3、Routing
3.1 启动虚机
------host1
在前面的练习中,已经启动该虚机。如果没有启动,执行:
virsh start host1
添加网关配置:
$ sudo ip route add default via 10.100.0.254 dev eth0
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:3f:15:ea brd ff:ff:ff:ff:ff:ff
inet 10.100.0.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe3f:15ea/64 scope link
valid_lft forever preferred_lft forever
$ ip route
default via 10.100.0.254 dev eth0
10.100.0.0/24 dev eth0 src 10.100.0.10
$ ------host2
在前面的练习中,已经启动该虚机。如果没有启动,执行:
virsh start host2
添加网关配置:
$ ip route
default via 10.100.0.254 dev eth0
10.100.0.0/24 dev eth0 src 10.100.0.20
$
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:3e:93:2d brd ff:ff:ff:ff:ff:ff
inet 10.100.0.20/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe3e:932d/64 scope link
valid_lft forever preferred_lft forever
$ ip route
default via 10.100.0.254 dev eth0
10.100.0.0/24 dev eth0 src 10.100.0.20
$ ------host3
在前面的练习中,已经完成host3的配置。host3是首次启动:
root@server1:~# virsh start host3
Domain 'host3' started配置IP地址和网关:
root@server1:~# virsh console host3
Connected to domain 'host3'
Escape character is ^] (Ctrl + ])
login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root.
cirros login: cirros
Password:
$
$ sudo ip addr add 10.200.0.10/24 dev eth0
$ sudo ip route add default via 10.200.0.254 dev eth0
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:29:ef:e9 brd ff:ff:ff:ff:ff:ff
inet 10.200.0.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe29:efe9/64 scope link
valid_lft forever preferred_lft forever
$ ip route
default via 10.200.0.254 dev eth0
10.200.0.0/24 dev eth0 src 10.200.0.10 3.2 设置日志
------设置 vconn 模块的日志级别为 dbg
为了查看流表下发情况,设置 vconn 模块的日志级别为 dbg:
ovs-appctl -t ovs-vswitchd vlog/set vconn:fIle:dbg
查看是否修改成功:
ovs-appctl -t ovs-vswitchd vlog/list
root@server1:~# ovs-appctl -t ovs-vswitchd vlog/set vconn:fIle:dbg
root@server1:~# ovs-appctl -t ovs-vswitchd vlog/list
console syslog file
------- ------ ------
backtrace OFF ERR INFO
bfd OFF ERR INFO
bond OFF ERR INFO
...
vconn OFF ERR DBG------开启实时日志
faucet.log:
root@server1:~/faucet/inst# tail -f faucet.logovs-vswitchd.log:
root@server1:/var/log/openvswitch# tail -f ovs-vswitchd.log | grep -v -e "OFPT_ECHO_REQUEST" -e "OFPT_ECHO_REPLY"3.3 编辑控制器yaml文件
dps:
switch-1:
dp_id: 0x1
timeout: 8000
arp_neighbor_timeout: 3600
interfaces:
1:
native_vlan: 100
2:
native_vlan: 100
3:
native_vlan: 100
4:
native_vlan: 200
5:
native_vlan: 200
vlans:
100:
faucet_vips: ["10.100.0.254/24"]
200:
faucet_vips: ["10.200.0.254/24"]
routers:
router-1:
vlans: [100, 200]3.4 重启faucet
docker restart faucet
root@server1:~/faucet/inst# docker restart faucet
faucet------faucet.log
Jun 22 12:51:21 faucet INFO version 1.10.11
Jun 22 12:51:21 faucet INFO Reloading configuration
Jun 22 12:51:21 faucet INFO configuration /etc/faucet/faucet.yaml changed, analyzing differences
Jun 22 12:51:21 faucet INFO Add new datapath DPID 1 (0x1)
Jun 22 12:51:21 faucet.valve INFO DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3 with VIPs ['10.100.0.254/24']
Jun 22 12:51:21 faucet.valve INFO DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 200 vid:200 untagged: Port 4,Port 5 with VIPs ['10.200.0.254/24']
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 port desc stats
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 delta in up state: set() => {1, 2, 4}
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 1 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 (1) up
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 2 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 (2) up
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 4 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 (4) up
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 22 12:51:24 faucet.valve ERROR DPID 1 (0x1) switch-1 send_flow_msgs: DP not up
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Cold start configuring DP
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 (1) configured
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 (2) configured
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 (4) configured
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 22 12:51:24 faucet.valve INFO DPID 1 (0x1) switch-1 table ID 0 table config match_types: (('eth_dst', True), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) name: vlan next_tables: ['eth_src'] output: True set_fields: ('vlan_vid',) size: 32 vlan_port_scale: 3
table ID 1 table config match_types: (('eth_dst', True), ('eth_src', False), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) miss_goto: eth_dst name: eth_src next_tables: ['ipv4_fib', 'vip', 'eth_dst', 'flood'] output: True set_fields: ('vlan_vid', 'eth_dst') size: 64 table_id: 1 vlan_port_scale: 4.1
table ID 2 table config dec_ttl: True match_types: (('eth_type', False), ('ipv4_dst', True), ('vlan_vid', False)) name: ipv4_fib next_tables: ['vip', 'eth_dst', 'flood'] output: True set_fields: ('eth_dst', 'eth_src', 'vlan_vid') size: 32 table_id: 2 vlan_port_scale: 3.1
table ID 3 table config match_types: (('arp_tpa', False), ('eth_dst', False), ('eth_type', False), ('icmpv6_type', False), ('ip_proto', False)) name: vip next_tables: ['eth_dst', 'flood'] output: True size: 32 table_id: 3 vlan_scale: 8
table ID 4 table config exact_match: True match_types: (('eth_dst', False), ('vlan_vid', False)) miss_goto: flood name: eth_dst output: True size: 64 table_id: 4 vlan_port_scale: 4.1
table ID 5 table config match_types: (('eth_dst', True), ('in_port', False), ('vlan_vid', False)) name: flood output: True size: 96 table_id: 5 vlan_port_scale: 8.0下发流表table 0-5。
------ovs-vswitchd.log
2025-06-22T12:51:19.938Z|03279|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connection closed by peer
2025-06-22T12:51:21.146Z|03280|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connecting...
2025-06-22T12:51:21.146Z|03281|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_HELLO (OF1.5) (xid=0x36):
version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-22T12:51:21.154Z|03282|rconn|WARN|sw1<->tcp:127.0.0.1:6653: connection dropped (Connection reset by peer)
2025-06-22T12:51:21.154Z|03283|rconn|INFO|sw1<->tcp:127.0.0.1:6653: waiting 2 seconds before reconnect
2025-06-22T12:51:23.652Z|03284|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connecting...
