OpenDaylight VTN应用--MAC映射

admin

本例子主要演示多台主机通过映射mac关系进行通信或者隔离，利用mininet虚拟出openflow交换机，并对其进行控制，mininet交换机拓扑图如下：

配置mininet拓扑：
Shell
sudo mn --controller=remote,ip=172.31.2.70 --topo tree,2
查看拓扑链接结构：
Shell
mininet> net
h1 h1-eth0:s2-eth1
h2 h2-eth0:s2-eth2
h3 h3-eth0:s3-eth1
h4 h4-eth0:s3-eth2
s1 lo:s1-eth1:s2-eth3 s1-eth2:s3-eth3
s2 lo:s2-eth1:h1-eth0 s2-eth2:h2-eth0 s2-eth3:s1-eth1
s3 lo:s3-eth1:h3-eth0 s3-eth2:h4-eth0 s3-eth3:s1-eth2
添加如下of流表，如果没有改表项的话：
Shell
sudo ovs-ofctl add-flow s1 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s2 priority=0,actions=output:CONTROLLER
sudo ovs-ofctl add-flow s3 priority=0,actions=output:CONTROLLER
此时监测h1 ping h3是不通的：
Shell
mininet> h1 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
h1和h3的mac查询：
Shell
mininet> h1 ifconfig
h1-eth0 Link encap:EthernetHWaddr 6a:b2:19:06:9b:e8
inet addr:10.0.0.1Bcast:10.255.255.255Mask:255.0.0.0
inet6 addr: fe80::68b2:19ff:fe06:9be8/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:11000 errors:0 dropped:10969 overruns:0 frame:0
TX packets:103 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:934259 (934.2 KB)TX bytes:4918 (4.9 KB)
下面通过vtn规则，使得h1与h3可以通信，调用接口创建相关资源： 创建vtn
Shell
curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vtn" : {"vtn_name":"vtn_one","description":"test VTN" }}' http://172.31.2.70:8083/vtn-webapi/vtns
HTTP/1.1 201 Created
创建控制器
Shell
curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"controller": {"controller_id": "controller1", "ipaddr":"172.31.2.70", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://172.31.2.70:8083/vtn-webapi/controllers
HTTP/1.1 201 Created
创建虚拟桥
Shell
curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"vbridge" : {"vbr_name":"vbr_one","controller_id":"controller1","domain_id":"(DEFAULT)" }}' http://172.31.2.70:8083/vtn-webapi/vtns/vtn_one/vbridges
HTTP/1.1 201 Created
在vbr_one上配置主机h1和h3的mac映射关系
Shell
curl -i --user admin:adminpass -H 'content-type: application/json' -X POST -d '{"machost": [{"address": "6a:b2:19:06:9b:e8", "vlan": "0"},{"address": "6e:65:1c:af:d1:4d", "vlan": "0"}]}' http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/allow
HTTP/1.1 201 Created
查询映射关系的建立情况
Shell
curl -i --user admin:adminpass -H 'content-type: application/json' -X GET http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap
HTTP/1.1 200 OK
{"allow":{"machost":[{"address":"6a:b2:19:06:9b:e8","vlan":0},{"address":"6e:65:1c:af:d1:4d","vlan":0}]},"mapped":{"macentry":[{"address":"6e:65:1c:af:d1:4d","vlan":0,"node":{"id":"00:00:00:00:00:00:00:03","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.3"}]}},{"address":"6a:b2:19:06:9b:e8","vlan":0,"node":{"id":"00:00:00:00:00:00:00:02","type":"OF"},"port":{"type":"OF","id":"1"},"inetAddresses":{"inetAddress":[{"address":"10.0.0.1"}]}}]}}
检测通信情况
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=8.82 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.175 ms
也可以创建禁止通信的规则，将h4加入黑名单
Shell
curl -i --user admin:adminpass -H "Content-type: application/json" -X POST http://172.31.2.70:8282/controller/nb/v2/vtn/default/vtns/vtn_one/vbridges/vbr_one/macmap/deny -d '{"machost": [{"address": "6e:63:0f:7c:4e:0b"}]}'
HTTP/1.1 200 OK
通过vtn规则，使得h1与h3不能和h4通信。
声明:本文转载自网络。版权归原作者所有,如有侵权请联系删除。