时间戳

首页 > 解决方案 > 多个 IP 地址源的 ovs 流规则

openflow - 多个 IP 地址源的 ovs 流规则

问题描述

我有一个需要将多个 IP-Address:Port 映射到同一主机的站。例如; host1 10.11.2.9:80 可以暴露给 vip1 10.107.140.192:8800 和 vip2 192.168.30.12:31801。以下流规则显示了 IP 映射。

cookie=0x0, duration=8899.921s, table=0, n_packets=16, n_bytes=1184, priority=100,tcp,nw_dst=10.107.140.192,tp_dst=8800 actions=mod_dl_dst:72:33:3d:ba:b1:8b,mod_nw_dst:10.11.2.9,mod_tp_dst:80,output:vethc803d85e
cookie=0x0, duration=8899.921s, table=0, n_packets=21, n_bytes=1397, priority=100,tcp,nw_dst=192.168.30.12,tp_dst=31801 actions=mod_dl_dst:72:33:3d:ba:b1:8b,mod_nw_dst:10.11.2.9,mod_tp_dst:80,output:vethc803d85e

当我设置相反的流规则以将流量发回如下时我的问题

cookie=0x0, duration=8899.921s, table=0, n_packets=14, n_bytes=1259, priority=100,tcp,nw_src=10.11.2.9,tp_src=80 actions=mod_dl_src:72:33:3d:ba:b1:8b,mod_nw_src:192.168.30.12,mod_tp_src:31801,NORMAL

如何区分目的地 IP-Address 之间的相反流规则?

标签: openflow

解决方案

Don't know whether the question is still relevant. IMO you have to implement the FIB (routing table) in OVS. For example, if the 2 VIF interfaces were regular IP interfaces, how would the OS determine via which interface? According to the routing table, for example:

$ip r
0.0.0.0/0 via 10.107.140.254 dev eth0
10.107.140.0/24 dev eth0
192.168.30.0/24 dev eth1

According to the OVS documentation, you can add OF rules to match DST IP with mask:

ovs-ofctl add-flow <bridge> dl_type=<ethernet type>,nw_dst=ip[/netmask],actions=<action>

Therefore, you need to add at least 3 rules (local subnet of VIF1, local subnet of VIF2, default gateway), similar to the output of ip r above.

推荐阅读