openvSwitch mirror、Qos、STP

ovs mirror

ovs mirror介绍

mirror可以将虚拟交换机把数据包发给的接口或则vlan

  • 命令中对数据包选择选项:
    select_all,所有的包
    select_dst_port
    select_src_port
    select_vlan

  • 将数据包镜像的命令:
    output_port (SPAN Switched Port ANalyzer 本地流量)
    output_vlan (RSPAN Remote Switched Port ANalyzer 远程流量)

实验拓扑

ovsmirror

拓扑实现脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
ip netns add ns1
ip netns add ns2
ip netns add ns3
ip netns add ns4
ip netns add ns5

ovs-vsctl add-br br0
ovs-vsctl add-br br1

ovs-vsctl add-port br0 tap1 -- set Interface tap1 type=internal
ip link set tap1 netns ns1
ip netns exec ns1 ip addr add 1.1.1.1/24 dev tap1
ip netns exec ns1 ip link set tap1 up
ip netns exec ns1 ip link set lo up

ovs-vsctl add-port br0 tap2 -- set Interface tap2 type=internal
ip link set tap2 netns ns2
ip netns exec ns2 ip addr add 1.1.1.2/24 dev tap2
ip netns exec ns2 ip link set tap2 up
ip netns exec ns2 ip link set lo up

ip link add firstbr type veth peer name firstif
ip link add secondbr type veth peer name secondif
ip link add thirdbr type veth peer name thirdif

ovs-vsctl add-port br0 firstbr
ip link set firstif netns ns3

ovs-vsctl add-port br0 secondbr
ovs-vsctl add-port br1 secondif

ovs-vsctl add-port br1 thirdbr
ip link set thirdif netns ns4

ip netns exec ns3 ip link set firstif up
ip netns exec ns4 ip link set thirdif up
ip link set firstbr up
ip link set secondbr up
ip link set secondif up
ip link set thirdbr up

附加拓扑清除脚本

1
2
3
4
5
6
7
8
9
10
ip link del firstbr type veth peer name firstif
ip link del secondbr type veth peer name secondif
ip link del thirdbr type veth peer name thirdif

ovs-vsctl del-br br0
ovs-vsctl del-br br1
ip netns del ns1
ip netns del ns2
ip netns del ns3
ip netns del ns4

拓扑环境测试

ip netns exec ns1 ping -c 2 1.1.1.1
ip netns exec ns1 ping -c 2 1.1.1.2

将ns1 ping ns2的双向流量镜像到ns3(本地镜像)

镜像命令

1
ovs-vsctl -- set bridge br0 mirrors=@m -- --id=@tap1 get Port tap1 -- --id=@firstbr get Port firstbr -- --id=@m create Mirror name=mirrortap1 select-dst-port=@tap1 select-src-port=@tap1 output-port=@firstbr

实验过程记录

  • ns1 ping ns2 (tap1: 1.1.1.1-> tap2: 1.1.1.2)

    1
    2
    3
    4
    5
    6
    root@controller-VirtualBox:~/floodlight# ip netns exec ns1 ping -c 20 1.1.1.2
    PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
    64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.269 ms
    64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.050 ms
    64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.075 ms
    64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.047 ms
  • 在ns3可以抓到流泪

    1
    2
    3
    4
    5
    6
    7
    8
    9
    root@controller-VirtualBox:~# ip netns exec ns3 tcpdump -i firstif
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on firstif, link-type EN10MB (Ethernet), capture size 262144 bytes
    15:01:59.883866 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12123, seq 1, length 64
    15:01:59.883935 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12123, seq 1, length 64
    15:02:00.903931 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12123, seq 2, length 64
    15:02:00.903951 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12123, seq 2, length 64
    15:02:01.928521 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12123, seq 3, length 64
    15:02:01.928553 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12123, seq 3, length 64

实验结论

经过虚拟交换机器配置,经过tap1所有的流量可以额外镜像复制到ns3

将ns1 ping ns2的双向流量镜像到ns4(远程镜像)

