[ovs-dev] [PATCH] ovn: improve OVN tutorial.

Ben Pfaff blp at ovn.org
Mon Jul 4 21:31:17 UTC 2016 

Russell, would you mind reviewing this?

On Mon, Jul 04, 2016 at 08:03:49AM -0700, Ben Pfaff wrote:
> From: nickcooper-zhangtonghao <nickcooper-zhangtonghao at opencloud.tech>
> 
> Improve the tutorial of the basic OVN features. The addresses and port_security
> columns of the logical port is described in more detail.
> 
> Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao at opencloud.tech>
> ---
>  tutorial/OVN-Tutorial.md                   | 36 ++++++++++++++++++++++++++++++
>  tutorial/automake.mk                       |  4 ++++
>  tutorial/ovn/env1/add-security-ip-ports.sh | 25 +++++++++++++++++++++
>  tutorial/ovn/env1/add-unknown-ports.sh     | 25 +++++++++++++++++++++
>  tutorial/ovn/env1/packet3.sh               | 19 ++++++++++++++++
>  tutorial/ovn/env1/packet4.sh               | 19 ++++++++++++++++
>  6 files changed, 128 insertions(+)
>  create mode 100755 tutorial/ovn/env1/add-security-ip-ports.sh
>  create mode 100755 tutorial/ovn/env1/add-unknown-ports.sh
>  create mode 100755 tutorial/ovn/env1/packet3.sh
>  create mode 100755 tutorial/ovn/env1/packet4.sh
> 
> diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md
> index 811224d..0c3620e 100644
> --- a/tutorial/OVN-Tutorial.md
> +++ b/tutorial/OVN-Tutorial.md
> @@ -221,6 +221,38 @@ that it is output to both ports `2` and `3`.
>  
>      $ ovn/env1/packet2.sh
>  
> +The logical port may have an unknown set of Ethernet addresses.  When an OVN logical
> +switch processes a unicast Ethernet frame whose destination MAC address is not in any 
> +logical port’s addresses column, it delivers it to the port (or ports) whose addresses 
> +columns include unknown.
> +
> +[View ovn/env1/add-unknown-ports.sh][env1unknownports].
> +
> +    $ ovn/env1/add-unknown-ports.sh
> +
> +This trace shows a packet from `sw0-port1` to `sw0-port4`, `sw0-port5` whose addresses
> +columns include unknown.  You will see that it is output to both ports `4` and `5`.
> +
> +[View ovn/env1/packet3.sh][env1packet3].
> +
> +    $ ovn/env1/packet3.sh
> +
> +The logical port would restrict the host to sending packets from and receiving packets
> +to the ethernet addresses defined in the logical port’s port_security column.
> +In addition to the restrictions described for Ethernet addresses above, such an element
> +of port_security restricts the IPv4 or IPv6 addresses from which the host may send and
> +to which it may receive packets to the specified addresses. 
> +
> +[View ovn/env1/add-security-ip-ports.sh][env1securityport].
> +
> +    $ ovn/env1/add-security-ip-ports.sh
> +
> +This trace shows a packet from `sw0-port6` to `sw0-port7`.
> +
> +[View ovn/env1/packet4.sh][env1packet4].
> +
> +    $ ovn/env1/packet4.sh
> +
>  2) 2 switches, 4 ports
>  ----------------------
>  
> @@ -867,6 +899,10 @@ hypervisors. Please see the tutorial 3 above.
>  [env1packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet1.sh
>  [env1packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet2.sh
>  [env1thirdport]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/add-third-port.sh
> +[env1unknownports]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-unknown-ports.sh
> +[env1securityport]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-security-ip-ports.sh
> +[env1packet3]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet3.sh
> +[env1packet4]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet4.sh
>  [env2setup]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/setup.sh