2025-06-22T12:51:23.652Z|03285|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_HELLO (OF1.5) (xid=0x37):
version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-22T12:51:24.152Z|03286|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_HELLO (OF1.3) (xid=0x23dc1527):
version bitmap: 0x01, 0x02, 0x03, 0x04
2025-06-22T12:51:24.152Z|03287|vconn|DBG|tcp:127.0.0.1:6653: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04 and earlier)
2025-06-22T12:51:24.152Z|03288|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connected
2025-06-22T12:51:24.152Z|03289|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FEATURES_REQUEST (OF1.3) (xid=0x23dc1528):
2025-06-22T12:51:24.152Z|03290|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_FEATURES_REPLY (OF1.3) (xid=0x23dc1528): dpid:0000000000000001
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
2025-06-22T12:51:24.154Z|03291|vconn|DBG|tcp:127.0.0.1:6653: received: OFPST_PORT_DESC request (OF1.3) (xid=0x23dc1529): port=ANY
2025-06-22T12:51:24.155Z|03292|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPST_PORT_DESC reply (OF1.3) (xid=0x23dc1529):
1(sw1p1): addr:fe:54:00:3f:15:ea
config: 0
state: LIVE
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
2(sw1p2): addr:fe:54:00:3e:93:2d
config: 0
state: LIVE
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
3(sw1p3): addr:ae:c5:47:ef:0f:3b
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
4(sw1p4): addr:fe:54:00:29:ef:e9
config: 0
state: LIVE
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
5(sw1p5): addr:4a:78:29:48:c8:bf
config: 0
state: LINK_DOWN
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
LOCAL(sw1): addr:3e:18:ba:43:3b:42
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
2025-06-22T12:51:24.155Z|03293|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_CONFIG (OF1.3) (xid=0x23dc152a): frags=normal miss_send_len=0
2025-06-22T12:51:24.155Z|03294|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_ASYNC (OF1.3) (xid=0x23dc152b):
primary:
PACKET_IN: (off)
PORT_STATUS: (off)
FLOW_REMOVED: (off)
ROLE_STATUS: (off)
TABLE_STATUS: (off)
REQUESTFORWARD: (off)
secondary:
PACKET_IN: (off)
PORT_STATUS: (off)
FLOW_REMOVED: (off)
ROLE_STATUS: (off)
TABLE_STATUS: (off)
REQUESTFORWARD: (off)
2025-06-22T12:51:24.155Z|03295|vconn|DBG|tcp:127.0.0.1:6653: received: OFPST_DESC request (OF1.3) (xid=0x23dc152c):
2025-06-22T12:51:24.155Z|03296|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPST_DESC reply (OF1.3) (xid=0x23dc152c):
Manufacturer: Nicira, Inc.
Hardware: Open vSwitch
Software: 2.17.9
Serial Num: None
DP Description: None
2025-06-22T12:51:24.155Z|03297|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152d): DEL table:255 priority=0 actions=drop
2025-06-22T12:51:24.173Z|03298|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_ASYNC (OF1.3) (xid=0x23dc152e):
primary:
PACKET_IN: action invalid_ttl
PORT_STATUS: add delete modify
FLOW_REMOVED: (off)
ROLE_STATUS: (off)
TABLE_STATUS: (off)
REQUESTFORWARD: (off)
secondary:
PACKET_IN: action invalid_ttl
PORT_STATUS: add delete modify
FLOW_REMOVED: (off)
ROLE_STATUS: (off)
TABLE_STATUS: (off)
REQUESTFORWARD: (off)
2025-06-22T12:51:24.174Z|03299|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152d): DEL table:255 priority=0 actions=drop
2025-06-22T12:51:24.174Z|03300|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152f): ADD table:5 priority=8240,dl_dst=01:00:0c:cc:cc:cc cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03301|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1530): ADD table:5 priority=8240,dl_dst=01:00:0c:cc:cc:cd cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03302|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1531): ADD table:5 priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03303|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1532): ADD table:5 priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03304|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1533): ADD table:5 priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03305|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1534): ADD table:5 priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03306|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1535): ADD table:5 priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03307|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1536): ADD table:5 priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03308|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1537): ADD table:5 priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03309|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1538): ADD table:5 priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03310|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1539): ADD table:5 priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03311|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153a): ADD table:5 priority=8192,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03312|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153b): ADD table:5 priority=8192,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03313|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153c): ADD table:5 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03314|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153d): ADD table:4 priority=0 cookie:0x5adc15c0 out_port:0 actions=goto_table:5
2025-06-22T12:51:24.177Z|03315|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153e): ADD table:3 priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03316|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153f): ADD table:3 priority=12320,arp,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03317|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1540): ADD table:3 priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03318|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1541): ADD table:3 priority=12319,arp cookie:0x5adc15c0 out_port:0 actions=goto_table:4
2025-06-22T12:51:24.177Z|03319|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1542): ADD table:3 priority=12319,icmp,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:174
2025-06-22T12:51:24.177Z|03320|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1543): ADD table:3 priority=12318,icmp cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194,goto_table:4
2025-06-22T12:51:24.177Z|03321|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1544): ADD table:3 priority=12317,ip,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194
2025-06-22T12:51:24.177Z|03322|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1545): ADD table:3 priority=12316,ip cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194,goto_table:4
