dpctl 流表项操作

2019独角兽企业重金招聘Python工程师标准>>>

一、启动mini

为了实验方便建立一台openflow交换机、连接三台交互机，没有连接控制器的虚拟网络

$ sudo mn --topo single,3 --mac --switch ovsk --controller remote  
*** Creating network
*** Adding controller
Unable to contact the remote controller at 127.0.0.1:6653
Unable to contact the remote controller at 127.0.0.1:6633
Setting remote controller to 127.0.0.1:6653
*** Adding hosts:
h1 h2 h3 
*** Adding switches:
s1 
*** Adding links:
(h1, s1) (h2, s1) (h3, s1) 
*** Configuring hosts
h1 h2 h3 
*** Starting controller
c0 
*** Starting 1 switches
s1 ...
*** Starting CLI:
mininet>  dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=24213> 
<Host h2: h2-eth0:10.0.0.2 pid=24215> 
<Host h3: h3-eth0:10.0.0.3 pid=24217> 
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None pid=24222> 
<RemoteController c0: 127.0.0.1:6653 pid=24205> 
mininet> link
invalid number of args: link end1 end2 [up down]
mininet> links
h1-eth0<->s1-eth1 (OK OK) 
h2-eth0<->s1-eth2 (OK OK) 
h3-eth0<->s1-eth3 (OK OK)
mininet> h1 ping -c 2 h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable

这时可以看到h1和h2是不通的

二、建立s1端口1和2的双向转发

先查看s1的监听端口

$ sudo ovs-vsctl show 
2b05a0c0-015b-44cd-8ce8-d540d9f551c4
    Bridge "s1"
        Controller "tcp:127.0.0.1:6653"
        Controller "ptcp:6654"
        fail_mode: secure
        Port "s1-eth2"
            Interface "s1-eth2"
        Port "s1-eth1"
            Interface "s1-eth1"
        Port "s1-eth3"
            Interface "s1-eth3"
        Port "s1"
            Interface "s1"
                type: internal
    ovs_version: "2.5.2"

这里看出是6654

~$ dpctl add-flow tcp:127.0.0.1:6654 in_port=1,actions=output:2
~$ dpctl add-flow tcp:127.0.0.1:6654 in_port=2,actions=output:1
~$ dpctl dump-flows tcp:127.0.0.1:6654
stats_reply (xid=0xbf1d157c): flags=none type=1(flow)
  cookie=0, duration_sec=18s, duration_nsec=579000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0, idle_timeout=60,hard_timeout=0,in_port=1,actions=output:2
  cookie=0, duration_sec=12s, duration_nsec=103000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0, idle_timeout=60,hard_timeout=0,in_port=2,actions=output:1

在mininet里

mininet> dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=13.858s, table=0, n_packets=0, n_bytes=0, idle_timeout=60, idle_age=13, in_port=2 actions=output:1
 cookie=0x0, duration=6.319s, table=0, n_packets=0, n_bytes=0, idle_timeout=60, idle_age=6, in_port=1 actions=output:2
mininet> h1 ping -c 2 h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.338 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.072 ms

--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1023ms
rtt min/avg/max/mdev = 0.072/0.205/0.338/0.133 ms
mininet> h1 ping -c 2 h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable

--- 10.0.0.3 ping statistics ---
2 packets transmitted, 0 received, +1 errors, 100% packet loss, time 1015ms

s1-eth1和s1-eth2的转发流表已经建立了，故h1和h2能ping通，而h1和h3不行。

三、删除

~$ dpctl del-flows tcp:127.0.0.1:6654  

这时h1和h2又不通了

转载于:https://my.oschina.net/u/2245781/blog/910960