>  [env2packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet1.sh
>  [env2packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet2.sh
> diff --git a/tutorial/automake.mk b/tutorial/automake.mk
> index 7e835f2..5e0d868 100644
> --- a/tutorial/automake.mk
> +++ b/tutorial/automake.mk
> @@ -12,7 +12,11 @@ EXTRA_DIST += \
>  	tutorial/ovn/env1/setup.sh \
>  	tutorial/ovn/env1/packet1.sh \
>  	tutorial/ovn/env1/packet2.sh \
> +	tutorial/ovn/env1/packet3.sh \
> +	tutorial/ovn/env1/packet4.sh \
>  	tutorial/ovn/env1/add-third-port.sh \
> +	tutorial/ovn/env1/add-unknown-ports.sh \
> +	tutorial/ovn/env1/add-security-ip-ports.sh \
>  	tutorial/ovn/env2/setup.sh \
>  	tutorial/ovn/env2/packet1.sh \
>  	tutorial/ovn/env2/packet2.sh \
> diff --git a/tutorial/ovn/env1/add-security-ip-ports.sh b/tutorial/ovn/env1/add-security-ip-ports.sh
> new file mode 100755
> index 0000000..5be1528
> --- /dev/null
> +++ b/tutorial/ovn/env1/add-security-ip-ports.sh
> @@ -0,0 +1,25 @@
> +#!/bin/bash
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +#
> +
> +set -o xtrace
> +
> +ovn-nbctl lsp-add sw0 sw0-port6
> +ovn-nbctl lsp-add sw0 sw0-port7
> +ovn-nbctl lsp-set-addresses sw0-port6 "00:00:00:00:00:06"
> +ovn-nbctl lsp-set-addresses sw0-port7 "00:00:00:00:00:07"
> +ovn-nbctl lsp-set-port-security sw0-port6 00:00:00:00:00:06 192.168.1.10/24
> +ovn-nbctl lsp-set-port-security sw0-port7 00:00:00:00:00:07 192.168.1.20/24
> +ovs-vsctl add-port br-int lport6 -- set Interface lport6 external_ids:iface-id=sw0-port6
> +ovs-vsctl add-port br-int lport7 -- set Interface lport7 external_ids:iface-id=sw0-port7
> diff --git a/tutorial/ovn/env1/add-unknown-ports.sh b/tutorial/ovn/env1/add-unknown-ports.sh
> new file mode 100755
> index 0000000..be161d2
> --- /dev/null
> +++ b/tutorial/ovn/env1/add-unknown-ports.sh
> @@ -0,0 +1,25 @@
> +#!/bin/bash
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +#
> +
> +set -o xtrace
> +
> +ovn-nbctl lsp-add sw0 sw0-port4
> +ovn-nbctl lsp-add sw0 sw0-port5
> +ovn-nbctl lsp-set-addresses sw0-port4 unknown
> +ovn-nbctl lsp-set-addresses sw0-port5 unknown
> +ovn-nbctl lsp-set-port-security sw0-port4 00:00:00:00:00:04 00:00:00:00:00:05
> +ovn-nbctl lsp-set-port-security sw0-port5 00:00:00:00:00:04 00:00:00:00:00:05
> +ovs-vsctl add-port br-int lport4 -- set Interface lport4 external_ids:iface-id=sw0-port4
> +ovs-vsctl add-port br-int lport5 -- set Interface lport5 external_ids:iface-id=sw0-port5
> diff --git a/tutorial/ovn/env1/packet3.sh b/tutorial/ovn/env1/packet3.sh
> new file mode 100755
> index 0000000..b266801
> --- /dev/null
> +++ b/tutorial/ovn/env1/packet3.sh
> @@ -0,0 +1,19 @@
> +#!/bin/bash
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +#
> +
> +set -o xtrace
> +
> +# Trace a packet from sw0-port1 to sw0-port4, sw0-port5 which address is set as unknown.
> +ovs-appctl ofproto/trace br-int in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:04 -generate
> diff --git a/tutorial/ovn/env1/packet4.sh b/tutorial/ovn/env1/packet4.sh
> new file mode 100755
> index 0000000..2fa4530
> --- /dev/null
> +++ b/tutorial/ovn/env1/packet4.sh
> @@ -0,0 +1,19 @@
> +#!/bin/bash
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at:
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +#
> +
> +set -o xtrace
> +
> +# Trace a packet from sw0-port6 to sw0-port7.
> +ovs-appctl ofproto/trace br-int in_port=6,dl_type=0x0800,dl_src=00:00:00:00:00:06,dl_dst=00:00:00:00:00:07,nw_src=192.168.1.10,nw_dst=192.168.1.20  -generate
> -- 
> 2.1.3
>

More information about the dev mailing list