Mininet OVS(openVswitch)

OpenVswitch is a software to control switch behavior SDN 下 - Data plain - Control plain 是分離的 controller 可議透過 open flow 對我們的switch 設定Rules Configure Switch Rule - Packet forward - Packet drop - Packet modification Create topology ![](https://i.imgur.com/19V7v5N.png) ``` mn --topo single,2 ``` ![](https://i.imgur.com/yHcUUJs.png) Delete controller ``` ps -aux | grep controller kill -9 ``` Switch 在沒有 controller 情況下 h1 會 ping 不到 h2 OVS configure openVswitch 進行設定 ``` ovs-ofctl ``` ``` root@ubuntu:/home/user# ovs-ofctl show s1 OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000000000001 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst 1(s1-eth1): addr:02:7b:01:ac:f4:14 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 2(s1-eth2): addr:16:eb:40:ef:6e:c0 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max LOCAL(s1): addr:7e:a3:60:7a:85:41 config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 ``` 這裡s1 Eth1 -> interface 1 的 info 其中 speed (reference) IFNO - dpid -> database ID Every switch has unique ID to identify (用來區分不同 openVswitch) - n_tabel >表示 openVswitch 有多少 table - capabilities (switch 的能力) - Action - output (forward)-> 轉發 - mod dl src ->(Modify data link source mac Address) - mod nw src ->(Modify network source IP Address ) - mod nw dst (同上) - mod nw tos (type of service ) - mod tp src (Modify transport layer source port) - mod tp dst (dst) ## flows ### dump-flows flows == Rule 每個flow 都表示 Rule (規則) ``` root@ubuntu:/home/user# ovs-ofctl dump-flows s1 ``` ![](https://i.imgur.com/igSKEwU.png) 在沒有Flow 的 Situation h1 是無法 ping h2 ### add-flow ``` root@ubuntu:/home/user# ovs-ofctl add-flow s1 in_port=1,action=output:2 root@ubuntu:/home/user# ovs-ofctl add-flow s1 in_port=2,action=output:1 root@ubuntu:/home/user# ovs-ofctl dump-flows s1 ``` ![](https://i.imgur.com/5N9XdVq.png) n_packet = 5 ARP + ICMP = 3 ### del-flows 清空 Rules ``` root@ubuntu:/home/user# ovs-ofctl del-flows s1 root@ubuntu:/home/user# ovs-ofctl dump-flows s1 ``` Delete match rule (刪除符合特定規則的RULE) ``` root@ubuntu:/home/user# ovs-ofctl del-flows s1 in_port=1 ``` ![](https://i.imgur.com/OXJh2Wy.png) ### Topology ![](https://i.imgur.com/ALJFA6E.png) Flow configure Flow 設定可以分成 IP Part ARP Part - arp (request)broadcast -> 找host MAC - arp (response) unicast ARP flows ``` root@ubuntu:/home/user# ovs-ofctl add-flow s1 in_port=1,arp,actions=output:flood root@ubuntu:/home/user# ovs-ofctl add-flow s1 in_port=2,arp,actions=output:flood root@ubuntu:/home/user# ovs-ofctl add-flow s1 in_port=3,arp,actions=output:flood ``` 當 Arp packet 進來 (broadcast 方式傳出去 flood 傳送) 上面分別設定了port1 port2 prot3 IP flows ``` root@ubuntu:/home/user# ovs-ofctl add-flow s1 ip,nw_dst=10.0.0.1,action=output:1 root@ubuntu:/home/user# ovs-ofctl add-flow s1 ip,nw_dst=10.0.0.2,action=output:2 root@ubuntu:/home/user# ovs-ofctl add-flow s1 ip,nw_dst=10.0.0.3,action=output:3 ``` show flows ``` ovs-ofctl dump-flows ``` Test h1 ping h2 ![](https://i.imgur.com/asEJhKw.png) ![](https://i.imgur.com/jmcJgyG.png) --- ![](https://i.imgur.com/TWp855g.png)