Skip to content

Instantly share code, notes, and snippets.

@jshen28

jshen28/ovs-cheat.md

Forked from djoreilly/ovs-cheat.md
Last active April 21, 2021 08:14
Show Gist options
  • Save jshen28/7beb24749c6cc328ffd64b669a93d355 to your computer and use it in GitHub Desktop.
Save jshen28/7beb24749c6cc328ffd64b669a93d355 to your computer and use it in GitHub Desktop.
Download ZIP
OVS cheat sheet
Raw
ovs-cheat.md

CTL

ovs-vsctl list open_vswitch
ovs-vsctl list interface
ovs-vsctl --columns=ofport,name list Interface
ovs-vsctl --columns=ofport,name --format=table list Interface
ovs-vsctl --format=table --columns=name,mac_in_use find Interface name=br-dpdk1
ovs-vsctl get interface vhub656c3cb-23 name/ofport

ovs-vsctl set port vlan1729 tag=1729
ovs-vsctl get port vlan1729 tag
ovs-vsctl remove port vlan1729 tag 1729

# https://kashyapc.fedorapeople.org/virt/openvswitch/ovs-vlan-internal-port.txt
ovs-vsctl add-port br-bond1 sjt-test tag=1002 -- set inerface sjt-test type=internal

# not sure this is best
ovs-vsctl set interface vlan1729 mac='5c\:b9\:01\:8d\:3e\:9d'

ovs-vsctl clear Bridge br0 stp_enable

ovs-vsctl --may-exist add-br br0 -- set bridge br0 datapath_type=netdev
ovs-vsctl --if-exists del-br br0

FLOWS

ovs-ofctl -O OpenFlow13 dump-flows br-int | cut -d',' -f3,6,7-

ovs-appctl dpif/show
ovs-ofctl show br-int | egrep "^ [0-9]"

ovs-ofctl add-flow brbm priority=1,in_port=11,dl_src=00:05:95:41:ec:8c/ff:ff:ff:ff:ff:ff,actions=drop
ovs-ofctl --strict del-flows brbm priority=0,in_port=11,dl_src=00:05:95:41:ec:8c

# kernel datapath
ovs-dpctl dump-flows
ovs-appctl dpctl/dump-flows
ovs-appctl dpctl/dump-flows system@ovs-system
ovs-appctl dpctl/dump-flows netdev@ovs-netdev

DPDK

ovs-appctl dpif/show
ovs-ofctl dump-ports br-int
ovs-appctl dpctl/dump-flows
ovs-appctl dpctl/show --statistics
ovs-appctl dpif-netdev/pmd-stats-show
ovs-appctl dpif-netdev/pmd-stats-clear
ovs-appctl dpif-netdev/pmd-rxq-show

Debug log

ovs-appctl vlog/list | grep dpdk
ovs-appctl vlog/set dpdk:file:dbg

CONTRACK

Contrack could be used to implement a stateful filter. In openstack, it could be utilized to replace iptables which forces use of a intermediary linuxbridge to work.

# http://docs.openvswitch.org/en/latest/tutorials/ovs-conntrack/
# https://redhatstackblog.redhat.com/2016/07/22/how-connection-tracking-in-open-vswitch-helps-openstack-performance/

# This feature simplifies architecture and linux bridge which is used
# to implement iptables is no longer necessary
ovs-appctl dpctl/dump-conntrack

Misc

ovs-appctl fdb/show brbm

ovs-appctl ofproto/trace br-int in_port=6

# http://flowgrammable.org/sdn/openflow/classifiers/
ovs-appctl ofproto/trace br-int tcp,in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:8d:26:61,dl_dst=fa:16:3e:0d:f5:e6,nw_src=10.0.0.26,nw_dst=10.0.0.9,nw_tos=0,nw_ecn=0,nw_ttl=0,tp_src=0,tp_dst=22,tcp_flags=0
ovs-appctl ofproto/trace br-int arp,in_port=984,arp_tpa=172.31.0.14,arp_spa=172.31.0.15,dl_src=fa:16:3e:d0:1f:36,dl_dst=ff:ff:ff:ff:ff:ff
ovs-appctl ofproto/trace br-int arp,in_port=984,dl_src=fa:16:3e:d0:1f:36,dl_dst=ff:ff:ff:ff:ff:ff

# dhcp
ovs-appctl ofproto/trace br-int udp,in_port=6,dl_src=fa:16:3e:d3:4d:e0,dl_dst=ff:ff:ff:ff:ff:ff,nw_dst=255.255.255.255,udp_dst=67,udp_src=68


# history
ovsdb-tool -mm show-log /etc/openvswitch/conf.db

top -p `pidof ovs-vswitchd` -H -d1

REFERNCES

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment