拓扑
配置一个简单的L2 和 L3 Network 测试拓扑,包含两个L2 Network(logic switch),每个L2 Network连接两个vm(用netns模拟),包含一个VPC Router(logic router)连接两个L2 Network,使其能够三层互通。
这里将模拟云网络东西向流量的二三层互通。不涉及南北向流量。
逻辑拓扑如下:
分别测试同主机互通和跨主机互通,所以我们将"400-vm2" 这个虚拟机单独放到Node节点上,其他VM放到Central节点上。
物理拓扑如下:
OVN L2
OVN L2功能包括
- L2 switch
- L2 ACL
- Supports software-based L2 gateways
- Supports TOR (Top of Rack) based L2 gateways that implement the hardware_vtep schema
- Can provide networking for both VMs and containers running inside of those VMs, without a second layer of overlay networking
1、 配置sw-300,同主机二层互联
ovn-nbctl ls-add sw-300
ovn-nbctl lsp-add sw-300 sw-300-port-vm1
ovn-nbctl lsp-set-addresses sw-300-port-vm1 "fa:10:dd:1b:30:01 30.1.1.11/24"
ovn-nbctl lsp-set-port-security sw-300-port-vm1 "fa:10:dd:1b:30:01 30.1.1.11/24"
ovn-nbctl lsp-add sw-300 sw-300-port-vm2
ovn-nbctl lsp-set-addresses sw-300-port-vm2 "fa:10:dd:1b:30:02 30.1.1.12/24"
ovn-nbctl lsp-set-port-security sw-300-port-vm2 "fa:10:dd:1b:30:02 30.1.1.12/24"
## 转发面配置,只在 Central 节点配置两个虚拟机
ovs-vsctl add-port br-int sw-300-port-vm1 -- set interface sw-300-port-vm1 type=internal \
-- set Interface sw-300-port-vm1 external_ids:iface-id=sw-300-port-vm1
ovs-vsctl add-port br-int sw-300-port-vm2 -- set interface sw-300-port-vm2 type=internal \
-- set Interface sw-300-port-vm2 external_ids:iface-id=sw-300-port-vm2
ip netns add vm-300-1
ip netns add vm-300-2
ip link set netns vm-300-1 dev sw-300-port-vm1
ip link set netns vm-300-2 dev sw-300-port-vm2
ip netns exec vm-300-1 ip link set up dev lo
ip netns exec vm-300-1 ip link set up dev sw-300-port-vm1
ip netns exec vm-300-1 ip link set address fa:10:dd:1b:30:01 dev sw-300-port-vm1
ip netns exec vm-300-1 ip addr add 30.1.1.11/24 dev sw-300-port-vm1
ip netns exec vm-300-1 ip route add default via 30.1.1.1
ip netns exec vm-300-2 ip link set up dev lo
ip netns exec vm-300-2 ip link set up dev sw-300-port-vm2
ip netns exec vm-300-2 ip link set address fa:10:dd:1b:30:02 dev sw-300-port-vm2
ip netns exec vm-300-2 ip addr add 30.1.1.12/24 dev sw-300-port-vm2
ip netns exec vm-300-2 ip route add default via 30.1.1.1
## Central 节点
[root@localhost ~]# ovn-nbctl show
switch 7cb4da17-5b6f-4121-8de2-c88452bef8ee (sw-300)
port sw-300-port-vm1
addresses: ["fa:10:dd:1b:30:01 30.1.1.11/24"]
port sw-300-port-vm2
addresses: ["fa:10:dd:1b:30:02 30.1.1.12/24"]
[root@localhost ~]# ovs-vsctl show
9f827492-13aa-4029-add8-4d5c5f006bd9
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "sw-300-port-vm1"
Interface "sw-300-port-vm1"
type: internal
Port "sw-300-port-vm2"
Interface "sw-300-port-vm2"
type: internal
Port "ovn-ba702e-0"
Interface "ovn-ba702e-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.26.201.7"}
ovs_version: "2.11.0"
## Node上未发生实际配置
[root@172-26-201-7 ~]# ovs-vsctl show
c39793c4-a552-40b3-bc01-be55208ed292
Bridge br-int
fail_mode: secure
Port "ovn-bd8b43-0"
Interface "ovn-bd8b43-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.16.58"}
Port br-int
Interface br-int
type: internal
ovs_version: "2.11.0"
2、配置sw-400,跨主机二层互联
## 创建一个新的sw
ovn-nbctl ls-add sw-400
ovn-nbctl lsp-add sw-400 sw-400-port-vm1
ovn-nbctl lsp-set-addresses sw-400-port-vm1 "fa:10:dd:1b:40:01 40.1.1.11/24"
ovn-nbctl lsp-set-port-security sw-400-port-vm1 "fa:10:dd:1b:40:01 40.1.1.11/24"
ovn-nbctl lsp-add sw-400 sw-400-port-vm2
ovn-nbctl lsp-set-addresses sw-400-port-vm2 "fa:10:dd:1b:40:02 40.1.1.12/24"
ovn-nbctl lsp-set-port-security sw-400-port-vm2 "fa:10:dd:1b:40:02 40.1.1.12/24"
## 数据面配置,一个vm建在 Central,一个vm创建在 Node
## Central 节点配置
ip netns add vm-400-1
ip link set netns vm-400-1 dev sw-400-port-vm1
ip netns exec vm-400-1 ip link set up dev lo
ip netns exec vm-400-1 ip link set up dev sw-400-port-vm1
ip netns exec vm-400-1 ip link set address fa:10:dd:1b:40:01 dev sw-400-port-vm1
ip netns exec vm-400-1 ip addr add 40.1.1.11/24 dev sw-400-port-vm1
ip netns exec vm-400-1 ip route add default via 40.1.1.1
ovs-vsctl add-port br-int sw-400-port-vm1 -- set interface sw-400-port-vm1 type=internal \
-- set Interface sw-400-port-vm1 external_ids:iface-id=sw-400-port-vm1
## Node节点配置
ip netns add vm-400-2
ip link set netns vm-400-2 dev sw-400-port-vm2
ip netns exec vm-400-2 ip link set up dev lo
ip netns exec vm-400-2 ip link set up dev sw-400-port-vm2
ip netns exec vm-400-2 ip link set address fa:10:dd:1b:40:02 dev sw-400-port-vm2
ip netns exec vm-400-2 ip addr add 40.1.1.12/24 dev sw-400-port-vm2
ip netns exec vm-400-2 ip route add default via 40.1.1.1
ovs-vsctl add-port br-int sw-400-port-vm2 -- set interface sw-400-port-vm2 type=internal \
-- set Interface sw-400-port-vm2 external_ids:iface-id=sw-400-port-vm2
## 检查OVS配置
[root@Central ~]# ovs-vsctl show
9f827492-13aa-4029-add8-4d5c5f006bd9
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "sw-400-port-vm1"
Interface "sw-400-port-vm1"
type: internal
Port "sw-300-port-vm1"
Interface "sw-300-port-vm1"
type: internal
Port "sw-300-port-vm2"
Interface "sw-300-port-vm2"
type: internal
Port "ovn-ba702e-0"
Interface "ovn-ba702e-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.26.201.7"}
## Node节点上存在 vm port和tunnel port
[root@Node ~]# ovs-vsctl show
c39793c4-a552-40b3-bc01-be55208ed292
Bridge br-int
fail_mode: secure
Port "sw-400-port-vm2"
Interface "sw-400-port-vm2"
type: internal
Port "ovn-bd8b43-0"
Interface "ovn-bd8b43-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.16.58"}
Port br-int
Interface br-int
type: internal
ovs_version: "2.11.0"
OVN L3
OVN L3的功能包括
- IPv4/IPv6分布式L3路由
- ARP and IPv6 Neighbor Discovery suppression for known IP-MAC bindings
- L3 ACL
- Native support for NAT and load balancing using OVS connection tracking
- Native fully distributed support for DHCP
- Supports L3 gateways from logical to physical networks
1、配置VPC路由器,连接sw-300 和 sw-400
## 配置L3 Router
ovn-nbctl lr-add vpc-router
ovn-nbctl lrp-add vpc-router rt-300-port 02:d4:1d:8c:30:1 30.1.1.1/24
ovn-nbctl lrp-add vpc-router rt-400-port 02:d4:1d:8c:40:1 40.1.1.1/24
ovn-nbctl lsp-add sw-300 sw-300-port \
-- set Logical_Switch_Port sw-300-port type=router \
options:router-port=rt-300-port addresses='"02:d4:1d:8c:30:1"'
ovn-nbctl lsp-add sw-400 sw-400-port \
-- set Logical_Switch_Port sw-400-port type=router \
options:router-port=rt-400-port addresses='"02:d4:1d:8c:40:1"'
[root@localhost ~]# ovn-nbctl show
switch 7cb4da17-5b6f-4121-8de2-c88452bef8ee (sw-300)
port sw-300-port-vm1
addresses: ["fa:10:dd:1b:30:01 30.1.1.11/24"]
port sw-300-port-vm2
addresses: ["fa:10:dd:1b:30:02 30.1.1.12/24"]
port sw-300-port
type: router
addresses: ["02:d4:1d:8c:30:1"]
router-port: rt-300-port
switch c88de9c7-c7a7-4206-9529-793f3142d5e9 (sw-400)
port sw-400-port-vm2
addresses: ["fa:10:dd:1b:40:02 40.1.1.12/24"]
port sw-400-port
type: router
addresses: ["02:d4:1d:8c:40:1"]
router-port: sw-400-port
port sw-400-port-vm1
addresses: ["fa:10:dd:1b:40:01 40.1.1.11/24"]
router 84753b81-541f-4be8-bfbd-4fca8287b42b (vpc-router)
port rt-400-port
mac: "02:d4:1d:8c:40:1"
networks: ["40.1.1.1/24"]
port rt-300-port
mac: "02:d4:1d:8c:30:1"
networks: ["30.1.1.1/24"]
[root@localhost ~]# ovs-vsctl show
9f827492-13aa-4029-add8-4d5c5f006bd9
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "sw-400-port-vm1"
Interface "sw-400-port-vm1"
type: internal
Port "sw-300-port-vm1"
Interface "sw-300-port-vm1"
type: internal
Port "sw-300-port-vm2"
Interface "sw-300-port-vm2"
type: internal
Port "ovn-ba702e-0"
Interface "ovn-ba702e-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.26.201.7"}
ovs_version: "2.11.0"
测试
虚拟机vm-300-1、vm-300-2位于VPC网络sw-300中,二层互通;
虚拟机vm-400-1、vm-400-2位于VPC网络sw-400中,跨主机二层互通;
两个VPC网络中的VM相互之间三层互通。
流表
逻辑拓扑 & 物理拓扑
OVN 逻辑拓扑和我们的配置一一对应,表达了传统意义上的拓扑,OVN根据已经配置的业务产生逻辑流表 (ovn-sbctl list Logical_Flow)。
逻辑拓扑可以通过 通过ovn-nbctl show命令 查看,如下,可以看到逻辑datapath、逻辑port,以及他们的各种属性配置。
[root@Central ~]# ovn-nbctl show
switch 7cb4da17-5b6f-4121-8de2-c88452bef8ee (sw-300)
port sw-300-port-vm1
addresses: ["fa:10:dd:1b:30:01 30.1.1.11/24"]
port sw-300-port-vm2
addresses: ["fa:10:dd:1b:30:02 30.1.1.12/24"]
port sw-300-port
type: router
addresses: ["02:d4:1d:8c:30:1"]
router-port: rt-300-port
switch c88de9c7-c7a7-4206-9529-793f3142d5e9 (sw-400)
port sw-400-port-vm2
addresses: ["fa:10:dd:1b:40:02 40.1.1.12/24"]
port sw-400-port
type: router
addresses: ["02:d4:1d:8c:40:1"]
router-port: sw-400-port
port sw-400-port-vm1
addresses: ["fa:10:dd:1b:40:01 40.1.1.11/24"]
router 84753b81-541f-4be8-bfbd-4fca8287b42b (vpc-router)
port rt-400-port
mac: "02:d4:1d:8c:40:1"
networks: ["40.1.1.1/24"]
port rt-300-port
mac: "02:d4:1d:8c:30:1"
networks: ["30.1.1.1/24"]
OVN的物理拓扑当然是在ovs中的,其logic sw和logic router都是在ovs bridge br-int中实现的,是非常抽象的,数据面datapath网络功能基本都是通过流表实现;在物理拓扑形成前,如VM nic加入LS之前,逻辑流表不会转换为实际流表;
[root@Central ~]# ovs-vsctl show
9f827492-13aa-4029-add8-4d5c5f006bd9
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "sw-400-port-vm1"
Interface "sw-400-port-vm1"
type: internal
Port "sw-300-port-vm1"
Interface "sw-300-port-vm1"
type: internal
Port "sw-300-port-vm2"
Interface "sw-300-port-vm2"
type: internal
Port "ovn-ba702e-0"
Interface "ovn-ba702e-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.26.201.7"}
ovs_version: "2.11.0"
[root@Node ~]# ovs-vsctl show
c39793c4-a552-40b3-bc01-be55208ed292
Bridge br-int
fail_mode: secure
Port "sw-400-port-vm2"
Interface "sw-400-port-vm2"
type: internal
Port "ovn-bd8b43-0"
Interface "ovn-bd8b43-0"
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.16.58"}
Port br-int
Interface br-int
type: internal
ovs_version: "2.11.0"
ovn-sbctl show显示了OVN Southbound DB信息,我们可以看到其已经很接近物理拓扑了,物理节点上的控制器就是通过监控Southbound DB来配置ovs的。
其中有个Chassis的概念,等同于计算节点(HyperV),后面的一些需要指定节点信息的功能,如集中式公网出口网关、LB公网入口等都会指定这个信息;
[root@Central ~]# ovn-sbctl show
Chassis "bd8b4326-9548-49b2-aff0-00773fbd7ac9"
hostname: localhost
Encap geneve
ip: "172.20.16.58"
options: {csum="true"}
Port_Binding "sw-300-port-vm2"
Port_Binding "sw-400-port-vm1"
Port_Binding "sw-300-port-vm1"
Chassis "ba702ed2-4364-4b44-874f-9e0def52dc19"
hostname: "172-26-201-7"
Encap geneve
ip: "172.26.201.7"
options: {csum="true"}
Port_Binding "sw-400-port-vm2"
逻辑流表&数据面流表
ovs使用流表转发,ovn即使能够实现如此多的网络功能,也都是通过流表抽象实现的。ovn将逻辑拓扑、网络服务抽象转化为逻辑流表,节点上的控制器再将逻辑流表转化为实际ovs流表。
同逻辑拓扑和物理拓扑类似,逻辑流表也更加的可读易懂。通过ovn-sbctl list Logical_Flow 显示。
- 逻辑流表的UUID的前32位作为openflow流表的cookie值,一一对应。
ovs流表中存在一些cookie=0的表,不是由逻辑流表转换而来,或者conjunctive match 转化而来; - 数据面流表大量使用了寄存器不好理解,但是它的match 和 action都是和逻辑流表对应的,而逻辑流表是可读可理解的,所以读数据面流表的时候,结合逻辑流表一起;
- 流表是分级的,便于做功能扩展。
流表设计的两个重点,一个是层级架构,需要做到将来任何一个可能的网络功能都能够插入到这个架构中和已存在功能无缝衔接;另一个流表cookie,本质上流表功能聚合,我们看到的大部分流表都是某一个功能的组成部分,相同cookie的流表最好是一个完整的最小功能集合,最大的好处是流表批量删除。
如下显示一条arp reply的逻辑流表和数据面流表,结合起来读事半功倍。
## ovn-sbctl list Logical_Flow
_uuid : eeeb1de0-8fad-40c8-ad25-1440562d66d2
actions : "eth.dst = eth.src; eth.src = fa:10:dd:1b:30:01; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = fa:10:dd:1b:30:01; arp.tpa = arp.spa; arp.spa = 30.1.1.11; outport = inport; flags.loopback = 1; output;"
external_ids : {source="ovn-northd.c:4212", stage-name=ls_in_arp_rsp}
logical_datapath : 6a1697ee-5e1f-45db-8b42-5288102a75d4
match : "arp.tpa == 30.1.1.11 && arp.op == 1"
pipeline : ingress
priority : 50
table_id : 11
hash : 0
## ovs-ofctl dump-flows br-int
cookie=0xeeeb1de0, duration=19846.424s, table=19, n_packets=3, n_bytes=126, priority=50,arp,metadata=0x5,arp_tpa=30.1.1.11,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:10:dd:1b:30:01,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xfa10dd1b3001->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x1e01010b->NXM_OF_ARP_SPA[],move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
数据面流表中使用了很多寄存器存放元数据,在流的整个pipeline中生效。下面列出了常用的几个寄存器的作用。
寄存器 | 说明 | |
---|---|---|
metadata | 标记逻辑设备,如,logic sw,logic router。 | in_port="sw-300-port-vm1" actions=load:0x5→OXM_OF_METADATA[], in_port="sw-400-port-vm1" actions=load:0x6→OXM_OF_METADATA[], |
reg14 | 标记入接口 赋值对应关系为 ovn-sbctl list Port_Binding的tunnel_key字段,会由 geneve或者stt 携带 |
in_port="sw-300-port-vm1" actions=load:0x1→NXM_NX_REG14[], in_port="sw-300-port-vm2" actions=load:0x2→NXM_NX_REG14[], |
reg15 | 标记出接口 赋值对应关系为 ovn-sbctl list Port_Binding的tunnel_key字段,会由 geneve或者stt 携带 广播回设置0xffff表示所有port |
dl_dst=fa:10:dd:1b:30:01 actions=load:0x1→NXM_NX_REG15[], dl_dst=fa:10:dd:1b:30:02 actions=load:0x2→NXM_NX_REG15[], reg15=0x1,metadata=0x5 actions=output:"sw-300-port-vm1" reg15=0x2,metadata=0x5 actions=output:"sw-300-port-vm2" |
reg13 | 逻辑端口的conntrack zone | |
reg12 | SNAT的conntrack zone | |
reg11 | DNAT的conntrack zone |
虚拟机跨主机的流量需要通过tunnel口发出,但在这之前,转发流程已经在源主机上确认了,即当前是在那个逻辑设备上(metadata)、从那个口收(reg14)、从那个口出(reg15)都已经确认,从tunnel口发出时,这些信息都会设置到tunnel的option中(可扩展的元数据),到了对端主机后,再取出设置到对应的寄存器中。
如下: 逻辑设备设置到NXM_NX_TUN_ID 中,in_port 和 out_port设置到tunnel的元数据 NXM_NX_TUN_METADATA0 中。
### 发送端,设置寄存器
reg15=0x1,metadata=0x6 actions=load:0x6->NXM_NX_TUN_ID[0..23],set_field:0x1->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:"ovn-bd8b43-0"
reg15=0xffff,metadata=0x6 actions=load:0x6->NXM_NX_TUN_ID[0..23],set_field:0xffff->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:"ovn-bd8b43-0",resubmit(,33)
### 接收端,恢复寄存器
in_port="ovn-bd8b43-0" actions=move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23],move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14],move:NXM_NX_TUN_METADATA0[0..15]->NXM_NX_REG15[0..15],resubmit(,33)
流表中有很多controller action,都是需要上送控制器处理的逻辑,基本做两件事情:
- 构造报文做应答。流表无法凭空构造报文,只能对已存在的报文做转发,或者修改转发,所有需要构造新报文的处理都需要送控制器处理。
- 解析报文,做一些控制面信息的动态学习,eg. mac地址学习。
流表项功能记录
[root@Centrial ~]# ovs-ofctl dump-flows br-int
### 1、接收流程
# 接收tunnel口进入的跨主机流量,恢复寄存器,metadata==tunnelid==datapathid,reg14==in_port, reg15==out_port,
# 封装在[28][29]中设置
# 虚拟机跨主机的流量需要通过tunnel口发出,但在这之前,转发流程已经在源主机上确认了,即当前是在那个逻辑设备上(metadata)、从那个口收(reg14)、从那个口出(reg15)都已经确认,
# 从tunnel口发出时,这些信息都会设置到tunnel的option中(可扩展的元数据),到了对端主机后,再取出设置到对应的寄存器中。
###
cookie=0x0, duration=101008.695s, table=0, n_packets=26, n_bytes=2548, priority=100,in_port="ovn-ba702e-0" actions=move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23],move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14],move:NXM_NX_TUN_METADATA0[0..15]->NXM_NX_REG15[0..15],resubmit(,33)