2025-06-22T12:51:24.177Z|03323|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1546): ADD table:3 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03324|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1547): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03325|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1548): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03326|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1549): ADD table:2 priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03327|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154a): ADD table:2 priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03328|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154b): ADD table:2 priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03329|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154c): ADD table:2 priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03330|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154d): ADD table:2 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03331|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154e): ADD table:1 priority=20490,dl_type=0x9000 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03332|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154f): ADD table:1 priority=20480,dl_src=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03333|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1550): ADD table:1 priority=20480,dl_src=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03334|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1551): ADD table:1 priority=16384,arp,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.178Z|03335|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1552): ADD table:1 priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=goto_table:2
2025-06-22T12:51:24.178Z|03336|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1553): ADD table:1 priority=16384,arp,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.178Z|03337|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1554): ADD table:1 priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=goto_table:2
2025-06-22T12:51:24.178Z|03338|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1555): ADD table:1 priority=4096,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:96,goto_table:4
2025-06-22T12:51:24.178Z|03339|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1556): ADD table:1 priority=4096,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:96,goto_table:4
2025-06-22T12:51:24.178Z|03340|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1557): ADD table:1 priority=0 cookie:0x5adc15c0 out_port:0 actions=goto_table:4
2025-06-22T12:51:24.178Z|03341|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1558): ADD priority=4096,in_port=1,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03342|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1559): ADD priority=4096,in_port=2,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03343|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155a): ADD priority=4096,in_port=4,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03344|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155b): ADD priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:34.156Z|03347|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 47 flow_mods 10 s ago (45 adds, 2 deletes)这段日志记录了
sw1交换机与位于127.0.0.1:6653的 OpenFlow 控制器之间的一次完整连接与流表下发过程。以下是关键行为及其含义逐步解析:
✅ 连接建立过程
connection closed by peer控制器主动断开了连接。
connecting...→sent OFPT_HELLO→received OFPT_HELLO双方开始新的 OpenFlow 握手,协商版本成功为
OpenFlow 1.3(0x04)。
connected握手完成,连接建立成功。
✅ 基本能力交换
控制器下发了
OFPT_FEATURES_REQUEST,交换机回应其 DPID 及能力(支持 flow/table/port/group/queue stats 等)。控制器请求端口信息
OFPST_PORT_DESC,OVS 返回所有端口状态,包括sw1p1~sw1p5。
✅ 控制器配置行为
控制器设置异步消息策略
SET_ASYNC和配置帧SET_CONFIG。
- 初始设置所有异步消息类型为关闭(off),之后更新为开启部分消息(如
PORT_STATUS,PACKET_IN)。
✅ 流表下发分析(共45条 ADD,2条 DEL)
这是控制器对交换机下发的一套完整 pipeline,流表涵盖多个表(table 1~5),每条匹配条件清晰、优先级明确定义。
流表设计概览:
表号 用途简述 table:0 设置入口vlan table:1 入端口/入 VLAN 处理,分发到后续表 table:2 路由处理,根据 VLAN 和 IP dst 决定走向 table:3 控制类包(ARP、ICMP)交由控制器处理或进入下一表 table:4 二层转发 table:5 L2 广播、组播、未知单播处理等出口逻辑
部分重点流项解释:
VLAN打标签处理(从物理口进入无 VLAN 的报文):
ADD priority=4096,in_port=1,vlan_tci=0x0000/0x1fff actions=push_vlan,set_field:4196->vlan_vid,goto_table:1表示从
sw1p1(port=1)进入的裸包将打上 VLAN 100(0x100 + 100 = 4196),然后跳转到 table 1。L2 广播处理:
table:5, dl_vlan=100, dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:1,2,3表示 VLAN 100 内的广播包去往对应端口。
ARP、ICMP、IP 控制包处理 :
table:3 中匹配对应类型后送至
CONTROLLER:64表示发给控制器处理。drop 规则 :
每个表尾都有一条优先级为 0 的
actions=drop规则,作为默认匹配兜底。
🔄 连接恢复过程小结
连接断开→重连→成功握手→控制器重新同步流表,这整个过程说明:
控制器具有"状态恢复"能力。
OVS 与控制器兼容良好,使用的是 OpenFlow 1.3(非常主流版本)。
所有行为正常,没有明显错误。
✅ 总结诊断结论
连接和握手状态良好。
控制器主动下发了详细完整的流表管线配置,逻辑严密。
流表功能涵盖 VLAN 入端口处理、L2 广播组播控制、L3 控制包引导等,是典型的多表 pipeline 架构。
若你遇到"控制器掉线"、"ovs-vswitchd 不执行规则"等情况,这里看起来都没有异常。
如果你是为了调试 diff-flows 等问题,这时控制器已经更新了整个 flow 状态,应该作为基准。
------完整流表flows-1
root@server1:~# dump-flows sw1
priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
priority=0 actions=drop
table=1, priority=20490,dl_type=0x9000 actions=drop
table=1, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=drop
table=1, priority=20480,dl_src=0e:00:00:00:00:01 actions=drop
table=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3
table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3
table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
table=1, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
table=1, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:4
table=1, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:4
table=1, priority=0 actions=goto_table:4
table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:3
table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3
table=2, priority=0 actions=drop
table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64
table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
table=3, priority=12319,arp actions=goto_table:4
table=3, priority=12316,ip actions=CONTROLLER:194,goto_table:4
table=3, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174
table=3, priority=12318,icmp actions=CONTROLLER:194,goto_table:4
table=3, priority=0 actions=drop
table=4, priority=0 actions=goto_table:5
table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=drop
table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=drop
table=5, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
table=5, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=0 actions=drop
root@server1:~# 表0:入口vlan设置
表1:mac地址学习
表2:路由表
表3:路由器本地端口/本地路由处理
表4:二层转发
表5:BUM处理
------保存流表flows-1
root@server1:~# save-flows sw1 > flows-13.5 host1 ping host3测试
3.5.1 host1 ping host3
------host1执行ping操作
ping之前,清除host1/host3的arp表。
$ ping -c 4 10.200.0.10
PING 10.200.0.10 (10.200.0.10): 56 data bytes
64 bytes from 10.200.0.10: seq=1 ttl=63 time=1.283 ms
64 bytes from 10.200.0.10: seq=2 ttl=63 time=0.333 ms
64 bytes from 10.200.0.10: seq=3 ttl=63 time=0.490 ms
--- 10.200.0.10 ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max = 0.333/0.702/1.283 ms
$ 4 个 ICMP 报文中只收到 3 个响应。在初始阶段,ICMP 报文匹配不到现有流表,被送往控制器(
packet-in),控制器再响应并下发流表(flow-mod)。这一过程中前几个包可能就被丢掉或延迟处理。
------tcpdump -i sw1p1观察
root@server1:~# tcpdump -i sw1p1 arp or icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:01:37.782275 ARP, Request who-has 10.100.0.254 tell 10.100.0.10, length 28
13:01:37.793503 ARP, Reply 10.100.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46
13:01:37.794139 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 0, length 64
