}
魏言华
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
openvswitch:OpenWrt的Open vSwitch软件包
05-10
更新openvswitch ./scripts/feeds install -a -p openvswitch 制作menuconfig 选择网络-> openvswitch-switchopenvswitch-brcompat和openvswitch-controller 回显'#CONFIG_KERNEL_BRIDGE未设置'>> .conf
OpenvSwitch实现简单VLAN
Cheney ' blog
11-03 1029
需求: 现有拓扑结构如下的网络结构(s1-s4为交换机,h1-h9为主机),现欲让单数主机(h1、h3、h5、h7、h9)之间互相能ping通,双数主机之间互相能够ping通,但单数和双数主机之间不能访问。 # 拓扑结构: ------------------------------------------------------ -------------------------s1--------------------------- ---------------------/---|---\----
Neutron总结-openvswitch+vlan网络
创新是灵魂,执行是生命。
03-26 3328
本篇文章介绍如何规划及创建openvswitch+vlan网络,实现实例间及实例与外部的通讯。
OpenvSwitch 配置 Trunk 端口实验
IT
03-18 608
通过配置Trunk口,我们可以在单个物理链路上实现网络分段,将不同VLAN的流量隔离在各自的广播域中。这种方式不仅节省了物理端口资源,还为网络提供了更高的灵活性和扩展性。Open vSwitch(OVS)作为一款领先的软件交换机,为构建灵活、可扩展的虚拟网络架构提供了强大的支持。通过本篇博客,我将介绍在单台Ubuntu 22.04 服务器上创建2个 OVS 虚拟交换机,然后通过Trunk口将两个虚拟交换机打通。本文使用KVM运行虚拟机,为KVM创建2个ovs网络,分别绑定到两个OVS虚拟交换机。
Open vSwitch实现VLAN
如释我闻
12-17 8236
VLANs隔离虚拟机流量——Isolating VM Traffic Using VLANs 本文是一篇翻译文章,翻译自Open vSwitch的官方文档——Isolating VM Traffic Using VLANs。系博主在尝试搭建ovs构建VLAN时百度上资料过少,算是填补一些空白。
Openstack组件实现原理 — OpenVswitch/Gre/vlan
weixin_34261415的博客
08-15 325
目录 目录 前文提要 Neutron 管理的网络相关实体 OpenVswitchOVS OVS 的架构 VLan GRE 隧道 Compute Node 中的 Instance 通过 GRE 访问 Public Network 涉及的 Linux 网络技术 前文提要 Openstack组件部署 — Ov...
openvswitch 使用记录(二)--vlan 环境搭建(1)
wangyangzhizunwudi的博客
02-23 794
转存失败重新上传取消
openvswitch
09-13
感谢csdn平台,在这个平台分享知识,很开心认识大家,欢迎大家下载,docker&openvswitch,互相学习,共同进步。
openstack ocata版本安装完全上手指南(openvswitch+vlan)
08-13
1. 建议使用dnsmasq进行主机名称的解析 2. 离线安装时需要CentOS 7的virt和storage源 3. 调整systemd服务的文件和进程数: 在两个文件 /etc/systemd/system.conf 和 /etc/systemd/user.conf末尾添加: ...
openvswitch网络配置说明及文件含bonding
11-15
OVS下的网络配置。网卡桥接网桥,多块网卡做bonding然后桥接网桥,有说明文档,也有配置文件。本人测试环境为centos6.2和openvswitch2.3.0
open vswitch openflow great tutorial
06-24
Open vSwitch的目標,是做一個具有產品級質量的多層虛擬交換機。通過可編程擴展,可以實現大規模網絡的自動化(配置、管理、維護)。它支持現有標準管理接口和協議(比如netFlow,sFlow,SPAN,RSPAN,CLI,LACP,...
Open vSwitch VLAN相关字段详解(dl_vlan、dl_vlan_pcp、vlan_vid、vlan_pcp、vlan_tci)
祈晴小义
11-23 8732
Open vSwitch VLAN相关字段(dl_vlan/dl_vlan_pcp/vlan_vid/vlan_pcp/vlan_tci)
OpenVswitch初探 - VLAN
lingshengxiyou的博客
03-29 715
传统的交换机设备都是支持VLAN隔离的,OpenvSwitch作为一个主流的虚拟交换机,自然也是支持VLAN相关的实现的。OVS交换机内部也可以通过VLAN ID来隔离交换机的各个端口。例如:如果一个OVS交换机的端口设置了tag标签(该端口处于access模式),数据包从该端口进入到交换机内部时,该数据包就会被打上对应的tag,于是该数据包也就只能从设置了相同tag的端口发出,而在出交换机的时候,数据包上的tag会被删除。这样就实现了交换机内部的一个隔离。
Open vSwitch + VLAN 组网
实践求真知
03-02 2408
VLAN基础1 VLAN 的含义LAN 表示 Local Area Network,本地局域网,通常使用 Hub 和 Switch 来连接LAN 中的计算机。一般来说,当你将两台计算机连入同一个 Hub 或者 Switch 时,它们就在同一个 LAN 中。同样地,你连接两个 Switch 的话,它们也在一个 LAN 中。一个 LAN 表示一个广播域,它的意思是,LAN 中的所有成员都会收到 L...