### 2、接收流程,接收vm进入的报文,设置寄存器,metadata=datapathid, reg14=input_if_id
cookie=0x0, duration=96240.250s, table=0, n_packets=37, n_bytes=3218, priority=100,in_port="sw-300-port-vm1" actions=load:0x1->NXM_NX_REG13[],load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],load:0x5->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)
cookie=0x0, duration=96239.640s, table=0, n_packets=35, n_bytes=3134, priority=100,in_port="sw-300-port-vm2" actions=load:0x4->NXM_NX_REG13[],load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],load:0x5->OXM_OF_METADATA[],load:0x2->NXM_NX_REG14[],resubmit(,8)
cookie=0x0, duration=87681.565s, table=0, n_packets=35, n_bytes=3246, priority=100,in_port="sw-400-port-vm1" actions=load:0x5->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x7->NXM_NX_REG12[],load:0x6->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],resubmit(,8)
### 非法报文检测,对vlan和smac合法性做检查 1)不能带有vlan,很严格的检查; 2)smac不能是广播、组播mac
cookie=0xce7f9f29, duration=96240.249s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x5,vlan_tci=0x1000/0x1000 actions=drop
cookie=0x572b2d0f, duration=87681.563s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x6,vlan_tci=0x1000/0x1000 actions=drop
cookie=0x1b96db9, duration=79156.683s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x7,vlan_tci=0x1000/0x1000 actions=drop
cookie=0xab874b4, duration=96240.248s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x5,dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x8a384251, duration=87681.563s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x6,dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0x1b96db9, duration=79156.683s, table=8, n_packets=0, n_bytes=0, priority=100,metadata=0x7,dl_src=01:00:00:00:00:00/01:00:00:00:00:00 actions=drop
cookie=0xfc6369dc, duration=88638.930s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x1,metadata=0x5,dl_src=fa:10:dd:1b:30:01 actions=resubmit(,9)
cookie=0x7985c8ec, duration=88621.461s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x2,metadata=0x5,dl_src=fa:10:dd:1b:30:02 actions=resubmit(,9)
cookie=0xd0e12cee, duration=87681.562s, table=8, n_packets=34, n_bytes=3156, priority=50,reg14=0x1,metadata=0x6,dl_src=fa:10:dd:1b:40:01 actions=resubmit(,9)
cookie=0xd41d6822, duration=79156.688s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x3,metadata=0x5 actions=resubmit(,9)
cookie=0xfb376ec4, duration=79156.670s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x3,metadata=0x6 actions=resubmit(,9)
cookie=0x5f864969, duration=79156.684s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x2,metadata=0x7,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,9)
cookie=0xacd96dc9, duration=79156.683s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x1,metadata=0x7,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,9)
cookie=0xa0308908, duration=79156.683s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x1,metadata=0x7,dl_dst=02:d4:1d:8c:30:01 actions=resubmit(,9)
cookie=0x670f23f7, duration=79156.683s, table=8, n_packets=0, n_bytes=0, priority=50,reg14=0x2,metadata=0x7,dl_dst=02:d4:1d:8c:40:01 actions=resubmit(,9)
cookie=0x2f8b8135, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_dst=224.0.0.0/4 actions=drop
cookie=0x80287555, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=100,ip,reg9=0/0x2,metadata=0x7,nw_src=30.1.1.1 actions=drop
cookie=0x8404f27d, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,reg9=0/0x2,metadata=0x7,nw_src=40.1.1.1 actions=drop
cookie=0x80287555, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,reg9=0/0x2,metadata=0x7,nw_src=30.1.1.255 actions=drop
cookie=0x8404f27d, duration=79156.682s, table=9, n_packets=0, n_bytes=0, priority=100,ip,reg9=0/0x2,metadata=0x7,nw_src=40.1.1.255 actions=drop
cookie=0x2f8b8135, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_dst=0.0.0.0/8 actions=drop
cookie=0x2f8b8135, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_dst=127.0.0.0/8 actions=drop
cookie=0x2f8b8135, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_src=0.0.0.0/8 actions=drop
cookie=0x2f8b8135, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_src=127.0.0.0/8 actions=drop
cookie=0x2f8b8135, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,nw_src=255.255.255.255 actions=drop
### 3、port-security配置额外生成,接收的源检查,保证vm port和ip+mac的一一对应关系。不对应的,在下面[8]中 drop
# 同时,目的vm的ip+mac的对应关系也会做检查,在 [36] 中
###
cookie=0xb7abc8b4, duration=88638.930s, table=9, n_packets=0, n_bytes=0, priority=90,ip,reg14=0x1,metadata=0x5,dl_src=fa:10:dd:1b:30:01,nw_src=30.1.1.11 actions=resubmit(,10)
cookie=0x4b18573, duration=88621.461s, table=9, n_packets=0, n_bytes=0, priority=90,ip,reg14=0x2,metadata=0x5,dl_src=fa:10:dd:1b:30:02,nw_src=30.1.1.12 actions=resubmit(,10)
cookie=0x78a7ca35, duration=87681.562s, table=9, n_packets=26, n_bytes=2548, priority=90,ip,reg14=0x1,metadata=0x6,dl_src=fa:10:dd:1b:40:01,nw_src=40.1.1.11 actions=resubmit(,10)
### 4、放开dhcp报文
cookie=0xde0e4e95, duration=88638.930s, table=9, n_packets=0, n_bytes=0, priority=90,udp,reg14=0x1,metadata=0x5,dl_src=fa:10:dd:1b:30:01,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=resubmit(,10)
cookie=0x5195c7cb, duration=88621.461s, table=9, n_packets=0, n_bytes=0, priority=90,udp,reg14=0x2,metadata=0x5,dl_src=fa:10:dd:1b:30:02,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=resubmit(,10)
cookie=0xc9447e1e, duration=87681.562s, table=9, n_packets=0, n_bytes=0, priority=90,udp,reg14=0x1,metadata=0x6,dl_src=fa:10:dd:1b:40:01,nw_src=0.0.0.0,nw_dst=255.255.255.255,tp_src=68,tp_dst=67 actions=resubmit(,10)
### 5、
# mac地址学习功能: === 针对的一些非托管的外部port,vm的port mac都是静态转发的
# 字面意思 reg0=arp_spa, eth_src=arp_sha, 送控制器处理{put_arp(inport, arp.spa, arp.sha))},恢复寄存器;userdata的前四个字节是opcode,这里是0x01,表示opcode是ACTION_OPCODE_PUT_ARP
# 这条流表需要和 [21] 配合理解,logic router确定了nexthop的转发端口,用get_arp action来查找nexthop的mac是否已经学习到(在table 66里面)。
# mac地址学习的流程是 20 --> 21 --> 5 --> 66
# logic router确定了nexthop的转发端口,用get_arp action[20]来查找nexthop的mac是否已经学习到(在table 66里面),如果没有在table 66 修改mac成功,会在 [21]中
# match dl_dst=00:00:00:00:00:00,控制器会从router转发端口广播一个arp request,logic switch会广播到它下的每一个端口,如果有arp应答,logic switch会回给logic router,
# logic router中会通过下面这条流表,执行put_arp action,学到 arp。ovn-controller会在MAC_Binding表里增加一行记录。ovn-controller收到MAC_Binding表的更新后,添加一条flow到table=66里面;
# 下次再走到 [20]的时候就能修改下一跳mac地址了。
# 至此流程结束
###
cookie=0x91fc8a10, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=90,arp,metadata=0x7,arp_op=2 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
### 6、网关地址的icmp代答,时刻注意,OVN的网关地址是逻辑的、不存在的,无法利用协议栈做任何事情,这里针对icmp做代答,模拟协议栈回icmp reply
### 包括下面的 [7]都是一个道理。
cookie=0x623d5347, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=90,icmp,metadata=0x7,nw_dst=30.1.1.1,icmp_type=8,icmp_code=0 actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,10)
cookie=0xd1ba4b16, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=90,icmp,metadata=0x7,nw_dst=40.1.1.1,icmp_type=8,icmp_code=0 actions=push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],load:0x1->NXM_NX_REG10[0],resubmit(,10)