13:01:38.783417 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 1, length 64
13:01:38.784090 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 1, length 64
13:01:39.783820 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 2, length 64
13:01:39.783962 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 2, length 64
13:01:40.785242 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 3, length 64
13:01:40.785464 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 3, length 64这种行为 非常典型地说明控制器在首次收到 ICMP 流量时触发了 Packet-In,然后下发 FlowMod 建立流表。由于这个过程有少许延迟,第一个 Echo Request 没来得及完成匹配和转发,所以丢了。
后续包则走了 datapath 缓存(megaflow / fastpath),转发流畅,不再需要交互控制器。
------tcpdump -i sw1p4观察
root@server1:~# tcpdump -i sw1p4 arp or icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p4, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:01:37.796782 ARP, Request who-has 10.200.0.10 tell 10.200.0.254, length 46
13:01:37.797778 ARP, Reply 10.200.0.10 is-at 52:54:00:29:ef:e9 (oui Unknown), length 28
13:01:38.783636 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 1, length 64
13:01:38.783978 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 1, length 64
13:01:39.783834 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 2, length 64
13:01:39.783958 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 2, length 64
13:01:40.785257 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 3, length 64
13:01:40.785458 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 3, length 64
13:01:43.785138 ARP, Request who-has 10.200.0.254 tell 10.200.0.10, length 28
13:01:43.787362 ARP, Reply 10.200.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46这是 预期中的正常行为 ,并不是配置错误。OpenFlow 控制器收到第一包
packet-in后来不及下发规则,导致第一个包掉。后续因流表下发成功,通信恢复正常。
------faucet.log
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 L2 learned on Port 1 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100 (1 hosts total)
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 Adding new route 10.100.0.10/32 via 10.100.0.10 (52:54:00:3f:15:ea) on VLAN 100
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 Resolve response to 10.100.0.254 from 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 resolving 10.200.0.10 (1 flows) on VLAN 200
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 L2 learned on Port 4 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200 (1 hosts total)
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 Adding new route 10.200.0.10/32 via 10.200.0.10 (52:54:00:29:ef:e9) on VLAN 200
Jun 22 13:01:37 faucet.valve INFO DPID 1 (0x1) switch-1 Received advert for 10.200.0.10 from 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200非常好,这段 Faucet 日志和你前面的抓包、OVS 日志一起,已经完整验证了首次 Ping 丢包(25%)是"正常的首次流表学习行为",没有任何异常。
🕐
13:01:37时间点Faucet 控制器从 OVS 收到了
packet-in:
时间 日志 / 行为 说明 13:01:37.782275ARP Request 10.100.0.10请求10.100.0.25413:01:37.793503ARP Reply 控制器回应网关 MAC 13:01:37.794139ICMP Echo Request (seq=0) 发出第一包 ping 13:01:37Faucet 日志Faucet 开始学习主机、路由、邻居 L2 learned+Adding new route+resolving 10.200.0.1013:01:37.797778ARP Reply from 10.200.0.10 成功学到了对端 MAC 13:01:37Faucet 日志再次 L2 learned+ 添加 routeFaucet 收到并建立返回方向的路由 这个测试非常完整,逻辑链条清晰且验证严密: 从 packet-in 到 faucet 学习主机,再到流表下发、流量恢复,一切符合预期,是标准的 Faucet L3 forwarding 行为。
------ovs-vswitchd.log
2025-06-22T13:01:37.782Z|03629|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:37.792Z|03630|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155c): ADD table:4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea cookie:0x5adc15c0 idle:11786 out_port:0 actions=pop_vlan,output:1
2025-06-22T13:01:37.793Z|03631|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155d): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
2025-06-22T13:01:37.793Z|03632|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155e): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
2025-06-22T13:01:37.793Z|03633|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155f): ADD table:1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea cookie:0x5adc15c0 hard:7786 out_port:0 actions=goto_table:4
2025-06-22T13:01:37.793Z|03634|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1560): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-22T13:01:37.794Z|03635|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=102 in_port=1 (via action) data_len=102 (unbuffered)
icmp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0 icmp_csum:85a7
2025-06-22T13:01:37.796Z|03636|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1561): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop
2025-06-22T13:01:37.796Z|03637|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1562): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop
2025-06-22T13:01:37.796Z|03638|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1563): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:37.798Z|03639|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:01
2025-06-22T13:01:37.801Z|03640|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1564): ADD table:4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 cookie:0x5adc15c0 idle:11798 out_port:0 actions=pop_vlan,output:4
2025-06-22T13:01:37.801Z|03641|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1565): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
2025-06-22T13:01:37.801Z|03642|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1566): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
2025-06-22T13:01:37.801Z|03643|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1567): ADD table:1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 cookie:0x5adc15c0 hard:7798 out_port:0 actions=goto_table:4
2025-06-22T13:01:43.785Z|03646|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:43.787Z|03647|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1568): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9
2025-06-22T13:01:47.792Z|03648|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 10 flow_mods 10 s ago (10 adds)这段
ovs-vswitchd日志清晰地展示了 一个典型的基于 SDN 控制器的 ARP 学习 + 流表下发 + 流量处理的完整闭环。我们来逐步还原这段过程发生了什么。
🧠 网络场景概述(推测)
你模拟了两个 VLAN 网络(100 和 200)之间的通信:
10.100.0.10 (VLAN 100) → ping → 10.200.0.10(VLAN 200)
MAC 地址和端口:
52:54:00:3f:15:ea绑定10.100.0.10(in_port=1)
52:54:00:29:ef:e9绑定10.200.0.10(in_port=4)控制器 MAC 是
0e:00:00:00:00:01
🧾 关键事件流程还原
1️⃣ 10.100.0.10 发 ARP 请求(查 10.100.0.254)
2025-06-22T13:01:37.782Z|03629|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered) arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00控制器收到后回应:
2025-06-22T13:01:37.793Z|03634|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1560): in_port=CONTROLLER actions=output:1 data_len=60 arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea并顺势下发一组流表(说明控制器做了 learning):
table 4:VLAN100 → MAC 52:54:00:3f:15:ea 的 output:1 规则
table 2:匹配
nw_dst=10.100.0.10,准备发给该主机(从两条 VLAN:100/200 来)table 1:从 in_port=1 学到该主机属于 VLAN100,goto_table:4
2️⃣ 10.100.0.10 发 ping 到 10.200.0.10
2025-06-22T13:01:37.794Z|03635|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=102 in_port=1 (via action) data_len=102 (unbuffered) icmp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0 icmp_csum:85a7这时控制器还没学到目标主机 10.200.0.10,所以先下发两条 drop 流表
2025-06-22T13:01:37.796Z|03636|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1561): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop 2025-06-22T13:01:37.796Z|03637|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1562): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop同时控制器开始广播ARP 请求找目标主机:
2025-06-22T13:01:37.796Z|03638|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1563): in_port=CONTROLLER actions=output:4 data_len=60 arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00
3️⃣ 10.200.0.10 回复 ARP,控制器学习地址
2025-06-22T13:01:37.798Z|03639|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered) arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:0110.200.0.10发送arp request查找网关10.200.0.254的mac地址:
2025-06-22T13:01:43.785Z|03646|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered) arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00控制器回复 ARP:
2025-06-22T13:01:43.787Z|03647|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1568): in_port=CONTROLLER actions=output:4 data_len=60 arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9并补充完整流表:
table 4: VLAN200 → MAC 52:54:00:29:ef:e9 → output:4
table 2: nw_dst=10.200.0.10 → 修改 VLAN + MAC + goto table 4
table 1: in_port=4 → MAC 学习流
✅ 总结判断
这一段日志里,控制器完成了以下事情:
操作 说明 接收 ARP 和 ICMP 的 packet-in 来自 sw1p1(port 1) 和sw1p4(port 4)发出 ARP reply 和广播 使用 OFPT_PACKET_OUT下发精细的流表 3 张表联合处理,完成 VLAN 切换和地址重写 处理 ICMP 前的防御性 drop 控制器还没掌握 MAC 前,先下发 drop,避免意外转发
📌 你可以从这看出:
vconn日志非常适合跟踪 OpenFlow 控制器收发细节;控制器的行为是符合逻辑的,按照 packet-in → ARP 学习 → flow_mod 下发 → packet-out → data plane 安静的流程推进;
每条
packet-in都对应控制器响应措施,有"实效性"强的控制器在后台逻辑起作用。✅ 表结构设计分析(table 1 → 2 → 4)
表职责分配逻辑推测如下:
表 匹配字段 作用 Table 1 in_port + dl_vlan + dl_src做MAC 学习,将入口端口与源MAC、VLAN绑定,用于 host tracking Table 2 dl_vlan + nw_dst做三层转发决策(IP 目的地址),并设置 VLAN、MAC(做出方向逻辑) Table 4 dl_vlan + dl_dst做二层转发出接口匹配,并 pop VLAN,最终转发出去 这种分表结构非常常见于 Faucet/SONiC/ONOS 等控制器生成的流表:
Table 1 负责 host 学习 → Table 2 负责三层处理 → Table 4 作为出接口查找。
------流表变化
root@server1:~# diff-flows flows-1 sw1 | grep '^+'
+table=1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea hard_timeout=7786 actions=goto_table:4
+table=1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 hard_timeout=7798 actions=goto_table:4
+table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
+table=4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea idle_timeout=11786 actions=pop_vlan,output:1
+table=4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 idle_timeout=11798 actions=pop_vlan,output:4
root@server1:~#
root@server1:~# diff-flows flows-1 sw1 | grep '^-'
root@server1:~# ------完整流表flows-2
root@server1:~# dump-flows sw1
priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
priority=0 actions=drop
table=1, priority=20490,dl_type=0x9000 actions=drop
table=1, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=drop
table=1, priority=20480,dl_src=0e:00:00:00:00:01 actions=drop
table=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3
table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3
table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
table=1, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
table=1, hard_timeout=7786, priority=8191,in_port=sw1p1,dl_vlan=100,dl_src=52:54:00:3f:15:ea actions=goto_table:4
table=1, hard_timeout=7798, priority=8191,in_port=sw1p4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 actions=goto_table:4
table=1, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:4
table=1, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:4
table=1, priority=0 actions=goto_table:4
table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:3
table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:3
table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:3
table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3
table=2, priority=0 actions=drop
table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64
table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
table=3, priority=12319,arp actions=goto_table:4
table=3, priority=12316,ip actions=CONTROLLER:194,goto_table:4
table=3, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174
table=3, priority=12318,icmp actions=CONTROLLER:194,goto_table:4
table=3, priority=0 actions=drop
table=4, idle_timeout=11786, priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea actions=pop_vlan,output:sw1p1
table=4, idle_timeout=11798, priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 actions=pop_vlan,output:sw1p4
table=4, priority=0 actions=goto_table:5
table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=drop
table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=drop
table=5, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
table=5, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=5, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5
table=5, priority=0 actions=drop
root@server1:~# ------保存流表flows-2
root@server1:~# save-flows sw1 > flows-2------ovs-dpctl dump-flows
root@server1:~# ovs-dpctl dump-flows
recirc_id(0),in_port(5),eth(src=52:54:00:29:ef:e9,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.100.0.10,proto=1,ttl=64,frag=no), packets:2, bytes:196, used:0.964s, actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:3f:15:ea)),set(ipv4(ttl=63)),2
recirc_id(0),in_port(2),eth(src=52:54:00:3f:15:ea,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.200.0.10,proto=1,ttl=64,frag=no), packets:2, bytes:196, used:0.964s, actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:29:ef:e9)),set(ipv4(ttl=63)),5
root@server1:~# 这两条是 路由转发(L3 forwarding)相关的 megaflow ,表现出 Faucet 已成功为两个 VLAN 之间下发了路由规则。
✅ 说明:Faucet 实现了典型的 Router-on-a-stick 模式
这就是 Faucet IPv4 路由模式的正常表现:
每个 VLAN 配置了一个虚拟 IP(VIP):
10.100.0.254/24on VLAN 100
10.200.0.254/24on VLAN 200Faucet 在 datapath 层下发转发表,实现不同 VLAN 之间的路由
流量进入一个 VLAN,匹配目的 IP 后:
修改 MAC 地址
TTL 减一
输出到另一个端口
3.5.2 匹配流表分析
host1 ping host3,host1和host3处于不同网段。
host1首先需发出arp请求,请求解析网关10.100.0.254的mac。此时匹配流表(完整流表flows-1):
- priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
- table=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3
- table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
此arp request将送到控制器处理,控制器回复arp reply,此时,控制器已经学习到host1的mac和ip,下发流表:
- +table=1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea hard_timeout=7786 actions=goto_table:4
- +table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
- +table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
- +table=4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea idle_timeout=11786 actions=pop_vlan,output:1
host1获得网关mac后,发出IP报文(目的IP:10.200.0.10,目的mac,即网关mac,0e:00:00:00:00:01),此时匹配流表(完整流表flows5):
- priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
- table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
- table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3
- table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
此IP报文将送到控制器处理。控制器还没有10.200.0.10的mac地址,暂时无法直接封装此报文。控制器将发出arp request,请求host3的mac地址。此时控制器发出的arp request匹配流表(完整流表flows5):
- table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5
host3收到are request后,回复arp reply,此arp reply匹配流表:
- priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
- table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3
- table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
此arp reply将送到控制器处理。控制器收到arp reply后,已经学习到host3的mac和ip,下发host3的流表:
- +table=1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 hard_timeout=7798 actions=goto_table:4
- +table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
- +table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
- +table=4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 idle_timeout=11798 actions=pop_vlan,output:4
✅ 最终效果:
-
faucet 控制器已完成 host1 到 host3 的双向转发路径准备
-
后续所有 IP 报文将直接通过 datapath 下发的 flow 表处理,无需控制器介入
4、ACLs
4.1 编辑控制器yaml文件
root@server1:~/faucet/inst# vi faucet.yaml
dps:
switch-1:
dp_id: 0x1
timeout: 8000
arp_neighbor_timeout: 3600
interfaces:
1:
native_vlan: 100
acl_in: 1
2:
native_vlan: 100
3:
native_vlan: 100
4:
native_vlan: 200
5:
native_vlan: 200
vlans:
100:
faucet_vips: ["10.100.0.254/24"]
200:
faucet_vips: ["10.200.0.254/24"]
routers:
router-1:
vlans: [100, 200]
acls:
1:
- rule:
dl_type: 0x800
nw_proto: 6
tcp_dst: 8080
actions:
allow: 0
- rule:
actions:
allow: 14.2 重启faucet
root@server1:~# docker restart faucet
faucet------faucet.log
Jun 23 00:19:37 faucet INFO version 1.10.11
Jun 23 00:19:37 faucet INFO Reloading configuration
Jun 23 00:19:37 faucet INFO configuration /etc/faucet/faucet.yaml changed, analyzing differences
Jun 23 00:19:37 faucet INFO Add new datapath DPID 1 (0x1)
Jun 23 00:19:37 faucet.valve INFO DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3 with VIPs ['10.100.0.254/24']
Jun 23 00:19:37 faucet.valve INFO DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 200 vid:200 untagged: Port 4,Port 5 with VIPs ['10.200.0.254/24']
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 port desc stats
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 delta in up state: set() => {1, 2, 4}
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 1 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 (1) up
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 2 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 (2) up
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 status change: Port 4 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 (4) up
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 23 00:19:39 faucet.valve ERROR DPID 1 (0x1) switch-1 send_flow_msgs: DP not up
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Cold start configuring DP
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 1 (1) configured
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 2 (2) configured
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Port 4 (4) configured
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 23 00:19:39 faucet.valve INFO DPID 1 (0x1) switch-1 table ID 0 table config match_types: (('eth_type', False), ('in_port', False), ('ip_proto', False), ('tcp_dst', False)) name: port_acl next_tables: ['vlan', 'vip', 'eth_dst', 'flood'] output: True size: 32
table ID 1 table config match_types: (('eth_dst', True), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) name: vlan next_tables: ['eth_src'] output: True set_fields: ('vlan_vid',) size: 32 table_id: 1 vlan_port_scale: 3
table ID 2 table config match_types: (('eth_dst', True), ('eth_src', False), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) miss_goto: eth_dst name: eth_src next_tables: ['ipv4_fib', 'vip', 'eth_dst', 'flood'] output: True set_fields: ('vlan_vid', 'eth_dst') size: 64 table_id: 2 vlan_port_scale: 4.1
table ID 3 table config dec_ttl: True match_types: (('eth_type', False), ('ipv4_dst', True), ('vlan_vid', False)) name: ipv4_fib next_tables: ['vip', 'eth_dst', 'flood'] output: True set_fields: ('eth_dst', 'eth_src', 'vlan_vid') size: 32 table_id: 3 vlan_port_scale: 3.1
table ID 4 table config match_types: (('arp_tpa', False), ('eth_dst', False), ('eth_type', False), ('icmpv6_type', False), ('ip_proto', False)) name: vip next_tables: ['eth_dst', 'flood'] output: True size: 32 table_id: 4 vlan_scale: 8
table ID 5 table config exact_match: True match_types: (('eth_dst', False), ('vlan_vid', False)) miss_goto: flood name: eth_dst output: True size: 64 table_id: 5 vlan_port_scale: 4.1
table ID 6 table config match_types: (('eth_dst', True), ('in_port', False), ('vlan_vid', False)) name: flood output: True size: 96 table_id: 6 vlan_port_scale: 8.0下发table 0-6,table 0专门实现入口ACL。
------ovs-vswitchd.log
root@server1:/var/log/openvswitch# tail -f ovs-vswitchd.log | grep -v -e "OFPT_ECHO_REQUEST" -e "OFPT_ECHO_REPLY"
2025-06-23T00:20:50.072Z|08061|vconn|DBG|unix#63: sent (Success): OFPT_HELLO (OF1.5) (xid=0x44):
version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-23T00:20:50.072Z|08062|vconn|DBG|unix#63: received: OFPT_HELLO (OF1.3) (xid=0x1):
version bitmap: 0x04
2025-06-23T00:20:50.072Z|08063|vconn|DBG|unix#63: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04)
2025-06-23T00:20:50.072Z|08064|vconn|DBG|unix#63: received: OFPST_FLOW request (OF1.3) (xid=0x2):
2025-06-23T00:20:50.073Z|08065|vconn|DBG|unix#63: sent (Success): OFPST_FLOW reply (OF1.3) (xid=0x2):
cookie=0x5adc15c0, duration=70.170s, table=0, n_packets=0, n_bytes=0, priority=20480,tcp,in_port=1,tp_dst=8080 actions=drop
cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20480,in_port=2 actions=goto_table:1
cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20480,in_port=4 actions=goto_table:1
cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20479,in_port=1 actions=goto_table:1
cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2
cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20490,dl_type=0x9000 actions=drop
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=drop
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20480,dl_src=0e:00:00:00:00:01 actions=drop
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,arp,dl_vlan=100 actions=goto_table:4
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,arp,dl_vlan=200 actions=goto_table:4
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5
cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=0 actions=goto_table:5
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4
cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4
cookie=0x5adc15c0, duration=70.170s, table=3, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64
cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12319,arp actions=goto_table:5
cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12316,ip actions=CONTROLLER:194,goto_table:5
cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174
cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12318,icmp actions=CONTROLLER:194,goto_table:5
cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=0 actions=drop
cookie=0x5adc15c0, duration=70.173s, table=5, n_packets=0, n_bytes=0, priority=0 actions=goto_table:6
cookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=drop
cookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=drop
cookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:1,output:2,output:3
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:4,output:5
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:1,output:2,output:3
