「Network」カテゴリーアーカイブ

Openvswich command sheet

  • バージョン情報の取得
  • [shell]
    # Show version
    [root@redhat71 ~]# ovs-vsctl –version
    ovs-vsctl (Open vSwitch) 2.3.2
    Compiled Aug 3 2015 14:48:36
    DB Schema 7.6.2
    [/shell]

  • ブリッジとポートのアサインを見る
  • [shell]
    # Show openvswitch port and bridge mapping
    [root@redhat71 ~]# ovs-vsctl show
    2ef2e976-6031-419b-81df-a855b6eb3fb5
    Bridge br-data
    Port phy-br-data
    Interface phy-br-data
    Port br-data
    Interface br-data
    type: internal
    Port "vnet0"
    tag: 800
    Interface "vnet0"
    Port "enp132s0f1"
    Interface "enp132s0f1"
    Bridge br-int
    fail_mode: secure
    Port "qvo2425ae1d-34"
    tag: 1001
    Interface "qvo2425ae1d-34"
    Port "qvoab255c3a-16"
    tag: 1003
    Interface "qvoab255c3a-16"
    Port "qvo98c7bfd5-88"
    tag: 1000
    Interface "qvo98c7bfd5-88"
    Port "qvo59b51608-1e"
    tag: 1005
    Interface "qvo59b51608-1e"
    Port int-br-data
    Interface int-br-data
    Port "qvo6dd07495-ff"
    tag: 1005
    Interface "qvo6dd07495-ff"
    Port "qvo0a4a102c-86"
    tag: 1000
    Interface "qvo0a4a102c-86"
    Port br-int
    Interface br-int
    type: internal
    Port "vnet1"
    Interface "vnet1"
    Port "qvob81606b1-18"
    tag: 1003
    Interface "qvob81606b1-18"
    Port "qvoe1fc76c3-52"
    tag: 1001
    Interface "qvoe1fc76c3-52"
    ovs_version: "2.3.2"
    [/shell]

  • 同じくブリッジとポートのアサインを見る。フローのポート番号を確認する際にも使用。
  • [shell]
    # Show openvswitch port and bridge mapping
    [root@redhat71 ~]# ovs-ofctl show br-int
    OFPT_FEATURES_REPLY (xid=0x2): dpid:0000faef6ec6c940
    n_tables:254, n_buffers:256
    capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
    actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
    3(vnet1): addr:fe:54:00:81:ba:cb
    config: 0
    state: 0
    current: 10MB-FD COPPER
    speed: 10 Mbps now, 0 Mbps max
    4(int-br-data): addr:62:57:04:a0:45:ac
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    5(qvo0a4a102c-86): addr:4a:c9:cf:28:1e:c1
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    6(qvo2425ae1d-34): addr:32:6f:81:3e:bd:71
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    7(qvob81606b1-18): addr:d6:c1:3f:b7:01:98
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    8(qvoab255c3a-16): addr:8a:82:6a:d7:5b:74
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    19(qvo6dd07495-ff): addr:ce:b6:2d:c2:07:7f
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    20(qvo98c7bfd5-88): addr:c2:e9:ee:04:0c:cf
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    21(qvo59b51608-1e): addr:02:7b:7a:35:2d:cd
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    22(qvoe1fc76c3-52): addr:52:c7:2d:11:40:15
    config: 0
    state: 0
    current: 10GB-FD COPPER
    speed: 10000 Mbps now, 0 Mbps max
    LOCAL(br-int): addr:fa:ef:6e:c6:c9:40
    config: PORT_DOWN
    state: LINK_DOWN
    speed: 0 Mbps now, 0 Mbps max
    OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
    [/shell]

