netvirt-DVR路由流表分析

最新推荐文章于 2022-12-08 13:19:45 发布

原创

最新推荐文章于 2022-12-08 13:19:45 发布 · 1.1k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#openstack #dvr #netvirt

本文详细分析了OpenStack中DVR(Distributed Virtual Router)的流表规则，包括东西向流量（同子网、不同子网，同计算节点与不同计算节点间的互访）和南北向流量（虚拟机访问外网网关及内部私网网关）的请求和回复流程。

Dvr 流表分析

阅读本文前请参考阅读netvirt-浮动ip之流表实现分析，分析环境都是基于该文档中的物理环境。

本文档流表分析所依据的物理拓扑图和流表管道如下：
图片一
如上图，tap设备“：”后面为openflow端口号

图片二

1.东西向流表分析

1.1 同子网，同计算节点虚拟机间互访

虚拟机A: 192.168.100.4 compute1

虚拟机B：192.168.100.5 compute1

192.168.100.4 ping 192.168.100.5

outbound —request

cookie=0x8000000, duration=496736.592s, table=0, n_packets=9974, n_bytes=1118500, priority=4,in_port=2 actions=write_metadata:0x410000000000/0xffffff0000000001,goto_table:17

cookie=0x6900000, duration=496734.338s, table=17, n_packets=9974, n_bytes=1118500, priority=1,metadata=0x410000000000/0xffffff0000000000 actions=write_metadata:0xa000410000000000/0xfffffffffffffffe,goto_table:40

cookie=0x6900000, duration=503280.813s, table=40, n_packets=9860, n_bytes=1118690, priority=61005,ip,metadata=0x410000000000/0x1fffff0000000000 actions=resubmit(,17)

cookie=0x8000001, duration=503427.291s, table=17, n_packets=10374, n_bytes=1170500, priority=5,metadata=0xa000410000000000/0xffffff0000000000 actions=write_metadata:0xc0004100000222fe/0xfffffffffffffffe,goto_table:19

cookie=0x1080000, duration=515251.235s, table=19, n_packets=26179005, n_bytes=14185066330, priority=0 actions=resubmit(,17)

cookie=0x8040000, duration=514616.493s, table=17, n_packets=2063, n_bytes=184176, priority=6,metadata=0xc000410000000000/0xffffff0000000000 actions=write_metadata:0xe000411388000000/0xfffffffffffffffe,goto_table:50

cookie=0x8051388, duration=514712.959s, table=50, n_packets=2164, n_bytes=193738, priority=20,metadata=0x411388000000/0x1fffffffff000000,dl_src=fa:16:3e:d2:41:24 actions=goto_table:51

cookie=0x8031388, duration=514965.945s, table=51, n_packets=2046, n_bytes=193452, priority=20,metadata=0x1388000000/0xffff000000,dl_dst=fa:16:3e:06:e1:36 actions=load:0x4200->NXM_NX_REG6[],resubmit(,220)

cookie=0x6900000, duration=513923.972s, table=220, n_packets=1703, n_bytes=149276, priority=6,reg6=0x4200 actions=load:0xe0004200->NXM_NX_REG6[],write_metadata:0xe000420000000000/0xfffffffffffffffe,goto_table:251

 cookie=0x6900000, duration=668.645s, table=251, n_packets=1236, n_bytes=120198, priority=61005,ip,metadata=0x420000000000/0x1fffff0000000000 actions=resubmit(,220)    

cookie=0x8000007, duration=513815.884s, table=220, n_packets=1589, n_bytes=138496, priority=7,reg6=0xe0004200 actions=output:3

inbound—reply

cookie=0x8000000, duration=515151.152s, table=0, n_packets=2582, n_bytes=250374, priority=4,in_port=3 actions=write_metadata:0x420000000000/0xffffff0000000001,goto_table:17

cookie=0x6900000, duration=515190.554s, table=17, n_packets=2626, n_bytes=254574, priority=1,metadata=0x420000000000/0xffffff0000000000 actions=write_metadata:0xa000420000000000/0xfffffffffffffffe,goto_table:40
#---------设置安全组规则流表

cookie=0x6900000, duration=515313.604s, table=40, n_packets=2546, n_bytes=253992, priority=61005,ip,metadata=0x420000000000/0x1fffff0000000000 actions=resubmit(,17)
#---------匹配通过后，跳入表17

cookie=0x8000001, duration=515383.147s, table=17, n_packets=2827, n_bytes=273768, priority=5,metadata=0xa000420000000000/0xffffff0000000000 actions=write_metadata:0xc0004200000222fe/0xfffffffffffffffe,goto_table:19

cookie=0x1080000, duration=516101.855s, table=19, n_packets=26233690, n_bytes=14213658127, priority=0 actions=resubmit(,17)

cookie=0x8040000, duration=515612.100s, table=17, n_packets=2898, n_bytes=275324, priority=6,metadata=0xc000420000000000/0xffffff0000000000 actions=write_metadata:0xe000421388000000/0xfffffffffffffffe,goto_table:50

cookie=0x8031388, duration=515683.933s, table=51, n_packets=2804, n_bytes=265496, priority=20,metadata=0x1388000000/0xffff000000,dl_dst=fa:16:3e:d2:41:24 actions=load:0x4100->NXM_NX_REG6[],resubmit(,220)

cookie=0x6900000, duration=515718.509s, table=220, n_packets=42123, n_bytes=3444466, priority=6,reg6=0x4100 actions=load:0xe0004100->NXM_NX_REG6[],write_metadata:0xe000410000000000/0xfffffffffffffffe,goto_table:251

cookie=0x6900000, duration=2833.379s, table=251, n_packets=41918, n_bytes=3447056, priority=61005,ip,metadata=0x410000000000/0x1fffff0000000000 actions=resubmit(,220)

cookie=0x8000007, duration=516041.828s, table=220, n_packets=42468, n_bytes=3477044, priority=7,reg6=0xe0

最低0.47元/天解锁文章