当前位置: 首页 > news >正文

OVS Faucet练习(下)

news 来源:原创 2025/6/24 13:52:41

3、Routing

3.1 启动虚机

——host1

在前面的练习中,已经启动该虚机。如果没有启动,执行:

virsh start host1

添加网关配置:

$ sudo ip route add default via 10.100.0.254 dev eth0
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000link/ether 52:54:00:3f:15:ea brd ff:ff:ff:ff:ff:ffinet 10.100.0.10/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe3f:15ea/64 scope link valid_lft forever preferred_lft forever
$ ip route
default via 10.100.0.254 dev eth0 
10.100.0.0/24 dev eth0  src 10.100.0.10 
$

——host2

在前面的练习中,已经启动该虚机。如果没有启动,执行:

virsh start host2

添加网关配置:

$ ip route
default via 10.100.0.254 dev eth0 
10.100.0.0/24 dev eth0  src 10.100.0.20 
$ 
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000link/ether 52:54:00:3e:93:2d brd ff:ff:ff:ff:ff:ffinet 10.100.0.20/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe3e:932d/64 scope link valid_lft forever preferred_lft forever
$ ip route
default via 10.100.0.254 dev eth0 
10.100.0.0/24 dev eth0  src 10.100.0.20 
$

 ——host3

在前面的练习中,已经完成host3的配置。host3是首次启动:

root@server1:~# virsh start host3
Domain 'host3' started

配置IP地址和网关:

root@server1:~# virsh console host3
Connected to domain 'host3'
Escape character is ^] (Ctrl + ])login as 'cirros' user. default password: 'gocubsgo'. use 'sudo' for root.
cirros login: cirros
Password: 
$ 
$ sudo ip addr add 10.200.0.10/24 dev eth0
$ sudo ip route add default via 10.200.0.254 dev eth0
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000link/ether 52:54:00:29:ef:e9 brd ff:ff:ff:ff:ff:ffinet 10.200.0.10/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe29:efe9/64 scope link valid_lft forever preferred_lft forever
$ ip route
default via 10.200.0.254 dev eth0 
10.200.0.0/24 dev eth0  src 10.200.0.10

3.2 设置日志

——设置 vconn 模块的日志级别为 dbg

为了查看流表下发情况,设置 vconn 模块的日志级别为 dbg:

ovs-appctl -t ovs-vswitchd vlog/set vconn:fIle:dbg

查看是否修改成功:

ovs-appctl -t ovs-vswitchd vlog/list

root@server1:~# ovs-appctl -t ovs-vswitchd vlog/set vconn:fIle:dbgroot@server1:~# ovs-appctl -t ovs-vswitchd vlog/listconsole    syslog    file-------    ------    ------
backtrace          OFF        ERR       INFO
bfd                OFF        ERR       INFO
bond               OFF        ERR       INFO
...
vconn              OFF        ERR        DBG

——开启实时日志

faucet.log:

root@server1:~/faucet/inst# tail -f faucet.log

ovs-vswitchd.log: 

root@server1:/var/log/openvswitch# tail -f ovs-vswitchd.log | grep -v -e "OFPT_ECHO_REQUEST" -e "OFPT_ECHO_REPLY"

  3.3 编辑控制器yaml文件

dps:switch-1:dp_id: 0x1timeout: 8000arp_neighbor_timeout: 3600interfaces:1:native_vlan: 1002:native_vlan: 1003:native_vlan: 1004:native_vlan: 2005:native_vlan: 200
vlans:100:faucet_vips: ["10.100.0.254/24"]200:faucet_vips: ["10.200.0.254/24"]
routers:router-1:vlans: [100, 200]

3.4 重启faucet

docker restart faucet

root@server1:~/faucet/inst# docker restart faucet
faucet

——faucet.log

Jun 22 12:51:21 faucet INFO     version 1.10.11
Jun 22 12:51:21 faucet INFO     Reloading configuration
Jun 22 12:51:21 faucet INFO     configuration /etc/faucet/faucet.yaml changed, analyzing differences
Jun 22 12:51:21 faucet INFO     Add new datapath DPID 1 (0x1)
Jun 22 12:51:21 faucet.valve INFO     DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3 with VIPs ['10.100.0.254/24']
Jun 22 12:51:21 faucet.valve INFO     DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 200 vid:200 untagged: Port 4,Port 5 with VIPs ['10.200.0.254/24']
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 port desc stats
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 delta in up state: set() => {1, 2, 4}
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 1 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 (1) up
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 2 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 (2) up
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 fabricating ADD status True
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 4 up status True reason ADD state 0
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 (4) up
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 22 12:51:24 faucet.valve ERROR    DPID 1 (0x1) switch-1 send_flow_msgs: DP not up
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Cold start configuring DP
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 (1) configured
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 (2) configured
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 (4) configured
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 22 12:51:24 faucet.valve INFO     DPID 1 (0x1) switch-1 table ID 0 table config match_types: (('eth_dst', True), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) name: vlan next_tables: ['eth_src'] output: True set_fields: ('vlan_vid',) size: 32 vlan_port_scale: 3
table ID 1 table config match_types: (('eth_dst', True), ('eth_src', False), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) miss_goto: eth_dst name: eth_src next_tables: ['ipv4_fib', 'vip', 'eth_dst', 'flood'] output: True set_fields: ('vlan_vid', 'eth_dst') size: 64 table_id: 1 vlan_port_scale: 4.1
table ID 2 table config dec_ttl: True match_types: (('eth_type', False), ('ipv4_dst', True), ('vlan_vid', False)) name: ipv4_fib next_tables: ['vip', 'eth_dst', 'flood'] output: True set_fields: ('eth_dst', 'eth_src', 'vlan_vid') size: 32 table_id: 2 vlan_port_scale: 3.1
table ID 3 table config match_types: (('arp_tpa', False), ('eth_dst', False), ('eth_type', False), ('icmpv6_type', False), ('ip_proto', False)) name: vip next_tables: ['eth_dst', 'flood'] output: True size: 32 table_id: 3 vlan_scale: 8
table ID 4 table config exact_match: True match_types: (('eth_dst', False), ('vlan_vid', False)) miss_goto: flood name: eth_dst output: True size: 64 table_id: 4 vlan_port_scale: 4.1
table ID 5 table config match_types: (('eth_dst', True), ('in_port', False), ('vlan_vid', False)) name: flood output: True size: 96 table_id: 5 vlan_port_scale: 8.0

