Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   ovs-fields    ( 7 )

поля заголовка протокола в OpenFlow и Open vSwitch (protocol header fields in OpenFlow and Open vSwitch)

LAYER 3: IPV4 AND IPV6 FIELDS

Summary: Name Bytes Mask RW? Prereqs NXM/OXM Support

────────────────────── ──────────────── ───── ──── ────────── ───────────────────── ip_src aka nw_src 4 yes yes IPv4 OF 1.2+ and OVS 1.1+ ip_dst aka nw_dst 4 yes yes IPv4 OF 1.2+ and OVS 1.1+ ipv6_src 16 yes yes IPv6 OF 1.2+ and OVS 1.1+

ipv6_dst 16 yes yes IPv6 OF 1.2+ and OVS 1.1+ ipv6_label 4 (low 20 bits) yes yes IPv6 OF 1.2+ and OVS 1.4+ nw_proto aka ip_proto 1 no no IPv4/IPv6 OF 1.2+ and OVS 1.1+ nw_ttl 1 no yes IPv4/IPv6 OVS 1.4+

ip_frag aka nw_frag 1 (low 2 bits) yes no IPv4/IPv6 OVS 1.3+ nw_tos 1 no yes IPv4/IPv6 OVS 1.1+ ip_dscp 1 (low 6 bits) no yes IPv4/IPv6 OF 1.2+ and OVS 1.7+ nw_ecn aka ip_ecn 1 (low 2 bits) no yes IPv4/IPv6 OF 1.2+ and OVS 1.4+

IPv4 Specific Fields These fields are applicable only to IPv4 flows, that is, flows that match on the IPv4 Ethertype 0x0800.

IPv4 Source Address Field

Name: ip_src (aka nw_src) Width: 32 bits Format: IPv4

Masking: arbitrary bitwise masks Prerequisites: IPv4 Access: read/write OpenFlow 1.0: yes (CIDR match only)

OpenFlow 1.1: yes OXM: OXM_OF_IPV4_SRC (11) since OpenFlow 1.2 and Open vSwitch 1.7 NXM: NXM_OF_IP_SRC (7) since Open vSwitch 1.1

The source address from the IPv4 header:

Ethernet IPv4 <-----------> <---------------> 48 48 16 8 32 32 +---+---+-----+ +---+-----+---+---+ |dst|src|type | |...|proto|src|dst| ... +---+---+-----+ +---+-----+---+---+ 0x800

For historical reasons, in an ARP or RARP flow, Open vSwitch interprets matches on nw_src as actually referring to the ARP SPA.

IPv4 Destination Address Field

Name: ip_dst (aka nw_dst) Width: 32 bits

Format: IPv4 Masking: arbitrary bitwise masks Prerequisites: IPv4 Access: read/write

OpenFlow 1.0: yes (CIDR match only) OpenFlow 1.1: yes OXM: OXM_OF_IPV4_DST (12) since OpenFlow 1.2 and Open vSwitch 1.7

NXM: NXM_OF_IP_DST (8) since Open vSwitch 1.1

The destination address from the IPv4 header:

Ethernet IPv4 <-----------> <---------------> 48 48 16 8 32 32 +---+---+-----+ +---+-----+---+---+ |dst|src|type | |...|proto|src|dst| ... +---+---+-----+ +---+-----+---+---+ 0x800

For historical reasons, in an ARP or RARP flow, Open vSwitch interprets matches on nw_dst as actually referring to the ARP TPA.

IPv6 Specific Fields These fields apply only to IPv6 flows, that is, flows that match on the IPv6 Ethertype 0x86dd.

IPv6 Source Address Field

Name: ipv6_src

Width: 128 bits Format: IPv6 Masking: arbitrary bitwise masks Prerequisites: IPv6

Access: read/write OpenFlow 1.0: not supported OpenFlow 1.1: not supported

OXM: OXM_OF_IPV6_SRC (26) since OpenFlow 1.2 and Open vSwitch 1.1 NXM: NXM_NX_IPV6_SRC (19) since Open vSwitch 1.1

The source address from the IPv6 header:

Ethernet IPv6 <------------> <--------------> 48 48 16 8 128 128 +---+---+------+ +---+----+---+---+ |dst|src| type | |...|next|src|dst| ... +---+---+------+ +---+----+---+---+ 0x86dd

Open vSwitch 1.8 added support for bitwise matching; earlier versions supported only CIDR masks.

IPv6 Destination Address Field

Name: ipv6_dst Width: 128 bits Format: IPv6 Masking: arbitrary bitwise masks

Prerequisites: IPv6 Access: read/write OpenFlow 1.0: not supported OpenFlow 1.1: not supported

OXM: OXM_OF_IPV6_DST (27) since OpenFlow 1.2 and Open vSwitch 1.1 NXM: NXM_NX_IPV6_DST (20) since Open vSwitch 1.1

The destination address from the IPv6 header:

Ethernet IPv6 <------------> <--------------> 48 48 16 8 128 128 +---+---+------+ +---+----+---+---+ |dst|src| type | |...|next|src|dst| ... +---+---+------+ +---+----+---+---+ 0x86dd

Open vSwitch 1.8 added support for bitwise matching; earlier versions supported only CIDR masks.

IPv6 Flow Label Field

Name: ipv6_label Width: 32 bits (only the least-significant 20 bits may be nonzero) Format: hexadecimal Masking: arbitrary bitwise masks

Prerequisites: IPv6 Access: read/write OpenFlow 1.0: not supported OpenFlow 1.1: not supported

OXM: OXM_OF_IPV6_FLABEL (28) since OpenFlow 1.2 and Open vSwitch 1.7 NXM: NXM_NX_IPV6_LABEL (27) since Open vSwitch 1.4

The least significant 20 bits hold the flow label field from the IPv6 header. Other bits are zero:

OXM_OF_IPV6_FLABEL <----------------> 12 20 +--------+---------+ | zero | label | +--------+---------+ 0

IPv4/IPv6 Fields These fields exist with at least approximately the same meaning in both IPv4 and IPv6, so they are treated as a single field for matching purposes. Any flow that matches on the IPv4 Ethertype 0x0800 or the IPv6 Ethertype 0x86dd may match on these fields.

IPv4/v6 Protocol Field

Name: nw_proto (aka ip_proto) Width: 8 bits Format: decimal Masking: not maskable

Prerequisites: IPv4/IPv6 Access: read-only OpenFlow 1.0: yes (exact match only) OpenFlow 1.1: yes (exact match only)

OXM: OXM_OF_IP_PROTO (10) since OpenFlow 1.2 and Open vSwitch 1.7 NXM: NXM_OF_IP_PROTO (6) since Open vSwitch 1.1

Matches the IPv4 or IPv6 protocol type.

For historical reasons, in an ARP or RARP flow, Open vSwitch interprets matches on nw_proto as actually referring to the ARP opcode. The ARP opcode is a 16-bit field, so for matching purposes ARP opcodes greater than 255 are treated as 0; this works adequately because in practice ARP and RARP only use opcodes 1 through 4.

IPv4/v6 TTL/Hop Limit Field

Name: nw_ttl Width: 8 bits Format: decimal Masking: not maskable

Prerequisites: IPv4/IPv6 Access: read/write OpenFlow 1.0: not supported OpenFlow 1.1: not supported

OXM: none NXM: NXM_NX_IP_TTL (29) since Open vSwitch 1.4

The main reason to match on the TTL or hop limit field is to detect whether a dec_ttl action will fail due to a TTL exceeded error. Another way that a controller can detect TTL exceeded is to listen for OFPR_INVALID_TTL ``packet-in'' messages via OpenFlow.

IPv4/v6 Fragment Bitmask Field

Name: ip_frag (aka nw_frag) Width: 8 bits (only the least-significant 2 bits may be nonzero) Format: frag

Masking: arbitrary bitwise masks Prerequisites: IPv4/IPv6 Access: read-only OpenFlow 1.0: not supported

OpenFlow 1.1: not supported OXM: none NXM: NXM_NX_IP_FRAG (26) since Open vSwitch 1.3

Specifies what kinds of IP fragments or non-fragments to match. The value for this field is most conveniently specified as one of the following:

no Match only non-fragmented packets.

yes Matches all fragments.

first Matches only fragments with offset 0.

later Matches only fragments with nonzero offset.

not_later Matches non-fragmented packets and fragments with zero offset.

