虚拟机 ping 任何ip前要发送arp广播请求目的mac,icmp报文对于同网段返回真实mac,对于其他网段返回的是网关的mac
利用ovs流表将收到的icmp request报文,修改为icmp reply报文并原路返回
cookie=0x0, duration=336.660s, table=17, n_packets=6, n_bytes=588, priority=24576,icmp,metadata=0xa/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18)
匹配项icmp协议 :icmp
vni: metadata= $ vni
目的IP: nw_dst= $dvr
icmp类型: icmp_type=8
icmp code:icmp_code=0
修改目的IP:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[]
修改源IP:set_field: $GW->ip_src
修改目的mac:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[]
修改源mac:set_field: $dvr->eth_src
icmp类型:icmp_type=0
icmp code:icmp_code=0
1、用ns模拟虚拟机
ip netns add ns1 ip l a veth0 type veth peer name ovs-veth0 ip l s veth0 netns ns1 ovs-vsctl add-br br-int ovs-vsctl add-port br-int ovs-veth0 ip l s ovs-veth0 up ip netns exec ns1 ip a a 10.1.1.2/24 dev veth0 ip netns exec ns1 ip l s veth0 up ip netns exec ns1 arp -s 10.1.1.1 bb:bb:bb:bb:bb:13
2、下发流表
ovs-ofctl add-flow br-int -O OpenFlow13 "table=0,priority=100,in_port="ovs-veth0" actions=resubmit(,1)" ovs-ofctl add-flow br-int -O OpenFlow13 "table=1, priority=24576,in_port="ovs-veth0" actions=load:0x2->NXM_NX_REG1[],load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[17],write_metadata:0x1388/0xffffff,goto_table:17 ovs-ofctl add-flow br-int -O OpenFlow13 "table=17,priority=24576,icmp,metadata=0x1388/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18)" ovs-ofctl add-flow br-int -O OpenFlow13 "table=18,priority=100,actions=output:ovs-veth0"
3、 流表显示
cookie=0x0, duration=5402.365s, table=0, n_packets=356, n_bytes=34888, priority=100,in_port="ovs-veth0" actions=resubmit(,1) cookie=0x0, duration=15448.855s, table=0, n_packets=3, n_bytes=294, priority=0 actions=NORMAL cookie=0x0, duration=6433.393s, table=1, n_packets=356, n_bytes=34888, priority=24576,in_port="ovs-veth0",dl_src=0e:da:ad:43:9e:41 actions=load:0x2->NXM_NX_REG1[],load:0x1->NXM_NX_REG0[0..3],load:0x1->NXM_NX_REG0[17],write_metadata:0x1388/0xffffff,goto_table:17 cookie=0x0, duration=336.660s, table=17, n_packets=6, n_bytes=588, priority=24576,icmp,metadata=0x1388/0xffffff,nw_dst=10.1.1.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],set_field:10.1.1.1->ip_src,move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],set_field:bb:bb:bb:bb:bb:13->eth_src,set_field:0->icmp_type,set_field:0->in_port,resubmit(,18) cookie=0x0, duration=3780.046s, table=18, n_packets=10, n_bytes=980, priority=100 actions=output:"ovs-veth0"
#4、测试结果
#ip netns exec ns1 ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.244 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.308 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.201 ms 64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.228 ms 64 bytes from 10.1.1.1: icmp_seq=5 ttl=64 time=0.177 ms 64 bytes from 10.1.1.1: icmp_seq=6 ttl=64 time=0.182 ms
