Monday, October 13, 2014

HowTo OpenvSwitch Add and Test OpenFlow Flow Entries

1)
creates a new bridge/ovs-switch "my-ov-switch1" and puts "my-ov-switch1" into so-called "fail-secure" mode.
#sudo ovs-vsctl add-br my-ov-switch1 -- set Bridge my-ov-switch1 fail-mode=secure

http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=tutorial/Tutorial;hb=HEAD

2)
Check the newly created bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl show

* The new bridge/ovs-switch has only one port on it so far, the "local port" my-ov-switch1.

3)
List all bridges/ovs-switchs
#sudo ovs-vsctl list-br

4)
List all ports in the bridge/ovs-switch "my-ov-switch1"
#sudo ovs-vsctl list-ports my-ov-switch1

5)
We need to add ports my-ovs-port1, my-ovs-port2, my-ovs-port3, and my-ovs-port4 to bridge/ovs-switch "my-ov-switch1".A shell "for" loop is one way to do it.

for i in 1 2 3 4; do
    sudo ovs-vsctl add-port my-ov-switch1 my-ovs-port$i -- set Interface my-ovs-port$i ofport_request=$i type=internal
    sudo ovs-ofctl mod-port my-ov-switch1 my-ovs-port$i up
done


* In addition to adding a port, the ovs-vsctl command above sets its
"ofport_request" column to ensure that port my-ovs-port1 is assigned OpenFlow
port 1, my-ovs-port2 is assigned OpenFlow port 2, and so on.

6)

Run following command to see what we've done so far.
#sudo ovs-vsctl show
#sudo ovs-ofctl show my-ov-switch1


7)
Check the Flow Table of an OpenvSwitch "my-ov-switch1"

#sudo ovs-ofctl show my-ov-switch1

List/Dump all OpenFlow flow tables of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-tables my-ov-switch1

List/Dump all OpenFlow flows of an OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1

8)
Delete all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl del-flows my-ov-switch1

9)

List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1

10)

Add and Test First OpenFlow Flow Entry

10a)
Add a flow to OpenFlow table "1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl add-flow my-ov-switch1 "table=1, priority=99, in_port=1 actions=mod_vlan_vid:20"

* Meaning: If a packet comes to OpenvSwitch Port "my-ovs-port1" (in_port=1, mapped as OpenFlow port 1), add vlan tag "20" to that packet.

10b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1

Output
----------
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=4011.56s, table=0, n_packets=0, n_bytes=0, idle_age=4011, priority=99,in_port=1 actions=mod_vlan_vid:20
10c)
* Test the flow with tool "ofproto/trace", it shows, step-by-step, how
such a flow would be treated as it goes through the switch.
* Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1"
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1

Output
---------

Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=1 cookie=0 priority=99,in_port=1
OpenFlow actions=mod_vlan_vid:20

Final flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop

----------- 

* You can see "dl_vlan=20" in "Final flow:"

11)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).

11a)
Add flow
#sudo ovs-ofctl add-flow my-ov-switch1 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"

11b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1

Output
----------
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=1048.791s, table=0, n_packets=0, n_bytes=0, idle_age=1048, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)

11c)
Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1

Output
----------

Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

    Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
    Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
    Resubmitted  odp: drop
    No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop

----------- 

* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* Since there is no flows in "table 2" packet got dropped, see "Resubmitted  odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 2 (final table).

12)
a)
Add an OpenFlow entry in OpenFlow table 1 of OpenvSwitch "my-ov-switch1" which would add vlan tag "20" to packet comming throught port "my-ovs-port1" and resubmit to next OpenFlow table (table 2).

b)
Add another OpenFlow entry in OpenFlow table 2 of OpenvSwitch "my-ov-switch1" which would simply resubmit packet to next OpenFlow table (table 3).

12a)
Add flows
#sudo ovs-ofctl add-flow br0 "table=0, priority=100, in_port=1 actions=mod_vlan_vid:20, resubmit(,2)"
#sudo ovs-ofctl add-flow br0 "table=2, priority=100, in_port=1 actions=resubmit(,3)"


12b)
List all flows from OpenvSwitch "my-ov-switch1"
#sudo ovs-ofctl dump-flows my-ov-switch1

NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6.724s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,in_port=1 actions=mod_vlan_vid:20,resubmit(,2)
 cookie=0x0, duration=3.552s, table=2, n_packets=0, n_bytes=0, idle_age=3, priority=100,in_port=1 actions=resubmit(,3)

12c)

Send a packet to OpenvSwitch Port "my-ovs-port1" in the OpenvSwitch "my-ov-switch1" and test it.
#sudo ovs-appctl ofproto/trace my-ov-switch1 in_port=1

Output
----------

Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=100,in_port=1
OpenFlow actions=mod_vlan_vid:20,resubmit(,2)

    Resubmitted flow: metadata=0,in_port=1,dl_vlan=20,dl_vlan_pcp=0,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
    Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
    Resubmitted  odp: drop
    Rule: table=2 cookie=0 priority=100,in_port=1
    OpenFlow actions=resubmit(,3)

        Resubmitted flow: unchanged
        Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
        Resubmitted  odp: drop
        No match

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,vlan_tci=0x0000/0x1fff,dl_type=0x0000,nw_frag=no
Datapath actions: drop

-----------

* You can see "dl_vlan=20" in "Resubmitted flow:"
* Also note "OpenFlow actions=mod_vlan_vid:20,resubmit(,2)". Means, added vlan tag 20 to the packet and resubmitted to "table 2".
* You can see "Resubmitted flow: unchanged", "table 2" doesn't made any change in packet before resubmit to "table 3"
* Since there is no flows in "table 3" packet got dropped, see "Resubmitted  odp: drop" No match
* "Final flow: unchanged" means, packet has no change in table 3 (final table).




1 comment:

  1. http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=tutorial/Tutorial;hb=HEAD

    Our switch design will consist of five main flow tables, each of which
    implements one stage in the switch pipeline:

    Table 0: Admission control.

    Table 1: VLAN input processing.

    Table 2: Learn source MAC and VLAN for ingress port.

    Table 3: Look up learned port for destination MAC and VLAN.

    Table 4: Output processing.

    The section below describes how to set up the scenario, followed by a
    section for each OpenFlow table.

    ReplyDelete