前言

• 云中网络复杂，一直是运维当中的“老大难”问题，本章就将HCS中的网络架构和流量模型充分展开，详细讲解网络中的关键技术和难点，包括计算节点的网络架构模型、网络节点的网元功能、各个网络服务场景下的流量具体走向，帮助大家理解HCS网络，解决运维难题。
• 学完本课程后，您将能够：
  • 了解华为云Stack TYPE 1中网络功能实现原理
  • 了解华为云Stack中网络节点及主要网元内部结构
  • 了解华为云Stack主要网络的流量走向

VXLAN简介

云数据中心业务对网络的诉求和目标

数据中心大二层网络的发展

• STP协议破环，管理复杂；浪费一半链路带宽。
• 堆叠/M-LAG支持的大二层规模有限，且不同厂商实现方式不同。
• Trill是为大二层网络而生的技术，但由于相对复杂，且其革命性对现网设备影响很大，已逐渐被淘汰。（未体现）
• STP或CSS+iStack传统二层技术不适合构建大规模二层网络， 通过VXLAN可以构建大二层网络，支持扁平化胖树拓扑组网方式，链路带宽利用率高。

VXLAN简介

• VXLAN（Visual eXtensible Local Area Network）全称为虚拟扩展本地局域网，它在本质上属于一种隧道技术，能够在任意路由可达的网络上叠加二层虚拟网络，通过VXLAN网关实现VXLAN网络内部的互通，同时，也可以实现与传统的非VXLAN网络的互通。
• VXLAN通过采用MAC in UDP封装来延伸二层网络，将以太报文封装在IP报文之上，通过路由在网络中传输。而且IP路由网络无网络结构限制，具备大规模扩展能力，虚拟机迁移不受网络架构限制。

VXLAN的作用及优势

• VXLAN的作用及优势：
  • 针对虚拟机规模受网络规格限制:
    • VXLAN将虚拟机发出的数据包封装在UDP中，并使用物理网络的IP、MAC地址作为外层头进行封装，对网络只表现为封装后的参数。
    • 除VXLAN网络边缘设备，网络中的其他设备不需要识别虚拟机的MAC地址，减轻了设备的MAC地址学习压力，提升了设备性能。
  • 针对网络隔离能力限制：
    • VXLAN引入了类似VLAN ID的用户标识（VNI），由24bit组成，支持多达16M的VXLAN段的网络隔离，对用户进行隔离和标识不再受到限制，可满足海量租户。
  • 针对虚拟机迁移范围受网络架构限制：
    • VXLAN通过采用MAC in UDP封装来延伸二层网络，将原始以太帧封装在IP/UDP报文内，实现了物理网络和虚拟网络解耦。报文在路由网络中传输时，无需关注虚拟机的MAC地址。
    • 对于具有同一网段IP地址的VM而言，即使其物理位置不在同一个二层网络中，但从逻辑上看，相当于处于同一个二层域。即VXLAN技术在三层网络之上，构建出了一个虚拟的大二层网络。

VXLAN网络架构 - Spine-Leaf

• 新一代数据中心网络采用Spine-Leaf组网架构结合VXLAN（Virtual Extensible LAN）和EVPN（Ethernet VPN）技术。
• VXLAN通过MAC in UDP的报文实现数据面封装，构建基于IP的Overlay的虚拟局域网。Spine和Leaf之间全互联。

Spine-Leaf架构的基本概念

术语	解释
Spine	骨干节点，VXLAN Fabric网络核心节点，提供高速IP转发功能，通过高速接口连接各个功能Leaf节点。
Leaf	叶子节点，VXLAN Fabric网络功能接入节点，提供各种网络设备接入VXLAN网络的功能。
Fabric	一组Spine及Leaf节点互联组成数据中心基础物理网络拓扑。
Service Leaf	Leaf功能节点，提供Firewall和Load Balancer等L4~L7增值服务接入VXLAN Fabric网络的功能，可简称“SL”。
Server Leaf	Leaf功能节点，提供虚拟化服务器、非虚拟化服务器等计算资源接入VXLAN Fabric网络的功能，可简称“Leaf”。
Border Leaf	Leaf功能节点，提供数据中心外部流量接入数据中心VXLAN Fabric网络的功能，用于连接路由器或者传输设备，可简称“BL”。

Spine-Leaf架构的优势

• Spine-Leaf是数据中心的新型网络架构，分为Spine节点和Leaf节点。Spine节点即骨干节点，提供高速IP转发功能。Leaf节点即叶子节点，提供网络接入功能。
• Leaf与Spine实现三层全连接、等价多路径提高网络的可用性。
• Spine-Leaf架构具备极高的扩展能力。
• Spine-Leaf架构的特点：
  • 每个低层级节点（Leaf）都会连接对应所有的高层级节点（Spine），形成一个Full-mesh拓扑。
  • 同级的节点之间没有水平连线。
  • 在典型应用中，整个Spine-Leaf架构就像一台逻辑上的框式交换机，其中Leaf就像这台框式交换机的接口线卡，负责接入外部流量；Spine则像这台框式交换机的交换网板，负责实现Leaf之间的流量互通。
  • Spine-Leaf，具备极高的扩展能力：
  • Spine节点支持扩展到4个，甚至更多。Spine的最大数量取决于Leaf节点的上行端口数。
  • 在两级Spine-Leaf基础上，可进一步扩展到3级Spine-Leaf，实现更多数量的Leaf之间的数据高速交换。

VXLAN基本概念及工作原理：NVE

• NVE（Network Virtualization Edge），网络虚拟边缘。
  • 实现网络虚拟化功能的网络实体，可以是硬件交换机也可以是软件交换机。
  • NVE在三层网络上构建二层虚拟网络。
  • 图中SW1和SW3是NVE。
• 在HCS中，各个计算节点中的br-tun网桥就相当于NVE设备

