ovs controller和manager

钮安歌
2023-12-01

controller 是针对网桥设置的,ovs-ofctl可以通过controller连接到网桥执行命令。
manager只针对ovsdb-server,一个host上只会有一个manager,ovs-vsctl/ovsdb-client可以通过manager连接到ovsdb-server。

controller

ovs支持两种类型的 openflow controllers

Primary controllers
    This is the kind of controller envisioned by the OpenFlow 1.0 specification. Usually, a
    primary controller implements a network policy by taking charge of the switch’s flow table.
    Open vSwitch initiates and maintains persistent connections to primary controllers, retrying the connection each time it fails or drops. The fail_mode column in the Bridge table
    applies to primary controllers.
    Open vSwitch permits a bridge to have any number of primary controllers. When multiple controllers are configured, Open vSwitch connects to all of them simultaneously.
    Because OpenFlow 1.0 does not specify how multiple controllers coordinate in interacting with a single switch, more than one primary controller should be specified only if the
    controllers are themselves designed to coordinate with each other. (The Nicira-defined
    NXT_ROLE OpenFlow vendor extension may be useful for this.)

Service controllers
    These kinds of OpenFlow controller connections are intended for occasional support and
    maintenance use, e.g. with ovs−ofctl. Usually a service controller connects only briefly
    to inspect or modify some of a switch’s state.
    Open vSwitch listens for incoming connections from service controllers. The service
    controllers initiate and, if necessary, maintain the connections from their end. The
    fail_mode column in the Bridge table does not apply to service controllers.
    Open vSwitch supports configuring any number of service controllers

可以通过设置controller时target的格式来确定是哪种controller,
ovs-vsctl set-controller br1 target

如果target为如下两种,则为primary controllers,ovs会主动连接controller
  ssl:ip[:port]
  tcp:ip[:port]
        
如果target为如下几种,则为service controller,ovs会监听设置的端口或者路径,等待客户端连接
  pssl:[port][:ip]
  ptcp:[port][:ip]
  punix:/usr/local/var/run/openvswitch/br1.*

ovs提供的给bridge添加controller的命令ovs-vsctl set-controller br1 target,实际会在ovs的如下两个表中添加内容,首先会在controller表中添加controller的信息,然后bridge的controller列指向添加的controller(设置为controller的UUID)。

Controller TABLE
    每行表示一个controller。
    Open vSwitch supports two kinds of OpenFlow controllers: Primary controllers 和 Service controllers
    通过 target 来区分是哪种controller。

Bridge TABLE
    controller: set of Controllers

此命令行对应的代码如下

cmd_set_controller
    struct vsctl_context *vsctl_ctx = vsctl_context_cast(ctx);
    struct ovsrec_controller **controllers;
    struct ovsrec_bridge *br;
    size_t n;

    vsctl_context_populate_cache(ctx);

    br = find_real_bridge(vsctl_ctx, ctx->argv[1], true)->br_cfg;
    verify_controllers(br);

    //删除之前设置的controller
    delete_controllers(br->controller, br->n_controller);

    n = ctx->argc - 2;
    //在controller table中添加设置的controller
    controllers = insert_controllers(ctx, &ctx->argv[2], n);
        struct ovsrec_controller **controllers;
        size_t i;
        const char *inactivity_probe = shash_find_data(&ctx->options,
                                                       "--inactivity-probe");

        controllers = xmalloc(n * sizeof *controllers);
        for (i = 0; i < n; i++) {
            if (vconn_verify_name(targets[i]) && pvconn_verify_name(targets[i])) {
                VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]);
            }
            controllers[i] = ovsrec_controller_insert(ctx->txn);
            ovsrec_controller_set_target(controllers[i], targets[i]);
            if (inactivity_probe) {
                int64_t msecs = atoll(inactivity_probe);
                ovsrec_controller_set_inactivity_probe(controllers[i], &msecs, 1);
            }
        }

        return controllers;
        
    //设置controller到bridge的controller列
    ovsrec_bridge_set_controller(br, controllers, n);
    free(controllers);

由上面代码可知,每次添加controller时都会把bridge上之前配置的controller先删除,再添加新的controller信息。而且可以同时添加多个controller,如下给br1设置三个controller

ovs-vsctl  set-controller br1 ptcp:5555:192.168.122.20 ptcp:5556:192.168.122.20 ptcp:5557:192.168.122.20

各自场景
Primary controllers
openstack场景下,neutron会作为controller,ovs主动连接到neutron上。

    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "vhu2d838c46-a1"
            tag: 56
            Interface "vhu2d838c46-a1"
                type: dpdkvhostuserclient
                options: {vhost-server-path="/run/openvswitch/vhu2d838c46-a1"}

Service controllers
每创建一个网桥,ovs-vswitchd会默认创建 /usr/local/var/run/openvswitch/br1.mgmt 文件并且监听,ovs-ofctl命令执行命令时,会默认连接到此文件。

通过给 bridge 添加 service controller,就可以使用其他方式或者路径执行命令,而不用再使用默认的unix 文件。有如下三种方式,
pssl:port:ip
ptcp:port:ip
punix:path -- path只能和默认的 br1.mgmt 在同一个目录