### 7、router上网关地址的arp 代答,reg0=arp_spa, eth_src=arp_sha, reg15=2(出接口确认), reg10=1(arp代答)标记,这里也做了 put_arp处理,控制器学习源arp
cookie=0x732da042, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=90,arp,reg14=0x2,metadata=0x7,arp_spa=40.1.1.0/24,arp_tpa=40.1.1.1,arp_op=1 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:02:d4:1d:8c:40:01,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x2d41d8c4001->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x28010101->NXM_OF_ARP_SPA[],load:0x2->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0x220cae3f, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=90,arp,reg14=0x1,metadata=0x7,arp_spa=30.1.1.0/24,arp_tpa=30.1.1.1,arp_op=1 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:02:d4:1d:8c:30:01,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x2d41d8c3001->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x1e010101->NXM_OF_ARP_SPA[],load:0x1->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
### 8、ref [3],mac+ip不对应的 drop
cookie=0x3369cd66, duration=88638.930s, table=9, n_packets=0, n_bytes=0, priority=80,ip,reg14=0x1,metadata=0x5,dl_src=fa:10:dd:1b:30:01 actions=drop
cookie=0xc93aa93d, duration=88621.461s, table=9, n_packets=0, n_bytes=0, priority=80,ip,reg14=0x2,metadata=0x5,dl_src=fa:10:dd:1b:30:02 actions=drop
cookie=0x2852c9ee, duration=87681.563s, table=9, n_packets=0, n_bytes=0, priority=80,ip,reg14=0x1,metadata=0x6,dl_src=fa:10:dd:1b:40:01 actions=drop
### 9、其他来自 sw 的,非网关地址的arp request,上送控制器做 put_arp处理,控制器学习源arp。
# 注意,1. 这是在router上的处理,2. 一般vm的arp是不会走到的,他们已经在sw上做了代答了,在[23]中。到这里的都是些未知的port发出的
cookie=0xec3e3ecc, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=80,arp,reg14=0x2,metadata=0x7,arp_spa=40.1.1.0/24,arp_op=1 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
cookie=0xe8db4d6e, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=80,arp,reg14=0x1,metadata=0x7,arp_spa=30.1.1.0/24,arp_op=1 actions=push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
### ����������tcp�� �tcp_reset
### ��������udp����icmp Port Unreachable������� ��
### ����������ip���� Protocol Unreachable�������
### 10、如下是对到router网关的报文的处理,同[6][7]一个道理,网关地址是不存在的,为了更好的模拟协议栈,对tcp、udp、ip分别做了回复处理。
# tcp,构造tcp_reset 报文回复
# udp,构造icmp Port Unreachable������� 回复
# 其他ip,构造 icmp Protocol Unreachable���� ���回复
# 未匹配的全部drop,也就是说目的地址是网关的,到这里为止,出了icmp 和 arp request,全部丢弃
###
cookie=0x1bf2c714, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=80,tcp,metadata=0x7,nw_dst=30.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0b.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x7703c2e1, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=80,udp,metadata=0x7,nw_dst=30.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.00.19.00.10.80.00.26.01.03.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.03.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x881f5578, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=80,udp,metadata=0x7,nw_dst=40.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.00.19.00.10.80.00.26.01.03.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.03.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x5bcf8f33, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=80,tcp,metadata=0x7,nw_dst=40.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0b.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0xf7515999, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=70,ip,metadata=0x7,nw_dst=30.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.00.19.00.10.80.00.26.01.03.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.02.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0xf232f747, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=70,ip,metadata=0x7,nw_dst=40.1.1.1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.10.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.0e.04.00.20.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.10.04.00.20.00.00.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.00.19.00.10.80.00.26.01.03.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.02.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x6982c737, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=60,ip,metadata=0x7,nw_dst=30.1.1.1 actions=drop
cookie=0x760a445f, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=60,ip,metadata=0x7,nw_dst=40.1.1.1 actions=drop
### 11、router上的其他广播,丢弃。
cookie=0x72182bb2, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=50,metadata=0x7,dl_dst=ff:ff:ff:ff:ff:ff actions=drop
### 12、这里处理ttl={0,1}的报文,即不可达报文, 如果是非分片或分片首包,则由控制器构造 "icmp TTL equals 0 during transit�����������"报文回复,否则drop
### OVN做的真是细致。
cookie=0xdbd78f03, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=40,ip,reg14=0x1,metadata=0x7,nw_ttl=1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.00.0e.04.00.00.10.04.00.19.00.10.80.00.16.04.1e.01.01.01.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x6a19bf6a, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=40,ip,reg14=0x2,metadata=0x7,nw_ttl=0,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.00.0e.04.00.00.10.04.00.19.00.10.80.00.16.04.28.01.01.01.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0xdbd78f03, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=40,ip,reg14=0x1,metadata=0x7,nw_ttl=0,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.00.0e.04.00.00.10.04.00.19.00.10.80.00.16.04.1e.01.01.01.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x6a19bf6a, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=40,ip,reg14=0x2,metadata=0x7,nw_ttl=1,nw_frag=not_later actions=controller(userdata=00.00.00.0a.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1b.00.00.00.00.02.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.04.06.00.30.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.1c.00.00.00.00.02.06.00.30.00.00.00.00.00.00.00.19.00.10.80.00.26.01.0b.00.00.00.00.00.00.00.00.19.00.10.80.00.28.01.00.00.00.00.00.00.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.00.0e.04.00.00.10.04.00.19.00.10.80.00.16.04.28.01.01.01.00.00.00.00.00.19.00.10.00.01.3a.01.ff.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.0a.00.00.00)
cookie=0x57b1321d, duration=79156.684s, table=9, n_packets=0, n_bytes=0, priority=30,ip,metadata=0x7,nw_ttl=1 actions=drop
cookie=0x57b1321d, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=30,ip,metadata=0x7,nw_ttl=0 actions=drop
cookie=0x74b39f35, duration=96240.249s, table=9, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,10)
cookie=0x7c4115fa, duration=87681.563s, table=9, n_packets=1, n_bytes=42, priority=0,metadata=0x6 actions=resubmit(,10)
cookie=0x3846a8f1, duration=79156.683s, table=9, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,10)
### 13、logic sw中 vm发出的arp报文,next,这部分不包含请求网关的(其在[7]中已经代答),在下面 [23]中代答;其他未知的arp,drop
cookie=0xb8a417ee, duration=88638.930s, table=10, n_packets=0, n_bytes=0, priority=90,arp,reg14=0x1,metadata=0x5,dl_src=fa:10:dd:1b:30:01,arp_spa=30.1.1.11,arp_sha=fa:10:dd:1b:30:01 actions=resubmit(,11)