VXLAN基本概念及工作原理：VTEP

• VTEP（VXLAN Tunnel Endpoints），VXLAN隧道端点。
  • VTEP是VXLAN隧道端点，封装在NVE中，用于VXLAN报文的封装和解封装。
  • VTEP分配物理网络的IP地址，硬件组网中一般使用环回口loopback。
  • VXLAN报文（的外层IP头部）中源IP地址为源端VTEP的IP地址，目的IP地址为目的端VTEP的IP地址。

• 在HCS中，tunnel_bearing平面的地址用来分配给VTEP使用的
• 在计算节点上的br-tun网桥上，有个vxlan-vtp的接口作为了本节点上的VTEP

VXLAN基本概念及工作原理：VNI与BD

• VNI（VXLAN Network Identifier），VXLAN网络标识。

  • 类似VLAN ID，用于区分VXLAN段，不同VXLAN段的虚拟机不能直接二层相互通信。
  • VNI由24比特组成，支持多达16M的租户。
  • VNI和BD 1:1对应。

• BD（Bridge Domain）

  • 类似传统网络中采用VLAN划分广播域。在VXLAN网络中一个BD就标识一个大二层广播域。
  • VNI以1:1方式映射到广播域BD，BD成为VXLAN网络转发数据报文的实体。

• 在HCS的ServiceOM上的虚拟网络中，可以查询到各个网段的VNI信息

VXLAN基本概念：VXLAN二层网关、三层网关

• 二层（L2）网关：实现流量进入VXLAN虚拟网络，也可用于同一VXLAN虚拟网络的同子网通信。
  

• 三层（L3）网关：用于VXLAN虚拟网络的跨子网通信以及外部网络（非VXLAN网络）的访问。
  

• 在HCS中，VXLAN的二层通信和三层通信都是通过SDN 控制器下发的流表进行的，这些流表中会包含二层网关和三层网关的信息

VXLAN基本概念：三层网关VBDIF

• 类似于传统网络中采用VLANIF解决不同广播域互通的方法，在VXLAN中引入了VBDIF的概念。
• VBDIF接口在VXLAN三层网关上配置，是基于BD创建的三层逻辑接口。
• 通过VBDIF接口配置IP地址可实现不同网段的VXLAN间，及VXLAN和非VXLAN的通信，也可实现二层网络接入三层网络。

VXLAN的报文格式

• 源IP地址：VXLAN隧道源端VTEP的IP地址。
• 目的IP地址：VXLAN隧道目的端VTEP的IP地址。

VXLAN数据封装过程

华为云Stack节点内部网络结构

计算节点内部网络结构

• 图中表示的仅为计算节点是两网口的模式，如果是四网口模式，系统会再自动创建一个网桥出来
• 图中未画出存储平面和Internal_Base平面，它们和tunnel_bearing、External_OM一样，都是通过trunk0的子接口方式连接物理网络
  • Router：一个VPC对应一个Router，主要负责VPC网络三层转发
  • Network：Network定义一个二层网络，一个Router可以挂多个Network
  • Subnet：Subnet是Network中的一组IP资源，不支持Network下面挂IPV4或IPv6多个subnet
  • Port：虚拟网络的接入点，Port上会分配IP和MAC，作为对应云资源在Subnet中的标识。
  • vpc-namespace：主要负责三层转发和NAT处理，计算节点上有多个vpc namespace。
  • tap-xxx：Linux虚拟Port，就是vm对应的网口，有VM的私网ip和mac。
  • qbr-xxx：Linux网桥，利用iptables实现安全组过滤和分布式防火墙。
  • ply-xxx：ply网桥负责地址过滤，主要是实现过滤非本机MAC的单播报文。
  • br-int：实现VM进出流量的VLAN tag和untag，并完成子网内的部分二层转发功能
  • br-router：qr口是subnet的网关端口，qr口的IP地址为subnet的网关地址。
  • br-tun：完成VLAN ID和VNI的转换以及隧道报文的封装和解封装，建立不同节点间的大二层互联
  • brcps：是连接到trunk口的网桥，负责VLAN转发时计算节点内外的VLAN交换，brcps在物理上体现为physnet

网络节点内部网络结构

• 图中未体现存储平面，该平面使用的是eth2和eth3绑定的trunk1
• 图中网元虚拟机以最基本的BR和vRouter为例，更多网元虚拟机的具体架构在后续胶片中展开

BR网元内部网络结构

BR网元全称为Border Router，北向连接Inter_Connect网段，南向连接各个内部网关网元ENAT、NETGW等，从VPC去往外部网络的流量（除专线外）都会经BR网元进行转发，对这些流量的带宽限制也是在BR网元上实现的

vRouter和ENAT网元内部网络结构

• vRouter和ENAT网元被部署在相同的虚拟机上，弹性IP的流量会先被送到ENAT网元上，然后再由其转发到BR网元从而与外部网络进行通信；vRouter网元可以打通多个VPC之间的流量，因此用来实现VPC-peering、CC及基础型云专线等网络服务
  • eth0口承载管理面流量
  • eth1口承载vRouter网元的流量，允许Tunnel_bearing 平面和访问公共服务区的流量通过
  • eth2口承载基础云专线流量
  • eth3口承载enat网元流量
  • trunk0和trunk2是网络节点的接口

CVS和Nginx网元内部网络结构

• 四层负载均衡的流量会首先被送到CVS网元上，由其转发到BR网元，同时进行会话的记录和同步
• 七层负载均衡的流量会首先被送到Nginx网元，然后再转发到CVS网元，最后由CVS网元转发到BR网元上

