Russell, would you mind reviewing this?
On Mon, Jul 04, 2016 at 08:03:49AM -0700, Ben Pfaff wrote: > From: nickcooper-zhangtonghao <nickcooper-zhangtong...@opencloud.tech> > > Improve the tutorial of the basic OVN features. The addresses and > port_security > columns of the logical port is described in more detail. > > Signed-off-by: nickcooper-zhangtonghao > <nickcooper-zhangtong...@opencloud.tech> > --- > tutorial/OVN-Tutorial.md | 36 > ++++++++++++++++++++++++++++++ > tutorial/automake.mk | 4 ++++ > tutorial/ovn/env1/add-security-ip-ports.sh | 25 +++++++++++++++++++++ > tutorial/ovn/env1/add-unknown-ports.sh | 25 +++++++++++++++++++++ > tutorial/ovn/env1/packet3.sh | 19 ++++++++++++++++ > tutorial/ovn/env1/packet4.sh | 19 ++++++++++++++++ > 6 files changed, 128 insertions(+) > create mode 100755 tutorial/ovn/env1/add-security-ip-ports.sh > create mode 100755 tutorial/ovn/env1/add-unknown-ports.sh > create mode 100755 tutorial/ovn/env1/packet3.sh > create mode 100755 tutorial/ovn/env1/packet4.sh > > diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md > index 811224d..0c3620e 100644 > --- a/tutorial/OVN-Tutorial.md > +++ b/tutorial/OVN-Tutorial.md > @@ -221,6 +221,38 @@ that it is output to both ports `2` and `3`. > > $ ovn/env1/packet2.sh > > +The logical port may have an unknown set of Ethernet addresses. When an OVN > logical > +switch processes a unicast Ethernet frame whose destination MAC address is > not in any > +logical port’s addresses column, it delivers it to the port (or ports) whose > addresses > +columns include unknown. > + > +[View ovn/env1/add-unknown-ports.sh][env1unknownports]. > + > + $ ovn/env1/add-unknown-ports.sh > + > +This trace shows a packet from `sw0-port1` to `sw0-port4`, `sw0-port5` whose > addresses > +columns include unknown. You will see that it is output to both ports `4` > and `5`. > + > +[View ovn/env1/packet3.sh][env1packet3]. > + > + $ ovn/env1/packet3.sh > + > +The logical port would restrict the host to sending packets from and > receiving packets > +to the ethernet addresses defined in the logical port’s port_security column. > +In addition to the restrictions described for Ethernet addresses above, such > an element > +of port_security restricts the IPv4 or IPv6 addresses from which the host > may send and > +to which it may receive packets to the specified addresses. > + > +[View ovn/env1/add-security-ip-ports.sh][env1securityport]. > + > + $ ovn/env1/add-security-ip-ports.sh > + > +This trace shows a packet from `sw0-port6` to `sw0-port7`. > + > +[View ovn/env1/packet4.sh][env1packet4]. > + > + $ ovn/env1/packet4.sh > + > 2) 2 switches, 4 ports > ---------------------- > > @@ -867,6 +899,10 @@ hypervisors. Please see the tutorial 3 above. > > [env1packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet1.sh > > [env1packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet2.sh > > [env1thirdport]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/add-third-port.sh > +[env1unknownports]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-unknown-ports.sh > +[env1securityport]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-security-ip-ports.sh > +[env1packet3]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet3.sh > +[env1packet4]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet4.sh > > [env2setup]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/setup.sh > > [env2packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet1.sh > > [env2packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet2.sh > diff --git a/tutorial/automake.mk b/tutorial/automake.mk > index 7e835f2..5e0d868 100644 > --- a/tutorial/automake.mk > +++ b/tutorial/automake.mk > @@ -12,7 +12,11 @@ EXTRA_DIST += \ > tutorial/ovn/env1/setup.sh \ > tutorial/ovn/env1/packet1.sh \ > tutorial/ovn/env1/packet2.sh \ > + tutorial/ovn/env1/packet3.sh \ > + tutorial/ovn/env1/packet4.sh \ > tutorial/ovn/env1/add-third-port.sh \ > + tutorial/ovn/env1/add-unknown-ports.sh \ > + tutorial/ovn/env1/add-security-ip-ports.sh \ > tutorial/ovn/env2/setup.sh \ > tutorial/ovn/env2/packet1.sh \ > tutorial/ovn/env2/packet2.sh \ > diff --git a/tutorial/ovn/env1/add-security-ip-ports.sh > b/tutorial/ovn/env1/add-security-ip-ports.sh > new file mode 100755 > index 0000000..5be1528 > --- /dev/null > +++ b/tutorial/ovn/env1/add-security-ip-ports.sh > @@ -0,0 +1,25 @@ > +#!