ovs stp

 

環路拓撲

 

組成拓撲結構的腳本

構成連通腳本

ip netns add ns1
ovs-vsctl add-br br1
ovs-vsctl add-port br1 tap1 -- set Interface tap1 type=internal
ip link set tap1 netns ns1
ip netns exec ns1 ip addr add 1.1.1.1/24 dev tap1
ip netns exec ns1 ip link set tap1 up

ip netns add ns2
ovs-vsctl add-br br2
ovs-vsctl add-port br2 tap2 -- set Interface tap2 type=internal
ip link set tap2 netns ns2
ip netns exec ns2 ip addr add 1.1.1.2/24 dev tap2
ip netns exec ns2 ip link set tap2 up

ip netns add ns3
ovs-vsctl add-br br3
ovs-vsctl add-port br3 tap3 -- set Interface tap3 type=internal
ip link set tap3 netns ns3
ip netns exec ns3 ip addr add 1.1.1.3/24 dev tap3
ip netns exec ns3 ip link set tap3 up


ip link  add br1-br2 type veth peer name br2-br1
ip link  add br1-br3 type veth peer name br3-br1
ip link  add br2-br3 type veth peer name br3-br2

ip link set dev br1-br2  up
ip link set dev br2-br1  up
ip link set dev br1-br3  up
ip link set dev br3-br1  up
ip link set dev br2-br3  up
ip link set dev br3-br2  up

#鏈接br1 <-> br2
ovs-vsctl add-port br1 br1-br2
ovs-vsctl add-port br2 br2-br1

#鏈接br1<->br3
ovs-vsctl add-port br1 br1-br3
ovs-vsctl add-port br3 br3-br1

#鏈接br2<->br3 一半
ovs-vsctl add-port br2 br2-br3

　　拓撲清理腳本

ip link  del br1-br2 type veth peer name br2-br1
ip link  del br1-br3 type veth peer name br3-br1
ip link  del br2-br3 type veth peer name br3-br2
ovs-vsctl del-br br1
ovs-vsctl del-br br2
ovs-vsctl del-br br3
ip netns del ns1
ip netns del ns2
ip netns del ns3

上述腳本執行完成後br3 <-> br2 未徹底鏈接，所以還未組成環路

此時測試連通性：

連通腳本的測試命令

ip netns exec ns1 ping -c 3 1.1.1.2
ip netns exec ns1 ping -c 4 1.1.1.3

　　

測試結果

root@controller-VirtualBox:~# ip netns exec ns1 ping -c 3 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.225 ms

64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.049 ms
64 bytes from 1.1.1.2: icmp_seq=3 ttl=64 time=0.051 ms

--- 1.1.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2031ms
rtt min/avg/max/mdev = 0.049/0.108/0.225/0.082 ms
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 4 1.1.1.3
PING 1.1.1.3 (1.1.1.3) 56(84) bytes of data.
64 bytes from 1.1.1.3: icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from 1.1.1.3: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 1.1.1.3: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 1.1.1.3: icmp_seq=4 ttl=64 time=0.050 ms

--- 1.1.1.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3065ms
rtt min/avg/max/mdev = 0.046/0.091/0.219/0.074 ms

　　

將br2和br3連通組成二層環路

ovs-vsctl add-port br3 br3-br2

環路後進行ping連通測試結果,時通時不通

root@controller-VirtualBox:~# ip netns exec ns1 ping -c 30 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.436 ms
--- 1.1.1.2 ping statistics ---
18 packets transmitted, 1 received, 94% packet loss, time 17402ms
rtt min/avg/max/mdev = 0.436/0.436/0.436/0.000 ms

　　

環路狀況下分析

• 查詢接口名稱和接口索引的對應關係

  root@controller-VirtualBox:~# ovs-ofctl show br1
  OFPT_FEATURES_REPLY (xid=0x2): dpid:0000bee79fe0e948
  n_tables:254, n_buffers:0
  capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
  actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
   1(tap1): addr:ff:7f:00:00:36:38
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
   2(br1-br2): addr:b2:86:95:fa:4b:b9
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   3(br1-br3): addr:12:a5:67:28:40:f1
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   LOCAL(br1): addr:be:e7:9f:e0:e9:48
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
  OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
  root@controller-VirtualBox:~# ovs-ofctl show br2
  OFPT_FEATURES_REPLY (xid=0x2): dpid:00007a10ec6b6942
  n_tables:254, n_buffers:0
  capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
  actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
   1(tap2): addr:ff:7f:00:00:36:38
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
   2(br2-br1): addr:0e:dd:29:5c:73:ec
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   3(br2-br3): addr:4a:73:b5:67:af:fe
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   LOCAL(br2): addr:7a:10:ec:6b:69:42
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
  OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
  root@controller-VirtualBox:~# ovs-ofctl show br3
  OFPT_FEATURES_REPLY (xid=0x2): dpid:0000462c85b99a4d
  n_tables:254, n_buffers:0
  capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
  actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
   1(tap3): addr:ff:7f:00:00:36:38
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
   2(br3-br1): addr:ca:ed:37:ef:7d:21
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   3(br3-br2): addr:ea:55:a1:2e:d9:d1
       config:     0
       state:      0
       current:    10GB-FD COPPER
       speed: 10000 Mbps now, 0 Mbps max
   LOCAL(br3): addr:46:2c:85:b9:9a:4d
       config:     PORT_DOWN
       state:      LINK_DOWN
       speed: 0 Mbps now, 0 Mbps max
  OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 