下发流表table 0-5。 

——ovs-vswitchd.log

2025-06-22T12:51:19.938Z|03279|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connection closed by peer
2025-06-22T12:51:21.146Z|03280|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connecting...
2025-06-22T12:51:21.146Z|03281|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_HELLO (OF1.5) (xid=0x36):version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-22T12:51:21.154Z|03282|rconn|WARN|sw1<->tcp:127.0.0.1:6653: connection dropped (Connection reset by peer)
2025-06-22T12:51:21.154Z|03283|rconn|INFO|sw1<->tcp:127.0.0.1:6653: waiting 2 seconds before reconnect
2025-06-22T12:51:23.652Z|03284|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connecting...
2025-06-22T12:51:23.652Z|03285|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_HELLO (OF1.5) (xid=0x37):version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-22T12:51:24.152Z|03286|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_HELLO (OF1.3) (xid=0x23dc1527):version bitmap: 0x01, 0x02, 0x03, 0x04
2025-06-22T12:51:24.152Z|03287|vconn|DBG|tcp:127.0.0.1:6653: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04 and earlier)
2025-06-22T12:51:24.152Z|03288|rconn|INFO|sw1<->tcp:127.0.0.1:6653: connected
2025-06-22T12:51:24.152Z|03289|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FEATURES_REQUEST (OF1.3) (xid=0x23dc1528):
2025-06-22T12:51:24.152Z|03290|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_FEATURES_REPLY (OF1.3) (xid=0x23dc1528): dpid:0000000000000001
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS
2025-06-22T12:51:24.154Z|03291|vconn|DBG|tcp:127.0.0.1:6653: received: OFPST_PORT_DESC request (OF1.3) (xid=0x23dc1529): port=ANY
2025-06-22T12:51:24.155Z|03292|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPST_PORT_DESC reply (OF1.3) (xid=0x23dc1529):1(sw1p1): addr:fe:54:00:3f:15:eaconfig:     0state:      LIVEcurrent:    10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max2(sw1p2): addr:fe:54:00:3e:93:2dconfig:     0state:      LIVEcurrent:    10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max3(sw1p3): addr:ae:c5:47:ef:0f:3bconfig:     0state:      LINK_DOWNcurrent:    10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max4(sw1p4): addr:fe:54:00:29:ef:e9config:     0state:      LIVEcurrent:    10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max5(sw1p5): addr:4a:78:29:48:c8:bfconfig:     0state:      LINK_DOWNcurrent:    10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps maxLOCAL(sw1): addr:3e:18:ba:43:3b:42config:     PORT_DOWNstate:      LINK_DOWNspeed: 0 Mbps now, 0 Mbps max
2025-06-22T12:51:24.155Z|03293|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_CONFIG (OF1.3) (xid=0x23dc152a): frags=normal miss_send_len=0
2025-06-22T12:51:24.155Z|03294|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_ASYNC (OF1.3) (xid=0x23dc152b):primary:PACKET_IN: (off)PORT_STATUS: (off)FLOW_REMOVED: (off)ROLE_STATUS: (off)TABLE_STATUS: (off)REQUESTFORWARD: (off)secondary:PACKET_IN: (off)PORT_STATUS: (off)FLOW_REMOVED: (off)ROLE_STATUS: (off)TABLE_STATUS: (off)REQUESTFORWARD: (off)
2025-06-22T12:51:24.155Z|03295|vconn|DBG|tcp:127.0.0.1:6653: received: OFPST_DESC request (OF1.3) (xid=0x23dc152c):
2025-06-22T12:51:24.155Z|03296|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPST_DESC reply (OF1.3) (xid=0x23dc152c):
Manufacturer: Nicira, Inc.
Hardware: Open vSwitch
Software: 2.17.9
Serial Num: None
DP Description: None
2025-06-22T12:51:24.155Z|03297|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152d): DEL table:255 priority=0 actions=drop
2025-06-22T12:51:24.173Z|03298|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_SET_ASYNC (OF1.3) (xid=0x23dc152e):primary:PACKET_IN: action invalid_ttlPORT_STATUS: add delete modifyFLOW_REMOVED: (off)ROLE_STATUS: (off)TABLE_STATUS: (off)REQUESTFORWARD: (off)secondary:PACKET_IN: action invalid_ttlPORT_STATUS: add delete modifyFLOW_REMOVED: (off)ROLE_STATUS: (off)TABLE_STATUS: (off)REQUESTFORWARD: (off)
2025-06-22T12:51:24.174Z|03299|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152d): DEL table:255 priority=0 actions=drop
2025-06-22T12:51:24.174Z|03300|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc152f): ADD table:5 priority=8240,dl_dst=01:00:0c:cc:cc:cc cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03301|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1530): ADD table:5 priority=8240,dl_dst=01:00:0c:cc:cc:cd cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03302|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1531): ADD table:5 priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03303|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1532): ADD table:5 priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03304|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1533): ADD table:5 priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.175Z|03305|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1534): ADD table:5 priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03306|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1535): ADD table:5 priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03307|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1536): ADD table:5 priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03308|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1537): ADD table:5 priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03309|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1538): ADD table:5 priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03310|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1539): ADD table:5 priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03311|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153a): ADD table:5 priority=8192,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:1,output:2,output:3
2025-06-22T12:51:24.175Z|03312|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153b): ADD table:5 priority=8192,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=pop_vlan,output:4,output:5
2025-06-22T12:51:24.175Z|03313|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153c): ADD table:5 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03314|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153d): ADD table:4 priority=0 cookie:0x5adc15c0 out_port:0 actions=goto_table:5
2025-06-22T12:51:24.177Z|03315|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153e): ADD table:3 priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03316|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc153f): ADD table:3 priority=12320,arp,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03317|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1540): ADD table:3 priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:64
2025-06-22T12:51:24.177Z|03318|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1541): ADD table:3 priority=12319,arp cookie:0x5adc15c0 out_port:0 actions=goto_table:4
2025-06-22T12:51:24.177Z|03319|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1542): ADD table:3 priority=12319,icmp,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:174
2025-06-22T12:51:24.177Z|03320|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1543): ADD table:3 priority=12318,icmp cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194,goto_table:4
2025-06-22T12:51:24.177Z|03321|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1544): ADD table:3 priority=12317,ip,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194
2025-06-22T12:51:24.177Z|03322|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1545): ADD table:3 priority=12316,ip cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:194,goto_table:4
2025-06-22T12:51:24.177Z|03323|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1546): ADD table:3 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03324|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1547): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03325|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1548): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03326|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1549): ADD table:2 priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03327|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154a): ADD table:2 priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03328|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154b): ADD table:2 priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03329|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154c): ADD table:2 priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.177Z|03330|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154d): ADD table:2 priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.177Z|03331|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154e): ADD table:1 priority=20490,dl_type=0x9000 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03332|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc154f): ADD table:1 priority=20480,dl_src=ff:ff:ff:ff:ff:ff cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03333|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1550): ADD table:1 priority=20480,dl_src=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:24.178Z|03334|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1551): ADD table:1 priority=16384,arp,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.178Z|03335|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1552): ADD table:1 priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=goto_table:2
2025-06-22T12:51:24.178Z|03336|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1553): ADD table:1 priority=16384,arp,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=goto_table:3
2025-06-22T12:51:24.178Z|03337|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1554): ADD table:1 priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 cookie:0x5adc15c0 out_port:0 actions=goto_table:2
2025-06-22T12:51:24.178Z|03338|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1555): ADD table:1 priority=4096,dl_vlan=100 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:96,goto_table:4
2025-06-22T12:51:24.178Z|03339|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1556): ADD table:1 priority=4096,dl_vlan=200 cookie:0x5adc15c0 out_port:0 actions=CONTROLLER:96,goto_table:4
2025-06-22T12:51:24.178Z|03340|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1557): ADD table:1 priority=0 cookie:0x5adc15c0 out_port:0 actions=goto_table:4
2025-06-22T12:51:24.178Z|03341|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1558): ADD priority=4096,in_port=1,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03342|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1559): ADD priority=4096,in_port=2,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03343|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155a): ADD priority=4096,in_port=4,vlan_tci=0x0000/0x1fff cookie:0x5adc15c0 out_port:0 actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
2025-06-22T12:51:24.178Z|03344|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155b): ADD priority=0 cookie:0x5adc15c0 out_port:0 actions=drop
2025-06-22T12:51:34.156Z|03347|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 47 flow_mods 10 s ago (45 adds, 2 deletes)

这段日志记录了 sw1 交换机与位于 127.0.0.1:6653 的 OpenFlow 控制器之间的一次完整连接与流表下发过程。以下是关键行为及其含义逐步解析:

✅ 连接建立过程

  1. connection closed by peer
    控制器主动断开了连接。

  2. connecting...sent OFPT_HELLOreceived OFPT_HELLO
    双方开始新的 OpenFlow 握手,协商版本成功为 OpenFlow 1.3(0x04)。

  3. connected
    握手完成,连接建立成功。

✅ 基本能力交换

  1. 控制器下发了 OFPT_FEATURES_REQUEST,交换机回应其 DPID 及能力(支持 flow/table/port/group/queue stats 等)。

  2. 控制器请求端口信息 OFPST_PORT_DESC,OVS 返回所有端口状态,包括 sw1p1~sw1p5

✅ 控制器配置行为

  1. 控制器设置异步消息策略 SET_ASYNC 和配置帧 SET_CONFIG

    • 初始设置所有异步消息类型为关闭(off),之后更新为开启部分消息(如 PORT_STATUS, PACKET_IN)。

✅ 流表下发分析(共45条 ADD,2条 DEL)

这是控制器对交换机下发的一套完整 pipeline,流表涵盖多个表(table 1~5),每条匹配条件清晰、优先级明确定义。

流表设计概览:

表号用途简述
table:0设置入口vlan
table:1入端口/入 VLAN 处理,分发到后续表
table:2路由处理,根据 VLAN 和 IP dst 决定走向
table:3控制类包(ARP、ICMP)交由控制器处理或进入下一表
table:4二层转发
table:5L2 广播、组播、未知单播处理等出口逻辑

部分重点流项解释:

  • VLAN打标签处理(从物理口进入无 VLAN 的报文):

    ADD priority=4096,in_port=1,vlan_tci=0x0000/0x1fff actions=push_vlan,set_field:4196->vlan_vid,goto_table:1

    表示从 sw1p1(port=1)进入的裸包将打上 VLAN 100(0x100 + 100 = 4196),然后跳转到 table 1。

  • L2 广播处理

    table:5, dl_vlan=100, dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:1,2,3

    表示 VLAN 100 内的广播包去往对应端口。

  • ARP、ICMP、IP 控制包处理
    table:3 中匹配对应类型后送至 CONTROLLER:64 表示发给控制器处理。

  • drop 规则
    每个表尾都有一条优先级为 0 的 actions=drop 规则,作为默认匹配兜底。

🔄 连接恢复过程小结

连接断开→重连→成功握手→控制器重新同步流表,这整个过程说明:

  • 控制器具有“状态恢复”能力。

  • OVS 与控制器兼容良好,使用的是 OpenFlow 1.3(非常主流版本)。

  • 所有行为正常,没有明显错误。

✅ 总结诊断结论

  1. 连接和握手状态良好

  2. 控制器主动下发了详细完整的流表管线配置,逻辑严密

  3. 流表功能涵盖 VLAN 入端口处理、L2 广播组播控制、L3 控制包引导等,是典型的多表 pipeline 架构

  4. 若你遇到“控制器掉线”、“ovs-vswitchd 不执行规则”等情况,这里看起来都没有异常。

  5. 如果你是为了调试 diff-flows 等问题,这时控制器已经更新了整个 flow 状态,应该作为基准。

——完整流表flows-1

root@server1:~# dump-flows sw1priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1priority=0 actions=droptable=1, priority=20490,dl_type=0x9000 actions=droptable=1, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=droptable=1, priority=20480,dl_src=0e:00:00:00:00:01 actions=droptable=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2table=1, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:2table=1, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:4table=1, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:4table=1, priority=0 actions=goto_table:4table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:3table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3table=2, priority=0 actions=droptable=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194table=3, priority=12319,arp actions=goto_table:4table=3, priority=12316,ip actions=CONTROLLER:194,goto_table:4table=3, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174table=3, priority=12318,icmp actions=CONTROLLER:194,goto_table:4table=3, priority=0 actions=droptable=4, priority=0 actions=goto_table:5table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=droptable=5, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=droptable=5, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=droptable=5, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=0 actions=drop
root@server1:~#

表0:入口vlan设置

表1:mac地址学习

表2:路由表

表3:路由器本地端口/本地路由处理

表4:二层转发

表5:BUM处理 

——保存流表flows-1

root@server1:~# save-flows sw1 > flows-1

3.5 host1 ping host3测试

3.5.1 host1 ping host3

    ——host1执行ping操作

    ping之前,清除host1/host3的arp表。

    $ ping -c 4 10.200.0.10
PING 10.200.0.10 (10.200.0.10): 56 data bytes
64 bytes from 10.200.0.10: seq=1 ttl=63 time=1.283 ms
64 bytes from 10.200.0.10: seq=2 ttl=63 time=0.333 ms
64 bytes from 10.200.0.10: seq=3 ttl=63 time=0.490 ms--- 10.200.0.10 ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max = 0.333/0.702/1.283 ms
$

     4 个 ICMP 报文中只收到 3 个响应。在初始阶段,ICMP 报文匹配不到现有流表,被送往控制器(packet-in),控制器再响应并下发流表(flow-mod)。这一过程中前几个包可能就被丢掉或延迟处理。

    ——tcpdump -i sw1p1观察

    root@server1:~# tcpdump -i sw1p1 arp or icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:01:37.782275 ARP, Request who-has 10.100.0.254 tell 10.100.0.10, length 28
13:01:37.793503 ARP, Reply 10.100.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46
13:01:37.794139 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 0, length 64
13:01:38.783417 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 1, length 64
13:01:38.784090 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 1, length 64
13:01:39.783820 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 2, length 64
13:01:39.783962 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 2, length 64
13:01:40.785242 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 3, length 64
13:01:40.785464 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 3, length 64

     这种行为 非常典型地说明控制器在首次收到 ICMP 流量时触发了 Packet-In,然后下发 FlowMod 建立流表。由于这个过程有少许延迟,第一个 Echo Request 没来得及完成匹配和转发,所以丢了。

    后续包则走了 datapath 缓存(megaflow / fastpath),转发流畅,不再需要交互控制器。

    ——tcpdump -i sw1p4观察 

    root@server1:~# tcpdump -i sw1p4 arp or icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p4, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:01:37.796782 ARP, Request who-has 10.200.0.10 tell 10.200.0.254, length 46
13:01:37.797778 ARP, Reply 10.200.0.10 is-at 52:54:00:29:ef:e9 (oui Unknown), length 28
13:01:38.783636 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 1, length 64
13:01:38.783978 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 1, length 64
13:01:39.783834 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 2, length 64
13:01:39.783958 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 2, length 64
13:01:40.785257 IP 10.100.0.10 > 10.200.0.10: ICMP echo request, id 23553, seq 3, length 64
13:01:40.785458 IP 10.200.0.10 > 10.100.0.10: ICMP echo reply, id 23553, seq 3, length 64
13:01:43.785138 ARP, Request who-has 10.200.0.254 tell 10.200.0.10, length 28
13:01:43.787362 ARP, Reply 10.200.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46

    这是 预期中的正常行为,并不是配置错误。OpenFlow 控制器收到第一包 packet-in 后来不及下发规则,导致第一个包掉。后续因流表下发成功,通信恢复正常。 

    ——faucet.log

    Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 L2 learned on Port 1 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100 (1 hosts total)
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 Adding new route 10.100.0.10/32 via 10.100.0.10 (52:54:00:3f:15:ea) on VLAN 100
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 Resolve response to 10.100.0.254 from 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 resolving 10.200.0.10 (1 flows) on VLAN 200
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 L2 learned on Port 4 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200 (1 hosts total)
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 Adding new route 10.200.0.10/32 via 10.200.0.10 (52:54:00:29:ef:e9) on VLAN 200
Jun 22 13:01:37 faucet.valve INFO     DPID 1 (0x1) switch-1 Received advert for 10.200.0.10 from 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200

    非常好,这段 Faucet 日志和你前面的抓包、OVS 日志一起,已经完整验证了首次 Ping 丢包(25%)是“正常的首次流表学习行为”,没有任何异常。

    🕐 13:01:37 时间点

    Faucet 控制器从 OVS 收到了 packet-in

    时间日志 / 行为说明
    13:01:37.782275ARP Request10.100.0.10 请求 10.100.0.254
    13:01:37.793503ARP Reply控制器回应网关 MAC
    13:01:37.794139ICMP Echo Request (seq=0)发出第一包 ping
    13:01:37 Faucet 日志Faucet 开始学习主机、路由、邻居L2 learned + Adding new route + resolving 10.200.0.10
    13:01:37.797778ARP Reply from 10.200.0.10成功学到了对端 MAC
    13:01:37 Faucet 日志再次 L2 learned + 添加 routeFaucet 收到并建立返回方向的路由
    这个测试非常完整,逻辑链条清晰且验证严密: 从 packet-in 到 faucet 学习主机,再到流表下发、流量恢复,一切符合预期,是标准的 Faucet L3 forwarding 行为。

    ——ovs-vswitchd.log

    2025-06-22T13:01:37.782Z|03629|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:37.792Z|03630|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155c): ADD table:4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea cookie:0x5adc15c0 idle:11786 out_port:0 actions=pop_vlan,output:1
2025-06-22T13:01:37.793Z|03631|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155d): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
2025-06-22T13:01:37.793Z|03632|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155e): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
2025-06-22T13:01:37.793Z|03633|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc155f): ADD table:1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea cookie:0x5adc15c0 hard:7786 out_port:0 actions=goto_table:4
2025-06-22T13:01:37.793Z|03634|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1560): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-22T13:01:37.794Z|03635|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=102 in_port=1 (via action) data_len=102 (unbuffered)
icmp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0 icmp_csum:85a7
2025-06-22T13:01:37.796Z|03636|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1561): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop
2025-06-22T13:01:37.796Z|03637|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1562): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop
2025-06-22T13:01:37.796Z|03638|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1563): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:37.798Z|03639|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:01
2025-06-22T13:01:37.801Z|03640|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1564): ADD table:4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 cookie:0x5adc15c0 idle:11798 out_port:0 actions=pop_vlan,output:4
2025-06-22T13:01:37.801Z|03641|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1565): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
2025-06-22T13:01:37.801Z|03642|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1566): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
2025-06-22T13:01:37.801Z|03643|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1567): ADD table:1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 cookie:0x5adc15c0 hard:7798 out_port:0 actions=goto_table:4
2025-06-22T13:01:43.785Z|03646|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-22T13:01:43.787Z|03647|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1568): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9
2025-06-22T13:01:47.792Z|03648|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 10 flow_mods 10 s ago (10 adds)

    这段 ovs-vswitchd 日志清晰地展示了 一个典型的基于 SDN 控制器的 ARP 学习 + 流表下发 + 流量处理的完整闭环。我们来逐步还原这段过程发生了什么。

    🧠 网络场景概述(推测)

    你模拟了两个 VLAN 网络(100 和 200)之间的通信:

    • 10.100.0.10(VLAN 100) → ping → 10.200.0.10(VLAN 200)

    • MAC 地址和端口:

      • 52:54:00:3f:15:ea 绑定 10.100.0.10(in_port=1)

      • 52:54:00:29:ef:e9 绑定 10.200.0.10(in_port=4)

      • 控制器 MAC 是 0e:00:00:00:00:01

    🧾 关键事件流程还原

    1️⃣ 10.100.0.10 发 ARP 请求(查 10.100.0.254)

    2025-06-22T13:01:37.782Z|03629|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00

    控制器收到后回应:

    2025-06-22T13:01:37.793Z|03634|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1560): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea

    并顺势下发一组流表(说明控制器做了 learning):

    • table 4:VLAN100 → MAC 52:54:00:3f:15:ea 的 output:1 规则

    • table 2:匹配 nw_dst=10.100.0.10,准备发给该主机(从两条 VLAN:100/200 来)

    • table 1:从 in_port=1 学到该主机属于 VLAN100,goto_table:4

    2️⃣ 10.100.0.10 发 ping 到 10.200.0.10

    2025-06-22T13:01:37.794Z|03635|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=102 in_port=1 (via action) data_len=102 (unbuffered)
icmp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,icmp_type=8,icmp_code=0 icmp_csum:85a7

    这时控制器还没学到目标主机 10.200.0.10,所以先下发两条 drop 流表

    2025-06-22T13:01:37.796Z|03636|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1561): ADD table:2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop
2025-06-22T13:01:37.796Z|03637|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0x23dc1562): ADD table:2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:668 out_port:0 actions=drop

    同时控制器开始广播ARP 请求找目标主机:

    2025-06-22T13:01:37.796Z|03638|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1563): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00

    3️⃣ 10.200.0.10 回复 ARP,控制器学习地址

    2025-06-22T13:01:37.798Z|03639|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:01

    10.200.0.10发送arp request查找网关10.200.0.254的mac地址:

    2025-06-22T13:01:43.785Z|03646|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=3 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00

    控制器回复 ARP:

    2025-06-22T13:01:43.787Z|03647|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0x23dc1568): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9

    并补充完整流表:

    • table 4: VLAN200 → MAC 52:54:00:29:ef:e9 → output:4

    • table 2: nw_dst=10.200.0.10 → 修改 VLAN + MAC + goto table 4

    • table 1: in_port=4 → MAC 学习流

    ✅ 总结判断

    这一段日志里,控制器完成了以下事情:

    操作说明
    接收 ARP 和 ICMP 的 packet-in来自 sw1p1(port 1) 和 sw1p4(port 4)
    发出 ARP reply 和广播使用 OFPT_PACKET_OUT
    下发精细的流表3 张表联合处理,完成 VLAN 切换和地址重写
    处理 ICMP 前的防御性 drop控制器还没掌握 MAC 前,先下发 drop,避免意外转发

    📌 你可以从这看出:

    1. vconn 日志非常适合跟踪 OpenFlow 控制器收发细节;

    2. 控制器的行为是符合逻辑的,按照 packet-in → ARP 学习 → flow_mod 下发 → packet-out → data plane 安静的流程推进;

    3. 每条 packet-in 都对应控制器响应措施,有“实效性”强的控制器在后台逻辑起作用。

    ✅ 表结构设计分析(table 1 → 2 → 4)

    表职责分配逻辑推测如下:

    匹配字段作用
    Table 1in_port + dl_vlan + dl_srcMAC 学习,将入口端口与源MAC、VLAN绑定,用于 host tracking
    Table 2dl_vlan + nw_dst三层转发决策(IP 目的地址),并设置 VLAN、MAC(做出方向逻辑)
    Table 4dl_vlan + dl_dst二层转发出接口匹配,并 pop VLAN,最终转发出去
    这种分表结构非常常见于 Faucet/SONiC/ONOS 等控制器生成的流表:
    Table 1 负责 host 学习 → Table 2 负责三层处理 → Table 4 作为出接口查找。

    ——流表变化

    root@server1:~# diff-flows flows-1 sw1 | grep '^+' 
+table=1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea hard_timeout=7786 actions=goto_table:4
+table=1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 hard_timeout=7798 actions=goto_table:4
+table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
+table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
+table=4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea idle_timeout=11786 actions=pop_vlan,output:1
+table=4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 idle_timeout=11798 actions=pop_vlan,output:4
root@server1:~# 
root@server1:~# diff-flows flows-1 sw1 | grep '^-'  
root@server1:~#

    ——完整流表flows-2

    root@server1:~# dump-flows sw1priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1priority=0 actions=droptable=1, priority=20490,dl_type=0x9000 actions=droptable=1, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=droptable=1, priority=20480,dl_src=0e:00:00:00:00:01 actions=droptable=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2table=1, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:2table=1, hard_timeout=7786, priority=8191,in_port=sw1p1,dl_vlan=100,dl_src=52:54:00:3f:15:ea actions=goto_table:4table=1, hard_timeout=7798, priority=8191,in_port=sw1p4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 actions=goto_table:4table=1, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:4table=1, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:4table=1, priority=0 actions=goto_table:4table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:3table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:3table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4table=2, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4table=2, priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:3table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3table=2, priority=0 actions=droptable=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194table=3, priority=12319,arp actions=goto_table:4table=3, priority=12316,ip actions=CONTROLLER:194,goto_table:4table=3, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174table=3, priority=12318,icmp actions=CONTROLLER:194,goto_table:4table=3, priority=0 actions=droptable=4, idle_timeout=11786, priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea actions=pop_vlan,output:sw1p1table=4, idle_timeout=11798, priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 actions=pop_vlan,output:sw1p4table=4, priority=0 actions=goto_table:5table=5, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=droptable=5, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=droptable=5, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=droptable=5, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=5, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5table=5, priority=0 actions=drop
root@server1:~#

    ——保存流表flows-2

    root@server1:~# save-flows sw1 > flows-2

    ——ovs-dpctl dump-flows

    root@server1:~# ovs-dpctl dump-flows
recirc_id(0),in_port(5),eth(src=52:54:00:29:ef:e9,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.100.0.10,proto=1,ttl=64,frag=no), packets:2, bytes:196, used:0.964s, actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:3f:15:ea)),set(ipv4(ttl=63)),2
recirc_id(0),in_port(2),eth(src=52:54:00:3f:15:ea,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.200.0.10,proto=1,ttl=64,frag=no), packets:2, bytes:196, used:0.964s, actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:29:ef:e9)),set(ipv4(ttl=63)),5
root@server1:~#

    这两条是 路由转发(L3 forwarding)相关的 megaflow,表现出 Faucet 已成功为两个 VLAN 之间下发了路由规则。 

    ✅ 说明:Faucet 实现了典型的 Router-on-a-stick 模式

    这就是 Faucet IPv4 路由模式的正常表现:

    • 每个 VLAN 配置了一个虚拟 IP(VIP):

      • 10.100.0.254/24 on VLAN 100

      • 10.200.0.254/24 on VLAN 200

    • Faucet 在 datapath 层下发转发表,实现不同 VLAN 之间的路由

    • 流量进入一个 VLAN,匹配目的 IP 后:

      • 修改 MAC 地址

      • TTL 减一

      • 输出到另一个端口

    3.5.2 匹配流表分析

    host1 ping host3,host1和host3处于不同网段。

    host1首先需发出arp请求,请求解析网关10.100.0.254的mac。此时匹配流表(完整流表flows-1):

    • priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
    • table=1, priority=16384,arp,dl_vlan=100 actions=goto_table:3
    • table=3, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64

    此arp request将送到控制器处理,控制器回复arp reply,此时,控制器已经学习到host1的mac和ip,下发流表:

    • +table=1 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea hard_timeout=7786 actions=goto_table:4
    • +table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
    • +table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:4
    • +table=4 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea idle_timeout=11786 actions=pop_vlan,output:1
       

    host1获得网关mac后,发出IP报文(目的IP:10.200.0.10,目的mac,即网关mac,0e:00:00:00:00:01),此时匹配流表(完整流表flows5):

    • priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:1
    • table=1, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:2
    • table=2, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:3
    • table=3, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194

    此IP报文将送到控制器处理。控制器还没有10.200.0.10的mac地址,暂时无法直接封装此报文。控制器将发出arp request,请求host3的mac地址。此时控制器发出的arp request匹配流表(完整流表flows5):

    • table=5, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5

    host3收到are request后,回复arp reply,此arp reply匹配流表:

    • priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:1
    • table=1, priority=16384,arp,dl_vlan=200 actions=goto_table:3
    • table=3, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64

    此arp reply将送到控制器处理。控制器收到arp reply后,已经学习到host3的mac和ip,下发host3的流表:

    • +table=1 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 hard_timeout=7798 actions=goto_table:4
    • +table=2 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
    • +table=2 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:4
    • +table=4 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 idle_timeout=11798 actions=pop_vlan,output:4

    ✅ 最终效果:

    • faucet 控制器已完成 host1 到 host3 的双向转发路径准备

    • 后续所有 IP 报文将直接通过 datapath 下发的 flow 表处理,无需控制器介入

    4、ACLs

    4.1 编辑控制器yaml文件

    root@server1:~/faucet/inst# vi faucet.yaml
dps:switch-1:dp_id: 0x1timeout: 8000arp_neighbor_timeout: 3600interfaces:1:native_vlan: 100acl_in: 12:native_vlan: 1003:native_vlan: 1004:native_vlan: 2005:native_vlan: 200
vlans:100:faucet_vips: ["10.100.0.254/24"]200:faucet_vips: ["10.200.0.254/24"]
routers:router-1:vlans: [100, 200]
acls:1:- rule:dl_type: 0x800nw_proto: 6tcp_dst: 8080actions:allow: 0- rule:actions:allow: 1

    4.2 重启faucet

    root@server1:~# docker restart faucet
faucet

    ——faucet.log

    Jun 23 00:19:37 faucet INFO     version 1.10.11
Jun 23 00:19:37 faucet INFO     Reloading configuration
Jun 23 00:19:37 faucet INFO     configuration /etc/faucet/faucet.yaml changed, analyzing differences
Jun 23 00:19:37 faucet INFO     Add new datapath DPID 1 (0x1)
Jun 23 00:19:37 faucet.valve INFO     DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3 with VIPs ['10.100.0.254/24']
Jun 23 00:19:37 faucet.valve INFO     DPID 1 (0x1) switch-1 IPv4 routing is active on VLAN 200 vid:200 untagged: Port 4,Port 5 with VIPs ['10.200.0.254/24']
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 port desc stats
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 delta in up state: set() => {1, 2, 4}
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 1 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 (1) up
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 2 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 (2) up
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 fabricating ADD status True
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 status change: Port 4 up status True reason ADD state 0
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 (4) up
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 23 00:19:39 faucet.valve ERROR    DPID 1 (0x1) switch-1 send_flow_msgs: DP not up
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Cold start configuring DP
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 1 (1) configured
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 2 (2) configured
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Port 4 (4) configured
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 100 vid:100 untagged: Port 1,Port 2,Port 3
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 Configuring VLAN 200 vid:200 untagged: Port 4,Port 5
Jun 23 00:19:39 faucet.valve INFO     DPID 1 (0x1) switch-1 table ID 0 table config match_types: (('eth_type', False), ('in_port', False), ('ip_proto', False), ('tcp_dst', False)) name: port_acl next_tables: ['vlan', 'vip', 'eth_dst', 'flood'] output: True size: 32
table ID 1 table config match_types: (('eth_dst', True), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) name: vlan next_tables: ['eth_src'] output: True set_fields: ('vlan_vid',) size: 32 table_id: 1 vlan_port_scale: 3
table ID 2 table config match_types: (('eth_dst', True), ('eth_src', False), ('eth_type', False), ('in_port', False), ('vlan_vid', False)) miss_goto: eth_dst name: eth_src next_tables: ['ipv4_fib', 'vip', 'eth_dst', 'flood'] output: True set_fields: ('vlan_vid', 'eth_dst') size: 64 table_id: 2 vlan_port_scale: 4.1
table ID 3 table config dec_ttl: True match_types: (('eth_type', False), ('ipv4_dst', True), ('vlan_vid', False)) name: ipv4_fib next_tables: ['vip', 'eth_dst', 'flood'] output: True set_fields: ('eth_dst', 'eth_src', 'vlan_vid') size: 32 table_id: 3 vlan_port_scale: 3.1
table ID 4 table config match_types: (('arp_tpa', False), ('eth_dst', False), ('eth_type', False), ('icmpv6_type', False), ('ip_proto', False)) name: vip next_tables: ['eth_dst', 'flood'] output: True size: 32 table_id: 4 vlan_scale: 8
table ID 5 table config exact_match: True match_types: (('eth_dst', False), ('vlan_vid', False)) miss_goto: flood name: eth_dst output: True size: 64 table_id: 5 vlan_port_scale: 4.1
table ID 6 table config match_types: (('eth_dst', True), ('in_port', False), ('vlan_vid', False)) name: flood output: True size: 96 table_id: 6 vlan_port_scale: 8.0

    下发table 0-6,table 0专门实现入口ACL。

    ——ovs-vswitchd.log

    root@server1:/var/log/openvswitch# tail -f ovs-vswitchd.log | grep -v -e "OFPT_ECHO_REQUEST" -e "OFPT_ECHO_REPLY"
2025-06-23T00:20:50.072Z|08061|vconn|DBG|unix#63: sent (Success): OFPT_HELLO (OF1.5) (xid=0x44):version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-23T00:20:50.072Z|08062|vconn|DBG|unix#63: received: OFPT_HELLO (OF1.3) (xid=0x1):version bitmap: 0x04
2025-06-23T00:20:50.072Z|08063|vconn|DBG|unix#63: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04)
2025-06-23T00:20:50.072Z|08064|vconn|DBG|unix#63: received: OFPST_FLOW request (OF1.3) (xid=0x2):
2025-06-23T00:20:50.073Z|08065|vconn|DBG|unix#63: sent (Success): OFPST_FLOW reply (OF1.3) (xid=0x2):cookie=0x5adc15c0, duration=70.170s, table=0, n_packets=0, n_bytes=0, priority=20480,tcp,in_port=1,tp_dst=8080 actions=dropcookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20480,in_port=2 actions=goto_table:1cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20480,in_port=4 actions=goto_table:1cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=20479,in_port=1 actions=goto_table:1cookie=0x5adc15c0, duration=70.169s, table=0, n_packets=0, n_bytes=0, priority=0 actions=dropcookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=4096,in_port=4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2cookie=0x5adc15c0, duration=70.170s, table=1, n_packets=0, n_bytes=0, priority=0 actions=dropcookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20490,dl_type=0x9000 actions=dropcookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=dropcookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=20480,dl_src=0e:00:00:00:00:01 actions=dropcookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,arp,dl_vlan=100 actions=goto_table:4cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,arp,dl_vlan=200 actions=goto_table:4cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5cookie=0x5adc15c0, duration=70.170s, table=2, n_packets=0, n_bytes=0, priority=0 actions=goto_table:5cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4cookie=0x5adc15c0, duration=70.172s, table=3, n_packets=0, n_bytes=0, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4cookie=0x5adc15c0, duration=70.170s, table=3, n_packets=0, n_bytes=0, priority=0 actions=dropcookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12319,arp actions=goto_table:5cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12316,ip actions=CONTROLLER:194,goto_table:5cookie=0x5adc15c0, duration=70.173s, table=4, n_packets=0, n_bytes=0, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=12318,icmp actions=CONTROLLER:194,goto_table:5cookie=0x5adc15c0, duration=70.172s, table=4, n_packets=0, n_bytes=0, priority=0 actions=dropcookie=0x5adc15c0, duration=70.173s, table=5, n_packets=0, n_bytes=0, priority=0 actions=goto_table:6cookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=dropcookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=dropcookie=0x5adc15c0, duration=70.176s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:1,output:2,output:3cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:4,output:5cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=dropcookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:1,output:2,output:3cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:1,output:2,output:3cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:4,output:5cookie=0x5adc15c0, duration=70.175s, table=6, n_packets=0, n_bytes=0, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:4,output:5cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:1,output:2,output:3cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:4,output:5cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8192,dl_vlan=100 actions=pop_vlan,output:1,output:2,output:3cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=8192,dl_vlan=200 actions=pop_vlan,output:4,output:5cookie=0x5adc15c0, duration=70.174s, table=6, n_packets=0, n_bytes=0, priority=0 actions=drop
2025-06-23T00:20:50.073Z|08066|vconn|DBG|unix#64: sent (Success): OFPT_HELLO (OF1.5) (xid=0x45):version bitmap: 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2025-06-23T00:20:50.074Z|08067|vconn|DBG|unix#64: received: OFPT_HELLO (OF1.3) (xid=0x3):version bitmap: 0x04
2025-06-23T00:20:50.074Z|08068|vconn|DBG|unix#64: negotiated OpenFlow version 0x04 (we support version 0x06 and earlier, peer supports version 0x04)
2025-06-23T00:20:50.074Z|08069|vconn|DBG|unix#64: received: OFPST_TABLE_FEATURES request (OF1.3) (xid=0x4):
2025-06-23T00:20:50.081Z|08070|vconn|DBG|unix#64: sent (Success): OFPST_TABLE_FEATURES reply (OF1.3) (xid=0x4): flags=[more]table 0:metadata: match=0xffffffffffffffff write=0xffffffffffffffffmax_entries=1000000instructions (table miss and others):next tables: 1-253instructions: meter apply_actions clear_actions write_actions write_metadata goto_tableWrite-Actions and Apply-Actions features:actions: output group set_field strip_vlan push_vlan mod_nw_ttl dec_ttl set_mpls_ttl dec_mpls_ttl push_mpls pop_mpls set_queuesupported on Set-Field: tun_{id,src,dst,ipv6_{src,dst},flags,gbp_{id,flags},erspan_{idx,ver,dir,hwid},metadata0...metadata63} metadata in_{port,port_oxm} pkt_mark ct_{mark,label} reg0...reg15 xreg0...xreg7 xxreg0...xxreg3 eth_{src,dst} vlan_{tci,vid,pcp} mpls_{label,tc,ttl} ip_{src,dst} ipv6_{src,dst,label} nw_tos ip_dscp nw_{ecn,ttl} arp_{op,spa,tpa,sha,tha} tcp_{src,dst} udp_{src,dst} sctp_{src,dst} icmp_{type,code} icmpv6_{type,code} nd_{target,sll,tll,reserved,options_type} nsh_{flags,spi,si,c1...c4,ttl}matching:arbitrary mask: dp_hash tun_{id,src,dst,ipv6_{src,dst},flags,gbp_{id,flags},erspan_{idx,ver,dir,hwid},gtpu_{flags,msgtype},metadata0...metadata63} metadata pkt_mark ct_{state,mark,label,nw_{src,dst},ipv6_{src,dst},tp_{src,dst}} reg0...reg15 xreg0...xreg7 xxreg0...xxreg3 eth_{src,dst} vlan_{tci,vid} ip_{src,dst} ipv6_{src,dst,label} ip_frag arp_{spa,tpa,sha,tha} tcp_{src,dst,flags} udp_{src,dst} sctp_{src,dst} nd_{target,sll,tll} nsh_{flags,c1...c4}exact match or wildcard: recirc_id packet_type conj_id in_{port,port_oxm} actset_output ct_{zone,nw_proto} eth_type vlan_pcp mpls_{label,tc,bos,ttl} nw_{proto,tos} ip_dscp nw_{ecn,ttl} arp_op icmp_{type,code} icmpv6_{type,code} nd_{reserved,options_type} nsh_{mdtype,np,spi,si,ttl}tables 1...11: ditto
...

    你现在提供的日志已经把控制器和 OVS 在连接初期的行为展现得非常清楚了,下面是对这段日志的整体分析与判断:

    ✅ 当前网络行为状态总结:

    1️⃣ 控制器和交换机成功协商 OpenFlow 1.3

    unix#63: negotiated OpenFlow version 0x04

    这表明控制器与交换机的通信协议为 OpenFlow 1.3,是当前主流版本。

    2️⃣ 控制器成功获取交换机的 pipeline 能力

    received: OFPST_TABLE_FEATURES request → sent: OFPST_TABLE_FEATURES reply

    多条 flags=[more] 的回应说明交换机有很多表(table 0~47),且表的功能非常丰富,支持复杂匹配和转发行为。

    3️⃣ 控制器已下发完整的多表流表规则(至少覆盖 table 0~6)

    你贴出来的 OFPST_FLOW reply 是控制器下发后,ovs-vswitchd 查询当前流表的响应输出,格式符合 ovs-ofctl dump-flows 的结果。

    观察流表内容:

    🔸 table=0:

    • 根据 in_porttcp,tp_dst=8080 匹配

    • 动作为 goto_table:1drop

    → 表示做 端口入口分类和基础过滤

    🔸 table=1:

    • 匹配无 vlan 的报文,打 tag(push_vlan + set_vlan_vid)

    • 将其送入 table 2

    → 实现 vlan 标记逻辑

    🔸 table=2:

    • 匹配 IP / ARP / VLAN / MAC / 特殊源,部分 drop,部分 CONTROLLER:96,goto_table:5

    • 存在对 dl_type=0x9000 的 drop(可能是 LLDP)

    → 做 ARP 策略、反向控制路径、广播控制等

    🔸 table=3:

    • 明显是路由选择:基于 nw_dst 做下一跳判断

    → 类似 L3 routing table

    🔸 table=4:

    • 多种协议打给 CONTROLLER,含 ARP, IP, ICMP

    • 存在专门处理 0e:00:00:00:00:01 的地址

    → 常见于 Faucet / RYU 的 host learning 或 reactive forwarding

    🔸 table=5:

    • 所有流直接转 goto_table:6,没做判断

    → 起过渡跳板作用

    🔸 table=6:

    • 对不同 VLAN/广播/组播地址的帧进行 pop_vlan + output

    • 同时显式 drop 一些特定广播 / Cisco CDP / STP / 多播 MAC

    最终转发表,决定数据帧去哪几个口

    🚨 当前存在的问题:n_packets = 0

    所有流表项都是:

    n_packets=0, n_bytes=0

    说明到目前为止:

    • OVS datapath 没有匹配到任何一个报文

    • 或者 控制器刚刚启动,网络刚刚连通,还没有真实流量发生

    ✅ 当前判断结论:

    • 控制器已成功连接并下发了完整的多表 pipeline

    • 流表设计功能完善,覆盖入口处理 → vlan 标记 → 路由 → controller → 最终输出

    • 目前没有报文命中流表项,需触发主机流量或检查接口联通

    ——完整流表flows-acl-1

    root@server1:~# dump-flows sw1priority=20480,tcp,in_port=sw1p1,tp_dst=8080 actions=droppriority=20480,in_port=sw1p2 actions=goto_table:1priority=20480,in_port=sw1p4 actions=goto_table:1priority=20479,in_port=sw1p1 actions=goto_table:1priority=0 actions=droptable=1, priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2table=1, priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2table=1, priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2table=1, priority=0 actions=droptable=2, priority=20490,dl_type=0x9000 actions=droptable=2, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=droptable=2, priority=20480,dl_src=0e:00:00:00:00:01 actions=droptable=2, priority=16384,arp,dl_vlan=100 actions=goto_table:4table=2, priority=16384,arp,dl_vlan=200 actions=goto_table:4table=2, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3table=2, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3table=2, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5table=2, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5table=2, priority=0 actions=goto_table:5table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4table=3, priority=0 actions=droptable=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64table=4, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64table=4, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194table=4, priority=12319,arp actions=goto_table:5table=4, priority=12316,ip actions=CONTROLLER:194,goto_table:5table=4, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174table=4, priority=12318,icmp actions=CONTROLLER:194,goto_table:5table=4, priority=0 actions=droptable=5, priority=0 actions=goto_table:6table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=droptable=6, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=droptable=6, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=droptable=6, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=0 actions=drop
root@server1:~#

    ✅ 当前流表结构快速解读(按 table 顺序)

