Openflow Tables Explain - futurewei-cloud/alcor-control-agent GitHub Wiki
This document explains the openflow table structure and rules used by Alcor Control Agent.
-
Priority high: 50 - know exactly where packet should go, or on demand rule
-
Priority med: 25 - know where packet should go, or essential rule
-
Priority low: 1 - defaults on where packet should go
-
if on demand routing rule match, route it
-
if ARP request, send to ACA for ARP Responder
-
if DHCP request, send to ACA for DHCP Responder
-
VM packet outgoing to wire (coming from "patch-int")
-
incoming from neighbor through vxlan-generic port
For packets send to known gateway mac, to known destination IP, route it
Status: implemented as essential rule, to be implemented trigger on demand by issue#134, need to add essential rule to gateway mac send to controller, consider sending those packets to Table 55 forwarding for better organization and control
Template: Priority = high, ip,dl_vlan=1,nw_dst=10.0.1.106 (destination port IP),dl_dst=02:42:ac:11:00:01(gateway mac) actions=mod_vlan_vid:2,mod_dl_src:02:42:ac:11:00:00(host DVR mac),mod_dl_dst=c6:41:e9:81:56:91(destination port mac),resubmit to table 2 (outgoing to wire)
cookie=0x0, duration=22.987s, table=0, n_packets=0, n_bytes=0, priority=50,ip,dl_vlan=2,dl_dst=fa:16:3e:d7:f2:21,nw_dst=10.10.0.101 actions=mod_vlan_vid:1,mod_dl_src:fe:16:11:d7:f2:02,mod_dl_dst:fa:16:3e:d7:f2:6c,resubmit(,2)Status: added as port of bridge setup, needed for gateway port for routing, TBD, change the priority to 25 in code based on current design
cookie=0x0, duration=19.112s, table=0, n_packets=0, n_bytes=0, priority=50,arp,arp_op=1 actions=CONTROLLER:65535Status: added when DHCP module is loaded
cookie=0x0, duration=19.112s, table=0, n_packets=0, n_bytes=0, priority=25,udp,udp_src=68,udp_dst=67,actions=CONTROLLER:65535Status: added as port of bridge setup
cookie=0x0, duration=239.320s, table=0, n_packets=4, n_bytes=280, priority=1,in_port="patch-int" actions=resubmit(,2)Status: added as port of bridge setup
Template: Priority = med, in_port="vxlan-generic", resubmit to table 4 (incoming from wire)
cookie=0x0, duration=19.228s, table=0, n_packets=0, n_bytes=0, priority=25,in_port="vxlan-generic" actions=resubmit(,4)-
if ICMP, resubmit to Table 52 ICMP Responder
-
unicast or multicast triage
Status: added as port of bridge setup, needed for gateway port for routing
cookie=0x0, duration=23.355s, table=0, n_packets=0, n_bytes=0, priority=25,icmp,in_port="patch-int",icmp_type=8 actions=resubmit(,52)-
if unicast, resubmit to Table 20 unicast
-
if multicast, resubmit to Table 22 multicast
cookie=0x0, duration=19.278s, table=2, n_packets=0, n_bytes=0, priority=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
cookie=0x0, duration=19.271s, table=2, n_packets=0, n_bytes=0, priority=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,22)Status: added when a port is added
Template: Priority = med, match tun_id, tag internal vlan, output to "patch-int"
cookie=0x0, duration=236.710s, table=4, n_packets=3, n_bytes=238, priority=1,tun_id=0x14 actions=mod_vlan_vid:1,output:"patch-int"Below is to enable VM mac learning for smarter outgoing unicast traffic, but don’t think it is needed for Alcor setup:
cookie=0x8df39e8e3df5dd6c, duration=173716.058s, table=4, n_packets=213, n_bytes=25440, priority=1,tun_id=0x1b actions=mod_vlan_vid:1,resubmit(,10) cookie=0x8df39e8e3df5dd6c, duration=251739.127s, table=10, n_packets=213, n_bytes=25440, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,cookie=0x8df39e8e3df5dd6c,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:OXM_OF_IN_PORT[]),output:"patch-int" - VM mac learning on which tunnel ID and port to use
Status: added when L2 neighbor is added
Template: Priority = med, match vlan, actions = strip vlan, load tun_id, output to vxlan-generic tunnel port
cookie=0x0, duration=19.124s, table=20, n_packets=0, n_bytes=0, priority=50,dl_vlan=1,dl_dst=fa:16:3e:d7:f2:6a actions=strip_vlan,load:0x15->NXM_NX_TUN_ID[],load:0xac110002->NXM_NX_TUN_IPV4_DST[],output:"vxlan-generic"-
if local VLAN and ICMP target matches an openflow rule, send ICMP response
-
else send to Normal path
Status: implemented, needed for gateway port for routing
cookie=0x0, duration=236.343s, table=52, n_packets=1, n_bytes=98, priority=50,icmp,dl_vlan=1,nw_dst=10.10.0.1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:fa:16:3e:d7:f2:11,move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],mod_nw_src:10.10.0.1,load:0xff->NXM_NX_IP_TTL[],load:0->NXM_OF_ICMP_TYPE[],IN_PORT
cookie=0x0, duration=239.302s, table=52, n_packets=0, n_bytes=0, priority=1 actions=resubmit(,20)Status: restore the neighbor host DVR mac to the corresponding gateway mac
Template: priorty = medium, match internal vlan per VPC, match DVR mac, restore mac to the corresponding gateway mac, output:NORMAL
cookie=0x0, duration=15065.566s, table=0, n_packets=1, n_bytes=98, priority=25,dl_vlan=1,dl_src=fe:16:11:00:00:00/ff:ff:ff:00:00:00 actions=mod_dl_src:fa:16:3e:d7:f2:11,NORMAL
cookie=0x0, duration=15069.114s, table=0, n_packets=28, n_bytes=1736, priority=0 actions=NORMAL