   

• 查看ns1的arp表項，發現已經沒法學習到1.1.1.2 mac地址

  root@controller-VirtualBox:~# ip netns exec ns1 arp -n
  Address                  HWtype  HWaddress           Flags Mask            Iface
  1.1.1.3                  ether   72:e4:76:db:2e:c5   C                     tap1
  1.1.1.2                          (incomplete)                              tap1
  

  　　

• 分別查看br一、br二、br3的mac轉發表，發現br1和br2表項已經錯亂

  　　

  root@controller-VirtualBox:~# ovs-appctl fdb/show br1
   port  VLAN  MAC                Age
      2     0  3a:52:a3:d6:67:12    0
      3     0  b2:86:95:fa:4b:b9    0
      3     0  02:a1:bd:ae:56:75    0
  root@controller-VirtualBox:~# ovs-appctl fdb/show br2
   port  VLAN  MAC                Age
      3     0  3a:52:a3:d6:67:12    0
      2     0  b2:86:95:fa:4b:b9    0
      2     0  02:a1:bd:ae:56:75    0
  root@controller-VirtualBox:~# ovs-appctl fdb/show br3
   port  VLAN  MAC                Age
      2     0  3a:52:a3:d6:67:12    0
      3     0  b2:86:95:fa:4b:b9    0
      2     0  02:a1:bd:ae:56:75    0
  

  　　表項錯亂說明：

  br1鏈接ns1的tap1本應該從接口1學習到，結果從接口三學習到
  br2鏈接ns2的tap2本應該從接口1學習到，結果從接口三學習到

  開啓ovs stp解決上述二層環路問題

　　ovs-vsctl list bridge查看stp默認是關閉的

開啓stp

ovs-vsctl set Bridge br1 stp_enable=true
ovs-vsctl set Bridge br2 stp_enable=true
ovs-vsctl set Bridge br3 stp_enable=true

通過測試網絡恢復正常

root@controller-VirtualBox:~# ip netns exec ns1 ping -c 2 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.272 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.057 ms
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1023ms
rtt min/avg/max/mdev = 0.057/0.164/0.272/0.108 ms
root@controller-VirtualBox:~# ip netns exec ns1 ping -c 3 1.1.1.3
PING 1.1.1.3 (1.1.1.3) 56(84) bytes of data.
64 bytes from 1.1.1.3: icmp_seq=1 ttl=64 time=0.463 ms
64 bytes from 1.1.1.3: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 1.1.1.3: icmp_seq=3 ttl=64 time=0.050 ms

　　

stp研究

ovs-vsctl list bridge 獲取到以下信息

br3 stp_root_path_cost=」0」
br2 stp_root_path_cost=」2」
br1 stp_root_path_cost=」2」‘

在br3-br1處抓包，而且令開窗口ns1 ping ns2

窗口1： ns1 ping ns2

root@controller-VirtualBox:~# ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2) 56(84) bytes of data.
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.502 ms
64 bytes from 1.1.1.2: icmp_seq=2 ttl=64 time=0.078 ms

　　窗口2：抓取到報文流量通過了br3

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br3-br1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:08:46.538492 IP 1.1.1.1 > 1.1.1.2: ICMP echo request, id 4525, seq 3, length 64
15:08:46.538524 IP 1.1.1.2 > 1.1.1.1: ICMP echo reply, id 4525, seq 3, length 64

　　經過測試得知上述環形網絡，已經被邏輯修剪爲以下拓撲圖，今後解決了ovs二層環路問題

 

組成拓撲結構的腳本

stp相關命令總結

• 開啓br1 stp

  ovs-vsctl set bridge br1 tp_enable=ture　

• 關閉br1 stp

  ovs-vsctl set Bridge br1 stp_enable=false

• 設置br1 stp cost

  ovs-vsctl set Port br2-br1 other_config:stp-path-cost=100

• 查詢br1 stp狀態

  ovs-vsctl get bridge br1 stp_enable

• 設置br1的stp優先級

  ovs-vsctl set bridge br1 other_config:stp-priority=0x7800

• 移除br1 stp設置

  ovs-vsctl clear bridge br100 other_config