依昨天的介紹，我們已經知道在OpenStack上ID是76af9b的Network，其實會對應至一個id為neutron-76af9blogical switch。vm1和vm2是分別連在neutron-76af9blogical switch上的171d5d 和0bece6port, 讓我們複習一下如何用ovn-tracetrace 進入logical switch的packet的流向，驗證在同一個logical switch上的二個VM是如何通訊。

logical flow tracing

vm1 & vm2 可連通

# 由openstack network name 查OVN logical switch id
$ NETWORK1_NAME=n1
$ NETWORK2_NAME=n2
$ VM1_NAME=vm_1
$ VM2_NAME=vm_2
$ VM3_NAME=vm_3

$ lsw=neutron-`openstack network list  --name ${NETWORK1_NAME} -f value -c ID`

# 由openstack port 查OVN logical switch 上 VM1接的port
$ lsp=`openstack port list --network ${NETWORK1_NAME} --server ${VM1_NAME} -f value -c ID`

# 由openstack port 查 VMs的 mac address
$ vm1_mac=`openstack port list --network ${NETWORK1_NAME} --server ${VM1_NAME} -f value -c mac_address`
$ vm2_mac=`openstack port list --network ${NETWORK1_NAME} --server ${VM2_NAME} -f value -c mac_address`
$ vm3_mac=`openstack port list --network ${NETWORK2_NAME} --server ${VM3_NAME} -f value -c mac_address`

• trace 在${lsw}上，由${lsp}進來的packet，src mac 和dst mac分別為$vm1_mac和$vm2_mac，是否成功傳送

$ ovn-trace ${lsw} \
  "inport == \"$lsp\"    &&   
   eth.src == ${vm1_mac} &&   
   eth.dst == ${vm2_mac}"

ingress(dp="n1", inport="171d5d")
-----------------------------
 0. ls_in_check_port_sec (northd.c:7728): 1, priority 50, uuid 8c0e378c
    reg0[15] = check_in_port_sec();
    next;
 7. ls_in_acl_hint (northd.c:5954): !ct.trk, priority 5, uuid 93904a00
    reg0[8] = 1;
    reg0[9] = 1;
    next;
23. ls_in_l2_lkup (northd.c:8397): eth.dst == fa:16:3e:07:78:5d, priority 50, uuid 8653974c
    outport = "0bece6";
    output;

egress(dp="n1", inport="171d5d", outport="0bece6")
------------------------------------------
 3. ls_out_acl_hint (northd.c:5954): !ct.trk, priority 5, uuid a93c36db
    reg0[8] = 1;
    reg0[9] = 1;
    next;
 8. ls_out_check_port_sec (northd.c:5506): 1, priority 0, uuid 65df451f
    reg0[15] = check_out_port_sec();
    next;
 9. ls_out_apply_port_sec (northd.c:5511): 1, priority 0, uuid dbad5beb
    output;
    /* output to "0bece6", type "" */

vm1 與 vm3 不可連

• trace 在${lsw}上，由${lsp}進來的packet，src mac 和dst mac分別為$vm1_mac和$vm3_mac，是否成功傳送
  • 在logical switch的ingress phase，因為查不到dst，就drop

$ ovn-trace ${lsw} \
  "inport == \"$lsp\"    &&   
   eth.src == ${vm1_mac} &&   
   eth.dst == ${vm3_mac}"

ingress(dp="n1", inport="171d5d")
-----------------------------
 0. ls_in_check_port_sec (northd.c:7728): 1, priority 50, uuid 8c0e378c
    reg0[15] = check_in_port_sec();
    next;
 7. ls_in_acl_hint (northd.c:5954): !ct.trk, priority 5, uuid 93904a00
    reg0[8] = 1;
    reg0[9] = 1;
    next;
23. ls_in_l2_lkup (northd.c:7669): 1, priority 0, uuid 423a1fbb
    outport = get_fdb(eth.dst);
    next;
24. ls_in_l2_unknown (northd.c:7677): outport == "none", priority 50, uuid 38928b63
    drop;