  • ブリッジのコンフィグされたフローを表示
  • [shell]
    # Show flows on the bridge
    [root@redhat71 ~]# ovs-ofctl dump-flows br-int
    NXST_FLOW reply (xid=0x4):
    cookie=0x0, duration=438717.828s, table=0, n_packets=291068387, n_bytes=304249298500, idle_age=6, hard_age=65534, priority=1 actions=NORMAL
    cookie=0x0, duration=351437.367s, table=0, n_packets=9160, n_bytes=11319216, idle_age=65534, hard_age=65534, priority=3,in_port=4,dl_vlan=1005 actions=mod_vlan_vid:1005,NORMAL
    cookie=0x0, duration=438365.059s, table=0, n_packets=83788622, n_bytes=5256042363, idle_age=65534, hard_age=65534, priority=3,in_port=4,dl_vlan=1000 actions=mod_vlan_vid:1000,NORMAL
    cookie=0x0, duration=424679.002s, table=0, n_packets=98, n_bytes=7941, idle_age=65534, hard_age=65534, priority=3,in_port=4,dl_vlan=1004 actions=mod_vlan_vid:1004,NORMAL
    cookie=0x0, duration=82655.160s, table=0, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, in_port=4,dl_vlan=1003 actions=mod_vlan_vid:1003,NORMAL
    cookie=0x0, duration=424680.206s, table=0, n_packets=288, n_bytes=21050, idle_age=65534, hard_age=65534, priority=3,in_port=4,dl_vlan=1003 actions=mod_vlan_vid:1003,NORMAL
    cookie=0x0, duration=438371.911s, table=0, n_packets=81405780, n_bytes=5113054180, idle_age=65534, hard_age=65534, priority=3,in_port=4,dl_vlan=1001 actions=mod_vlan_vid:1001,NORMAL
    cookie=0x0, duration=438717.318s, table=0, n_packets=116934, n_bytes=9999814, idle_age=4, hard_age=65534, priority=2,in_port=4 actions=drop
    cookie=0x0, duration=438717.795s, table=22, n_packets=0, n_bytes=0, idle_age=65534, hard_age=65534, priority=0 actions=drop
    [/shell]

  • ポートの統計情報を表示
  • [shell]
    # Show port statics
    [root@redhat71 ~]# ovs-ofctl dump-ports br-int
    OFPST_PORT reply (xid=0x2): 11 ports
    port 22: rx pkts=7468847, bytes=2852923798, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=81406231, bytes=818123786, drop=0, errs=0, coll=0
    port LOCAL: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=165901864, bytes=10632420429, drop=0, errs=0, coll=0
    port 8: rx pkts=1033, bytes=102515, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=259, bytes=20263, drop=0, errs=0, coll=0
    port 5: rx pkts=7358127, bytes=2741818517, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=83788690, bytes=961085653, drop=0, errs=0, coll=0
    port 20: rx pkts=379, bytes=37620, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=90932466, bytes=3689907154, drop=0, errs=0, coll=0
    port 21: rx pkts=12568, bytes=1112524, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=14211, bytes=6436706, drop=0, errs=0, coll=0
    port 4: rx pkts=165370548, bytes=1868080411, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=1337140, bytes=408699393, drop=0, errs=0, coll=0
    port 6: rx pkts=43018, bytes=2696236, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=88549617, bytes=3546933424, drop=0, errs=0, coll=0
    port 7: rx pkts=1061, bytes=102369, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=565, bytes=46004, drop=0, errs=0, coll=0
    port 19: rx pkts=13827, bytes=1245264, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=14371, bytes=6657324, drop=0, errs=0, coll=0
    port 3: rx pkts=1, bytes=64, drop=0, errs=0, frame=0, over=0, crc=0
    tx pkts=165901872, bytes=2706089309, drop=0, errs=0, coll=0
    [/shell]

  • 現在のフローテーブルを表示
  • [shell]
    # Show flow tables
    [root@redhat71 ~]# ovs-dpctl dump-flows
    recirc_id(0),skb_priority(0),in_port(12),eth(src=fa:16:3e:1b:f6:4e,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=255.255.255.255/0.0.0.0,proto=17/0,tos=0x10/0,ttl=128/0,frag=no/0xff), packets:0, bytes:0, used:never, actions:push_vlan(vid=1005,pcp=0),1,7,4,pop_vlan,14
    recirc_id(0),skb_priority(0),in_port(3),eth(src=52:54:00:69:8c:c9,dst=52:54:00:a3:3c:ed),eth_type(0x8100),vlan(vid=800,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.10.2/0.0.0.0,dst=192.168.10.4/0.0.0.0,proto=6/0,tos=0/0,ttl=64/0,frag=no/0xff)), packets:10, bytes:660, used:0.467s, flags:., actions:pop_vlan,6
    recirc_id(0),skb_priority(0),in_port(3),eth(src=52:54:00:8d:be:98,dst=01:00:5e:00:00:05),eth_type(0x8100),vlan(vid=800,pcp=0),encap(eth_type(0x0800),ipv4(src=192.168.10.3/0.0.0.0,dst=224.0.0.5/0.0.0.0,proto=89/0,tos=0xc0/0,ttl=1/0,frag=no/0xff)), packets:0, bytes:0, used:never, actions:2,pop_vlan,6,push_vlan(vid=800,pcp=0),5
    recirc_id(0),skb_priority(0),in_port(4),eth_type(0x8100),vlan(vid=800/0xfff,pcp=0/0x0,cfi=1/1),encap(eth_type(0x0800),ipv4(src=192.168.10.3/0.0.0.0,dst=224.0.0.5/0.0.0.0,proto=89/0,tos=0xc0/0,ttl=1/0,frag=no/0xff)), packets:1, bytes:82, used:0.538s, actions:drop
    recirc_id(0),skb_priority(0),in_port(5),eth(src=fa:16:3e:1b:f6:4e,dst=ff:ff:ff:ff:ff:ff),eth_type(0x8100),vlan(vid=1005/0xfff,pcp=0/0x0,cfi=1/1),encap(eth_type(0x0800),ipv4(src=0.0.0.0/0.0.0.0,dst=255.255.255.255/0.0.0.0,proto=17/0,tos=0x10/0,ttl=128/0,frag=no/0xff)), packets:0, bytes:0, used:never, actions:2,3
    recirc_id(0),skb_priority(0),in_port(6),eth(src=52:54:00:a3:3c:ed,dst=52:54:00:69:8c:c9),eth_type(0x0800),ipv4(src=192.168.10.4/0.0.0.0,dst=192.168.10.2/0.0.0.0,proto=6/0,tos=0/0,ttl=63/0,frag=no/0xff), packets:0, bytes:0, used:never, actions:push_vlan(vid=800,pcp=0),3
    recirc_id(0),skb_priority(0),in_port(3),eth(src=78:ba:f9:ad:f0:02,dst=01:80:c2:00:00:00),eth_type(0/0xffff), packets:1, bytes:119, used:0.404s, actions:drop
    recirc_id(0),skb_priority(0),in_port(3),eth(src=78:ba:f9:ad:ef:ff,dst=01:00:5e:00:00:05),eth_type(0x8100),vlan(vid=800,pcp=6),encap(eth_type(0x0800),ipv4(src=192.168.10.1/0.0.0.0,dst=224.0.0.5/0.0.0.0,proto=89/0,tos=0xc0/0,ttl=1/0,frag=no/0xff)), packets:0, bytes:0, used:never, actions:2,pop_vlan,6,push_vlan(vid=800,pcp=6),5
    recirc_id(0),skb_priority(0),in_port(3),eth(src=78:ba:f9:ad:ef:ff,dst=52:54:00:a3:3c:ed),eth_type(0x8100),vlan(vid=800,pcp=0),encap(eth_type(0x0800),ipv4(src=3.3.3.3/0.0.0.0,dst=192.168.10.4/0.0.0.0,proto=17/0,tos=0xc0/0,ttl=255/0,frag=no/0xff)), packets:0, bytes:0, used:never, actions:pop_vlan,6
    [/shell]

NFVとは?

Network Functions Virtualizationの略で、x86の汎用サーバ上でネットワーク機能(Firewall,NAT,,,)を仮想化しようというもの

ETSIの資料によると、NFVには以下の利点がある

  • ベンダー特有の機器は製品ライフサイクルが短い
  • Capex,Opexの削減
  • ネットワーク機能のプロビジョニングの早さ
  • 柔軟にスケールを調整可能

確かに、NFVならば以上の良さを享受できるがまだまだNFVで代用できる箇所は少ない。まずはDataCenter内で提供しているFirewallなどのシンプルな機能をNFVにて提供すると思われるが、仮想化することによって

  • ネットワークエンジニアに対する知識の多様化
  • トラブルシュートのしにくさ

によって、ネットワークエンジニアは辛いし、結局capex/opexは下がるのか?といった疑問が残る。