设置secondbr、secondif、thirdbr为vlan110

1
2
3
ovs-vsctl set Port secondbr tag=110
ovs-vsctl set Port secondif tag=110
ovs-vsctl set Port thirdbr tag=110

其它: vs-vsctl clear port secondbr tag

设置虚拟交换机br0:tap1接口镜像输出到vlan110

1
2
3
4
ovs-vsctl -- set bridge br0 mirrors=@m -- --id=@tap1 get Port tap1 -- --id=@m create Mirror name=mirrortap1 select-dst-port=@tap1 select-src-port=@tap1 output-vlan=110

#配置虚拟交换机从vlan110来的,都output到vlan110
ovs-vsctl -- set bridge br1 mirrors=@m -- --id=@m create Mirror name=mirrorvlan select-vlan=110 output-vlan=110

禁止学习vlan110的mac

ovs-vsctl set bridge br0 flood-vlans=110
ovs-vsctl set bridge br1 flood-vlans=110

实验过程记录

  • ns1 ping ns2

    1
    2
    3
    4
    5
    6
    root@controller-VirtualBox:~/floodlight# ip netns exec ns1 ping -c 200 1.1.1.2
    PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
    64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.103 ms
    64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.056 ms
    64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.064 ms
    64 bytes from 1.1.1.2: icmp_seq=4 ttl=64 time=0.083 ms
  • ns4 tcpdump抓到了远程镜像的报文

    1
    2
    3
    4
    5
    6
    7
    8
    9
    root@controller-VirtualBox:~# ip netns exec ns4 tcpdump -i thirdif
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on thirdif, link-type EN10MB (Ethernet), capture size 262144 bytes
    15:19:21.064214 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12180, seq 3, length 64
    15:19:21.064245 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12180, seq 3, length 64
    15:19:22.088654 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12180, seq 4, length 64
    15:19:22.088681 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12180, seq 4, length 64
    15:19:23.111975 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 12180, seq 5, length 64
    15:19:23.112006 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 12180, seq 5, length 64
  • br0学习到了ns1和ns2接口的mac,br1不会学习到镜像流量的mac

    1
    2
    3
    4
    5
    6
    root@controller-VirtualBox:~/floodlight# ovs-appctl fdb/show br0
    port VLAN MAC Age
    2 0 d2:82:aa:d7:3d:f2 150
    1 0 b2:3f:c1:d1:16:7d 150
    root@controller-VirtualBox:~/floodlight# ovs-appctl fdb/show br1
    port VLAN MAC Age

实验结论

通过一定配置克实现虚拟交换剂的远程镜像功能

清除实验环境的镜像配置

1
2
3
4
5
ovs-vsctl clear Bridge br0 mirrors
ovs-vsctl clear Bridge br0 flood_vlans

ovs-vsctl clear Bridge br1 mirrors
ovs-vsctl clear Bridge br1 flood_vlans

ovs QOS

实验拓扑

qos

拓扑实现脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
ip netns add ns1
ip netns add ns2
ip netns add ns3
ip netns add ns4

ovs-vsctl add-br br0
ovs-vsctl add-br br1

ovs-vsctl add-port br0 tap1 -- set Interface tap1 type=internal
ip link set tap1 netns ns1
ip netns exec ns1 ip addr add 1.1.1.1/24 dev tap1
ip netns exec ns1 ip link set tap1 up
ip netns exec ns1 ip link set lo up

ovs-vsctl add-port br0 tap2 -- set Interface tap2 type=internal
ip link set tap2 netns ns2
ip netns exec ns2 ip addr add 1.1.1.2/24 dev tap2
ip netns exec ns2 ip link set tap2 up
ip netns exec ns2 ip link set lo up


ovs-vsctl add-port br0 tap3 -- set Interface tap3 type=internal
ip link set tap3 netns ns3
ip netns exec ns3 ip addr add 1.1.1.3/24 dev tap3
ip netns exec ns3 ip link set tap3 up
ip netns exec ns3 ip link set lo up



ip link add firstbr type veth peer name firstif

ovs-vsctl add-port br0 firstbr
ovs-vsctl add-port br1 firstif
ip link set firstbr up
ip link set firstif up

ovs-vsctl add-port br1 tap4 -- set Interface tap4 type=internal
ip link set tap4 netns ns4
ip netns exec ns4 ip addr add 1.1.1.4/24 dev tap4
ip netns exec ns4 ip link set tap4 up
ip netns exec ns4 ip link set lo up
  • 拓扑销毁方法
1
2
3
4
5
6
7
ip link del firstbr type veth peer name firstif
ovs-vsctl del-br br0
ovs-vsctl del-br br1
ip netns del ns1
ip netns del ns2
ip netns del ns3
ip netns del ns4

测试验证方法

  • 在服务端

    1
    2
    3
    4
    5
    6
    7
    8
    #在ns4串口中netserver开启流量测试服务端
    root@controller-VirtualBox:~# netserver
    Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC

    root@controller-VirtualBox:~# netstat -ntlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp6 0 0 :::12865 :::* LISTEN 14197/netserver
  • 在测试端

    1
    2
    3
    4
    5
    6
    7
    8
    9
    第四列为速率: 36669.53(即约36Gbps)
    root@controller-VirtualBox:~# netperf -H 1.1.1.4 -t UDP_STREAM
    MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 1.1.1.4 (1.1.1.4) port 0 AF_INET : demo
    Socket Message Elapsed Messages
    Size Size Time Okay Errors Throughput
    bytes bytes secs # # 10^6bits/sec

    212992 65507 10.00 700111 0 36688.91
    212992 10.00 699741 36669.53

设置接口firstif发包速率10Mbps

1
2
ovs-vsctl set Interface firstif ingress_policing_rate=10000
ovs-vsctl set Interface firstif ingress_policing_burst=10000

测试结论:
如下结论,从ns1->ns4 104741.35
从ns4->ns1 10.27
也就是当流量走入接口firstif后速率限制为10Mbps,导致到ns4位10Mbps,因此回程流量(ns4->ns1)为10Mbps左右

1
2
3
4
5
6
7
8
root@controller-VirtualBox:~# netperf -H 1.1.1.4 -t UDP_STREAM
MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 1.1.1.4 (1.1.1.4) port 0 AF_INET : demo
Socket Message Elapsed Messages
Size Size Time Okay Errors Throughput
bytes bytes secs # # 10^6bits/sec

212992 65507 10.00 1998882 0 104741.35
212992 10.00 196 10.27

清除接口速率限制方法

1
2
ovs-vsctl set Interface firstif ingress_policing_rate=0
ovs-vsctl set Interface firstif ingress_policing_burst=0

ovs stp

环路拓扑

ovsstp

组成拓扑结构的脚本

构成连通脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
ip netns add ns1
ovs-vsctl add-br br1
ovs-vsctl add-port br1 tap1 -- set Interface tap1 type=internal
ip link set tap1 netns ns1
ip netns exec ns1 ip addr add 1.1.1.1/24 dev tap1
ip netns exec ns1 ip link set tap1 up

ip netns add ns2
ovs-vsctl add-br br2
ovs-vsctl add-port br2 tap2 -- set Interface tap2 type=internal
ip link set tap2 netns ns2
ip netns exec ns2 ip addr add 1.1.1.2/24 dev tap2
ip netns exec ns2 ip link set tap2 up

ip netns add ns3
ovs-vsctl add-br br3
ovs-vsctl add-port br3 tap3 -- set Interface tap3 type=internal
ip link set tap3 netns ns3
ip netns exec ns3 ip addr add 1.1.1.3/24 dev tap3
ip netns exec ns3 ip link set tap3 up


ip link add br1-br2 type veth peer name br2-br1
ip link add br1-br3 type veth peer name br3-br1
ip link add br2-br3 type veth peer name br3-br2

ip link set dev br1-br2 up
ip link set dev br2-br1 up
ip link set dev br1-br3 up
ip link set dev br3-br1 up
ip link set dev br2-br3 up
ip link set dev br3-br2 up

