1)
creates a new bridge/ovs-switch "my-ov-switch1" and puts "my-ov-switch1" into so-called "fail-secure" mode.
#sudo ovs-vsctl add-br my-ov-switch1 -- set Bridge my-ov-switch1 fail-mode=secure
http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=tutorial/Tutorial;hb=HEAD
2)
Check the newly created bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl show
* The new bridge/ovs-switch has only one port on it so far, the "local port" my-ov-switch1.
3)
List all bridges/ovs-switchs
#sudo ovs-vsctl list-br
4)
List all ports in the bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl list-ports my-ov-switch1
5)
We need to add ports my-ovs-port1, my-ovs-port2, my-ovs-port3, and my-ovs-port4 to bridge/ovs-switch "my-ov-switch1".A shell "for" loop is one way to do it.
for i in 1 2 3 4; do
sudo ovs-vsctl add-port my-ov-switch1 my-ovs-port$i -- set Interface my-ovs-port$i ofport_request=$i type=internal
sudo ovs-ofctl mod-port my-ov-switch1 my-ovs-port$i up
done
* In addition to adding a port, the ovs-vsctl command above sets its
"ofport_request" column to ensure that port my-ovs-port1 is assigned OpenFlow
port 1, my-ovs-port2 is assigned OpenFlow port 2, and so on.
6)
Run following command to see what we've done so far.
#sudo ovs-vsctl show
#sudo ovs-ofctl show my-ov-switch1
7)
Check the Flow Table of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl show my-ov-switch1
List/Dump all OpenFlow flow tables of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-tables my-ov-switch1
List/Dump all OpenFlow flows of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
8)
Delete all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl del-flows my-ov-switch1
9)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
10)
Add and Test First OpenFlow Flow Entry
10a)
Add a flow to OpenFlow table "1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl add-flow my-ov-switch1 "table=1, priority=99, in_port=1 actions=mod_vlan_vid:20"
* Meaning: If a packet comes to OpenvSwitch Port "my-ovs-port1" (in_port=1, mapped as OpenFlow port 1), add vlan tag "20" to that packet.
10b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
Output
----------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=4011.56s, table=0, n_packets=0, n_bytes=0, idle_age=4011, priority=99,in_port=1 actions=mod_vlan_vid:20
10c)
* Test the flow with tool "ofproto/trace", it shows, step-by-step, how
such a flow would be treated as it goes through the switch.
* Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
---------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=1 cookie=0 priority=99,in_port=1
OpenFlow actions=mod_vlan_vid:20
Final flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Final flow:"
11)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).
11a)
Add flow
#sudo ovs-ofctl add-flow my-ov-switch1 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"
11b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
Output
----------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=1048.791s, table=0, n_packets=0, n_bytes=0, idle_age=1048, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)
11c)
Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
----------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
No match
Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* Since there is no flows in "table 2" packet got dropped, see "Resubmitted odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 2 (final table).
12)
a)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).
b)
Add another OpenFlow entry in OpenFlow table 2 of OpenvSwitch "my-ov-switch1" which would simply resubmit packet to next OpenFlow table (table 3).
12a)
Add flows
#sudo ovs-ofctl add-flow br0 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"
#sudo ovs-ofctl add-flow br0 "table=2, priority=100, in_port=1 actions=resubmit(,3)"
12b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6.724s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=3.552s, table=2, n_packets=0, n_bytes=0, idle_age=3, priority=100,in_port=1 actions=resubmit(,3)
12c)
Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
----------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
Rule: table=2 cookie=0 priority=100,in_port=1
OpenFlow actions=resubmit(,3)
Resubmitted flow: unchanged
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
No match
Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* You can see "Resubmitted flow: unchanged", "table 2" doesn't made any change in packet before resubmit to "table 3"
* Since there is no flows in "table 3" packet got dropped, see "Resubmitted odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 3 (final table).
creates a new bridge/ovs-switch "my-ov-switch1" and puts "my-ov-switch1" into so-called "fail-secure" mode.