cookie=0x168bcf46, duration=88621.461s, table=10, n_packets=0, n_bytes=0, priority=90,arp,reg14=0x2,metadata=0x5,dl_src=fa:10:dd:1b:30:02,arp_spa=30.1.1.12,arp_sha=fa:10:dd:1b:30:02 actions=resubmit(,11)
cookie=0x4611c4a2, duration=87681.563s, table=10, n_packets=1, n_bytes=42, priority=90,arp,reg14=0x1,metadata=0x6,dl_src=fa:10:dd:1b:40:01,arp_spa=40.1.1.11,arp_sha=fa:10:dd:1b:40:01 actions=resubmit(,11)
cookie=0x334b415e, duration=88638.930s, table=10, n_packets=0, n_bytes=0, priority=80,arp,reg14=0x1,metadata=0x5 actions=drop
cookie=0x3cdad3cd, duration=88621.461s, table=10, n_packets=0, n_bytes=0, priority=80,arp,reg14=0x2,metadata=0x5 actions=drop
cookie=0x39a221b2, duration=87681.563s, table=10, n_packets=0, n_bytes=0, priority=80,arp,reg14=0x1,metadata=0x6 actions=drop
### next�next......
cookie=0xd72dc9ec, duration=96240.249s, table=10, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,11)
cookie=0x914db8cb, duration=87681.563s, table=10, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,11)
cookie=0x83a968d6, duration=79156.684s, table=10, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,11)
cookie=0x6637dd4d, duration=96240.249s, table=11, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,12)
cookie=0xaa003dd3, duration=87681.563s, table=11, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,12)
cookie=0x3bdef87, duration=79156.684s, table=11, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,12)
cookie=0x7d10478a, duration=96240.249s, table=12, n_packets=64, n_bytes=5760, priority=0,metadata=0x5 actions=resubmit(,13)
cookie=0x662de14f, duration=87681.563s, table=12, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,13)
cookie=0x2f100e98, duration=79156.683s, table=12, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,13)
#### 14、ct ��������相关,nat、安全组等功能,本节未做配置
cookie=0xb67c82a9, duration=96240.248s, table=13, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x1/0x1,metadata=0x5 actions=ct(table=14,zone=NXM_NX_REG13[0..15])
cookie=0x65cf352e, duration=87681.563s, table=13, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x1/0x1,metadata=0x6 actions=ct(table=14,zone=NXM_NX_REG13[0..15])
cookie=0xc621f835, duration=96240.248s, table=13, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,14)
cookie=0x1c44a08e, duration=87681.563s, table=13, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,14)
cookie=0x73bbe239, duration=79156.683s, table=13, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,14)
cookie=0x20417229, duration=96240.249s, table=14, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,15)
cookie=0x93196d05, duration=87681.563s, table=14, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,15)
cookie=0x416e25d5, duration=79156.683s, table=14, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,15)
### 15、逻辑路由器上转发到vm的报文,为转发修改报文,同内核协议栈一样,这里先修改ttl 和 smac {ttl--, eth.src = 02:d4:1d:8c:40:01}�,在[16]中修改dmac
# reg0=XXREG0[96..127]=ip4.dst, reg1=XXREG0[64..95]={40.1.1.1, }, reg15=2(output:rt-400-port,确认了转发出接口), reg10=1(标记着什么??)
###
cookie=0xcf105cd3, duration=79156.684s, table=15, n_packets=0, n_bytes=0, priority=49,ip,metadata=0x7,nw_dst=40.1.1.0/24 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0x28010101->NXM_NX_XXREG0[64..95],mod_dl_src:02:d4:1d:8c:40:01,load:0x2->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,16)
cookie=0x448ecdcd, duration=79156.683s, table=15, n_packets=0, n_bytes=0, priority=49,ip,metadata=0x7,nw_dst=30.1.1.0/24 actions=dec_ttl(),move:NXM_OF_IP_DST[]->NXM_NX_XXREG0[96..127],load:0x1e010101->NXM_NX_XXREG0[64..95],mod_dl_src:02:d4:1d:8c:30:01,load:0x1->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,16)
cookie=0x4e4c046f, duration=96240.249s, table=15, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,16)
cookie=0x5573d398, duration=87681.563s, table=15, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,16)
### 16、router转发到vm的报文,[15] 中修改了ttl 和 smac,这里修改dmac,switch中的流量next
cookie=0x2787315d, duration=79156.684s, table=16, n_packets=0, n_bytes=0, priority=100,reg0=0x1e01010b,reg15=0x1,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:30:01,resubmit(,17)
cookie=0x470cf565, duration=79156.683s, table=16, n_packets=0, n_bytes=0, priority=100,reg0=0x1e01010c,reg15=0x1,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:30:02,resubmit(,17)
cookie=0x1ba0dfc4, duration=195.495s, table=16, n_packets=2, n_bytes=196, priority=100,reg0=0x2801010b,reg15=0x2,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:40:01,resubmit(,17)
cookie=0x836944c, duration=195.495s, table=16, n_packets=0, n_bytes=0, priority=100,reg0=0x2801010c,reg15=0x2,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:40:02,resubmit(,17)
### 17、交换机中的则不需要做报文修改
cookie=0xaba0fff5, duration=96240.249s, table=16, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,17)
cookie=0xd09ca65e, duration=87681.563s, table=16, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,17)
### =========== 这里转发完成,确认了出接口,修改了ttl、smac、dmac,下面涉及转发后的操作
### 20、ref [5],router上的ip报文,设置reg0=ip4.dst(更广泛的来说是下一跳地址,直连的才是dst,但直连的在上面 [16] [17] 中已经转到 table17了,不会走到这里),
# 设置 dmac=00:00:00:00:00:00, 然后去table66修改dmac,恢复reg0,next到table17,走到这里的都不会是到vm的流量,一般是下一跳不在系统管理的,如去公网的流量
###
cookie=0xd5478283, duration=79156.683s, table=16, n_packets=0, n_bytes=0, priority=0,ip,metadata=0x7 actions=push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_REG0[],mod_dl_dst:00:00:00:00:00:00,resubmit(,66),pop:NXM_NX_REG0[],resubmit(,17)
cookie=0xc81907db, duration=96240.249s, table=17, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,18)
cookie=0xa472f92f, duration=87681.562s, table=17, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,18)
cookie=0x2f7d5364, duration=79156.683s, table=17, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,18)
cookie=0xe1bbed5a, duration=96240.249s, table=18, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x2/0x2,metadata=0x5 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,19)
cookie=0xb6359085, duration=87681.562s, table=18, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x2/0x2,metadata=0x6 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,19)
cookie=0xf049421, duration=96240.249s, table=18, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x4/0x4,metadata=0x5 actions=ct(table=19,zone=NXM_NX_REG13[0..15],nat)
cookie=0x80c13bc3, duration=87681.563s, table=18, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x4/0x4,metadata=0x6 actions=ct(table=19,zone=NXM_NX_REG13[0..15],nat)
### 21、ref [5],接[20]的处理,如果没有在table 66 修改mac成功,match dl_dst=00:00:00:00:00:00,控制器会从router转发端口广播一个arp request,
# logic switch会广播到它下的每一个端口,如果有arp应答,logic switch会回给logic router,logic router中会通过上面 [5] 中table=9中的的流表,执行put_arp action,学到 arp
# ovn-controller会在MAC_Binding表里增加一行记录。ovn-controller收到MAC_Binding表的更新后,添加一条flow到table=66里面。至此流程结束
###
cookie=0xb22051f5, duration=79156.683s, table=18, n_packets=0, n_bytes=0, priority=100,ip,metadata=0x7,dl_dst=00:00:00:00:00:00 actions=controller(userdata=00.00.00.00.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.40.00.00.00.01.de.10.00.00.20.04.ff.ff.00.18.00.00.23.20.00.06.00.20.00.60.00.00.00.01.de.10.00.00.22.04.00.19.00.10.80.00.2a.02.00.01.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.20.00.00.00)
