OVS中arp响应的流表的实现

总结：

1、br-int 流表总体是按照Normal 的方式，即常规的交换机的转发方式进行转发。而br-tun 交换机则主要按照流表的方式进行转发。

2、一般情况下，VM发出的ARP请求，会在该VM的所有邻居进行广播发送和查找，大量浪费带宽。当neutron开启了l2 pop后（二次注入功能），

计算节点会学习别的主机发送的免费ARP, 从而在本地存在ARP表项。

3、当本地的VM发出ARP请求时，br-tun交换机会优先查找本地的ARP表项，从而对报文进行ARP应答。

这样的话，就不用发出ARP请求的广播报文。如果br-tun交换机查找不到对应的ARP响应流表，则按照普通的隧道广播的方式进行正常广播发送。

4、ARP响应流表的匹配条件和动作分别如下：

• ARP响应流表的匹配条件是：

br.add_flow(table=constants.ARP_RESPONDER,            priority=1,            proto=‘arp‘,            dl_vlan=vlan,            nw_dst=‘%s‘ % ip,            actions=actions)

• ARP响应流表的动作如下：

ARP_RESPONDER_ACTIONS = (‘move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],‘                         ‘mod_dl_src:%(mac)s,‘                         ‘load:0x2->NXM_OF_ARP_OP[],‘                         ‘move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],‘                         ‘move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],‘                         ‘load:%(mac)#x->NXM_NX_ARP_SHA[],‘                         ‘load:%(ip)#x->NXM_OF_ARP_SPA[],‘                         ‘in_port‘)5、对匹配条件和动作的解释如下：

self.tun_br.add_flow(table=constants.ARP_RESPONDER, – Add this new flow to the ARP_RESPONDER table

priority=1, – With a priority of 1 (Another, default flow with the lower priority of 0 is added elsewhere in the code)

proto=‘arp’, – Match only on ARP messages

dl_vlan=lvid, – Match only if the destination VLAN (The message has been locally VLAN tagged by now) matches the VLAN ID / network of the remote VM

nw_dst=‘%s‘ % ip, – Match on the IP address of the remote VM in question

actions=actions)

actions = (‘move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],’ – Place the source MAC address of the request (The requesting VM) as the new reply’s destination MAC address

‘mod_dl_src:%(mac)s,’ – Put the requested MAC address of the remote VM as this message’s source MAC address

‘load:0x2->NXM_OF_ARP_OP[],’ – Put an 0x2 code as the type of the ARP message. 0x2 is an ARP response.

‘move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],’ – Place the ARP request’s source hardware address (MAC) as this new message’s ARP target / destination hardware address

‘move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],’ – Place the ARP request’s source protocol / IP address as the new message’s ARP destination IP address

‘load:%(mac)#x->NXM_NX_ARP_SHA[],’ – Place the requested VM’s MAC address as the source MAC address of the ARP reply

‘load:%(ip)#x->NXM_OF_ARP_SPA[],’ – Place the requested VM’s IP address as the source IP address of the ARP reply

‘in_port’ % {‘mac’: mac, ‘ip’: ip}) – Forward the message back to the port it came in on

6、参考blog: OVS ARP Responder – Theory and Practice

https://assafmuller.com/2014/05/21/ovs-arp-responder-theory-and-practice/