华为云Stack网络服务流量走向

同VPC同子网同主机内ECS间互访流量走向

同VPC同子网同主机内ECS间互访流表追踪

同VPC同子网跨主机ECS间互访流量走向

同VPC同子网跨主机ECS间互访流表追踪 - 主机A

同VPC同子网跨主机ECS间互访流表追踪 - 主机B

同VPC不同子网同主机ECS间互访流量走向

同VPC不同网段同主机

C41E0B58-F544-E711-9231-04B0E7E73704:/home/fsp # ovs-appctl dpctl/dump-flows system@ovs-system | grep 14.0.0.10
recirc_id(0),in_port(19),skb_mark(0),eth(src=fa:16:3e:2f:db:13,dst=fa:16:3e:6b:13:25),eth_type(0x0800),ipv4(src=14.0.0.10,dst=11.0.0.122,proto=1,frag=no), packets:40, bytes:3920, used:0.366s, actions:set(eth(src=fa:16:3e:10:9b:c7,dst=fa:16:3e:fe:bf:68)),14
recirc_id(0),in_port(14),skb_mark(0),eth(src=fa:16:3e:fe:bf:68,dst=fa:16:3e:10:9b:c7),eth_type(0x0800),ipv4(src=11.0.0.122,dst=14.0.0.10,proto=1,frag=no), packets:40, bytes:3920, used:0.366s, actions:set(eth(src=fa:16:3e:6b:13:25,dst=fa:16:3e:2f:db:13)),19
C41E0B58-F544-E711-9231-04B0E7E73704:/home/fsp # ovs-appctl ofproto/trace ovs-system "recirc_id(0),in_port(19),skb_mark(0),eth(src=fa:16:3e:2f:db:13,dst=fa:16:3e:6b:13:25),eth_type(0x0800),ipv4(src=14.0.0.10,dst=11.0.0.122,proto=1,frag=no)"
Flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.122,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0

bridge("ply7025e201-94")
------------------------
 0. pkt_mark=0,in_port=1, priority 990, cookie 0x84ccaa9a76d563d3
    load:0x1->NXM_NX_PKT_MARK[]
    resubmit(,0)
 0. pkt_mark=0x1,ip,in_port=1,dl_src=fa:16:3e:2f:db:13,nw_src=14.0.0.10, priority 5, cookie 0x84ccaa9a76d563d3
    resubmit(,1)
 1. dl_src=fa:16:3e:2f:db:13, priority 2, cookie 0x84ccaa9a76d563d3
    resubmit(,2)
 2. priority 0, cookie 0x84ccaa9a76d563d3
    load:0xaa->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0xaa, priority 0, cookie 0x84ccaa9a76d563d3
    load:0->NXM_NX_PKT_MARK[]
    output:2

bridge("br-int")
----------------
 0. priority 63002, cookie 0x836b0a736ad65f12
    goto_table:60
60. in_port=15, priority 2, cookie 0x836b0a736ad65f12
    set_field:0x1005->reg0
    resubmit(,70)
70. reg0=0x1005,dl_dst=fa:16:3e:6b:13:25, priority 10, cookie 0x836b0a736ad65f12
    push_vlan:0x8100
    set_field:4101->vlan_vid
    output:2

bridge("br-router")
-------------------
 0. in_port=1,dl_vlan=5,dl_dst=fa:16:3e:6b:13:25, priority 2, cookie 0x942841111e13a7db
    load:0xfffffffe->OXM_OF_IN_PORT[]
    resubmit(,3)
 3. ip,dl_vlan=5, priority 3, cookie 0x942841111e13a7db
    load:0x3->NXM_NX_REG0[0..15]
    load:0x1->NXM_NX_REG0[17..26]
    resubmit(,4)
 4. ip,reg0=0x3/0xffff,vlan_tci=0x1000/0x1000,nw_dst=11.0.0.0/24, priority 15000, cookie 0x942841111e13a7db
    move:NXM_OF_IP_DST[]->NXM_NX_REG1[]
     -> NXM_NX_REG1[] is now 0xb00007a
    set_field:4100->vlan_vid
    resubmit(,8)
 8. ip,reg1=0xb00007a,dl_vlan=4, priority 6, cookie 0x942841111e13a7db
    set_field:fa:16:3e:fe:bf:68->eth_dst
    resubmit(,10)
10. ip,dl_vlan=4, priority 2, cookie 0x942841111e13a7db
    set_field:fa:16:3e:10:9b:c7->eth_src
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x836b0a736ad65f12
    goto_table:60
60. in_port=2, priority 2, cookie 0x836b0a736ad65f12
    resubmit(,61)
61. ip, priority 2, cookie 0x836b0a736ad65f12
    output:3

bridge("br-tun")
----------------
 0. in_port=1, priority 2, cookie 0xbc089859d58ec7fd
    goto_table:1
 1. dl_vlan=4,dl_src=fa:16:3e:10:9b:c7, priority 1, cookie 0xbc089859d58ec7fd
    set_field:fa:16:3f:23:81:f8->eth_src
    goto_table:2
 2. dl_dst=00:00:00:00:00:00/01:00:00:00:00:00, priority 0, cookie 0xbc089859d58ec7fd
    goto_table:20
20. dl_vlan=4,dl_dst=fa:16:3e:fe:bf:68, priority 2, cookie 0xbc089859d58ec7fd
    goto_table:28
28. dl_src=fa:16:3f:23:81:f8, priority 2, cookie 0xbc089859d58ec7fd
    IN_PORT

bridge("br-int")
----------------
 0. priority 63002, cookie 0x836b0a736ad65f12
    goto_table:60
60. in_port=3,dl_vlan=4,dl_src=fa:16:3f:00:00:00/ff:ff:ff:00:00:00, priority 4, cookie 0x836b0a736ad65f12
    set_field:fa:16:3e:10:9b:c7->eth_src
    resubmit(,62)
62. dl_vlan=4,dl_dst=fa:16:3e:fe:bf:68, priority 10, cookie 0x836b0a736ad65f12
    pop_vlan
    output:7

bridge("plyb14c3ce8-94")
------------------------
 0. metadata=0,in_port=2, priority 220, cookie 0x84ccaa9a76d563d3
    resubmit(,3)
 3. dl_dst=fa:16:3e:fe:bf:68, priority 10, cookie 0x84ccaa9a76d563d3
    load:0x1->OXM_OF_METADATA[]
    resubmit(,0)
 0. in_port=2, priority 0, cookie 0x84ccaa9a76d563d3
    load:0x55->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0x55, priority 0, cookie 0x84ccaa9a76d563d3
    load:0->NXM_NX_PKT_MARK[]
    output:1

Final flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.122,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: pkt_mark=0,recirc_id=0,eth,icmp,in_port=1,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.122,nw_frag=no
Datapath actions: set(eth(src=fa:16:3e:10:9b:c7,dst=fa:16:3e:fe:bf:68)),14

同VPC不同子网跨主机内ECS间互访流量走向

• 同vpc不同网段跨主机

C41E0B58-F544-E711-9231-04B0E7E73704:/home/fsp # ovs-appctl dpctl/dump-flows system@ovs-system | grep 14.0.0.10
recirc_id(0),in_port(19),skb_mark(0),eth(src=fa:16:3e:2f:db:13,dst=fa:16:3e:6b:13:25),eth_type(0x0800),ipv4(src=14.0.0.10,dst=11.0.0.61,proto=1,tos=0/0x3,frag=no), packets:597, bytes:58506, used:6.466s, actions:set(tunnel(tun_id=0x49381,src=192.168.32.29,dst=192.168.32.12,flags(df|csum|key))),set(eth(src=fa:16:3f:23:81:f8,dst=fa:16:3e:e6:d2:1e)),8
C41E0B58-F544-E711-9231-04B0E7E73704:/home/fsp # ovs-appctl ofproto/trace ovs-system "recirc_id(0),in_port(19),skb_mark(0),eth(src=fa:16:3e:2f:db:13,dst=fa:16:3e:6b:13:25),eth_type(0x0800),ipv4(src=14.0.0.10,dst=11.0.0.61,proto=1,tos=0/0x3,frag=no)"
Flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.61,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0

bridge("ply7025e201-94")
------------------------
 0. pkt_mark=0,in_port=1, priority 990, cookie 0x84ccaa9a76d563d3
    load:0x1->NXM_NX_PKT_MARK[]
    resubmit(,0)
 0. pkt_mark=0x1,ip,in_port=1,dl_src=fa:16:3e:2f:db:13,nw_src=14.0.0.10, priority 5, cookie 0x84ccaa9a76d563d3
    resubmit(,1)
 1. dl_src=fa:16:3e:2f:db:13, priority 2, cookie 0x84ccaa9a76d563d3
    resubmit(,2)
 2. priority 0, cookie 0x84ccaa9a76d563d3
    load:0xaa->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0xaa, priority 0, cookie 0x84ccaa9a76d563d3
    load:0->NXM_NX_PKT_MARK[]
    output:2

bridge("br-int")
----------------
 0. priority 63002, cookie 0x836b0a736ad65f12
    goto_table:60
60. in_port=15, priority 2, cookie 0x836b0a736ad65f12
    set_field:0x1005->reg0
    resubmit(,70)
70. reg0=0x1005,dl_dst=fa:16:3e:6b:13:25, priority 10, cookie 0x836b0a736ad65f12
    push_vlan:0x8100
    set_field:4101->vlan_vid
    output:2

bridge("br-router")
-------------------
 0. in_port=1,dl_vlan=5,dl_dst=fa:16:3e:6b:13:25, priority 2, cookie 0x942841111e13a7db
    load:0xfffffffe->OXM_OF_IN_PORT[]
    resubmit(,3)
 3. ip,dl_vlan=5, priority 3, cookie 0x942841111e13a7db
    load:0x3->NXM_NX_REG0[0..15]
    load:0x1->NXM_NX_REG0[17..26]
    resubmit(,4)
 4. ip,reg0=0x3/0xffff,vlan_tci=0x1000/0x1000,nw_dst=11.0.0.0/24, priority 15000, cookie 0x942841111e13a7db
    move:NXM_OF_IP_DST[]->NXM_NX_REG1[]
     -> NXM_NX_REG1[] is now 0xb00003d
    set_field:4100->vlan_vid
    resubmit(,8)
 8. ip,reg1=0xb00003d,dl_vlan=4, priority 6, cookie 0x942841111e13a7db
    set_field:fa:16:3e:e6:d2:1e->eth_dst
    resubmit(,10)
10. ip,dl_vlan=4, priority 2, cookie 0x942841111e13a7db
    set_field:fa:16:3e:10:9b:c7->eth_src
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x836b0a736ad65f12
    goto_table:60
60. in_port=2, priority 2, cookie 0x836b0a736ad65f12
    resubmit(,61)
61. ip, priority 2, cookie 0x836b0a736ad65f12
    output:3

bridge("br-tun")
----------------
 0. in_port=1, priority 2, cookie 0xbc089859d58ec7fd
    goto_table:1
 1. dl_vlan=4,dl_src=fa:16:3e:10:9b:c7, priority 1, cookie 0xbc089859d58ec7fd
    set_field:fa:16:3f:23:81:f8->eth_src
    goto_table:2
 2. dl_dst=00:00:00:00:00:00/01:00:00:00:00:00, priority 0, cookie 0xbc089859d58ec7fd
    goto_table:20
20. dl_vlan=4,dl_dst=fa:16:3e:e6:d2:1e, priority 3, cookie 0xbc089859d58ec7fd
    pop_vlan
    set_field:0x49381->tun_id
    set_field:192.168.32.12->tun_dst
    output:2
     -> output to kernel tunnel

Final flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.61,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: pkt_mark=0,recirc_id=0,eth,icmp,in_port=1,dl_src=fa:16:3e:2f:db:13,dl_dst=fa:16:3e:6b:13:25,nw_src=14.0.0.10,nw_dst=11.0.0.61,nw_ecn=0,nw_frag=no
Datapath actions: set(tunnel(tun_id=0x49381,src=192.168.32.29,dst=192.168.32.12,flags(df|csum|key))),set(eth(src=fa:16:3f:23:81:f8,dst=fa:16:3e:e6:d2:1e)),8

