An example of tracking the flow table matching and processing results for a specific data message Openvswitch

This article is included in my blog: http://www.sskywatcher.com/blog/archives/129

In an SDN environment, there are a number of flow table entries in each of the datapath instances of the Openvswitch, whether using the grep means of various keywords or other methods to confirm that the expected correct flow table entries are issued by the controller. It's very tedious and frustrating to see the matching and final action of a particular packet. With the Ovs-appctl tool combined with the Linux tcpdump grab tool, it is easy to visualize the final flow table matching situation, to complete their tedious search work, but also to avoid the mistakes of their own judgment.

The main steps are as follows:

1. Confirm the parameters of the packets you need to track;

2. Transform it into a description of the match field of the OpenFlow;

3, using the Ofproto/trace function provided by Openvswitch to track the flow table matching situation;

How to get package feature parameters.

You can find the virtual machine that you need to verify, on which to issue the protocol packet that needs to be verified, find the back-end virtual network card of the virtual machine on the physical compute node, use the tcpdump to grab the packet on the virtual network card, can also get from the existing capture package file, of course, can also be completely specified by yourself OpenFlow The content of the match field. For example, I read a pre-grasped packet.

[ROOT@VDC ~]# tcpdump-ennvv-r/home/vnet31.0.pcap

Reading from File/home/vnet31.0.pcap, Link-type en10mb (Ethernet)
10:25:17.693773 fa:16:3e:8c:eb:5b > fa:16:3e: A5:15:F3, EtherType IPv4 (0x0800), Length: (Tos 0x0, TTL, id 8060, offset 0, flags [None], Proto ICMP (1), length 6 0)
    20.20.20.104 > 20.20.20.101:icmp echo request, id 1, SEQ 40197, length 40

The description converted into OpenFlow is:

dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1

Because the virtual network card connection Openvswitch Ofport is 37, so to add in_port=37, the complete is as follows:

In_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_ Proto=1

The description of the OpenFlow of the packet can be traced using the Ofproto/trace function provided by Ovs-appctl, and the command is as follows:

[ROOT@VDC ~]# ovs-appctl ofproto/trace DVS2_DP in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_ Src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1-generat

One of the DVS2_DP is the bridge name in my test environment,-generate means to construct the data message, at this time there is indeed a message through the OvS was processed. The effect of the final trace:

[ROOT@VDC ~]# ovs-appctl ofproto/trace DVS2_DP in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,ip,nw_ Src=20.20.20.104,nw_dst=20.20.20.101,nw_proto=1-generate BRIDGE:DVS2_DP FLOW:ICMP,METADATA=0,IN_PORT=37,VLAN_TCI =0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ Ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 rule:table=0 cookie=0xd4 priority=0 OpenFlow actions=goto_table:1 RESUBM
        itted flow:unchanged resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted Megaflow:recirc_id=0,skb_priority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:e B:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no rule:table=1 cookie=0x6 priority=221,in_port=37 OpenFlow Actions=write_metadata:0x3000009c4,goto_table:4 resubmitted Flow:icmp,metadata=0x3000009c4,in_port=37,vlan_tCi=0x0000,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0, Nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 R eg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted Megaflow:recirc_id=0,skb_pri ority=0,icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=
                20.20.20.101,nw_frag=no rule:table=4 cookie=0x617 priority=161,dl_src=fa:16:3e:8c:eb:5b OpenFlow Actions=write_metadata:0x3000009c4,goto_table:5 resubmitted Flow:uncha
                        Nged resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted megaflow:recirc_id=0,skb_priority=0 , icmp,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:A5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no rule:table=5 COOKIE=0XD9 priority=0 OpenFlow actions=goto_table:6 Resubmitte D flow:unchanged resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted MEGAF Low:recirc_id=0,skb_priority=0,icmp,metadata=0/0xffffff,in_port=37,dl_src=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5
                                
                                : 15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_frag=no
                                Rule:table=6 Cookie=0x5e8 priority=102,metadata=0x9c4/0xffffff,dl_dst=fa:16:3e:a5:15:f3 OpenFlow actions=write_actions (set_field:0x9c4->tun_id,output:12) Final flow:icmp,tun_id=0x9c4,metadata= 0x3000009c4,in_port=37,vlan_tci=0x0000,dl_src=fA:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_tos=0,nw_ecn=0,nw_ttl=0, Icmp_type=0,icmp_code=0 MEGAFLOW:RECIRC_ID=0,SKB_PRIORITY=0,ICMP,TUN_ID=0,METADATA=0/0XFFFFFF,IN_PORT=37,DL_SRC
=fa:16:3e:8c:eb:5b,dl_dst=fa:16:3e:a5:15:f3,nw_src=20.20.20.104,nw_dst=20.20.20.101,nw_ecn=0,nw_frag=no Datapath Actions:set (Tunnel (Tun_id=0x9c4,src=172.47.205.45,dst=172.47.205.46,tos=0x0,ttl=64,flags (Df,key))), 11

The above example is a trace that the final packet is tun_id and forwarded from the tunnel port, and the following is an example of a table miss being discarded:

[Root@localhost ~]# ovs-appctl ofproto/trace SDN_DVS_DP in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d : 2d,ip,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_proto=1-generate BRIDGE:SDN_DVS_DP Flow:icmp,metadata=0,in_ port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst= 10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 rule:table=0 cookie=0x1ea priority=0 OpenFlow Actions=goto_table:1 resubmitted flow:unchanged resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 R eg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted megaflow:recirc_id=0,skb_priority=0 , icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89, Nw_frag=no rule:table=1 cookie=0x294 priority=221,in_port=127 OpenFlow actions=write_metadata:0xa00000191 , Goto_table:4 resubmitted flow:icmp,metadata=0xa00000191,in_port=127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89 , nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted megaflow:recirc_id =0,skb_priority=0,icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_
                Dst=10.47.159.89,nw_frag=no rule:table=4 cookie=0x295 priority=161,dl_src=fa:16:3e:a5:85:78
                        OpenFlow Actions=write_metadata:0xa00000191,goto_table:5 resubmitted flow:unchanged
                        resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 resubmitted Odp:drop resubmitted Megaflow:recirc_id=0,skb_priority=0,icmp,in_port=127,d l_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,Nw_src=192.168.150.2,nw_dst=10.47.159.89,nw_frag=no rule:table=5 Cookie=0x1ef priority=0
                                OpenFlow Actions=goto_table:6 resubmitted flow:unchanged
                                resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0 Resubmitted Odp:drop resubmitted megaflow:recirc_id=0,skb_priority=0, Icmp,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst=10.47.159.89,nw
                                _frag=no rule:table=6 cookie=0x1f4 priority=111,dl_dst=00:d0:d0:1c:3d:2d
                                        OpenFlow Actions=goto_table:7 resubmitted flow:unchanged resubmitted regs:reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x
                                  0      resubmitted Odp:drop resubmitted megaflow:recirc_id=0,skb_priority=0,icmp , metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src= 
                                        192.168.150.2,nw_dst=10.47.159.89,nw_frag=no rule:table=7 cookie=0x1f1 priority=0 OpenFlow actions=controller:65535 Final Flow:icmp,metadata=0xa00000191,in_port =127,vlan_tci=0x0000,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src=192.168.150.2,nw_dst= 10.47.159.89,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0 megaflow:recirc_id=0,skb_priority=0,icmp, Metadata=0/0xffffffff00000000,in_port=127,dl_src=fa:16:3e:a5:85:78,dl_dst=00:d0:d0:1c:3d:2d,nw_src= 192.168.150.2,nw_dst=10.47.159.89,nw_frag=no Datapath Actions:drop This flow was handled by the userspace slow path becaus E It:-Sends "packet-in" messages to the OpenFlow controller.