#连接br1 <-> br2
ovs-vsctl add-port br1 br1-br2
ovs-vsctl add-port br2 br2-br1

#连接br1<->br3
ovs-vsctl add-port br1 br1-br3
ovs-vsctl add-port br3 br3-br1

#连接br2<->br3 一半
ovs-vsctl add-port br2 br2-br3

拓扑清理脚本

1
2
3
4
5
6
7
8
9
ip link  del br1-br2 type veth peer name br2-br1
ip link del br1-br3 type veth peer name br3-br1
ip link del br2-br3 type veth peer name br3-br2
ovs-vsctl del-br br1
ovs-vsctl del-br br2
ovs-vsctl del-br br3
ip netns del ns1
ip netns del ns2
ip netns del ns3

上述脚本执行完成后br3 <-> br2 未完全连接,因此还未组成环路
此时测试连通性:

连通脚本的测试命令

1
2
ip netns exec ns1 ping -c 3 1.1.1.2
ip netns exec ns1 ping -c 4 1.1.1.3

测试结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 3 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.225 ms

64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.049 ms
64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.051 ms

--- 1.1.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2031ms
rtt min/avg/max/mdev = 0.049/0.108/0.225/0.082 ms
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 4 1.1.1.3
PING 1.1.1.3 (1.1.1.3) 56(84) bytes of data.
64 bytes from 1.1.1.3: icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from 1.1.1.3: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 1.1.1.3: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 1.1.1.3: icmp_seq=4 ttl=64 time=0.050 ms

--- 1.1.1.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3065ms
rtt min/avg/max/mdev = 0.046/0.091/0.219/0.074 ms

将br2和br3连通组成二层环路

1
ovs-vsctl add-port br3 br3-br2

环路后进行ping连通测试结果,时通时不通

1
2
3
4
5
6
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 30 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.436 ms
--- 1.1.1.2 ping statistics ---
18 packets transmitted, 1 received, 94% packet loss, time 17402ms
rtt min/avg/max/mdev = 0.436/0.436/0.436/0.000 ms

环路情况下分析

  • 查询接口名称和接口索引的对应关系

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    root@controller-VirtualBox:~# ovs-ofctl show br1
    OFPT_FEATURES_REPLY (xid=0x2): dpid:0000bee79fe0e948
    n_tables:254, n_buffers:0
    capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
    actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
    1(tap1): addr:ff:7f:00:00:36:38
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    2(br1-br2): addr:b2:86:95:fa:4b:b9
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    3(br1-br3): addr:12:a5:67:28:40:f1
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    LOCAL(br1): addr:be:e7:9f:e0:e9:48
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
    root@controller-VirtualBox:~# ovs-ofctl show br2
    OFPT_FEATURES_REPLY (xid=0x2): dpid:00007a10ec6b6942
    n_tables:254, n_buffers:0
    capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
    actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
    1(tap2): addr:ff:7f:00:00:36:38
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    2(br2-br1): addr:0e:dd:29:5c:73:ec
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    3(br2-br3): addr:4a:73:b5:67:af:fe
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    LOCAL(br2): addr:7a:10:ec:6b:69:42
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
    root@controller-VirtualBox:~# ovs-ofctl show br3
    OFPT_FEATURES_REPLY (xid=0x2): dpid:0000462c85b99a4d
    n_tables:254, n_buffers:0
    capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
    actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
    1(tap3): addr:ff:7f:00:00:36:38
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    2(br3-br1): addr:ca:ed:37:ef:7d:21
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    3(br3-br2): addr:ea:55:a1:2e:d9:d1
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    LOCAL(br3): addr:46:2c:85:b9:9a:4d
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
  • 查看ns1的arp表项,发现已经无法学习到1.1.1.2 mac地址

