单控制器配置L2网络 | SDNLAB | 专注网络创新技术

本例子主要演示通过VTN协调器及单个VTN管理器配置L2网络，利用mininet虚拟出openflow交换机，并对其进行控制，mininet交换机拓扑图如下：

配置mininet拓扑：

sudo mn --controller=remote,ip=172.31.2.70 --topo tree,2

1	sudo mn --controller=remote,ip=172.31.2.70 --topo tree,2

查看拓扑链接结构：

mininet> net
h1 h1-eth0:s2-eth1
h2 h2-eth0:s2-eth2
h3 h3-eth0:s3-eth1
h4 h4-eth0:s3-eth2
s1 lo:  s1-eth1:s2-eth3 s1-eth2:s3-eth3
s2 lo:  s2-eth1:h1-eth0 s2-eth2:h2-eth0 s2-eth3:s1-eth1
s3 lo:  s3-eth1:h3-eth0 s3-eth2:h4-eth0 s3-eth3:s1-eth2

mininet> net

h1 h1-eth0:s2-eth1

h2 h2-eth0:s2-eth2

h3 h3-eth0:s3-eth1

h4 h4-eth0:s3-eth2

s1 lo: s1-eth1:s2-eth3 s1-eth2:s3-eth3

s2 lo: s2-eth1:h1-eth0 s2-eth2:h2-eth0 s2-eth3:s1-eth1

s3 lo: s3-eth1:h3-eth0 s3-eth2:h4-eth0 s3-eth3:s1-eth2

添加如下of流表，如果没有改表项的话：

sudo ovs-ofctl add-flow s1 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s2 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s3 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s1 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s2 priority=0,actions=output:CONTROLLER

sudo ovs-ofctl add-flow s3 priority=0,actions=output:CONTROLLER

此时监测h1 ping h3是不通的：

mininet> h1 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable

mininet> h1 ping h3

PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.

From 10.0.0.1 icmp_seq=1 Destination Host Unreachable

From 10.0.0.1 icmp_seq=2 Destination Host Unreachable

From 10.0.0.1 icmp_seq=3 Destination Host Unreachable

下面通过vtn规则，使得h1与h3可以通信，调用接口创建相关资源：
创建vtn

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://172.31.2.70:8083/vtn-webapi/vtns
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://172.31.2.70:8083/vtn-webapi/vtns HTTP/1.1 201 Created

创建控制器

curl  -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"172.31.2.70", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://172.31.2.70:8083/vtn-webapi/controllers
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"172.31.2.70", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://172.31.2.70:8083/vtn-webapi/controllers HTTP/1.1 201 Created

创建虚拟桥

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_one","controller_id":"controller1","domain_id":"(DEFAULT)" }}'  http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges
HTTP/1.1 201 Created

1 2	curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_one","controller_id":"controller1","domain_id":"(DEFAULT)" }}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges HTTP/1.1 201 Created

创建虚拟接口

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if1","description": "if_desc1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces
HTTP/1.1 201 Created

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if2","description": "if_desc2"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces
HTTP/1.1 201 Created

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if1","description": "if_desc1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces

HTTP/1.1 201 Created

curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"interface": {"if_name": "if2","description": "if_desc2"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces

HTTP/1.1 201 Created

创建接口映射

curl -i --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:openflow:3-s3-eth1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces/if1/portmap
HTTP/1.1 204 No Content

curl -i --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:openflow:2-s2-eth1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces/if2/portmap
HTTP/1.1 204 No Content

curl -i --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:openflow:3-s3-eth1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces/if1/portmap

HTTP/1.1 204 No Content

curl -i --user admin:adminpass -H 'content-type: application/json' -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:openflow:2-s2-eth1"}}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges/vbr_one/interfaces/if2/portmap

HTTP/1.1 204 No Content

检测是否可以通信：

mininet> h1 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=12.2 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.184 ms
64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.042 ms

mininet> h1 ping h3

PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.

64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=12.2 ms

64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.184 ms

64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.042 ms

可以看出通过添加VTN的规则，h1和h3可以正常通信了，观看流表规则：

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
 cookie=0x7f56000000000008, duration=7.185s, table=0, n_packets=6, n_bytes=532, idle_age=2, priority=10,in_port=2,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:1
 cookie=0x7f56000000000009, duration=7.177s, table=0, n_packets=5, n_bytes=434, idle_age=2, priority=10,in_port=1,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:2

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s2
NXST_FLOW reply (xid=0x4):
 cookie=0x7f56000000000008, duration=6.201s, table=0, n_packets=6, n_bytes=532, idle_age=1, priority=10,in_port=3,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:1
 cookie=0x7f56000000000009, duration=6.191s, table=0, n_packets=5, n_bytes=434, idle_timeout=300, idle_age=1, priority=10,in_port=1,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:3

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s3
NXST_FLOW reply (xid=0x4):
 cookie=0x7f56000000000008, duration=2.184s, table=0, n_packets=2, n_bytes=196, idle_timeout=300, idle_age=2, priority=10,in_port=1,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:3
 cookie=0x7f56000000000009, duration=2.177s, table=0, n_packets=1, n_bytes=98, idle_age=1, priority=10,in_port=3,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:1

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s1

NXST_FLOW reply (xid=0x4):

cookie=0x7f56000000000008, duration=7.185s, table=0, n_packets=6, n_bytes=532, idle_age=2, priority=10,in_port=2,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:1

cookie=0x7f56000000000009, duration=7.177s, table=0, n_packets=5, n_bytes=434, idle_age=2, priority=10,in_port=1,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:2

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s2

NXST_FLOW reply (xid=0x4):

cookie=0x7f56000000000008, duration=6.201s, table=0, n_packets=6, n_bytes=532, idle_age=1, priority=10,in_port=3,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:1

cookie=0x7f56000000000009, duration=6.191s, table=0, n_packets=5, n_bytes=434, idle_timeout=300, idle_age=1, priority=10,in_port=1,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:3

mininet@ubuntu:~$ sudo ovs-ofctl dump-flows s3

NXST_FLOW reply (xid=0x4):

cookie=0x7f56000000000008, duration=2.184s, table=0, n_packets=2, n_bytes=196, idle_timeout=300, idle_age=2, priority=10,in_port=1,vlan_tci=0x0000,dl_src=e2:8c:17:c5:52:eb,dl_dst=76:c9:fb:a8:a4:ca actions=output:3

cookie=0x7f56000000000009, duration=2.177s, table=0, n_packets=1, n_bytes=98, idle_age=1, priority=10,in_port=3,vlan_tci=0x0000,dl_src=76:c9:fb:a8:a4:ca,dl_dst=e2:8c:17:c5:52:eb actions=output:1

可以看到在3个虚拟交换机上添加了两个主机通信所必须的流表规则，主要是添加了源mac和目的mac，以及交换机出口，保证了l2的可达。