• 同VPC不同网段夸主机

940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl dpctl/dump-flows system@ovs-system | grep "src=fa:16:3f:23:81:f8,dst=fa:16:3e:e6:d2:1e"
recirc_id(0),tunnel(tun_id=0x49381,src=192.168.32.29,dst=192.168.32.12,flags(-df+csum+key)),in_port(8),skb_mark(0),eth(src=fa:16:3f:23:81:f8,dst=fa:16:3e:e6:d2:1e),eth_type(0x0800),ipv4(frag=no), packets:1427, bytes:139846, used:0.554s, actions:set(eth(src=fa:16:3e:10:9b:c7)),27
940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl ofproto/trace ovs-system "recirc_id(0),tunnel(tun_id=0x49381,src=192.168.32.29,dst=192.168.32.12,flags(-df+csum+key)),in_port(8),skb_mark(0),eth(src=fa:16:3f:23:81:f8,dst=fa:16:3e:e6:d2:1e),eth_type(0x0800),ipv4(frag=no)"
Flow: ip,tun_id=0x49381,tun_src=192.168.32.29,tun_dst=192.168.32.12,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=csum|key,in_port=2,vlan_tci=0x0000,dl_src=fa:16:3f:23:81:f8,dl_dst=fa:16:3e:e6:d2:1e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("br-tun")
----------------
 0. priority 1, cookie 0xb216654ce9cea612
    goto_table:4
 4. tun_id=0x49381, priority 2, cookie 0xb216654ce9cea612
    push_vlan:0x8100
    set_field:4104->vlan_vid
    goto_table:9
 9. priority 2, cookie 0xb216654ce9cea612
    goto_table:10
10. priority 1, cookie 0xb216654ce9cea612
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x86e8be3118722a96
    goto_table:60
60. in_port=3,dl_vlan=8,dl_src=fa:16:3f:00:00:00/ff:ff:ff:00:00:00, priority 4, cookie 0x86e8be3118722a96
    set_field:fa:16:3e:10:9b:c7->eth_src
    resubmit(,62)
62. dl_vlan=8,dl_dst=fa:16:3e:e6:d2:1e, priority 10, cookie 0x86e8be3118722a96
    pop_vlan
    output:22

bridge("ply2f40de1b-22")
------------------------
 0. metadata=0,in_port=2, priority 220, cookie 0xa172bafd755d4b47
    resubmit(,3)
 3. dl_dst=fa:16:3e:e6:d2:1e, priority 10, cookie 0xa172bafd755d4b47
    load:0x1->OXM_OF_METADATA[]
    resubmit(,0)
 0. in_port=2, priority 0, cookie 0xa172bafd755d4b47
    load:0x55->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0x55, priority 0, cookie 0xa172bafd755d4b47
    load:0->NXM_NX_PKT_MARK[]
    output:1

Final flow: ip,tun_id=0x49381,tun_src=192.168.32.29,tun_dst=192.168.32.12,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=csum|key,in_port=2,dl_vlan=8,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=fa:16:3f:23:81:f8,dl_dst=fa:16:3e:e6:d2:1e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
Megaflow: pkt_mark=0,recirc_id=0,eth,ip,tun_id=0x49381,tun_src=192.168.32.29,tun_dst=192.168.32.12,tun_tos=0,tun_flags=-df+csum+key,in_port=2,dl_src=fa:16:3f:23:81:f8,dl_dst=fa:16:3e:e6:d2:1e,nw_frag=no
Datapath actions: set(eth(src=fa:16:3e:10:9b:c7)),27

对等连接流量走向

• 对等连接-A

940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl dpctl/dump-flows system@ovs-system | grep 12.0.0.214
recirc_id(0),in_port(24),skb_mark(0),eth(src=fa:16:3e:60:30:43,dst=fa:16:3e:03:19:09),eth_type(0x0800),ipv4(src=12.0.0.214,dst=11.0.0.32/255.255.255.224,proto=1,tos=0/0x3,frag=no), packets:31, bytes:3038, used:0.421s, actions:set(tunnel(tun_id=0x49397,src=192.168.32.12,dst=10.72.10.3,flags(df|csum|key))),set(eth(src=fa:16:3f:f2:5c:a3,dst=fa:16:3e:e2:c7:5d)),8
940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl ofproto/trace ovs-system "recirc_id(0),in_port(24),skb_mark(0),eth(src=fa:16:3e:60:30:43,dst=fa:16:3e:03:19:09),eth_type(0x0800),ipv4(src=12.0.0.214,dst=11.0.0.32/255.255.255.224,proto=1,tos=0/0x3,frag=no)"
Flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=11.0.0.32,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0

bridge("plyece9fd48-e7")
------------------------
 0. pkt_mark=0,in_port=1, priority 990, cookie 0xa172bafd755d4b47
    load:0x1->NXM_NX_PKT_MARK[]
    resubmit(,0)
 0. pkt_mark=0x1,ip,in_port=1,dl_src=fa:16:3e:60:30:43,nw_src=12.0.0.214, priority 5, cookie 0xa172bafd755d4b47
    resubmit(,1)
 1. dl_src=fa:16:3e:60:30:43, priority 2, cookie 0xa172bafd755d4b47
    resubmit(,2)
 2. priority 0, cookie 0xa172bafd755d4b47
    load:0xaa->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0xaa, priority 0, cookie 0xa172bafd755d4b47
    load:0->NXM_NX_PKT_MARK[]
    output:2

bridge("br-int")
----------------
 0. priority 63002, cookie 0x86e8be3118722a96
    goto_table:60
60. in_port=21, priority 2, cookie 0x86e8be3118722a96
    set_field:0x1006->reg0
    resubmit(,70)
70. reg0=0x1006,dl_dst=fa:16:3e:03:19:09, priority 10, cookie 0x86e8be3118722a96
    push_vlan:0x8100
    set_field:4102->vlan_vid
    output:2