/bin/bash > +# > +# Licensed under the Apache License, Version 2.0 (the "License"); > +# you may not use this file except in compliance with the License. > +# You may obtain a copy of the License at: > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > +# > + > +set -o xtrace > + > +ovn-nbctl lsp-add sw0 sw0-port6 > +ovn-nbctl lsp-add sw0 sw0-port7 > +ovn-nbctl lsp-set-addresses sw0-port6 "00:00:00:00:00:06" > +ovn-nbctl lsp-set-addresses sw0-port7 "00:00:00:00:00:07" > +ovn-nbctl lsp-set-port-security sw0-port6 00:00:00:00:00:06 192.168.1.10/24 > +ovn-nbctl lsp-set-port-security sw0-port7 00:00:00:00:00:07 192.168.1.20/24 > +ovs-vsctl add-port br-int lport6 -- set Interface lport6 > external_ids:iface-id=sw0-port6 > +ovs-vsctl add-port br-int lport7 -- set Interface lport7 > external_ids:iface-id=sw0-port7 > diff --git a/tutorial/ovn/env1/add-unknown-ports.sh > b/tutorial/ovn/env1/add-unknown-ports.sh > new file mode 100755 > index 0000000..be161d2 > --- /dev/null > +++ b/tutorial/ovn/env1/add-unknown-ports.sh > @@ -0,0 +1,25 @@ > +#!/bin/bash > +# > +# Licensed under the Apache License, Version 2.0 (the "License"); > +# you may not use this file except in compliance with the License. > +# You may obtain a copy of the License at: > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > +# > + > +set -o xtrace > + > +ovn-nbctl lsp-add sw0 sw0-port4 > +ovn-nbctl lsp-add sw0 sw0-port5 > +ovn-nbctl lsp-set-addresses sw0-port4 unknown > +ovn-nbctl lsp-set-addresses sw0-port5 unknown > +ovn-nbctl lsp-set-port-security sw0-port4 00:00:00:00:00:04 00:00:00:00:00:05 > +ovn-nbctl lsp-set-port-security sw0-port5 00:00:00:00:00:04 00:00:00:00:00:05 > +ovs-vsctl add-port br-int lport4 -- set Interface lport4 > external_ids:iface-id=sw0-port4 > +ovs-vsctl add-port br-int lport5 -- set Interface lport5 > external_ids:iface-id=sw0-port5 > diff --git a/tutorial/ovn/env1/packet3.sh b/tutorial/ovn/env1/packet3.sh > new file mode 100755 > index 0000000..b266801 > --- /dev/null > +++ b/tutorial/ovn/env1/packet3.sh > @@ -0,0 +1,19 @@ > +#!/bin/bash > +# > +# Licensed under the Apache License, Version 2.0 (the "License"); > +# you may not use this file except in compliance with the License. > +# You may obtain a copy of the License at: > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > +# > + > +set -o xtrace > + > +# Trace a packet from sw0-port1 to sw0-port4, sw0-port5 which address is set > as unknown. > +ovs-appctl ofproto/trace br-int > in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:04 -generate > diff --git a/tutorial/ovn/env1/packet4.sh b/tutorial/ovn/env1/packet4.sh > new file mode 100755 > index 0000000..2fa4530 > --- /dev/null > +++ b/tutorial/ovn/env1/packet4.sh > @@ -0,0 +1,19 @@ > +#!/bin/bash > +# > +# Licensed under the Apache License, Version 2.0 (the "License"); > +# you may not use this file except in compliance with the License. > +# You may obtain a copy of the License at: > +# > +# http://www.apache.org/licenses/LICENSE-2.0 > +# > +# Unless required by applicable law or agreed to in writing, software > +# distributed under the License is distributed on an "AS IS" BASIS, > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > +# See the License for the specific language governing permissions and > +# limitations under the License. > +# > + > +set -o xtrace > + > +# Trace a packet from sw0-port6 to sw0-port7. > +ovs-appctl ofproto/trace br-int > in_port=6,dl_type=0x0800,dl_src=00:00:00:00:00:06,dl_dst=00:00:00:00:00:07,nw_src=192.168.1.10,nw_dst=192.168.1.20 > -generate > -- > 2.1.3 > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
