本文主要是介绍OpenvSwitch常用命令(全),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
什么是 Open vSwitch
What is Open vSwitch?
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V.
OpenvSwitch支持的特性
Open vSwitch supports the following features:
- Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors
- LACP (IEEE 802.1AX-2008)
- Standard 802.1Q VLAN model with trunking
- Multicast snooping
- IETF Auto-Attach SPBM and rudimentary required * * * LLDP support
- BFD and 802.1ag link monitoring
- STP (IEEE 802.1D-1998) and RSTP (IEEE 802.1D-2004)
- Fine-grained QoS control
- Support for HFSC qdisc
- Per VM interface traffic policing
- NIC bonding with source-MAC load balancing, active backup, and L4 hashing
- OpenFlow protocol support (including many extensions for virtualization)
- IPv6 support
- Multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support)
- Remote configuration protocol with C and Python bindings
- Kernel and user-space forwarding engine options
Multi-table forwarding pipeline with flow-caching engine - Forwarding layer abstraction to ease porting to new software and hardware platforms
一、两种 OVS fallback behavior
- standalone
这种模式下,没有运行controller的情况下,OVS会自动调回普通switch模式,如果有controller的情况,ovs会自动变成 openflow switch
命令:
ovs-vsctl set-fail-mode ovs-switch standalone
ovs-switch替换成bridge的名字- secure
这种模式下,无论有没有controller, ovs都会作为openflow switch运行, 也就是所有interface在bridge上,等待controller或者用户添加flow到switch来进行通信
ovs-vsctl set-fail-mode ovs-switch secure二、OVS常用的两个 command line tool
ovs-vsctl 用来查询和配置ovs-vswitchd
ovs-ofctl 管理配置openflow switch
Open vSwitch常用命令
#添加网桥
ovs-vsctl add-br br-int#列出网桥
ovs-vsctl list-br#给网桥添加端口
ovs-vsctl add-port br-int tap-xxx#列出挂载某网络接口的所有网桥
ovs-vsctl port-to-br tap-xxx#查看全部信息
ovs-vsctl show#举例 查看所有网桥
ovs-vsctl list bridge#举例 删除一条qos记录
ovs-vsctl destroy qos <qos-id>#修改端口 p1 的 VLAN tag 为 101,使端口 p1 成为一个隶属于 VLAN 101 的端口
ovs-vsctl set Port p1 tag=101#查看某网桥信息
ovs-ofctl show br-tun#查看某网桥上所有端口的状态
ovs-ofctl dump-ports br-tun#添加一条流表规则 丢弃从port2上发来的所有数据表
ovs-ofctl add-flow br-tun idle_timeout=120,in_port=2,actions=drop#查看某网桥上面的流表规则
ovs-ofctl dump-flows br-tun#屏蔽所有进入 OVS 的以太网广播数据包
ovs-ofctl add-flow ovs-switch "table=0, dl_src=01:00:00:00:00:00/01:00:00:00:00:00, actions=drop"#屏蔽 STP 协议的广播数据包
ovs-ofctl add-flow ovs-switch "table=0, dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0, actions=drop"屏蔽对目的主机访问:
ovs-ofctl add-flow br0 idle_timeout=0,dl_type=0x0800,nw_src=xx.xx.xx.xx,actions=dropQos设置
Qos可以针对网络接口,也可以针对端口设置:
#针对网络接口 1000±100kbps
ovs-vsctl set interface tap-xxx ingress_policing_rate=1000
ovs-vsctl set interface tap-xxx ingress_policing_burst=100#指定协议查看流表
ovs-ofctl dump-flows -O OpenFlow13 br-int#删除br-int所连控制器
ovs-vsctl del-controller br-int#添加br-int所连控制器(可以添加多个)
ovs-vsctl set-controller br-int "tcp:192.168.53.53:6633" "tcp:192.168.53.68:6633"#添加br-int所连控制器步骤2(可以添加多个)
ovs-vsctl set-manager "tcp:192.168.53.53:6640" "tcp:192.168.53.68:6640"#修改br-int支持的of协议
ovs-vsctl set bridge br0 protocols=OpenFlow13#把ovs的状态设置成normal,就是全转发
ovs-ofctl add-flow br-int "actions=normal"#增加in_port和out_port的对应规则
ovs-ofctl add-flow br-int "in_port=22,actions=output:32" -O OpenFlow13#删除br-int上所有流表
ovs-ofctl del-flows br-int这篇关于OpenvSwitch常用命令(全)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