The field is internally formatted as 2 bits: bit 0 is 1 for an IP fragment with any offset (and otherwise 0), and bit 1 is 1 for an IP fragment with nonzero offset (and otherwise 0), like so:

NXM_NX_IP_FRAG <------------> 6 1 1 +----+-----+---+ |zero|later|any| +----+-----+---+ 0

Even though 2 bits have 4 possible values, this field only uses 3 of them:

• A packet that is not an IP fragment has value 0.

• A packet that is an IP fragment with offset 0 (the first fragment) has bit 0 set and thus value 1.

• A packet that is an IP fragment with nonzero offset has bits 0 and 1 set and thus value 3.

The switch may reject matches against values that can never appear.

It is important to understand how this field interacts with the OpenFlow fragment handling mode:

• In OFPC_FRAG_DROP mode, the OpenFlow switch drops all IP fragments before they reach the flow table, so every packet that is available for matching will have value 0 in this field.

• Open vSwitch does not implement OFPC_FRAG_REASM mode, but if it did then IP fragments would be reassembled before they reached the flow table and again every packet available for matching would always have value 0.

• In OFPC_FRAG_NORMAL mode, all three values are possible, but OpenFlow 1.0 says that fragments' transport ports are always 0, even for the first fragment, so this does not provide much extra information.

• In OFPC_FRAG_NX_MATCH mode, all three values are possible. For fragments with offset 0, Open vSwitch makes L4 header information available.

Thus, this field is likely to be most useful for an Open vSwitch switch configured in OFPC_FRAG_NX_MATCH mode. See the description of the set-frags command in ovs-ofctl(8), for more details.

IPv4/IPv6 TOS Fields

IPv4 and IPv6 contain a one-byte ``type of service'' or TOS field that has the following format:

type of service <-------------> 6 2 +--------+------+ | DSCP | ECN | +--------+------+

IPv4/v6 DSCP (Bits 2-7) Field

Name: nw_tos Width: 8 bits Format: decimal

Masking: not maskable Prerequisites: IPv4/IPv6 Access: read/write OpenFlow 1.0: yes (exact match only) OpenFlow 1.1: yes (exact match only)

OXM: none NXM: NXM_OF_IP_TOS (5) since Open vSwitch 1.1

This field is the TOS byte with the two ECN bits cleared to 0:

NXM_OF_IP_TOS <-----------> 6 2 +------+------+ | DSCP | zero | +------+------+ 0

IPv4/v6 DSCP (Bits 0-5) Field

Name: ip_dscp

Width: 8 bits (only the least-significant 6 bits may be nonzero) Format: decimal Masking: not maskable Prerequisites: IPv4/IPv6 Access: read/write

OpenFlow 1.0: yes (exact match only) OpenFlow 1.1: yes (exact match only) OXM: OXM_OF_IP_DSCP (8) since OpenFlow 1.2 and Open vSwitch 1.7 NXM: none

This field is the TOS byte shifted right to put the DSCP bits in the 6 least-significant bits:

OXM_OF_IP_DSCP <------------> 2 6 +-------+------+ | zero | DSCP | +-------+------+ 0

IPv4/v6 ECN Field

Name: nw_ecn (aka ip_ecn) Width: 8 bits (only the least-significant 2 bits may be nonzero) Format: decimal

Masking: not maskable Prerequisites: IPv4/IPv6 Access: read/write OpenFlow 1.0: not supported OpenFlow 1.1: yes (exact match only)

OXM: OXM_OF_IP_ECN (9) since OpenFlow 1.2 and Open vSwitch 1.7 NXM: NXM_NX_IP_ECN (28) since Open vSwitch 1.4

This field is the TOS byte with the DSCP bits cleared to 0:

OXM_OF_IP_ECN <-----------> 6 2 +-------+-----+ | zero | ECN | +-------+-----+ 0