    功能说明
    table=0入口ACL +初筛检查 in_porttcp,tp_dst=8080,其余流量放行至 table 1
    table=1VLAN封装把裸包打上 VLAN tag(4196 / 4296)
    table=2二层地址学习包括广播 drop、学习行为(送 controller)、ARP 转发
    table=3路由选择nw_dst 决定下一跳
    table=4控制器(router)本地路由/本地地址ARP、IP、ICMP 打给 controller,继续分类或跳转
    table=5二层转发直接跳到 table=6,无实际处理
    table=6BUM转发pop VLAN 后根据 dst MAC 决定 output 到哪些端口

    4.3 host1  ssh host3测试

    host1 ssh host3,这个过程和host1 ping host3相似,只是增加入口ACL检查。由于ACL测试,重启了控制器,所以hos1/host3的mac地址需要重新学习。

    ——host1执行ssh host3操作

    $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000link/ether 52:54:00:3f:15:ea brd ff:ff:ff:ff:ff:ffinet 10.100.0.10/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe3f:15ea/64 scope link valid_lft forever preferred_lft forever
$ ssh 10.200.0.10Host '10.200.0.10' is not in the trusted hosts file.
(ecdsa-sha2-nistp521 fingerprint md5 7b:97:77:d0:ab:85:de:d6:ea:32:55:b2:17:55:44:c0)
Do you want to continue connecting? (y/n) y
cirros@10.200.0.10's password: 
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000link/ether 52:54:00:29:ef:e9 brd ff:ff:ff:ff:ff:ffinet 10.200.0.10/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe29:efe9/64 scope link valid_lft forever preferred_lft forever

    ——tcpdump -i sw1p1观察

    root@server1:~# tcpdump -i sw1p1 arp or tcp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on sw1p1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:08:48.448950 ARP, Request who-has 10.100.0.254 tell 10.100.0.10, length 28
01:08:48.463797 ARP, Reply 10.100.0.254 is-at 0e:00:00:00:00:01 (oui Unknown), length 46
01:08:48.464440 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [S], seq 2889781432, win 29200, options [mss 1460,sackOK,TS val 8590486 ecr 0,nop,wscale 6], length 0
01:08:49.449403 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [S], seq 2889781432, win 29200, options [mss 1460,sackOK,TS val 8590736 ecr 0,nop,wscale 6], length 0
01:08:49.450787 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [S.], seq 3025659384, ack 2889781433, win 28960, options [mss 1460,sackOK,TS val 8152353 ecr 8590736,nop,wscale 6], length 0
01:08:49.451393 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [.], ack 1, win 457, options [nop,nop,TS val 8590736 ecr 8152353], length 0
01:08:49.451937 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [P.], seq 1:635, ack 1, win 457, options [nop,nop,TS val 8590736 ecr 8152353], length 634: SSH: SSH-2.0-dropbear_2015.67
01:08:49.452088 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [.], ack 635, win 473, options [nop,nop,TS val 8152353 ecr 8590736], length 0
01:08:49.459310 IP 10.200.0.10.ssh > 10.100.0.10.50950: Flags [P.], seq 1:547, ack 635, win 473, options [nop,nop,TS val 8152355 ecr 8590736], length 546: SSH: SSH-2.0-dropbear_2015.67
01:08:49.459459 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [.], ack 547, win 474, options [nop,nop,TS val 8590738 ecr 8152355], length 0
01:08:49.459671 IP 10.100.0.10.50950 > 10.200.0.10.ssh: Flags [P.], seq 635:683, ack 547, win 474, options [nop,nop,TS val 8590738 ecr 8152355], length 48
...

    ——faucet.log

    Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 L2 learned on Port 1 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100 (1 hosts total)
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 Adding new route 10.100.0.10/32 via 10.100.0.10 (52:54:00:3f:15:ea) on VLAN 100
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 Resolve response to 10.100.0.254 from 52:54:00:3f:15:ea (L2 type 0x0806, L2 dst ff:ff:ff:ff:ff:ff, L3 src 10.100.0.10, L3 dst 10.100.0.254) Port 1 VLAN 100
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 resolving 10.200.0.10 (1 flows) on VLAN 200
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 L2 learned on Port 4 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200 (1 hosts total)
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 Adding new route 10.200.0.10/32 via 10.200.0.10 (52:54:00:29:ef:e9) on VLAN 200
Jun 23 01:08:48 faucet.valve INFO     DPID 1 (0x1) switch-1 Received advert for 10.200.0.10 from 52:54:00:29:ef:e9 (L2 type 0x0806, L2 dst 0e:00:00:00:00:01, L3 src 10.200.0.10, L3 dst 10.200.0.254) Port 4 VLAN 200

    ——ovs-vswitchd.log

    2025-06-23T01:08:48.450Z|09273|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-23T01:08:48.462Z|09274|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2690): ADD table:5 priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea cookie:0x5adc15c0 idle:11996 out_port:0 actions=pop_vlan,output:1
2025-06-23T01:08:48.463Z|09275|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2691): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
2025-06-23T01:08:48.463Z|09276|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2692): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5
2025-06-23T01:08:48.463Z|09277|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2693): ADD table:2 priority=8191,in_port=1,dl_vlan=100,dl_src=52:54:00:3f:15:ea cookie:0x5adc15c0 hard:7996 out_port:0 actions=goto_table:5
2025-06-23T01:08:48.463Z|09278|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2694): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-23T01:08:48.464Z|09279|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=78 in_port=1 (via action) data_len=78 (unbuffered)
tcp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,nw_src=10.100.0.10,nw_dst=10.200.0.10,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,tp_src=50950,tp_dst=22,tcp_flags=syn tcp_csum:a784
2025-06-23T01:08:48.468Z|09280|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2695): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:752 out_port:0 actions=drop
2025-06-23T01:08:48.468Z|09281|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2696): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 hard:752 out_port:0 actions=drop
2025-06-23T01:08:48.468Z|09282|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2697): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=1,arp_sha=0e:00:00:00:00:01,arp_tha=00:00:00:00:00:00
2025-06-23T01:08:48.470Z|09283|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=2,arp_sha=52:54:00:29:ef:e9,arp_tha=0e:00:00:00:00:01
2025-06-23T01:08:48.474Z|09284|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2698): ADD table:5 priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 cookie:0x5adc15c0 idle:11940 out_port:0 actions=pop_vlan,output:4
2025-06-23T01:08:48.474Z|09285|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c2699): ADD table:3 priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
2025-06-23T01:08:48.474Z|09286|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c269a): ADD table:3 priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 cookie:0x5adc15c0 out_port:0 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5
2025-06-23T01:08:48.474Z|09287|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_FLOW_MOD (OF1.3) (xid=0xea1c269b): ADD table:2 priority=8191,in_port=4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 cookie:0x5adc15c0 hard:7940 out_port:0 actions=goto_table:5
2025-06-23T01:08:58.462Z|09290|connmgr|INFO|sw1<->tcp:127.0.0.1:6653: 10 flow_mods 10 s ago (10 adds)
2025-06-23T01:09:36.469Z|09307|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-23T01:09:36.472Z|09308|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c269c): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9
2025-06-23T01:09:36.473Z|09309|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=1 (via action) data_len=46 (unbuffered)
arp,dl_vlan=100,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:3f:15:ea,dl_dst=0e:00:00:00:00:01,arp_spa=10.100.0.10,arp_tpa=10.100.0.254,arp_op=1,arp_sha=52:54:00:3f:15:ea,arp_tha=00:00:00:00:00:00
2025-06-23T01:09:36.476Z|09310|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c2694): in_port=CONTROLLER actions=output:1 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:3f:15:ea,arp_spa=10.100.0.254,arp_tpa=10.100.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:3f:15:ea
2025-06-23T01:10:08.182Z|09323|vconn|DBG|tcp:127.0.0.1:6653: sent (Success): OFPT_PACKET_IN (OF1.3) (xid=0x0): table_id=4 cookie=0x5adc15c0 total_len=46 in_port=4 (via action) data_len=46 (unbuffered)
arp,dl_vlan=200,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=52:54:00:29:ef:e9,dl_dst=0e:00:00:00:00:01,arp_spa=10.200.0.10,arp_tpa=10.200.0.254,arp_op=1,arp_sha=52:54:00:29:ef:e9,arp_tha=00:00:00:00:00:00
2025-06-23T01:10:08.184Z|09324|vconn|DBG|tcp:127.0.0.1:6653: received: OFPT_PACKET_OUT (OF1.3) (xid=0xea1c269c): in_port=CONTROLLER actions=output:4 data_len=60
arp,vlan_tci=0x0000,dl_src=0e:00:00:00:00:01,dl_dst=52:54:00:29:ef:e9,arp_spa=10.200.0.254,arp_tpa=10.200.0.10,arp_op=2,arp_sha=0e:00:00:00:00:01,arp_tha=52:54:00:29:ef:e9

