OpenDaylight VTN应用——MAC映射 | SDNLAB

本例子主要演示多台主机通过映射mac关系进行通信或者隔离，利用mininet虚拟出openflow交换机，并对其进行控制，mininet交换机拓扑图如下：

配置mininet拓扑：

sudo mn --controller=remote,ip=172.31.2.70 --topo tree,2

1	sudo mn --controller=remote,ip=172.31.2.70 --topo tree,2

查看拓扑链接结构：

mininet> net
h1 h1-eth0:s2-eth1
h2 h2-eth0:s2-eth2
h3 h3-eth0:s3-eth1
h4 h4-eth0:s3-eth2
s1 lo:  s1-eth1:s2-eth3 s1-eth2:s3-eth3
s2 lo:  s2-eth1:h1-eth0 s2-eth2:h2-eth0 s2-eth3:s1-eth1
s3 lo:  s3-eth1:h3-eth0 s3-eth2:h4-eth0 s3-eth3:s1-eth2

mininet> net

h1 h1-eth0:s2-eth1

h2 h2-eth0:s2-eth2

h3 h3-eth0:s3-eth1

h4 h4-eth0:s3-eth2

s1 lo: s1-eth1:s2-eth3 s1-eth2:s3-eth3

s2 lo: s2-eth1:h1-eth0 s2-eth2:h2-eth0 s2-eth3:s1-eth1

s3 lo: s3-eth1:h3-eth0 s3-eth2:h4-eth0 s3-eth3:s1-eth2

添加如下of流表，如果没有改表项的话：

sudo ovs-ofctl add-flow s1 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s2 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s3 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s1 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s2 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s3 priority=0,actions=output:CONTROLLER

此时监测h1 ping h3是不通的：

mininet> h1 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable

mininet> h1 ping h3

PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.

From 10.0.0.1 icmp_seq=1 Destination Host Unreachable

From 10.0.0.1 icmp_seq=2 Destination Host Unreachable

From 10.0.0.1 icmp_seq=3 Destination Host Unreachable

h1和h3的mac查询：

mininet> h1 ifconfig
h1-eth0   Link encap:Ethernet  HWaddr 6a:b2:19:06:9b:e8  
          inet addr:10.0.0.1  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::68b2:19ff:fe06:9be8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11000 errors:0 dropped:10969 overruns:0 frame:0
          TX packets:103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:934259 (934.2 KB)  TX bytes:4918 (4.9 KB)

mininet> h1 ifconfig

h1-eth0 Link encap:Ethernet HWaddr 6a:b2:19:06:9b:e8

inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0

inet6 addr: fe80::68b2:19ff:fe06:9be8/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:11000 errors:0 dropped:10969 overruns:0 frame:0

TX packets:103 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:934259 (934.2 KB) TX bytes:4918 (4.9 KB)

下面通过vtn规则，使得h1与h3可以通信，调用接口创建相关资源：

创建vtn

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://172.31.2.70:8083/vtn-webapi/vtns
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://172.31.2.70:8083/vtn-webapi/vtns HTTP/1.1 201 Created

创建控制器

curl  -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"172.31.2.70", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://172.31.2.70:8083/vtn-webapi/controllers
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"172.31.2.70", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://172.31.2.70:8083/vtn-webapi/controllers HTTP/1.1 201 Created

创建虚拟桥

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_one","controller_id":"controller1","domain_id":"(DEFAULT)" }}'  http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_one","controller_id":"controller1","domain_id":"(DEFAULT)" }}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges HTTP/1.1 201 Created

在vbr_one上配置主机h1和h3的mac映射关系

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"machost": [{"address": "6a:b2:19:06:9b:e8", "vlan": "0"},{"address": "6e:65:1c:af:d1:4d", "vlan": "0"}]}' http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/allow
HTTP/1.1 201 Created

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"machost": [{"address": "6a:b2:19:06:9b:e8", "vlan": "0"},{"address": "6e:65:1c:af:d1:4d", "vlan": "0"}]}' http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/allow

HTTP/1.1 201 Created

查询映射关系的建立情况

curl -i --user admin:adminpass -H 'content-type: application/json' -X GET http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap
HTTP/1.1 200 OK
{"allow":{"machost":[{"address":"6a:b2:19:06:9b:e8","vlan":0},{"address":"6e:65:1c:af:d1:4d","vlan":0}]},"mapped":{"macentry":[{"address":"6e:65:1c:af:d1:4d","vlan":0,"node":{"id":"00:00:00:00:00:00:00:03","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.3"}]}},{"address":"6a:b2:19:06:9b:e8","vlan":0,"node":{"id":"00:00:00:00:00:00:00:02","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.1"}]}}]}}

curl -i --user admin:adminpass -H 'content-type: application/json' -X GET http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap

HTTP/1.1 200 OK

{"allow":{"machost":[{"address":"6a:b2:19:06:9b:e8","vlan":0},{"address":"6e:65:1c:af:d1:4d","vlan":0}]},"mapped":{"macentry":[{"address":"6e:65:1c:af:d1:4d","vlan":0,"node":{"id":"00:00:00:00:00:00:00:03","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.3"}]}},{"address":"6a:b2:19:06:9b:e8","vlan":0,"node":{"id":"00:00:00:00:00:00:00:02","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.1"}]}}]}}

检测通信情况

mininet> h1 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=8.82 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.175 ms

mininet> h1 ping h3

PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.

64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=8.82 ms

64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.175 ms

也可以创建禁止通信的规则，将h4加入黑名单

curl -i --user admin:adminpass -H "Content-type: application/json" -X POST http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/deny -d '{"machost": [{"address": "6e:63:0f:7c:4e:0b"}]}'
HTTP/1.1 200 OK

1 2	curl -i --user admin:adminpass -H "Content-type: application/json" -X POST http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/deny -d '{"machost": [{"address": "6e:63:0f:7c:4e:0b"}]}' HTTP/1.1 200 OK

通过vtn规则，使得h1与h3不能和h4通信。