OpenvSwitch常用命令(全)

什么是 Open vSwitch

What is Open vSwitch?

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V.

OpenvSwitch支持的特性

Open vSwitch supports the following features:

  • Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors
  • LACP (IEEE 802.1AX-2008)
  • Standard 802.1Q VLAN model with trunking
  • Multicast snooping
  • IETF Auto-Attach SPBM and rudimentary required * * * LLDP support
  • BFD and 802.1ag link monitoring
  • STP (IEEE 802.1D-1998) and RSTP (IEEE 802.1D-2004)
  • Fine-grained QoS control
  • Support for HFSC qdisc
  • Per VM interface traffic policing
  • NIC bonding with source-MAC load balancing, active backup, and L4 hashing
  • OpenFlow protocol support (including many extensions for virtualization)
  • IPv6 support
  • Multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support)
  • Remote configuration protocol with C and Python bindings
  • Kernel and user-space forwarding engine options
    Multi-table forwarding pipeline with flow-caching engine
  • Forwarding layer abstraction to ease porting to new software and hardware platforms

一、两种 OVS fallback behavior

  • standalone
    这种模式下,没有运行controller的情况下,OVS会自动调回普通switch模式,如果有controller的情况,ovs会自动变成 openflow switch
    命令:
ovs-vsctl set-fail-mode ovs-switch standalone
ovs-switch替换成bridge的名字
  • secure
    这种模式下,无论有没有controller, ovs都会作为openflow switch运行, 也就是所有interface在bridge上,等待controller或者用户添加flow到switch来进行通信
ovs-vsctl set-fail-mode ovs-switch secure

二、OVS常用的两个 command line tool

ovs-vsctl 用来查询和配置ovs-vswitchd
ovs-ofctl 管理配置openflow switch

Open vSwitch常用命令

#添加网桥
ovs-vsctl add-br br-int

#列出网桥
ovs-vsctl list-br

#给网桥添加端口
ovs-vsctl add-port br-int tap-xxx

#列出挂载某网络接口的所有网桥
ovs-vsctl port-to-br tap-xxx

#查看全部信息
ovs-vsctl show

#举例 查看所有网桥
ovs-vsctl list bridge

#举例 删除一条qos记录
ovs-vsctl destroy qos 

#修改端口 p1 的 VLAN tag 为 101,使端口 p1 成为一个隶属于 VLAN 101 的端口
ovs-vsctl set Port p1 tag=101

#查看某网桥信息
ovs-ofctl show br-tun

#查看某网桥上所有端口的状态
ovs-ofctl dump-ports br-tun

#添加一条流表规则 丢弃从port2上发来的所有数据表
ovs-ofctl add-flow br-tun idle_timeout=120,in_port=2,actions=drop

#查看某网桥上面的流表规则
ovs-ofctl dump-flows br-tun

#屏蔽所有进入 OVS 的以太网广播数据包
ovs-ofctl add-flow ovs-switch "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"

#屏蔽 STP 协议的广播数据包
ovs-ofctl add-flow ovs-switch "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"

屏蔽对目的主机访问:
ovs-ofctl add-flow br0 idle_timeout=0,dl_type=0x0800,nw_src=xx.xx.xx.xx,actions=drop

Qos设置
Qos可以针对网络接口,也可以针对端口设置:
#针对网络接口  1000±100kbps
ovs-vsctl set interface tap-xxx ingress_policing_rate=1000
ovs-vsctl set interface tap-xxx ingress_policing_burst=100

#指定协议查看流表
ovs-ofctl dump-flows -O OpenFlow13 br-int

#删除br-int所连控制器
ovs-vsctl del-controller br-int

#添加br-int所连控制器(可以添加多个)
ovs-vsctl set-controller br-int "tcp:192.168.53.53:6633" "tcp:192.168.53.68:6633"

#添加br-int所连控制器步骤2(可以添加多个)
ovs-vsctl set-manager  "tcp:192.168.53.53:6640" "tcp:192.168.53.68:6640"

#修改br-int支持的of协议
ovs-vsctl set bridge br0 protocols=OpenFlow13

#把ovs的状态设置成normal,就是全转发
ovs-ofctl add-flow br-int "actions=normal"

#增加in_port和out_port的对应规则
ovs-ofctl add-flow br-int "in_port=22,actions=output:32" -O OpenFlow13

#删除br-int上所有流表
ovs-ofctl del-flows br-int

你可能感兴趣的:(SDN)