cookie=0x85b83e9e, duration=96240.248s, table=18, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,19)
cookie=0x3aea55a, duration=87681.563s, table=18, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,19)
cookie=0x91155207, duration=79156.683s, table=18, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,32)
### 22、vm的免费arp,自己请求自己
cookie=0x72936dc6, duration=96240.249s, table=19, n_packets=0, n_bytes=0, priority=100,arp,reg14=0x1,metadata=0x5,arp_tpa=30.1.1.11,arp_op=1 actions=resubmit(,20)
cookie=0xaefc1cee, duration=96239.640s, table=19, n_packets=0, n_bytes=0, priority=100,arp,reg14=0x2,metadata=0x5,arp_tpa=30.1.1.12,arp_op=1 actions=resubmit(,20)
cookie=0xe68a53e9, duration=87681.563s, table=19, n_packets=0, n_bytes=0, priority=100,arp,reg14=0x1,metadata=0x6,arp_tpa=40.1.1.11,arp_op=1 actions=resubmit(,20)
### 23、vm的arp代答
cookie=0xeeeb1de0, duration=96240.248s, table=19, n_packets=3, n_bytes=126, priority=50,arp,metadata=0x5,arp_tpa=30.1.1.11,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:10:dd:1b:30:01,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xfa10dd1b3001->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x1e01010b->NXM_OF_ARP_SPA[],move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0x245a45e8, duration=96239.640s, table=19, n_packets=5, n_bytes=210, priority=50,arp,metadata=0x5,arp_tpa=30.1.1.12,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:10:dd:1b:30:02,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xfa10dd1b3002->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x1e01010c->NXM_OF_ARP_SPA[],move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0xdd75a2a3, duration=87681.562s, table=19, n_packets=0, n_bytes=0, priority=50,arp,metadata=0x6,arp_tpa=40.1.1.11,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:10:dd:1b:40:01,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xfa10dd1b4001->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x2801010b->NXM_OF_ARP_SPA[],move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0x590e4150, duration=87669.756s, table=19, n_packets=1, n_bytes=42, priority=50,arp,metadata=0x6,arp_tpa=40.1.1.12,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:10:dd:1b:40:02,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xfa10dd1b4002->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x2801010c->NXM_OF_ARP_SPA[],move:NXM_NX_REG14[]->NXM_NX_REG15[],load:0x1->NXM_NX_REG10[0],resubmit(,32)
cookie=0x777b5126, duration=96240.249s, table=19, n_packets=64, n_bytes=6016, priority=0,metadata=0x5 actions=resubmit(,20)
cookie=0xa95d6fb7, duration=87681.563s, table=19, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,20)
cookie=0x48696989, duration=96240.249s, table=20, n_packets=64, n_bytes=6016, priority=0,metadata=0x5 actions=resubmit(,21)
cookie=0x5f224fab, duration=87681.562s, table=20, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,21)
cookie=0xc412ee7, duration=96240.248s, table=21, n_packets=64, n_bytes=6016, priority=0,metadata=0x5 actions=resubmit(,22)
cookie=0xf05391c6, duration=87681.563s, table=21, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,22)
cookie=0xb49e92fc, duration=96240.249s, table=22, n_packets=64, n_bytes=6016, priority=0,metadata=0x5 actions=resubmit(,23)
cookie=0x3746f497, duration=87681.562s, table=22, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,23)
cookie=0x7d948f61, duration=96240.249s, table=23, n_packets=64, n_bytes=6016, priority=0,metadata=0x5 actions=resubmit(,24)
cookie=0xe1515175, duration=87681.563s, table=23, n_packets=26, n_bytes=2548, priority=0,metadata=0x6 actions=resubmit(,24)
### 24、logic sw中的 组播、广播mac地址,设置reg15=0xffff(所有接口),走table32发送
cookie=0xb077ce92, duration=96240.249s, table=24, n_packets=16, n_bytes=1312, priority=100,metadata=0x5,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=load:0xffff->NXM_NX_REG15[],resubmit(,32)
cookie=0x3aee71af, duration=87681.562s, table=24, n_packets=0, n_bytes=0, priority=100,metadata=0x6,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=load:0xffff->NXM_NX_REG15[],resubmit(,32)
### 25、logic sw中,去往具体的vm mac的报文,设置出接口(reg15),走table32发送
cookie=0x8cfc69ef, duration=96240.249s, table=24, n_packets=24, n_bytes=2352, priority=50,metadata=0x5,dl_dst=fa:10:dd:1b:30:01 actions=load:0x1->NXM_NX_REG15[],resubmit(,32)
cookie=0x1326bb75, duration=96240.249s, table=24, n_packets=24, n_bytes=2352, priority=50,metadata=0x5,dl_dst=fa:10:dd:1b:30:02 actions=load:0x2->NXM_NX_REG15[],resubmit(,32)
cookie=0xa9d9de34, duration=87681.563s, table=24, n_packets=26, n_bytes=2548, priority=50,metadata=0x6,dl_dst=fa:10:dd:1b:40:02 actions=load:0x2->NXM_NX_REG15[],resubmit(,32)
cookie=0xbac6e0e1, duration=87681.563s, table=24, n_packets=0, n_bytes=0, priority=50,metadata=0x6,dl_dst=fa:10:dd:1b:40:01 actions=load:0x1->NXM_NX_REG15[],resubmit(,32)
### 26、logic sw中,去往网关 mac的报文,设置出接口(reg15),走table32发送
cookie=0x1628cdab, duration=79156.688s, table=24, n_packets=0, n_bytes=0, priority=50,metadata=0x5,dl_dst=02:d4:1d:8c:30:01 actions=load:0x3->NXM_NX_REG15[],resubmit(,32)
cookie=0xc613bcbf, duration=79156.670s, table=24, n_packets=0, n_bytes=0, priority=50,metadata=0x6,dl_dst=02:d4:1d:8c:40:01 actions=load:0x3->NXM_NX_REG15[],resubmit(,32)
### 27、reg10的这两个标记暂时没看到,可能其他功能标记,后续补充
cookie=0x0, duration=279153.636s, table=32, n_packets=0, n_bytes=0, priority=150,reg10=0x10/0x10 actions=resubmit(,33)
cookie=0x0, duration=279153.636s, table=32, n_packets=0, n_bytes=0, priority=150,reg10=0x2/0x2 actions=resubmit(,33)
### 28、ref[1] 跨主机流量,sw-400上的0x2的接口在另一台主机上,这里将sw_400的Datapath key作为tunnel id,
# 出接口(sw-400-port-vm2)作为tun_metadata0(NXM_NX_TUN_METADATA0[0..15]),
# 入接口作为 NXM_NX_TUN_METADATA0[16..30] 封装到tunnel头中,再走tunnel发送
###
cookie=0x0, duration=87669.758s, table=32, n_packets=26, n_bytes=2548, priority=100,reg15=0x2,metadata=0x6 actions=load:0x6->NXM_NX_TUN_ID[0..23],set_field:0x2->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:"ovn-ba702e-0"
### 29、跨主机流量,广播+组播,是要clone发送所有port的,但需要先经过table34检查是否是合法同接口进出,合法的,就会再走 [31][33] 在被检查的port上发送一份。
# 这里是向路由口发一份,然后next 到 table33,在table33中会再次往vm接口中发送;
# 其中sw-400中由于在其他主机也有vm所有会发一份到跨主机tunnel中
###
cookie=0x0, duration=79156.688s, table=32, n_packets=0, n_bytes=0, priority=100,reg15=0xffff,metadata=0x5 actions=load:0x3->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[],resubmit(,33)
cookie=0x0, duration=87669.758s, table=32, n_packets=0, n_bytes=0, priority=100,reg15=0xffff,metadata=0x6 actions=load:0x3->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[],load:0x6->NXM_NX_TUN_ID[0..23],set_field:0xffff->tun_metadata0,move:NXM_NX_REG14[0..14]->NXM_NX_TUN_METADATA0[16..30],output:"ovn-ba702e-0",resubmit(,33)
cookie=0x0, duration=279153.636s, table=32, n_packets=116, n_bytes=10048, priority=0 actions=resubmit(,33)