    1
    2
    3
    4
    5
    root@controller-VirtualBox:~# ip netns exec ns1 arp -n
    Address HWtype HWaddress Flags Mask Iface
    1.1.1.3 ether 72:e4:76:db:2e:c5 C tap1
    1.1.1.2 (incomplete) tap1
    root@controller-VirtualBox:~#
  • 分别查看br1、br2、br3的mac转发表,发现br1和br2表项已经错乱

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    root@controller-VirtualBox:~# ovs-appctl fdb/show br1
    port VLAN MAC Age
    2 0 3a:52:a3:d6:67:12 0
    3 0 b2:86:95:fa:4b:b9 0
    3 0 02:a1:bd:ae:56:75 0
    root@controller-VirtualBox:~# ovs-appctl fdb/show br2
    port VLAN MAC Age
    3 0 3a:52:a3:d6:67:12 0
    2 0 b2:86:95:fa:4b:b9 0
    2 0 02:a1:bd:ae:56:75 0
    root@controller-VirtualBox:~# ovs-appctl fdb/show br3
    port VLAN MAC Age
    2 0 3a:52:a3:d6:67:12 0
    3 0 b2:86:95:fa:4b:b9 0
    2 0 02:a1:bd:ae:56:75 0

表项错乱说明:
br1连接ns1的tap1本应该从接口1学习到,结果从接口三学习到
br2连接ns2的tap2本应该从接口1学习到,结果从接口三学习到

开启ovs stp解决上述二层环路问题

ovs-vsctl list bridge查看stp默认是关闭的

开启stp

1
2
3
ovs-vsctl set Bridge br1 stp_enable=true
ovs-vsctl set Bridge br2 stp_enable=true
ovs-vsctl set Bridge br3 stp_enable=true

经过测试网络恢复正常

1
2
3
4
5
6
7
8
9
10
11
12
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 2 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.272 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.057 ms
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1023ms
rtt min/avg/max/mdev = 0.057/0.164/0.272/0.108 ms
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 3 1.1.1.3
PING 1.1.1.3 (1.1.1.3) 56(84) bytes of data.
64 bytes from 1.1.1.3: icmp_seq=1 ttl=64 time=0.463 ms
64 bytes from 1.1.1.3: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 1.1.1.3: icmp_seq=3 ttl=64 time=0.050 ms

stp研究

ovs-vsctl list bridge 获取到如下信息

br3 stp_root_path_cost=”0”
br2 stp_root_path_cost=”2”
br1 stp_root_path_cost=”2”‘

在br3-br1处抓包,并且令开窗口ns1 ping ns2

窗口1: ns1 ping ns2

1
2
3
4
root@controller-VirtualBox:~# ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.502 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.078 ms

窗口2:抓取到报文流量经过了br3

1
2
3
4
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br3-br1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:08:46.538492 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 4525, seq 3, length 64
15:08:46.538524 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 4525, seq 3, length 64

通过测试得知上述环形网络,已经被逻辑修剪为如下拓扑图,从此解决了ovs二层环路问题

ovsstp1

stp相关命令总结

  • 开启br1 stp

    1
    ovs-vsctl set bridge br1 tp_enable=ture
  • 关闭br1 stp

    1
    ovs-vsctl set Bridge br1 stp_enable=false
  • 设置br1 stp cost

    1
    ovs-vsctl set Port br2-br1 other_config:stp-path-cost=100
  • 查询br1 stp状态

    1
    ovs-vsctl get bridge br1 stp_enable
  • 设置br1的stp优先级

    1
    ovs-vsctl set bridge br1 other_config:stp-priority=0x7800
  • 移除br1 stp设置

    1
    ovs-vsctl clear bridge br100 other_config