    ——完整流表flows-acl-2

    root@server1:~# dump-flows sw1priority=20480,tcp,in_port=sw1p1,tp_dst=8080 actions=droppriority=20480,in_port=sw1p2 actions=goto_table:1priority=20480,in_port=sw1p4 actions=goto_table:1priority=20479,in_port=sw1p1 actions=goto_table:1priority=0 actions=droptable=1, priority=4096,in_port=sw1p1,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2table=1, priority=4096,in_port=sw1p2,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4196->vlan_vid,goto_table:2table=1, priority=4096,in_port=sw1p4,vlan_tci=0x0000/0x1fff actions=push_vlan:0x8100,set_field:4296->vlan_vid,goto_table:2table=1, priority=0 actions=droptable=2, priority=20490,dl_type=0x9000 actions=droptable=2, priority=20480,dl_src=ff:ff:ff:ff:ff:ff actions=droptable=2, priority=20480,dl_src=0e:00:00:00:00:01 actions=droptable=2, priority=16384,arp,dl_vlan=100 actions=goto_table:4table=2, priority=16384,arp,dl_vlan=200 actions=goto_table:4table=2, priority=16384,ip,dl_vlan=100,dl_dst=0e:00:00:00:00:01 actions=goto_table:3table=2, priority=16384,ip,dl_vlan=200,dl_dst=0e:00:00:00:00:01 actions=goto_table:3table=2, hard_timeout=7996, priority=8191,in_port=sw1p1,dl_vlan=100,dl_src=52:54:00:3f:15:ea actions=goto_table:5table=2, hard_timeout=7940, priority=8191,in_port=sw1p4,dl_vlan=200,dl_src=52:54:00:29:ef:e9 actions=goto_table:5table=2, priority=4096,dl_vlan=100 actions=CONTROLLER:96,goto_table:5table=2, priority=4096,dl_vlan=200 actions=CONTROLLER:96,goto_table:5table=2, priority=0 actions=goto_table:5table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.254 actions=goto_table:4table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.254 actions=goto_table:4table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.100.0.10 actions=dec_ttl,set_field:4196->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:3f:15:ea->eth_dst,goto_table:5table=3, priority=12320,ip,dl_vlan=100,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5table=3, priority=12320,ip,dl_vlan=200,nw_dst=10.200.0.10 actions=dec_ttl,set_field:4296->vlan_vid,set_field:0e:00:00:00:00:01->eth_src,set_field:52:54:00:29:ef:e9->eth_dst,goto_table:5table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.100.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.100.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=100,nw_dst=10.200.0.0/24 actions=goto_table:4table=3, priority=12312,ip,dl_vlan=200,nw_dst=10.200.0.0/24 actions=goto_table:4table=3, priority=0 actions=droptable=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.100.0.254 actions=CONTROLLER:64table=4, priority=12320,arp,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.200.0.254 actions=CONTROLLER:64table=4, priority=12320,arp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:64table=4, priority=12317,ip,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:194table=4, priority=12319,arp actions=goto_table:5table=4, priority=12316,ip actions=CONTROLLER:194,goto_table:5table=4, priority=12319,icmp,dl_dst=0e:00:00:00:00:01 actions=CONTROLLER:174table=4, priority=12318,icmp actions=CONTROLLER:194,goto_table:5table=4, priority=0 actions=droptable=5, idle_timeout=11996, priority=8192,dl_vlan=100,dl_dst=52:54:00:3f:15:ea actions=pop_vlan,output:sw1p1table=5, idle_timeout=11940, priority=8192,dl_vlan=200,dl_dst=52:54:00:29:ef:e9 actions=pop_vlan,output:sw1p4table=5, priority=0 actions=goto_table:6table=6, priority=8240,dl_dst=01:00:0c:cc:cc:cc actions=droptable=6, priority=8240,dl_dst=01:00:0c:cc:cc:cd actions=droptable=6, priority=8240,dl_vlan=100,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8240,dl_vlan=200,dl_dst=ff:ff:ff:ff:ff:ff actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8236,dl_dst=01:80:c2:00:00:00/ff:ff:ff:ff:ff:f0 actions=droptable=6, priority=8216,dl_vlan=100,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8216,dl_vlan=100,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8216,dl_vlan=200,dl_dst=01:80:c2:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8216,dl_vlan=200,dl_dst=01:00:5e:00:00:00/ff:ff:ff:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8208,dl_vlan=100,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8208,dl_vlan=200,dl_dst=33:33:00:00:00:00/ff:ff:00:00:00:00 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=8192,dl_vlan=100 actions=pop_vlan,output:sw1p1,output:sw1p2,output:sw1p3table=6, priority=8192,dl_vlan=200 actions=pop_vlan,output:sw1p4,output:sw1p5table=6, priority=0 actions=drop
root@server1:~#

    主要增加表项:

    table 3:host1和host3的三层转发(本地10.100.0.10和10.200.0.10的三层转发)

    table 5:host1和host3的二层转发

    ——ovs-dpctl dump-flows

    root@server1:~# ovs-dpctl dump-flows
recirc_id(0),in_port(5),eth(src=52:54:00:29:ef:e9,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.100.0.10,proto=6,ttl=64,frag=no), packets:199, bytes:30990, used:0.901s, flags:P., actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:3f:15:ea)),set(ipv4(ttl=63)),2
recirc_id(0),in_port(2),eth(src=52:54:00:3f:15:ea,dst=0e:00:00:00:00:01),eth_type(0x0800),ipv4(dst=10.200.0.10,proto=6,ttl=64,frag=no),tcp(dst=0/0xf000), packets:235, bytes:18006, used:0.901s, flags:P., actions:set(eth(src=0e:00:00:00:00:01,dst=52:54:00:29:ef:e9)),set(ipv4(ttl=63)),5

    ovs-dpctl dump-flows 显示 datapath 层的流量状态。

    datapath 使用了掩码匹配方式(tcp(dst=0/0xf000))下推了一个 TCP megaflow。因为控制面 table=0 中存在一条高优先级规则明确地 drop 了 tp_dst=8080 的 TCP 流量。这会阻止 datapath 生成一个可能“放过”被 drop 的 TCP 流量的 megaflow。OVS 为了安全策略优先,会缩小 datapath 匹配范围,只允许部分端口段的缓存。

    所以ACLOVS某种程度会影响转发性能。

    相关文章:

  • matlab实现大地电磁二维正演
  • 吃透 Golang 基础:测试
  • C++语言发展历程-2025
  • Python实例题:基于区块链的去中心化应用平台(区块链、智能合约)
  • 京东金融API支付链路剖析:白条分期接口的安全加固方案
  • STM32对接霍尔传感器
  • 技术逐梦之旅:从C语言到Vue的成长之路
  • Java底层原理:深入理解JVM内存管理机制
  • 如何在 Python 中连接 Elasticsearch 并使用 Qwen3 来实现 RAG
  • Life:Internship in OnSea Day 1
  • 基于SpringBoot + Vue 的网上拍卖系统
  • SpringCloud系列(32)--使用Hystrix进行全局服务降级
  • 联合语音和文本机器翻译,支持多达100种语言(nature子刊论文研读)
  • [Python] 使用 dataclass 简化数据结构:定义、功能与实战
  • React Native【实用教程】(含图标方案,常用第三库,动画,内置组件,内置Hooks,内置API,自定义组件,创建项目等)
  • 显示任何结构的数组对象数据【向上自动滚动】
  • 【2025CVPR】基于脉冲神经网络的能效目标检测模型:Multi-scale Spiking Detector(MSD)深度解析
  • 用Python“看见未来”:自动驾驶感知系统实战全解析
  • flutter项目环境升级二:从Flutter2.10.5升级到3.29.3
  • 网站对于DDOS攻击的防御方式有哪些?
  • 专业营销型网站建设公司/如何推广app更高效
  • 厂家做网站/近期新闻热点大事件
  • 销售网站是什么/武汉企业网站推广
  • 现在lol谁做教学视频网站/线上培训机构
  • 一键网站制作app/seo优化评论
  • 织梦图片网站源码/买号链接