### 30、table33,nat部分,sw发向 vm的流,设置dnat、snat、ct的zone,发往router以及router本身的流量都没有设置ct zone
### 31、sw中,单播流量next到table34。广播流量,复制到所有的vm接口(经过table34检查是否是合法同接口进出后才会真正发出[33])发送,
cookie=0x0, duration=96240.250s, table=33, n_packets=29, n_bytes=2562, priority=100,reg15=0x1,metadata=0x5 actions=load:0x1->NXM_NX_REG13[],load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, duration=96240.249s, table=33, n_packets=16, n_bytes=1312, priority=100,reg15=0xffff,metadata=0x5 actions=load:0x1->NXM_NX_REG13[],load:0x1->NXM_NX_REG15[],resubmit(,34),load:0x4->NXM_NX_REG13[],load:0x2->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[]
cookie=0x0, duration=96239.640s, table=33, n_packets=27, n_bytes=2478, priority=100,reg15=0x2,metadata=0x5 actions=load:0x4->NXM_NX_REG13[],load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, duration=87681.565s, table=33, n_packets=27, n_bytes=2590, priority=100,reg15=0x1,metadata=0x6 actions=load:0x5->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x7->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, duration=87681.562s, table=33, n_packets=0, n_bytes=0, priority=100,reg15=0xffff,metadata=0x6 actions=load:0x5->NXM_NX_REG13[],load:0x1->NXM_NX_REG15[],resubmit(,34),load:0xffff->NXM_NX_REG15[]
cookie=0x0, duration=79156.688s, table=33, n_packets=0, n_bytes=0, priority=100,reg15=0x1,metadata=0x7 actions=load:0x8->NXM_NX_REG11[],load:0x9->NXM_NX_REG12[],resubmit(,34)
### 这两个流表完全一样???
cookie=0x0, duration=132318.613s, table=33, n_packets=7, n_bytes=630, priority=100,reg15=0x3,metadata=0x5 actions=load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, duration=79156.688s, table=33, n_packets=0, n_bytes=0, priority=100,reg15=0x3,metadata=0x5 actions=load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],resubmit(,34)
cookie=0x0, duration=79156.670s, table=33, n_packets=0, n_bytes=0, priority=100, reg15=0x3,metadata=0x6 actions=load:0x6->NXM_NX_REG11[],load:0x7->NXM_NX_REG12[],resubmit(,34)
### 32、除了打标记的代答报文等,能够从入接口发包,其他drop
cookie=0x0, duration=96240.250s, table=34, n_packets=8, n_bytes=656, priority=100,reg10=0/0x1,reg14=0x1,reg15=0x1,metadata=0x5 actions=drop
cookie=0x0, duration=96239.640s, table=34, n_packets=8, n_bytes=656, priority=100,reg10=0/0x1,reg14=0x2,reg15=0x2,metadata=0x5 actions=drop
cookie=0x0, duration=87681.565s, table=34, n_packets=0, n_bytes=0, priority=100,reg10=0/0x1,reg14=0x1,reg15=0x1,metadata=0x6 actions=drop
cookie=0x0, duration=79156.688s, table=34, n_packets=0, n_bytes=0, priority=100,reg10=0/0x1,reg14=0x1,reg15=0x1,metadata=0x7 actions=drop
cookie=0x0, duration=79156.688s, table=34, n_packets=0, n_bytes=0, priority=100,reg10=0/0x1,reg14=0x3,reg15=0x3,metadata=0x5 actions=drop
cookie=0x0, duration=132318.595s, table=34, n_packets=12, n_bytes=504, priority=100,reg10=0/0x1,reg14=0x3,reg15=0x3,metadata=0x6 actions=drop
cookie=0x0, duration=79156.670s, table=34, n_packets=0, n_bytes=0, priority=100,reg10=0/0x1,reg14=0x3,reg15=0x3,metadata=0x6 actions=drop
### 33、没有drop的,在这里清空了0~9寄存器
cookie=0x0, duration=279153.636s, table=34, n_packets=144, n_bytes=12680, priority=0 actions=load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],resubmit(,40)
cookie=0xa9ce7962, duration=96240.249s, table=40, n_packets=64, n_bytes=5760, priority=0,metadata=0x5 actions=resubmit(,41)
cookie=0x52b09533, duration=87681.563s, table=40, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,41)
cookie=0x6d6f641e, duration=79156.683s, table=40, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,41)
cookie=0x994d4ef5, duration=96240.249s, table=41, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,42)
cookie=0xdd4931f, duration=87681.563s, table=41, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,42)
cookie=0x8ab720d1, duration=79156.683s, table=41, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,42)
### reg0=0x1/0x1暂时没用到,后面配置nat的时候应该会涉及
cookie=0xa72ee3d0, duration=96240.248s, table=42, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x1/0x1,metadata=0x5 actions=ct(table=43,zone=NXM_NX_REG13[0..15])
cookie=0xeba5cabc, duration=87681.563s, table=42, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x1/0x1,metadata=0x6 actions=ct(table=43,zone=NXM_NX_REG13[0..15])
cookie=0x9a697c9c, duration=96240.249s, table=42, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,43)
cookie=0x13706991, duration=87681.563s, table=42, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,43)
cookie=0x20cb6482, duration=79156.683s, table=42, n_packets=0, n_bytes=0, priority=0,metadata=0x7 actions=resubmit(,43)
### 34、router上,发送流程直接next 到64,都是ct流程
cookie=0x7ad6517b, duration=79156.683s, table=43, n_packets=0, n_bytes=0, priority=100,reg15=0x1,metadata=0x7 actions=resubmit(,64)
cookie=0x98f146e0, duration=79156.683s, table=43, n_packets=0, n_bytes=0, priority=100,reg15=0x2,metadata=0x7 actions=resubmit(,64)
cookie=0x68cab2f4, duration=96240.249s, table=43, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,44)
cookie=0xa5308219, duration=87681.563s, table=43, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,44)
cookie=0x8f1c32ec, duration=96240.249s, table=44, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,45)
cookie=0xc5868361, duration=87681.562s, table=44, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,45)
cookie=0x50958557, duration=96240.249s, table=45, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,46)
cookie=0x99f2218d, duration=87681.563s, table=45, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,46)
cookie=0x8f5a5285, duration=96240.248s, table=46, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,47)
cookie=0x907800bc, duration=87681.562s, table=46, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,47)
### 35、nat流程后续补充(reg0未设置)
cookie=0x3520b159, duration=96240.249s, table=47, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x4/0x4,metadata=0x5 actions=ct(table=48,zone=NXM_NX_REG13[0..15],nat)
cookie=0xfe7abc9d, duration=87681.563s, table=47, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x4/0x4,metadata=0x6 actions=ct(table=48,zone=NXM_NX_REG13[0..15],nat)
cookie=0xbb7c7ac2, duration=96240.249s, table=47, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x2/0x2,metadata=0x5 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,48)
cookie=0xffe556b2, duration=87681.563s, table=47, n_packets=0, n_bytes=0, priority=100,ip,reg0=0x2/0x2,metadata=0x6 actions=ct(commit,zone=NXM_NX_REG13[0..15],exec(load:0->NXM_NX_CT_LABEL[0])),resubmit(,48)
cookie=0xbec85c39, duration=96240.249s, table=47, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,48)
cookie=0xccc89929, duration=87681.563s, table=47, n_packets=27, n_bytes=2590, priority=0,metadata=0x6 actions=resubmit(,48)
### 36、这里应该是port-security 功能触发的流表,对流入vm的 目的mac+ip做检查,流出是在 [3]中完成
cookie=0xc44012d6, duration=88638.930s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01,nw_dst=30.1.1.11 actions=resubmit(,49)
cookie=0xc44012d6, duration=88638.930s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01,nw_dst=30.1.1.255 actions=resubmit(,49)