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:1,output:2,output:3
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:4,output:5
cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:4,output:5
cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:1,output:2,output:3
cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:4,output:5
cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8192,dl_vlan=100 actions=pop_vlan,output:1,output:2,output:3
cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8192,dl_vlan=200 actions=pop_vlan,output:4,output:5
cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=0 actions=drop
2025-06-23T00:20:50.073Z|08066|vconn|DBG|unix#64: sent (Success): OFPT_HELLO (OF1.5) (xid=0x45):
version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-23T00:20:50.074Z|08067|vconn|DBG|unix#64: received: OFPT_HELLO (OF1.3) (xid=0x3):
version bitmap: 0x04
2025-06-23T00:20:50.074Z|08068|vconn|DBG|unix#64: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04)
2025-06-23T00:20:50.074Z|08069|vconn|DBG|unix#64: received: OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4):
2025-06-23T00:20:50.081Z|08070|vconn|DBG|unix#64: sent (Success): OFPST_TABLE_FEATURES reply (OF1.3) (xid=0x4): flags=[more]
table 0:
metadata: match=0xffffffffffffffff write=0xffffffffffffffff
max_entries=1000000
instructions (table miss and others):
next tables: 1-253
instructions: meter apply_actions clear_actions write_actions write_metadata goto_table
Write-Actions and Apply-Actions features:
actions: output group set_field strip_vlan push_vlan mod_nw_ttl dec_ttl set_mpls_ttl dec_mpls_ttl push_mpls pop_mpls set_queue
supported on Set-Field: tun_{id,src,dst,ipv6_{src,dst},flags,gbp_{id,flags},erspan_{idx,ver,dir,hwid},metadata0...metadata63} metadata in_{port,port_oxm} pkt_mark ct_{mark,label} reg0...reg15 xreg0...xreg7 xxreg0...xxreg3 eth_{src,dst} vlan_{tci,vid,pcp} mpls_{label,tc,ttl} ip_{src,dst} ipv6_{src,dst,label} nw_tos ip_dscp nw_{ecn,ttl} arp_{op,spa,tpa,sha,tha} tcp_{src,dst} udp_{src,dst} sctp_{src,dst} icmp_{type,code} icmpv6_{type,code} nd_{target,sll,tll,reserved,options_type} nsh_{flags,spi,si,c1...c4,ttl}
matching:
arbitrary mask: dp_hash tun_{id,src,dst,ipv6_{src,dst},flags,gbp_{id,flags},erspan_{idx,ver,dir,hwid},gtpu_{flags,msgtype},metadata0...metadata63} metadata pkt_mark ct_{state,mark,label,nw_{src,dst},ipv6_{src,dst},tp_{src,dst}} reg0...reg15 xreg0...xreg7 xxreg0...xxreg3 eth_{src,dst} vlan_{tci,vid} ip_{src,dst} ipv6_{src,dst,label} ip_frag arp_{spa,tpa,sha,tha} tcp_{src,dst,flags} udp_{src,dst} sctp_{src,dst} nd_{target,sll,tll} nsh_{flags,c1...c4}
exact match or wildcard: recirc_id packet_type conj_id in_{port,port_oxm} actset_output ct_{zone,nw_proto} eth_type vlan_pcp mpls_{label,tc,bos,ttl} nw_{proto,tos} ip_dscp nw_{ecn,ttl} arp_op icmp_{type,code} icmpv6_{type,code} nd_{reserved,options_type} nsh_{mdtype,np,spi,si,ttl}
tables 1...11: ditto
...你现在提供的日志已经把控制器和 OVS 在连接初期的行为展现得非常清楚了,下面是对这段日志的整体分析与判断:
✅ 当前网络行为状态总结:
1️⃣ 控制器和交换机成功协商 OpenFlow 1.3
unix#63: negotiated OpenFlow version 0x04这表明控制器与交换机的通信协议为 OpenFlow 1.3,是当前主流版本。
2️⃣ 控制器成功获取交换机的 pipeline 能力
received: OFPST_TABLE_FEATURES request → sent: OFPST_TABLE_FEATURES reply多条
flags=[more]的回应说明交换机有很多表(table 0~47),且表的功能非常丰富,支持复杂匹配和转发行为。
3️⃣ 控制器已下发完整的多表流表规则(至少覆盖 table 0~6)
你贴出来的
OFPST_FLOW reply是控制器下发后,ovs-vswitchd 查询当前流表的响应输出,格式符合ovs-ofctl dump-flows的结果。观察流表内容:
🔸 table=0:
根据
in_port和tcp,tp_dst=8080匹配动作为
goto_table:1或drop→ 表示做 端口入口分类和基础过滤
🔸 table=1:
匹配无 vlan 的报文,打 tag(push_vlan + set_vlan_vid)
将其送入 table 2
→ 实现 vlan 标记逻辑
🔸 table=2:
匹配 IP / ARP / VLAN / MAC / 特殊源,部分 drop,部分
CONTROLLER:96,goto_table:5存在对
dl_type=0x9000的 drop(可能是 LLDP)→ 做 ARP 策略、反向控制路径、广播控制等
🔸 table=3:
- 明显是路由选择:基于
nw_dst做下一跳判断→ 类似 L3 routing table
🔸 table=4:
多种协议打给
CONTROLLER,含ARP,IP,ICMP等存在专门处理
0e:00:00:00:00:01的地址→ 常见于 Faucet / RYU 的 host learning 或 reactive forwarding
🔸 table=5:
- 所有流直接转
goto_table:6,没做判断→ 起过渡跳板作用
🔸 table=6:
对不同 VLAN/广播/组播地址的帧进行
pop_vlan + output同时显式 drop 一些特定广播 / Cisco CDP / STP / 多播 MAC
→ 最终转发表,决定数据帧去哪几个口
🚨当前存在的问题:n_packets = 0
所有流表项都是:
n_packets=0, n_bytes=0说明到目前为止:
OVS datapath 没有匹配到任何一个报文
或者 控制器刚刚启动,网络刚刚连通,还没有真实流量发生
✅ 当前判断结论:
控制器已成功连接并下发了完整的多表 pipeline
流表设计功能完善,覆盖入口处理 → vlan 标记 → 路由 → controller → 最终输出
目前没有报文命中流表项,需触发主机流量或检查接口联通
------完整流表flows-acl-1
root@server1:~# dump-flows sw1
priority=20480,tcp,in_port=sw1p1,tp_dst=8080 actions=drop
priority=20480,in_port=sw1p2 actions=goto_table:1
priority=20480,in_port=sw1p4 actions=goto_table:1
priority=20479,in_port=sw1p1 actions=goto_table:1
priority=0 actions=drop
table=1, priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
table=1, priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
table=1, priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2
table=1, priority=0 actions=drop
table=2, priority=20490,dl_type=0x9000 actions=drop
table=2, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=drop
table=2, priority=20480,dl_src=0e:00:00:00:00:01 actions=drop
table=2, priority=16384,arp,dl_vlan=100 actions=goto_table:4
table=2, priority=16384,arp,dl_vlan=200 actions=goto_table:4
table=2, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
table=2, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
table=2, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5
table=2, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5
table=2, priority=0 actions=goto_table:5
table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4
table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4
table=3, priority=0 actions=drop
table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64
table=4, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
table=4, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
table=4, priority=12319,arp actions=goto_table:5
table=4, priority=12316,ip actions=CONTROLLER:194,goto_table:5
table=4, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174
table=4, priority=12318,icmp actions=CONTROLLER:194,goto_table:5
table=4, priority=0 actions=drop
table=5, priority=0 actions=goto_table:6
table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=drop
table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=drop
table=6, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
table=6, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=0 actions=drop
root@server1:~# ✅ 当前流表结构快速解读(按 table 顺序)
表 功能 说明 table=0 入口ACL +初筛 检查 in_port 和 tcp,tp_dst=8080,其余流量放行至 table 1 table=1 VLAN封装 把裸包打上 VLAN tag(4196 / 4296) table=2 二层地址学习 包括广播 drop、学习行为(送 controller)、ARP 转发 table=3 路由选择 按 nw_dst决定下一跳table=4 控制器(router)本地路由/本地地址 ARP、IP、ICMP 打给 controller,继续分类或跳转 table=5 二层转发 直接跳到 table=6,无实际处理 table=6 BUM转发 pop VLAN 后根据 dst MAC 决定 output 到哪些端口
4.3 host1 ssh host3测试
host1 ssh host3,这个过程和host1 ping host3相似,只是增加入口ACL检查。由于ACL测试,重启了控制器,所以hos1/host3的mac地址需要重新学习。
------host1执行ssh host3操作
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:3f:15:ea brd ff:ff:ff:ff:ff:ff
inet 10.100.0.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe3f:15ea/64 scope link
valid_lft forever preferred_lft forever
$ ssh 10.200.0.10
Host '10.200.0.10' is not in the trusted hosts file.