OpenVSwtich(OVSVlan间路由实战 附实验环境
悦分享
03-19 1527
OpenvSwitch,简称OVS是一个虚拟交换软件,主要用于虚拟机VM环境,作为一个虚拟交换机,支持Xen/XenServer, KVM, and VirtualBox多种虚拟化技术。虽然是虚拟交换机,但是其工作原理与物理交换机类似。在虚拟交换机的实现中,其两端分别连接着物理网卡和多块虚拟网卡,同时虚拟交换机内部会维护一张映射表,根据MAC地址寻找对应的虚拟机链路进而完成数据转发。
Open vSwitch 入门实践(8) VXLAN实验
zyqash的博客
04-19 1057
VXLAN(Virtual eXtensible Local Area Network,虚拟扩展局域网),是由IETF定义的NVO3(Network Virtualization over Layer 3)标准技术之一,是对传统VLAN协议的一种扩展。VXLAN的特点是将L2的以太帧封装到UDP报文(即L2 over L4)中,并在L3网络中传输。VXLAN详情请参考。
基于OpenVSwitch实现Vlan进行测试
walkerkalr的专栏
02-12 3492
背景 目前公司二层网络机器和交换机越来越多,当广播的时候二层网络上的机器都会受到报文,这样网络性能就会下降。 解决方案: 1.物理隔离:需要通信的交换机连接在单独的交换机上,交换机之间通过路由器连接。 2.虚拟隔离(VPC采用的技术):VLan/VxLan/GRE。使用VLan可以连接在一个交换机上的机器进行通信隔离。 VLan介绍 VLan技术在原来的二层报文的头上加一个 TAG,里面有一个 V...
openvswitch流表转发vxlan报文
bobi的博客
03-01 5327
vxlan:虚拟可拓展局域网 产生条件:局域网3层架构都是有冗余的,但要防止环路又不能使用STP(因为数据中心的每一个链路都是核心带宽,阻塞接口代价太大)3层可以用ospf和isis协议天然防环,因为使用SPF算法 虚拟化技术产生:对于一些低流量网站,没有充分发挥高性能服务器(刀片服务器)的作用,可以将服务器虚拟化成2个供其他网站使用,每一个虚拟机就是一个服务器,共享硬件资源,CPU使用率改变,能......
OpenvSwitchBonding接口
redwingz的博客
07-11 3522
Bonding允许两个或多个接口(“slaves”)共享网络流量。从高层的角度来看,Bonded的接口就像一个单一接口,但是它们具有多个网络接口的带宽,例如两个1 GB物理接口就像一个2 GB的接口。Bond也增加了稳健性:只要至少有一个slave是UP的,Bond接口就不会Down。 在vswitchd中,Bond总是至少有两个slaves(并且可能有更多)。如果配置等的错误导致Bond只有一个...
OpenVswitch
最新发布
04-16
OpenVSwitch(OVS)是一个开源的虚拟交换机,它可以在虚拟化环境中提供网络连接和流量管理。OVS可以用于构建和管理虚拟网络,以及实现网络功能虚拟化(NFV)和软件定义网络(SDN)。 以下是使用OpenVSwitch的一些常见操作和命令: 1. 创建一个OVS交换机[^1]: ```shell ovs-vsctl add-br <bridge_name> ``` 2. 添加一个物理端口到OVS交换机[^1]: ```shell ovs-vsctl add-port <bridge_name> <port_name> ``` 3. 查看OVS交换机的配置信息[^1]: ```shell ovs-vsctl show ``` 4. 查看OVS交换机中的端口信息[^1]: ```shell ovs-vsctl list-ports <bridge_name> ``` 5. 设置OVS交换机端口的VLAN标签[^1]: ```shell ovs-vsctl set port <port_name> tag=<vlan_id> ``` 6. 创建一个OVS虚拟端口[^1]: ```shell ovs-vsctl add-port <bridge_name> <port_name> -- set interface <port_name> type=internal ``` 7. 设置OVS虚拟端口的IP地址[^1]: ```shell ip addr add <ip_address>/<subnet_mask> dev <port_name> ``` 8. 启用OVS交换机的流量转发[^1]: ```shell ovs-ofctl add-flow <bridge_name> actions=normal ``` 这些是OpenVSwitch的一些基本操作和命令。你可以根据具体的需求和场景进一步了解和使用OpenVSwitch

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值