首先,openflow流表都是使用ovs-ofctl命令进行添加的。
1.
看 ovs-ofctl 的man手册
man ovs-ofctl
或者,这个地方也有:http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html
主要就是用,这几个命令:
dump-flows 、add-flow 、del-flows
等。
另外,有关actions的命令也在这个手册里。
2.
有关how to match见如下的man手册
man ovs-fields
或这个:http://www.openvswitch.org/support/dist-docs/ovs-fields.7.html
该手册,文档层次清晰,可以方便的速查。按照逻辑分了如下几个段落,非常清晰:
TUNNEL / METADATA / CONNECTION TRACKING / REGISTER / L2 / L3 / L4
3.
举个栗子:
[root@host100 ~]# ovs-ofctl dump-ports-desc br200-
OFPST_PORT_DESC reply (xid=0x2):
(tap200-): addr:b2:8a::::
config:
state:
current: 10MB-FD COPPER
speed: Mbps now, Mbps max
(vxlan101): addr:1a:b7::d6::
config:
state:
speed: Mbps now, Mbps max
(vxlan102): addr::3e:e2:aa:c3:7c
config:
state:
speed: Mbps now, Mbps max
LOCAL(br200-): addr:a6:::b5::
config:
state:
speed: Mbps now, Mbps max
[root@host100 ~]# ovs-ofctl add-flow br200- 'in_port=2,ip_dst=10.200.0.10 actions=output:4'
[root@host100 ~]# ovs-ofctl dump-flows br200-
cookie=0x0, duration=.771s, table=, n_packets=, n_bytes=, in_port="tap200-1" actions=output:vxlan102
cookie=0x0, duration=.306s, table=, n_packets=, n_bytes=, priority= actions=NORMAL
又举了一个栗子
ovs-ofctl add-flow br200- 'cookie=0x01,table=0,ip_dst=10.200.0.2 actions=move:NXM_NX_TUN_ID[0..23]->NXM_NX_REG0[0..23],resubmit(,1)'
ovs-ofctl add-flow br200- 'cookie=0x02,table=1 actions=move:NXM_NX_REG0[0..23]->NXM_OF_ETH_SRC[24..47],output:vxlan101'
举一个NAT的栗子
# DROUTE up
ovs-ofctl -O openflow13 add-flow br220- 'cookie=0x11,table=0,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01/00:00:00:ff:ff:ff actions=mod_dl_dst:00:01:02:02:21:01,ct(zone=10,table=1)'
ovs-ofctl -O openflow13 add-flow br220- 'cookie=0x12,table=1,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01,ct_state=+new actions=ct(zone=10,nat(dst=10.200.0.11:80),commit),output:tap221-1'
ovs-ofctl -O openflow13 add-flow br220- 'cookie=0x13,table=1,ip,tcp,ip_dst=10.200.0.2,eth_dst=00:01:02:02:21:01,ct_state=+trk+est actions=ct(zone=10,nat),output:tap221-1'
# DROUTE down
ovs-ofctl -O openflow13 add-flow br220- 'cookie=0x14,table=0,in_port=tap221-1,ip,tcp,actions=ct(zone=10,table=1,nat)'
ovs-ofctl -O openflow13 add-flow br220- 'cookie=0x15,table=1,in_port=tap221-1,ct_zone=10,ct_state=+trk+est,ip_src=10.200.0.2,actions=mod_dl_src:00:00:00:ff:00:10,output:vxlan101'
举一个ARP代答的栗子(别人写的,我目前还没看懂)
cookie=0x15608eadfa234623, duration=.586s, table=, n_packets=, n_bytes=, priority=,arp,metadata=0xc400000001,arp_tpa=10.0.0.57,arp_op= actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:fa::3e:::c4->eth_src,set_field:->arp_op,set_field:10.0.0.57->arp_spa,set_field:fa::3e:::c4->arp_sha,IN_PORT
cookie=0x15608eadfa234693, duration=.078s, table=, n_packets=, n_bytes=, priority=,arp,metadata=0xc400000001,arp_tpa=10.0.0.59,arp_op= actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:fa::3e:8a:d4:->eth_src,set_field:->arp_op,set_field:10.0.0.59->arp_spa,set_field:fa::3e:8a:d4:->arp_sha,IN_PORT
cookie=0x15608eadfa22ed3f, duration=.364s, table=, n_packets=, n_bytes=, priority= actions=set_field:0x19->reg8,goto_table: