openvswit_vlan流表

如果计算节点关闭防火墙,配置文件如下,那么就不会产生bridge桥及相应iptables规则
ml2部份配置文件如下

1
2
3
[securitygroup]
#enable_security_group = True
#firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

linuxBridge桥接口就会为空

1
2
kvm-app-6:~ # brctl show  # 为空
bridge name bridge id STP enabled interfaces

查看某虚机接口信息

1
2
3
4
5
6
7
8
9
kvm-app-6:~ # virsh  list
Id Name State
----------------------------------------------------
1 instance-00000793 running

kvm-app-6:~ # virsh domiflist instance-00000793
Interface Type Source Model MAC
-------------------------------------------------------
tap790c394d-70 bridge br-int virtio fa:16:3e:1f:11:99

ovs-vsctl show

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
kvm-app-6:~ # ovs-vsctl show
8ba4a76e-8c27-4807-a65a-f05b22a3ef76
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "tap790c394d-70"
tag: 1
Interface "tap790c394d-70"
Port br-int
Interface br-int
type: internal
Bridge br-ex
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
Port "bond0"
Interface "bond0"
ovs_version: "2.7.6"

查看br-int桥接口信息ovs-ofctl show br-int

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
kvm-app-6:~ # ovs-ofctl  show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:00002a77dbc2860a
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(int-br-ex): addr:3e:38:8a:6e:c1:de
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(tap790c394d-70): addr:fe:16:3e:1f:11:99
config: 0
state: 0
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
LOCAL(br-int): addr:2a:77:db:c2:86:0a
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

查看br-int流表规则ovs-ofctl dump-flows br-int

1
2
3
4
5
6
7
8
9
10
11
12
13
kvm-app-6:~ # ovs-ofctl  dump-flows  br-int
NXST_FLOW reply (xid=0x4):
cookie=0x8372d932b48e5321, duration=5395.262s, table=0, n_packets=0, n_bytes=0, idle_age=5395, priority=10,icmp6,in_port=2,icmp_type=136 actions=resubmit(,24)
cookie=0x8372d932b48e5321, duration=5395.261s, table=0, n_packets=505, n_bytes=21210, idle_age=7, priority=10,arp,in_port=2 actions=resubmit(,24)
cookie=0x8372d932b48e5321, duration=7776.549s, table=0, n_packets=366813, n_bytes=36441400, idle_age=5395, priority=2,in_port=1 actions=drop
cookie=0x8372d932b48e5321, duration=5395.264s, table=0, n_packets=817, n_bytes=74814, idle_age=4, priority=9,in_port=2 actions=resubmit(,25)
cookie=0x8372d932b48e5321, duration=5395.379s, table=0, n_packets=840145, n_bytes=83511042, idle_age=0, priority=3,in_port=1,dl_vlan=11 actions=mod_vlan_vid:1,NORMAL
cookie=0x8372d932b48e5321, duration=7776.964s, table=0, n_packets=4, n_bytes=320, idle_age=7776, priority=0 actions=NORMAL
cookie=0x8372d932b48e5321, duration=7776.965s, table=23, n_packets=0, n_bytes=0, idle_age=7776, priority=0 actions=drop
cookie=0x8372d932b48e5321, duration=5395.263s, table=24, n_packets=0, n_bytes=0, idle_age=5395, priority=2,icmp6,in_port=2,icmp_type=136,nd_target=fe80::f816:3eff:fe1f:1199 actions=NORMAL
cookie=0x8372d932b48e5321, duration=5395.262s, table=24, n_packets=502, n_bytes=21084, idle_age=7, priority=2,arp,in_port=2,arp_spa=10.8.25.220 actions=resubmit(,25)
cookie=0x8372d932b48e5321, duration=7776.964s, table=24, n_packets=3, n_bytes=126, idle_age=5357, priority=0 actions=drop
cookie=0x8372d932b48e5321, duration=5395.265s, table=25, n_packets=1319, n_bytes=95898, idle_age=4, priority=2,in_port=2,dl_src=fa:16:3e:1f:11:99 actions=NORMAL

查看br-ex交换机接口信息ovs-ofctl show br-ex

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 kvm-app-6:~ # ovs-ofctl  show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000aa081303781a
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(bond0): addr:82:01:9b:1b:28:c9
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(phy-br-ex): addr:c2:06:bb:33:da:7a
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-ex): addr:aa:08:13:03:78:1a
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

查看br-ex流表信息

1
2
3
4
5
kvm-app-6:~ # ovs-ofctl  dump-flows br-ex
NXST_FLOW reply (xid=0x4):
cookie=0x90f6220dc9413e6e, duration=5441.562s, table=0, n_packets=1328, n_bytes=96564, idle_age=3, priority=4,in_port=2,dl_vlan=1 actions=mod_vlan_vid:11,NORMAL
cookie=0x90f6220dc9413e6e, duration=7822.731s, table=0, n_packets=0, n_bytes=0, idle_age=7822, priority=2,in_port=2 actions=drop
cookie=0x90f6220dc9413e6e, duration=7822.733s, table=0, n_packets=1213423, n_bytes=120613616, idle_age=0, priority=0 actions=NORMAL