(ecdsa-sha2-nistp521 fingerprint md5 7b:97:77:d0:ab:85:de:d6:ea:32:55:b2:17:55:44:c0)
Do you want to continue connecting? (y/n) y
cirros@10.200.0.10's password:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:29:ef:e9 brd ff:ff:ff:ff:ff:ff
inet 10.200.0.10/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe29:efe9/64 scope link
valid_lft forever preferred_lft forever------tcpdump -i sw1p1观察
root@server1:~# tcpdump -i sw1p1 arp or tcp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:08:48.448950 ARP, Request who-has 10.100.0.254 tell 10.100.0.10, length 28
01:08:48.463797 ARP, Reply 10.100.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46
01:08:48.464440 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [S], seq 2889781432, win 29200, options [mss 1460,sackOK,TS val 8590486 ecr 0,nop,wscale 6], length 0
01:08:49.449403 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [S], seq 2889781432, win 29200, options [mss 1460,sackOK,TS val 8590736 ecr 0,nop,wscale 6], length 0
01:08:49.450787 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [S.], seq 3025659384, ack 2889781433, win 28960, options [mss 1460,sackOK,TS val 8152353 ecr 8590736,nop,wscale 6], length 0
01:08:49.451393 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [.], ack 1, win 457, options [nop,nop,TS val 8590736 ecr 8152353], length 0
01:08:49.451937 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [P.], seq 1:635, ack 1, win 457, options [nop,nop,TS val 8590736 ecr 8152353], length 634: SSH: SSH-2.0-dropbear_2015.67
01:08:49.452088 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [.], ack 635, win 473, options [nop,nop,TS val 8152353 ecr 8590736], length 0
01:08:49.459310 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [P.], seq 1:547, ack 635, win 473, options [nop,nop,TS val 8152355 ecr 8590736], length 546: SSH: SSH-2.0-dropbear_2015.67
01:08:49.459459 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [.], ack 547, win 474, options [nop,nop,TS val 8590738 ecr 8152355], length 0
01:08:49.459671 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [P.], seq 635:683, ack 547, win 474, options [nop,nop,TS val 8590738 ecr 8152355], length 48
...------faucet.log
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 L2 learned on Port 1 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100 (1 hosts total)
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 Adding new route 10.100.0.10/32 via 10.100.0.10 (52:54:00:3f:15:ea) on VLAN 100
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 Resolve response to 10.100.0.254 from 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 resolving 10.200.0.10 (1 flows) on VLAN 200
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 L2 learned on Port 4 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200 (1 hosts total)
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 Adding new route 10.200.0.10/32 via 10.200.0.10 (52:54:00:29:ef:e9) on VLAN 200
Jun 23 01:08:48 faucet.valve INFO DPID 1 (0x1) switch-1 Received advert for 10.200.0.10 from 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200------ovs-vswitchd.log
2025-06-23T01:08:48.450Z|09273|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-23T01:08:48.462Z|09274|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2690): ADD table:5 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea cookie:0x5adc15c0 idle:11996 out_port:0 actions=pop_vlan,output:1
2025-06-23T01:08:48.463Z|09275|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2691): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
2025-06-23T01:08:48.463Z|09276|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2692): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
2025-06-23T01:08:48.463Z|09277|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2693): ADD table:2 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea cookie:0x5adc15c0 hard:7996 out_port:0 actions=goto_table:5
2025-06-23T01:08:48.463Z|09278|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2694): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-23T01:08:48.464Z|09279|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=78 in_port=1 (via action) data_len=78 (unbuffered)
tcp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,tp_src=50950,tp_dst=22,tcp_flags=syn tcp_csum:a784
2025-06-23T01:08:48.468Z|09280|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2695): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:752 out_port:0 actions=drop
2025-06-23T01:08:48.468Z|09281|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2696): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:752 out_port:0 actions=drop
2025-06-23T01:08:48.468Z|09282|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2697): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00
2025-06-23T01:08:48.470Z|09283|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:01
2025-06-23T01:08:48.474Z|09284|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2698): ADD table:5 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 cookie:0x5adc15c0 idle:11940 out_port:0 actions=pop_vlan,output:4
2025-06-23T01:08:48.474Z|09285|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2699): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
2025-06-23T01:08:48.474Z|09286|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c269a): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
2025-06-23T01:08:48.474Z|09287|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c269b): ADD table:2 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 cookie:0x5adc15c0 hard:7940 out_port:0 actions=goto_table:5
2025-06-23T01:08:58.462Z|09290|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 10 flow_mods 10 s ago (10 adds)
2025-06-23T01:09:36.469Z|09307|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-23T01:09:36.472Z|09308|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c269c): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9
2025-06-23T01:09:36.473Z|09309|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-23T01:09:36.476Z|09310|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2694): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-23T01:10:08.182Z|09323|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-23T01:10:08.184Z|09324|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c269c): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9------完整流表flows-acl-2
root@server1:~# dump-flows sw1
priority=20480,tcp,in_port=sw1p1,tp_dst=8080 actions=drop
priority=20480,in_port=sw1p2 actions=goto_table:1
priority=20480,in_port=sw1p4 actions=goto_table:1
priority=20479,in_port=sw1p1 actions=goto_table:1
priority=0 actions=drop
table=1, priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
table=1, priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2
table=1, priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2
table=1, priority=0 actions=drop
table=2, priority=20490,dl_type=0x9000 actions=drop
table=2, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=drop
table=2, priority=20480,dl_src=0e:00:00:00:00:01 actions=drop
table=2, priority=16384,arp,dl_vlan=100 actions=goto_table:4
table=2, priority=16384,arp,dl_vlan=200 actions=goto_table:4
table=2, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
table=2, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3
table=2, hard_timeout=7996, priority=8191,in_port=sw1p1,dl_vlan=100,dl_src=52:54:00:3f:15:ea actions=goto_table:5
table=2, hard_timeout=7940, priority=8191,in_port=sw1p4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 actions=goto_table:5
table=2, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5
table=2, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5
table=2, priority=0 actions=goto_table:5
table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4
table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4
table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4
table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4
table=3, priority=0 actions=drop
table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64
table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64
table=4, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64
table=4, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194
table=4, priority=12319,arp actions=goto_table:5
table=4, priority=12316,ip actions=CONTROLLER:194,goto_table:5
table=4, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174
table=4, priority=12318,icmp actions=CONTROLLER:194,goto_table:5
table=4, priority=0 actions=drop
table=5, idle_timeout=11996, priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea actions=pop_vlan,output:sw1p1
table=5, idle_timeout=11940, priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 actions=pop_vlan,output:sw1p4
table=5, priority=0 actions=goto_table:6
table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=drop
table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=drop
table=6, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=drop
table=6, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3
table=6, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5
table=6, priority=0 actions=drop
root@server1:~# 主要增加表项:
table 3:host1和host3的三层转发(本地10.100.0.10和10.200.0.10的三层转发)
table 5:host1和host3的二层转发
------ovs-dpctl dump-flows
root@server1:~# ovs-dpctl dump-flows
recirc_id(0),in_port(5),eth(src=52:54:00:29:ef:e9,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.100.0.10,proto=6,ttl=64,frag=no), packets:199, bytes:30990, used:0.901s, flags:P., actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:3f:15:ea)),set(ipv4(ttl=63)),2
recirc_id(0),in_port(2),eth(src=52:54:00:3f:15:ea,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.200.0.10,proto=6,ttl=64,frag=no),tcp(dst=0/0xf000), packets:235, bytes:18006, used:0.901s, flags:P., actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:29:ef:e9)),set(ipv4(ttl=63)),5
ovs-dpctl dump-flows显示 datapath 层的流量状态。datapath 使用了掩码匹配方式(
tcp(dst=0/0xf000))下推了一个 TCP megaflow。因为控制面 table=0 中存在一条高优先级规则明确地 drop 了tp_dst=8080的 TCP 流量。这会阻止 datapath 生成一个可能"放过"被 drop 的 TCP 流量的 megaflow。OVS 为了安全策略优先,会缩小 datapath 匹配范围,只允许部分端口段的缓存。所以ACLOVS某种程度会影响转发性能。