#sudo ovs-vsctl add-br my-ov-switch1 -- set Bridge my-ov-switch1 fail-mode=secure
http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=tutorial/Tutorial;hb=HEAD
2)
Check the newly created bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl show
* The new bridge/ovs-switch has only one port on it so far, the "local port" my-ov-switch1.
3)
List all bridges/ovs-switchs
#sudo ovs-vsctl list-br
4)
List all ports in the bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl list-ports my-ov-switch1
5)
We need to add ports my-ovs-port1, my-ovs-port2, my-ovs-port3, and my-ovs-port4 to bridge/ovs-switch "my-ov-switch1".A shell "for" loop is one way to do it.
for i in 1 2 3 4; do
sudo ovs-vsctl add-port my-ov-switch1 my-ovs-port$i -- set Interface my-ovs-port$i ofport_request=$i type=internal
sudo ovs-ofctl mod-port my-ov-switch1 my-ovs-port$i up
done
* In addition to adding a port, the ovs-vsctl command above sets its
"ofport_request" column to ensure that port my-ovs-port1 is assigned OpenFlow
port 1, my-ovs-port2 is assigned OpenFlow port 2, and so on.
6)
Run following command to see what we've done so far.
#sudo ovs-vsctl show
#sudo ovs-ofctl show my-ov-switch1
7)
Check the Flow Table of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl show my-ov-switch1
List/Dump all OpenFlow flow tables of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-tables my-ov-switch1
List/Dump all OpenFlow flows of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
8)
Delete all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl del-flows my-ov-switch1
9)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
10)
Add and Test First OpenFlow Flow Entry
10a)
Add a flow to OpenFlow table "1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl add-flow my-ov-switch1 "table=1, priority=99, in_port=1 actions=mod_vlan_vid:20"
* Meaning: If a packet comes to OpenvSwitch Port "my-ovs-port1" (in_port=1, mapped as OpenFlow port 1), add vlan tag "20" to that packet.
10b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
Output
----------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=4011.56s, table=0, n_packets=0, n_bytes=0, idle_age=4011, priority=99,in_port=1 actions=mod_vlan_vid:20
10c)
* Test the flow with tool "ofproto/trace", it shows, step-by-step, how
such a flow would be treated as it goes through the switch.
* Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
---------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=1 cookie=0 priority=99,in_port=1
OpenFlow actions=mod_vlan_vid:20
Final flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Final flow:"
11)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).
11a)
Add flow
#sudo ovs-ofctl add-flow my-ov-switch1 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"
11b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
Output
----------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=1048.791s, table=0, n_packets=0, n_bytes=0, idle_age=1048, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)
11c)
Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
----------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
No match
Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* Since there is no flows in "table 2" packet got dropped, see "Resubmitted odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 2 (final table).
12)
a)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).
b)
Add another OpenFlow entry in OpenFlow table 2 of OpenvSwitch "my-ov-switch1" which would simply resubmit packet to next OpenFlow table (table 3).
12a)
Add flows
#sudo ovs-ofctl add-flow br0 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"
#sudo ovs-ofctl add-flow br0 "table=2, priority=100, in_port=1 actions=resubmit(,3)"
12b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6.724s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)
cookie=0x0, duration=3.552s, table=2, n_packets=0, n_bytes=0, idle_age=3, priority=100,in_port=1 actions=resubmit(,3)
12c)
Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1
Output
----------
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)
Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
Rule: table=2 cookie=0 priority=100,in_port=1
OpenFlow actions=resubmit(,3)
Resubmitted flow: unchanged
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted odp: drop
No match
Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop
-----------
* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* You can see "Resubmitted flow: unchanged", "table 2" doesn't made any change in packet before resubmit to "table 3"
* Since there is no flows in "table 3" packet got dropped, see "Resubmitted odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 3 (final table).
http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=tutorial/Tutorial;hb=HEAD
ReplyDeleteOur switch design will consist of five main flow tables, each of which
implements one stage in the switch pipeline:
Table 0: Admission control.
Table 1: VLAN input processing.
Table 2: Learn source MAC and VLAN for ingress port.
Table 3: Look up learned port for destination MAC and VLAN.
Table 4: Output processing.
The section below describes how to set up the scenario, followed by a
section for each OpenFlow table.