A previous patch made some additions to section 1 of this tutorial.
This patch includes updates to the sample output that I got while
testing the additions to the tutorial.
Signed-off-by: Russell Bryant <russ...@ovn.org>
---
tutorial/OVN-Tutorial.md | 93 +++++++++++++++++++++++++++++-------------------
1 file changed, 57 insertions(+), 36 deletions(-)
diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md
index 1c3ab91..98e89ae 100644
--- a/tutorial/OVN-Tutorial.md
+++ b/tutorial/OVN-Tutorial.md
@@ -66,9 +66,9 @@ You can use the `ovn-nbctl` utility to see an overview of the
logical topology.
$ ovn-nbctl show
switch 78687d53-e037-4555-bcd3-f4f8eaf3f2aa (sw0)
port sw0-port1
- addresses: 00:00:00:00:00:01
+ addresses: [“00:00:00:00:00:01”]
port sw0-port2
- addresses: 00:00:00:00:00:02
+ addresses: [“00:00:00:00:00:02”]
The `ovn-sbctl` utility can be used to see into the state stored in the
`OVN_Southbound` database. The `show` command shows that there is a single
@@ -89,32 +89,46 @@ that reflect its own local view of the network. The
`ovn-sbctl` command can
show the logical flows.
$ ovn-sbctl lflow-list
- Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: ingress
+ Datapath: 03300166-e1bc-464e-9c6b-bdb76e5076ef Pipeline: ingress
table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]),
action=(drop;)
table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present),
action=(drop;)
- table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port1"
&& eth.src == {00:00:00:00:00:01}), action=(next;)
- table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port2"
&& eth.src == {00:00:00:00:00:02}), action=(next;)
+ table=0(ls_in_port_sec_l2), priority= 50, match=(inport == “sw0-port1”
&& eth.src == {00:00:00:00:00:01}), action=(next;)
+ table=0(ls_in_port_sec_l2), priority= 50, match=(inport == “sw0-port2”
&& eth.src == {00:00:00:00:00:02}), action=(next;)
table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;)
- table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1"
&& eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;)
- table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1"
&& eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00
|| nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll ==
00:00:00:00:00:01)))), action=(next;)
- table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2"
&& eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;)
- table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2"
&& eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00
|| nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll ==
00:00:00:00:00:02)))), action=(next;)
- table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port1"
&& (arp || nd)), action=(drop;)
- table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port2"
&& (arp || nd)), action=(drop;)
+ table=2(ls_in_port_sec_nd), priority= 90, match=(inport == “sw0-port1”
&& eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;)
+ table=2(ls_in_port_sec_nd), priority= 90, match=(inport == “sw0-port1”
&& eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00
|| nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll ==
00:00:00:00:00:01)))), action=(next;)
+ table=2(ls_in_port_sec_nd), priority= 90, match=(inport == “sw0-port2”
&& eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;)
+ table=2(ls_in_port_sec_nd), priority= 90, match=(inport == “sw0-port2”
&& eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00
|| nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll ==
00:00:00:00:00:02)))), action=(next;)
+ table=2(ls_in_port_sec_nd), priority= 80, match=(inport == “sw0-port1”
&& (arp || nd)), action=(drop;)
+ table=2(ls_in_port_sec_nd), priority= 80, match=(inport == “sw0-port2”
&& (arp || nd)), action=(drop;)
table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;)
table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;)
- table=4( ls_in_acl), priority= 0, match=(1), action=(next;)
- table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;)
- table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast),
