ovs流表设计

虚拟机 ping 任何ip前要发送arp广播请求目的mac,icmp报文对于同网段返回真实mac,对于其他网段返回的是网关的mac

利用ovs流表将收到的icmp request报文,修改为icmp reply报文并原路返回

cookie=0x0, duration=336.660s, table=17, n_packets=6, n_bytes=588, priority=24576,icmp,metadata=0xa/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18)

匹配项

icmp协议 :icmp
vni: metadata= $ vni
目的IP: nw_dst= $dvr
icmp类型: icmp_type=8
icmp code:icmp_code=0

执行项

修改目的IP:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[]
修改源IP:set_field: $GW->ip_src
修改目的mac:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[]
修改源mac:set_field: $dvr->eth_src
icmp类型:icmp_type=0
icmp code:icmp_code=0

环境准备

在这里插入图片描述

1、用ns模拟虚拟机

ip netns add ns1
ip l a veth0 type veth peer name ovs-veth0
ip l s veth0 netns ns1
ovs-vsctl add-br br-int
ovs-vsctl add-port br-int ovs-veth0
ip l s ovs-veth0 up
ip netns exec ns1 ip a a 10.1.1.2/24 dev veth0
ip netns exec ns1 ip l s veth0 up
ip netns exec ns1 arp -s 10.1.1.1 bb:bb:bb:bb:bb:13

2、下发流表

ovs-ofctl add-flow br-int -O OpenFlow13 "table=0,priority=100,in_port="ovs-veth0" actions=resubmit(,1)"
ovs-ofctl add-flow br-int -O OpenFlow13 "table=1, priority=24576,in_port="ovs-veth0" actions=load:0x2->NXM_NX_REG1[],load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[17],write_metadata:0x1388/0xffffff,goto_table:17
ovs-ofctl add-flow br-int -O OpenFlow13 "table=17,priority=24576,icmp,metadata=0x1388/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18)"
ovs-ofctl add-flow br-int -O OpenFlow13 "table=18,priority=100,actions=output:ovs-veth0"

3、 流表显示

 cookie=0x0, duration=5402.365s, table=0, n_packets=356, n_bytes=34888, priority=100,in_port="ovs-veth0" actions=resubmit(,1)
 cookie=0x0, duration=15448.855s, table=0, n_packets=3, n_bytes=294, priority=0 actions=NORMAL
 cookie=0x0, duration=6433.393s, table=1, n_packets=356, n_bytes=34888, priority=24576,in_port="ovs-veth0",dl_src=0e:da:ad:43:9e:41 actions=load:0x2->NXM_NX_REG1[],load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[17],write_metadata:0x1388/0xffffff,goto_table:17
 cookie=0x0, duration=336.660s, table=17, n_packets=6, n_bytes=588, priority=24576,icmp,metadata=0x1388/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18)
 cookie=0x0, duration=3780.046s, table=18, n_packets=10, n_bytes=980, priority=100 actions=output:"ovs-veth0"

#4、测试结果

#ip netns exec ns1 ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.244 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.308 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.201 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.228 ms
64 bytes from 10.1.1.1: icmp_seq=5 ttl=64 time=0.177 ms
64 bytes from 10.1.1.1: icmp_seq=6 ttl=64 time=0.182 ms
Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