cookie=0xc44012d6, duration=88638.930s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01,nw_dst=255.255.255.255 actions=resubmit(,49)
cookie=0xaa43bcf0, duration=88621.461s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02,nw_dst=30.1.1.12 actions=resubmit(,49)
cookie=0xaa43bcf0, duration=88621.461s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02,nw_dst=30.1.1.255 actions=resubmit(,49)
cookie=0xaa43bcf0, duration=88621.461s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02,nw_dst=255.255.255.255 actions=resubmit(,49)
cookie=0xa0296c2b, duration=87681.563s, table=48, n_packets=26, n_bytes=2548, priority=90,ip,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01,nw_dst=40.1.1.11 actions=resubmit(,49)
cookie=0xa0296c2b, duration=87681.563s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01,nw_dst=255.255.255.255 actions=resubmit(,49)
cookie=0xa0296c2b, duration=87681.562s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01,nw_dst=40.1.1.255 actions=resubmit(,49)
cookie=0xc44012d6, duration=88638.930s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01,nw_dst=224.0.0.0/4 actions=resubmit(,49)
cookie=0xaa43bcf0, duration=88621.461s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02,nw_dst=224.0.0.0/4 actions=resubmit(,49)
cookie=0xa0296c2b, duration=87681.562s, table=48, n_packets=0, n_bytes=0, priority=90,ip,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01,nw_dst=224.0.0.0/4 actions=resubmit(,49)
cookie=0x5aba29f3, duration=88638.930s, table=48, n_packets=0, n_bytes=0, priority=80,ip,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01 actions=drop
cookie=0x9ee46441, duration=88621.461s, table=48, n_packets=0, n_bytes=0, priority=80,ip,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02 actions=drop
cookie=0x8545cdd2, duration=87681.562s, table=48, n_packets=0, n_bytes=0, priority=80,ip,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01 actions=drop
cookie=0xb346c480, duration=96240.249s, table=48, n_packets=72, n_bytes=6352, priority=0,metadata=0x5 actions=resubmit(,49)
cookie=0xf7f294f, duration=87681.563s, table=48, n_packets=1, n_bytes=42, priority=0,metadata=0x6 actions=resubmit(,49)
cookie=0xf47b1c4f, duration=96240.248s, table=49, n_packets=16, n_bytes=1312, priority=100,metadata=0x5,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,64)
cookie=0xcfd2ac11, duration=87681.563s, table=49, n_packets=0, n_bytes=0, priority=100,metadata=0x6,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,64)
cookie=0x9ac968ff, duration=88638.930s, table=49, n_packets=0, n_bytes=0, priority=50,reg15=0x1,metadata=0x5,dl_dst=fa:10:dd:1b:30:01 actions=resubmit(,64)
cookie=0xb72767c4, duration=88621.461s, table=49, n_packets=0, n_bytes=0, priority=50,reg15=0x2,metadata=0x5,dl_dst=fa:10:dd:1b:30:02 actions=resubmit(,64)
cookie=0xb50a1d6e, duration=87681.563s, table=49, n_packets=27, n_bytes=2590, priority=50,reg15=0x1,metadata=0x6,dl_dst=fa:10:dd:1b:40:01 actions=resubmit(,64)
cookie=0x6b1a23ee, duration=79156.688s, table=49, n_packets=0, n_bytes=0, priority=50,reg15=0x3,metadata=0x5 actions=resubmit(,64)
cookie=0x7155a145, duration=79156.670s, table=49, n_packets=0, n_bytes=0, priority=50,reg15=0x3,metadata=0x6 actions=resubmit(,64)
### 37、清空IN_PORT后,转table65发送,恢复IN_PORT
cookie=0x0, duration=96240.250s, table=64, n_packets=5, n_bytes=210, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x5 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=96239.640s, table=64, n_packets=3, n_bytes=126, priority=100,reg10=0x1/0x1,reg15=0x2,metadata=0x5 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=87681.565s, table=64, n_packets=1, n_bytes=42, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x6 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=79156.688s, table=64, n_packets=0, n_bytes=0, priority=100,reg10=0x1/0x1,reg15=0x3,metadata=0x5 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=79156.688s, table=64, n_packets=0, n_bytes=0, priority=100,reg10=0x1/0x1,reg15=0x1,metadata=0x7 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=79156.670s, table=64, n_packets=0, n_bytes=0, priority=100,reg10=0x1/0x1,reg15=0x3,metadata=0x6 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=195.496s, table=64, n_packets=3, n_bytes=238, priority=100,reg10=0x1/0x1,reg15=0x2,metadata=0x7 actions=push:NXM_OF_IN_PORT[],load:0->NXM_OF_IN_PORT[],resubmit(,65),pop:NXM_OF_IN_PORT[]
cookie=0x0, duration=279153.636s, table=64, n_packets=120, n_bytes=11056, priority=0 actions=resubmit(,65)
### 38、table65就是所有跑到终点的报文的终点站,根据datapath+outport标识,从对应ovs接口发出,注意这里都是通往本机器vm的流量,去往其他主机的都在 [28][29]中从tunnel口发出了
cookie=0x0, duration=96240.250s, table=65, n_packets=37, n_bytes=3218, priority=100,reg15=0x1,metadata=0x5 actions=output:"sw-300-port-vm1"
cookie=0x0, duration=96239.640s, table=65, n_packets=35, n_bytes=3134, priority=100,reg15=0x2,metadata=0x5 actions=output:"sw-300-port-vm2"
cookie=0x0, duration=87681.565s, table=65, n_packets=27, n_bytes=2590, priority=100,reg15=0x1,metadata=0x6 actions=output:"sw-400-port-vm1"
### 测试nat的时候补充
cookie=0x0, duration=213968.582s, table=65, n_packets=9, n_bytes=714, priority=100,reg15=0x3,metadata=0x5 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x8->NXM_NX_REG11[],load:0x9->NXM_NX_REG12[],load:0x7->OXM_OF_METADATA[],load:0x1->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,8))
cookie=0x0, duration=213968.582s, table=65, n_packets=9, n_bytes=714, priority=100,reg15=0x1,metadata=0x7 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x2->NXM_NX_REG11[],load:0x3->NXM_NX_REG12[],load:0x5->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,8))
cookie=0x0, duration=213968.564s, table=65, n_packets=15, n_bytes=742, priority=100,reg15=0x3,metadata=0x6 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x8->NXM_NX_REG11[],load:0x9->NXM_NX_REG12[],load:0x7->OXM_OF_METADATA[],load:0x2->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,8))
cookie=0x0, duration=81845.465s, table=65, n_packets=3, n_bytes=238, priority=100,reg15=0x2,metadata=0x7 actions=clone(ct_clear,load:0->NXM_NX_REG11[],load:0->NXM_NX_REG12[],load:0->NXM_NX_REG13[],load:0x6->NXM_NX_REG11[],load:0x7->NXM_NX_REG12[],load:0x6->OXM_OF_METADATA[],load:0x3->NXM_NX_REG14[],load:0->NXM_NX_REG10[],load:0->NXM_NX_REG15[],load:0->NXM_NX_REG0[],load:0->NXM_NX_REG1[],load:0->NXM_NX_REG2[],load:0->NXM_NX_REG3[],load:0->NXM_NX_REG4[],load:0->NXM_NX_REG5[],load:0->NXM_NX_REG6[],load:0->NXM_NX_REG7[],load:0->NXM_NX_REG8[],load:0->NXM_NX_REG9[],load:0->NXM_OF_IN_PORT[],resubmit(,8))
### 39、作用是为非系统管理nexthop修改下一跳mac, 见[5],mac地址学习流程。
cookie=0x0, duration=679.005s, table=66, n_packets=0, n_bytes=0, priority=100,reg0=0x1e01010b,reg15=0x1,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:30:01
cookie=0x0, duration=650.303s, table=66, n_packets=0, n_bytes=0, priority=100,reg0=0x1e01010c,reg15=0x1,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:30:02
cookie=0x0, duration=157.431s, table=66, n_packets=0, n_bytes=0, priority=100,reg0=0x2801010b,reg15=0x2,metadata=0x7 actions=mod_dl_dst:fa:10:dd:1b:40:01