action=(outport = "_MC_flood"; output;)
- table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst ==
00:00:00:00:00:01), action=(outport = "sw0-port1"; output;)
- table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst ==
00:00:00:00:00:02), action=(outport = "sw0-port2"; output;)
- Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: egress
- table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;)
- table=1( ls_out_acl), priority= 0, match=(1), action=(next;)
- table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;)
- table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast),
action=(output;)
- table=3(ls_out_port_sec_l2), priority= 50, match=(outport ==
"sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;)
- table=3(ls_out_port_sec_l2), priority= 50, match=(outport ==
"sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;)
+ table=4( ls_in_pre_lb), priority= 0, match=(1), action=(next;)
+ table=5(ls_in_pre_stateful), priority= 100, match=(reg0[0] == 1),
action=(ct_next;)
+ table=5(ls_in_pre_stateful), priority= 0, match=(1), action=(next;)
+ table=6( ls_in_acl), priority= 0, match=(1), action=(next;)
+ table=7( ls_in_lb), priority= 0, match=(1), action=(next;)
+ table=8( ls_in_stateful), priority= 100, match=(reg0[1] == 1),
action=(ct_commit; next;)
+ table=8( ls_in_stateful), priority= 100, match=(reg0[2] == 1),
action=(ct_lb;)
+ table=8( ls_in_stateful), priority= 0, match=(1), action=(next;)
+ table=9( ls_in_arp_rsp), priority= 0, match=(1), action=(next;)
+ table=10( ls_in_l2_lkup), priority= 100, match=(eth.mcast),
action=(outport = “_MC_flood”; output;)
+ table=10( ls_in_l2_lkup), priority= 50, match=(eth.dst ==
00:00:00:00:00:01), action=(outport = “sw0-port1”; output;)
+ table=10( ls_in_l2_lkup), priority= 50, match=(eth.dst ==
00:00:00:00:00:02), action=(outport = “sw0-port2”; output;)
+ Datapath: 03300166-e1bc-464e-9c6b-bdb76e5076ef Pipeline: egress
+ table=0( ls_out_pre_lb), priority= 0, match=(1), action=(next;)
+ table=1( ls_out_pre_acl), priority= 0, match=(1), action=(next;)
+ table=2(ls_out_pre_stateful), priority= 100, match=(reg0[0] == 1),
action=(ct_next;)
+ table=2(ls_out_pre_stateful), priority= 0, match=(1), action=(next;)
+ table=3( ls_out_lb), priority= 0, match=(1), action=(next;)
+ table=4( ls_out_acl), priority= 0, match=(1), action=(next;)
+ table=5( ls_out_stateful), priority= 100, match=(reg0[1] == 1),
action=(ct_commit; next;)
+ table=5( ls_out_stateful), priority= 100, match=(reg0[2] == 1),
action=(ct_lb;)
+ table=5( ls_out_stateful), priority= 0, match=(1), action=(next;)
+ table=6(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;)
+ table=7(ls_out_port_sec_l2), priority= 100, match=(eth.mcast),
action=(output;)
+ table=7(ls_out_port_sec_l2), priority= 50, match=(outport ==
“sw0-port1” && eth.dst == {00:00:00:00:00:01}), action=(output;)
+ table=7(ls_out_port_sec_l2), priority= 50, match=(outport ==
“sw0-port2” && eth.dst == {00:00:00:00:00:02}), action=(output;)
Now we can start taking a closer look at how `ovn-controller` has programmed
the
local switch. Before looking at the flows, we can use `ovs-ofctl` to verify
the
@@ -147,8 +161,8 @@ fields have been omitted for brevity.
$ ovs-ofctl -O OpenFlow13 dump-flows br-int
OFPST_FLOW reply (OF1.3) (xid=0x2):
- table=0, priority=100,in_port=1
actions=set_field:0x1->reg5,set_field:0x1->metadata,set_field:0x1->reg6,resubmit(,16)
- table=0, priority=100,in_port=2
actions=set_field:0x2->reg5,set_field:0x1->metadata,set_field:0x2->reg6,resubmit(,16)
+ table=0, priority=100,in_port=1
actions=set_field:0x1->metadata,set_field:0x1->reg6,resubmit(,16)
+ table=0, priority=100,in_port=2
actions=set_field:0x1->metadata,set_field:0x2->reg6,resubmit(,16)
table=16, priority=100,metadata=0x1,vlan_tci=0x1000/0x1000 actions=drop
table=16,
priority=100,metadata=0x1,dl_src=01:00:00:00:00:00/01:00:00:00:00:00
actions=drop
table=16, priority=50,reg6=0x1,metadata=0x1,dl_src=00:00:00:00:00:01
actions=resubmit(,17)
@@ -174,24 +188,31 @@ fields have been omitted for brevity.
table=19, priority=0,metadata=0x1 actions=resubmit(,20)
table=20, priority=0,metadata=0x1 actions=resubmit(,21)
table=21, priority=0,metadata=0x1 actions=resubmit(,22)
- table=22,
priority=100,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
actions=set_field:0xffff->reg7,resubmit(,32)
- table=22, priority=50,metadata=0x1,dl_dst=00:00:00:00:00:01
actions=set_field:0x1->reg7,resubmit(,32)
- table=22, priority=50,metadata=0x1,dl_dst=00:00:00:00:00:02
actions=set_field:0x2->reg7,resubmit(,32)
+ table=22, priority=0,metadata=0x1 actions=resubmit(,23)
+ table=23, priority=0,metadata=0x1 actions=resubmit(,24)
+ table=24, priority=0,metadata=0x1 actions=resubmit(,25)
+ table=25, priority=0,metadata=0x1 actions=resubmit(,26)
+ table=26,
priority=100,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
actions=set_field:0xffff->reg7,resubmit(,32)
+ table=26, priority=50,metadata=0x1,dl_dst=00:00:00:00:00:01
actions=set_field:0x1->reg7,resubmit(,32)
+ table=26, priority=50,metadata=0x1,dl_dst=00:00:00:00:00:02
actions=set_field:0x2->reg7,resubmit(,32)
table=32, priority=0 actions=resubmit(,33)
- table=33, priority=100,reg7=0x1,metadata=0x1
actions=set_field:0x1->reg5,resubmit(,34)
- table=33, priority=100,reg7=0xffff,metadata=0x1
actions=set_field:0x2->reg5,set_field:0x2->reg7,resubmit(,34),set_field:0x1->reg5,set_field:0x1->reg7,resubmit(,34),set_field:0xffff->reg7
- table=33, priority=100,reg7=0x2,metadata=0x1
actions=set_field:0x2->reg5,resubmit(,34)
+ table=33, priority=100,reg7=0x1,metadata=0x1 actions=resubmit(,34)
+ table=33, priority=100,reg7=0xffff,metadata=0x1
actions=set_field:0x2->reg7,resubmit(,34),set_field:0x1->reg7,resubmit(,34),set_field:0xffff->reg7
+ table=33, priority=100,reg7=0x2,metadata=0x1 actions=resubmit(,34)
table=34, priority=100,reg6=0x1,reg7=0x1,metadata=0x1 actions=drop
table=34, priority=100,reg6=0x2,reg7=0x2,metadata=0x1 actions=drop
- table=34, priority=0
actions=set_field:0->reg0,set_field:0->reg1,set_field:0->reg2,set_field:0->reg3,set_field:0->reg4,resubmit(,48)
+ table=34, priority=0
actions=set_field:0->reg0,set_field:0->reg1,set_field:0->reg2,resubmit(,48)
table=48, priority=0,metadata=0x1 actions=resubmit(,49)
table=49, priority=0,metadata=0x1 actions=resubmit(,50)
table=50, priority=0,metadata=0x1 actions=resubmit(,51)
- table=51,
priority=100,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
actions=resubmit(,64)
- table=51, priority=50,reg7=0x2,metadata=0x1,dl_dst=00:00:00:00:00:02
actions=resubmit(,64)
- table=51, priority=50,reg7=0x1,metadata=0x1,dl_dst=00:00:00:00:00:01
actions=resubmit(,64)
+ table=51, priority=0,metadata=0x1 actions=resubmit(,52)
+ table=52, priority=0,metadata=0x1 actions=resubmit(,53)
+ table=53, priority=0,metadata=0x1 actions=resubmit(,54)
+ table=54, priority=0,metadata=0x1 actions=resubmit(,55)
+ table=55,
priority=100,metadata=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
actions=resubmit(,64)
+ table=55, priority=50,reg7=0x2,metadata=0x1,dl_dst=00:00:00:00:00:02
actions=resubmit(,64)
+ table=55, priority=50,reg7=0x1,metadata=0x1,dl_dst=00:00:00:00:00:01
actions=resubmit(,64)
table=64, priority=100,reg7=0x1,metadata=0x1 actions=output:1
- table=64, priority=100,reg7=0x2,metadata=0x1 actions=output:2
The `ovs-appctl` command can be used to generate an OpenFlow trace of how a
packet would be processed in this configuration. This first trace shows a
--
2.7.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