下面实践Service controllers的后两种方式: ptcp和punix

a. 给 bridge 添加 Service controller ptcp:5555:192.168.122.20 后,会监听此端口号
root@master:~# ovs-vsctl  set-controller br1 ptcp:5555:192.168.122.20
root@master:~# ovs-vsctl show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "ptcp:6640:192.168.122.20"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

#ovs-ofctl 连接新controller
root@master:~# ovs-ofctl show tcp:192.168.122.20:5555
OFPT_FEATURES_REPLY (xid=0x2): dpid:000056138db6204c
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 LOCAL(br1): addr:56:13:8d:b6:20:4c
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

b. 设置 bridge 的 service controller 为 punix:/usr/local/var/run/openvswitch/br1.test
root@master:~# ovs-vsctl  set-controller br1 punix:/usr/local/var/run/openvswitch/br1.test
root@master:~# ovs-vsctl show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "ptcp:6640:192.168.122.20"
    Bridge "br1"
        Controller "punix:/usr/local/var/run/openvswitch/br1.test"
        Port "br1"
            Interface "br1"
                type: internal

#ovs-ofctl 连接新controller
root@master:~# ovs-ofctl show unix:/usr/local/var/run/openvswitch/br1.test
OFPT_FEATURES_REPLY (xid=0x2): dpid:000056138db6204c
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 LOCAL(br1): addr:56:13:8d:b6:20:4c
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0


#删除指定 bridge 的 controller
ovs-vsctl  del-controller br4

manager

默认情况下,可以在host上使用 "unix:/usr/local/var/run/openvswitch/db.sock" 连接到ovsdb-server,manager用于配置和ovsdb-server通信方式,配置manager后,就可以通过新的manager连接 ovsdb-server,只能添加一个manager。
manager格式有如下6种,如果非unix/punix的方式,还可以在其他能通信的host上连接ovsdb-server。

//配置成这三种,表示ovsdb-server为active类型,会主动发起连接
  tcp:ip:port
  unix:path
  ssl:ip:port
//配置成这三种,表示ovsdb-server为passive类型,会监听端口或者path,等待客户端连接
  ptcp:port:ip
  punix:path
  pssl:ip:port

下面验证 tcp 和 unix 的方式,ssl的暂时不考虑

a. 配置 manager 为 ptcp:6640:192.168.122.20,此时host上监听 6640 端口号,等待客户端连接(比如ovs-vsctl,ovsdb-client)
root@ubuntu:~#ovs-vsctl set-manager ptcp:6640:192.168.122.20
root@master:~#ovs-vsctl show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "ptcp:6640:192.168.122.20"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

#通过新的manager连接ovsdb-server,因为连接为tcp类型,所以在可任何能和ovsdb-server主机通信的设备上
#连接ovsdb-server,执行 show 命令
root@ubuntu:~#ovs-vsctl --db=tcp:192.168.122.20:6640 show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "ptcp:6640:192.168.122.20"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal
                
b. 配置 manager 为 punix:/root/a
root@master:~#ovs-vsctl set-manager punix:/root/a
root@master:~# ovs-vsctl --db=unix:/root/a show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "punix:/root/a"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

#通过新的manager连接ovsdb-server
root@master:~#ovs-vsctl --db=unix:/root/a
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "punix:/root/a"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

c. 配置 manager 为 tcp:192.168.122.20:6640,此时ovsdb-server会不断尝试连接到 192.168.122.20:6640
root@master:~# ovs-vsctl set-manager tcp:192.168.122.20:6640
#此时执行ovs-vsctl命令时,将 --db 写成 ptcp:6640:192.168.122.20,就会启动监听端口,ovsdb-server会连接上去,继而执行show命令
root@master:~# ovs-vsctl --db=ptcp:6640:192.168.122.20 show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "tcp:192.168.122.20:6640"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

d. 配置 manager 为 unix:/root/a
root@master:~#ovs-vsctl set-manager unix:/root/a
#此时执行ovs-vsctl命令时,将 --db 写成 punix:/root/a,ovsdb-server会连接上去,继而执行show命令
root@master:~# ovs-vsctl --db=punix:/root/a show
eeba339a-af9a-41b4-abd5-6ea7645196b7
    Manager "unix:/root/a"
    Bridge "br1"
        Controller "ptcp:5555:192.168.122.20"
        Port "br1"
            Interface "br1"
                type: internal

连接方式

在ovs的命令行中,经常能看到如下两种格式,下面简单介绍下
tcp:ip:port -- 此种方式表示主动连接指定的ip和port。
ptcp:port:ip -- 此种方式表示被动连接(passive),会在本地创建监听端口port,等待客户端连接。
注意ptcp格式时port在ip的前面,而tcp格式时port在ip的后面,如果格式指定错了,就不能正常的工作。

参考

controller和manager都属于db的table,可以参考如下官网文档,了解它们的区别和用途
http://www.openvswitch.org//ovs-vswitchd.conf.db.5.pdf

也可参考:ovs controller和manager - 简书

 类似资料: