openvswitch 配置acl
Openswitch的acl通过ofctl工具配置
命令如下:
添加规则
add-flow 交换机 规则
add-flow 交换机 <规则文件
add-flows 交换机 规则文件
修改规则
mod-flows交换机 规则
mod-flows 交换机 <规则文件
删除规则
del-flows交换机 规则
del-flows 交换机 <规则文件
替换规则文件
Replace-flows 交换机 规则文件
例子
ovs-ofctl add-flow br0 dl_src=52:54:00:aa:bb:cc,tp_dst=80,idle_timeout=0,actions=normal
ovs-ofctl add-flow br0 dl_dst=52:54:00:aa:bb:cc,tp_src=80,idle_timeout=0,actions=normal
ovs-ofctl add-flow br0 dl_src=52:54:00:aa:bb:cc,tp_dst=53,idle_timeout=0,actions=normal
ovs-ofctl add-flow br0 dl_dst=52:54:00:aa:bb:cc,tp_src=53,idle_timeout=0,actions=normal
ovs-ofctl add-flow br0 dl_src=52:54:00:aa:bb:cc,tp_dst=67,idle_timeout=0,actions=normal
ovs-ofctl add-flow br0 dl_dst=52:54:00:aa:bb:cc,tp_dst=68,idle_timeout=0,actions=normal
语法说明
In_port=端口 #端口可以通过show命令查看
dl_vlan=VLAN
更详细的说明可以查看文档,或者man
查看交换机配置台信息
ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000001b21890bdc
n_tables:1, n_buffers:256
features: capabilities:0x87, actions:0xfff
3(dummy0): addr:26:ed:1a:ad:57:68
config: 0
state: 0
10(tap0): addr:32:a9:03:61:77:e8
config: 0
state: 0
current: 10MB-FD COPPER
15(p1p2): addr:00:1b:21:89:0b:dd
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
16(p1p1): addr:00:1b:21:89:0b:dc
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
LOCAL(br0): addr:00:1b:21:89:0b:dc
config: PORT_DOWN
state: LINK_DOWN
OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0
查看已经配置的acl信息
ovs-ofctl dump-flows br0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=554.927s, table=0, n_packets=0, n_bytes=0, dl_dst=52:54:00:aa:bb:cc actions=NORMAL
cookie=0x0, duration=186846.192s, table=0, n_packets=2936225, n_bytes=2819308581, priority=0 actions=NORMAL
cookie=0x0, duration=555.702s, table=0, n_packets=0, n_bytes=0, dl_src=52:54:00:aa:bb:cc actions=NORMAL