bridge("br-router")
-------------------
 0. in_port=1,dl_vlan=6,dl_dst=fa:16:3e:03:19:09, priority 2, cookie 0xbb51e9d066689622
    load:0xfffffffe->OXM_OF_IN_PORT[]
    resubmit(,3)
 3. ip,dl_vlan=6, priority 3, cookie 0xbb51e9d066689622
    load:0x4->NXM_NX_REG0[0..15]
    load:0x1->NXM_NX_REG0[17..26]
    resubmit(,4)
 4. ip,reg0=0x20004/0x7feffff,nw_dst=11.0.0.0/24, priority 10245, cookie 0xbb51e9d066689622
    set_field:0xa9fe0001->reg1
    resubmit(,8)
 8. ip,reg1=0xa9fe0001,dl_vlan=6, priority 6, cookie 0xbb51e9d066689622
    set_field:fa:16:3e:e2:c7:5d->eth_dst
    resubmit(,10)
10. ip,dl_vlan=6, priority 2, cookie 0xbb51e9d066689622
    set_field:fa:16:3e:03:19:09->eth_src
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x86e8be3118722a96
    goto_table:60
60. in_port=2, priority 2, cookie 0x86e8be3118722a96
    resubmit(,61)
61. ip, priority 2, cookie 0x86e8be3118722a96
    output:3

bridge("br-tun")
----------------
 0. in_port=1, priority 2, cookie 0xb216654ce9cea612
    goto_table:1
 1. dl_vlan=6,dl_src=fa:16:3e:03:19:09, priority 1, cookie 0xb216654ce9cea612
    set_field:fa:16:3f:f2:5c:a3->eth_src
    goto_table:2
 2. dl_dst=00:00:00:00:00:00/01:00:00:00:00:00, priority 0, cookie 0xb216654ce9cea612
    goto_table:20
20. dl_vlan=6,dl_dst=fa:16:3e:e2:c7:5d, priority 3, cookie 0xb216654ce9cea612
    pop_vlan
    set_field:0x49397->tun_id
    set_field:10.72.10.3->tun_dst
    output:2
     -> output to kernel tunnel

Final flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=11.0.0.32,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: pkt_mark=0,recirc_id=0,eth,icmp,in_port=1,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=11.0.0.32/27,nw_ecn=0,nw_frag=no
Datapath actions: set(tunnel(tun_id=0x49397,src=192.168.32.12,dst=10.72.10.3,flags(df|csum|key))),set(eth(src=fa:16:3f:f2:5c:a3,dst=fa:16:3e:e2:c7:5d)),8

• 对等连接-B

508C7E61-9943-E711-87EE-38BC0114982E:~ # ovs-appctl ofproto/trace ovs-system "recirc_id(0),tunnel(tun_id=0x49381,src=10.72.10.3,dst=192.168.32.30,flags(-df+csum+key)),in_port(8),skb_mark(0),eth(src=fa:16:40:01:00:01,dst=fa:16:3e:e6:d2:1e),eth_type(0x0800),ipv4(frag=no)"
Flow: ip,tun_id=0x49381,tun_src=10.72.10.3,tun_dst=192.168.32.30,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=csum|key,in_port=2,vlan_tci=0x0000,dl_src=fa:16:40:01:00:01,dl_dst=fa:16:3e:e6:d2:1e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("br-tun")
----------------
 0. priority 1, cookie 0x8e9a2aeb2e045f91
    goto_table:4
 4. tun_id=0x49381, priority 2, cookie 0x8e9a2aeb2e045f91
    push_vlan:0x8100
    set_field:4104->vlan_vid
    goto_table:9
 9. priority 2, cookie 0x8e9a2aeb2e045f91
    goto_table:10
10. priority 1, cookie 0x8e9a2aeb2e045f91
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x8b1e8b8195b828a3
    goto_table:60
60. in_port=3,dl_vlan=8,dl_src=fa:16:40:00:00:00/ff:ff:ff:00:00:00, priority 4, cookie 0x8b1e8b8195b828a3
    set_field:fa:16:3e:10:9b:c7->eth_src
    resubmit(,62)
62. dl_vlan=8,dl_dst=fa:16:3e:e6:d2:1e, priority 10, cookie 0x8b1e8b8195b828a3
    pop_vlan
    output:10

bridge("ply2f40de1b-22")
------------------------
 0. metadata=0,in_port=2, priority 220, cookie 0xb4a2e3a855fb1a0b
    resubmit(,3)
 3. dl_dst=fa:16:3e:e6:d2:1e, priority 10, cookie 0xb4a2e3a855fb1a0b
    load:0x1->OXM_OF_METADATA[]
    resubmit(,0)
 0. in_port=2, priority 0, cookie 0xb4a2e3a855fb1a0b
    load:0x55->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0x55, priority 0, cookie 0xb4a2e3a855fb1a0b
    load:0->NXM_NX_PKT_MARK[]
    output:1

Final flow: ip,tun_id=0x49381,tun_src=10.72.10.3,tun_dst=192.168.32.30,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=csum|key,in_port=2,dl_vlan=8,dl_vlan_pcp=0,vlan_tci1=0x0000,dl_src=fa:16:40:01:00:01,dl_dst=fa:16:3e:e6:d2:1e,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
Megaflow: pkt_mark=0,recirc_id=0,eth,ip,tun_id=0x49381,tun_src=10.72.10.3,tun_dst=192.168.32.30,tun_tos=0,tun_flags=-df+csum+key,in_port=2,dl_src=fa:16:40:01:00:01,dl_dst=fa:16:3e:e6:d2:1e,nw_frag=no
Datapath actions: set(eth(src=fa:16:3e:10:9b:c7)),23

• 对等连接-vRouter

B7D8978D-E821-684A-868E-54E992189D20:/home/fsp # ovs-appctl dpctl/dump-flows netdev@ovs-netdev | grep 11.0.0.61 tunnel(tun_id=0x49397,src=192.168.32.12,dst=10.72.10.3,flags(-df-csum+key)),recirc_id(0),in_port(12),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(dst=11.0.0.61/255.255.255.0,frag=no), packets:11793, bytes:1155714, used:0.151s, actions:ext_action(route,table_index=2;vrf=3;resubmit=yes)
B7D8978D-E821-684A-868E-54E992189D20:/home/fsp # ovs-appctl ofproto/trace ovs-netdev "tunnel(tun_id=0x49397,src=192.168.32.12,dst=10.72.10.3,flags(-df-csum+key)),recirc_id(0),in_port(12),packet_type(ns=0,id=0),ipv4(dst=11.0.0.61/255.255.255.0,frag=no)"
Flow: ip,tun_id=0x49397,tun_src=192.168.32.12,tun_dst=10.72.10.3,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=key,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=11.0.0.61,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("br-vrouter-tun")
------------------------
 0. ip,tun_id=0x49397, priority 100, cookie 0x10000000
    set_field:0x4->reg0
    resubmit(,20)
20. ip,reg0=0x4,nw_dst=11.0.0.0/24, priority 170, cookie 0x10000000
    set_field:0x3->reg0
    resubmit(,20)
20. ip,reg0=0x3,nw_dst=11.0.0.0/24, priority 170, cookie 0x10000000
    ext_action(action=route,args(table_index=2;vrf=3;resubmit=yes))
    resubmit(,21)
21. priority 5, cookie 0x10000000
    drop

Final flow: ip,reg0=0x3,tun_id=0x49397,tun_src=192.168.32.12,tun_dst=10.72.10.3,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=key,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=11.0.0.61,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
Megaflow: recirc_id=0,eth,ip,tun_id=0x49397,tun_src=192.168.32.12,tun_dst=10.72.10.3,tun_tos=0,tun_flags=-df-csum+key,in_port=1,nw_dst=11.0.0.0/24,nw_frag=no
Datapath actions: ext_action(route,table_index=2;vrf=3;resubmit=yes)
B7D8978D-E821-684A-868E-54E992189D20:/home/fsp # ovs-appctl ext/route/show table_index=2 | grep 11.0.0.61                                                                                                     table_index=2 vrf=3 ip=11.0.0.61 cookie=268435456 mask=32 type=vm_position hash_mode=default vm_mac=FA:16:3E:E6:D2:1E gw_mac=FA:16:40:01:00:01 local_ip=10.72.10.3 remote_ip=192.168.32.30 vni=299905 tunnel_vrf=0 tun_table=0

EIP南北流量走向

• EIP-A

940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl dpctl/dump-flows system@ovs-system | grep 12.0.0.214
recirc_id(0),in_port(24),skb_mark(0),eth(src=fa:16:3e:60:30:43,dst=fa:16:3e:03:19:09),eth_type(0x0800),ipv4(src=12.0.0.214,dst=192.168.0.0/255.255.240.0,proto=1,tos=0/0x3,frag=no), packets:40, bytes:3920, used:0.164s, actions:set(tunnel(tun_id=0x493de,src=192.168.32.12,dst=10.72.10.4,flags(df|csum|key))),set(eth(src=fa:16:3f:f2:5c:a3,dst=fa:16:3e:1c:f0:52)),8
940FB1CC-1D41-E711-8DEF-38BC0114978F:/home/fsp # ovs-appctl ofproto/trace ovs-system "recirc_id(0),in_port(24),skb_mark(0),eth(src=fa:16:3e:60:30:43,dst=fa:16:3e:03:19:09),eth_type(0x0800),ipv4(src=12.0.0.214,dst=192.168.0.0/255.255.240.0,proto=1,tos=0/0x3,frag=no)"
Flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=192.168.0.0,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0

bridge("plyece9fd48-e7")
------------------------
 0. pkt_mark=0,in_port=1, priority 990, cookie 0xa172bafd755d4b47
    load:0x1->NXM_NX_PKT_MARK[]
    resubmit(,0)
 0. pkt_mark=0x1,ip,in_port=1,dl_src=fa:16:3e:60:30:43,nw_src=12.0.0.214, priority 5, cookie 0xa172bafd755d4b47
    resubmit(,1)
 1. dl_src=fa:16:3e:60:30:43, priority 2, cookie 0xa172bafd755d4b47
    resubmit(,2)
 2. priority 0, cookie 0xa172bafd755d4b47
    load:0xaa->NXM_NX_PKT_MARK[]
    resubmit(,30)
30. pkt_mark=0xaa, priority 0, cookie 0xa172bafd755d4b47
    load:0->NXM_NX_PKT_MARK[]
    output:2

bridge("br-int")
----------------
 0. priority 63002, cookie 0x86e8be3118722a96
    goto_table:60
60. in_port=21, priority 2, cookie 0x86e8be3118722a96
    set_field:0x1006->reg0
    resubmit(,70)
70. reg0=0x1006,dl_dst=fa:16:3e:03:19:09, priority 10, cookie 0x86e8be3118722a96
    push_vlan:0x8100
    set_field:4102->vlan_vid
    output:2

bridge("br-router")
-------------------
 0. in_port=1,dl_vlan=6,dl_dst=fa:16:3e:03:19:09, priority 2, cookie 0xbb51e9d066689622
    load:0xfffffffe->OXM_OF_IN_PORT[]
    resubmit(,3)
 3. ip,dl_vlan=6, priority 3, cookie 0xbb51e9d066689622
    load:0x4->NXM_NX_REG0[0..15]
    load:0x1->NXM_NX_REG0[17..26]
    resubmit(,4)
 4. priority 0, cookie 0xbb51e9d066689622
    goto_table:5
 5. ip,reg0=0x4/0xffff,nw_src=12.0.0.214, priority 40, cookie 0xbb51e9d066689622
    resubmit(,7)
 7. ip,reg0=0x4/0xffff,metadata=0,vlan_tci=0x1000/0x1000, priority 2, cookie 0xbb51e9d066689622
    set_field:4101->vlan_vid
    set_field:0x647f008c->reg1
    resubmit(,8)
 8. ip,reg1=0x647f008c,dl_vlan=5, priority 6, cookie 0xbb51e9d066689622
    set_field:fa:16:3e:1c:f0:52->eth_dst
    resubmit(,10)
10. ip,dl_vlan=5, priority 2, cookie 0xbb51e9d066689622
    set_field:fa:16:3e:27:90:10->eth_src
    output:1

bridge("br-int")
----------------
 0. priority 63002, cookie 0x86e8be3118722a96
    goto_table:60
60. in_port=2, priority 2, cookie 0x86e8be3118722a96
    resubmit(,61)
61. ip, priority 2, cookie 0x86e8be3118722a96
    output:3

bridge("br-tun")
----------------
 0. in_port=1, priority 2, cookie 0xb216654ce9cea612
    goto_table:1
 1. dl_vlan=5,dl_src=fa:16:3e:27:90:10, priority 1, cookie 0xb216654ce9cea612
    set_field:fa:16:3f:f2:5c:a3->eth_src
    goto_table:2
 2. dl_dst=00:00:00:00:00:00/01:00:00:00:00:00, priority 0, cookie 0xb216654ce9cea612
    goto_table:20
20. dl_vlan=5,dl_dst=fa:16:3e:1c:f0:52, priority 3, cookie 0xb216654ce9cea612
    pop_vlan
    set_field:0x493de->tun_id
    set_field:10.72.10.4->tun_dst
    output:2
     -> output to kernel tunnel

Final flow: icmp,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=192.168.0.0,nw_tos=0,nw_ecn=0,nw_ttl=0,icmp_type=0,icmp_code=0
Megaflow: pkt_mark=0,recirc_id=0,eth,icmp,in_port=1,dl_src=fa:16:3e:60:30:43,dl_dst=fa:16:3e:03:19:09,nw_src=12.0.0.214,nw_dst=192.168.0.0/20,nw_ecn=0,nw_frag=no
Datapath actions: set(tunnel(tun_id=0x493de,src=192.168.32.12,dst=10.72.10.4,flags(df|csum|key))),set(eth(src=fa:16:3f:f2:5c:a3,dst=fa:16:3e:1c:f0:52)),8

• EIP-BP

4C494FAA-9701-714D-A07A-33BE0D03D198:~ # ovs-appctl dpctl/dump-flows netdev@ovs-netdev | grep 10.72.10.4
tunnel(tun_id=0x493e0,src=10.72.10.4,dst=10.72.10.2,flags(-df-csum+key)),recirc_id(0),in_port(5),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(frag=no), packets:16, bytes:1568, used:0.313s, actions:ext_action(route,table_index=0;resubmit=yes),ext_action(ecmp,group_id=101)
4C494FAA-9701-714D-A07A-33BE0D03D198:~ # ovs-appctl ofproto/trace ovs-netdev "tunnel(tun_id=0x493e0,src=10.72.10.4,dst=10.72.10.2,flags(-df-csum+key)),recirc_id(0),in_port(5),packet_type(ns=0,id=0),ipv4(frag=no)"
Flow: ip,tun_id=0x493e0,tun_src=10.72.10.4,tun_dst=10.72.10.2,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0

bridge("br-forward")
--------------------
 0. ip,in_port=4, priority 20, cookie 0x3
    ext_action(action=route,args(table_index=0;resubmit=yes))
    resubmit(,1)
 1. ip, priority 9, cookie 0x3
    ext_action(action=ecmp,args(group_id=101))

Final flow: ip,tun_id=0x493e0,tun_src=10.72.10.4,tun_dst=10.72.10.2,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,nw_src=0.0.0.0,nw_dst=0.0.0.0,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=0
Megaflow: recirc_id=0,eth,ip,tun_id=0x493e0,tun_src=10.72.10.4,tun_dst=10.72.10.2,tun_tos=0,tun_flags=-df-csum+key,in_port=4,nw_frag=no
Datapath actions: ext_action(route,table_index=0;resubmit=yes),ext_action(ecmp,group_id=101)
4C494FAA-9701-714D-A07A-33BE0D03D198:~ # ovs-appctl ecmp/group/show group_id=101
GroupId=101 Type=nexthop Cnt=1 hash_mode=default pkt_direct=Normal
entry_index=0 nexthop_ip=192.168.27.254 detect_ip=192.168.27.254 out_dev=internet0 cookie=0

EIP东西流量走向

EIP-ENAT-IN

F453DFC7-5A65-BA44-9171-6E749F22B806:~ # ovs-appctl dpctl/dump-flows netdev@ovs-netdev | grep "fa:16:3e:60:30:43"                         tunnel(tun_id=0x493e0,src=10.72.10.2,dst=10.72.10.4,flags(-df-csum+key)),recirc_id(0),in_port(12),packet_type(ns=0,id=0),eth(src=fa:16:3e:3d:31:10,dst=fa:16:3e:79:79:1e),eth_type(0x0800),ipv4(dst=192.168.51.104,tos=0/0x3,ttl=62,frag=no), packets:664, bytes:65072, used:0.172s, actions:set(eth(src=fa:16:40:02:00:00,dst=fa:16:3e:60:30:43)),set(ipv4(dst=12.0.0.214,ttl=61)),clone(tnl_push(tnl_port(12),header(size=50,type=4,eth(dst=e4:a8:b6:53:61:f6,src=fa:16:3e:f9:31:d6,dl_type=0x0800),ipv4(src=10.72.10.4,dst=192.168.32.12,proto=17,tos=0,ttl=64,frag=0x4000),udp(src=0,dst=4789,csum=0x0),vxlan(flags=0x8000000,vni=0x49397)),out_port(10)),push_vlan(vid=32,pcp=0),8)
F453DFC7-5A65-BA44-9171-6E749F22B806:~ # ovs-appctl ofproto/trace ovs-netdev "tunnel(tun_id=0x493e0,src=10.72.10.2,dst=10.72.10.4,flags(-df-csum+key)),recirc_id(0),in_port(12),packet_type(ns=0,id=0),eth(src=fa:16:3e:3d:31:10,dst=fa:16:3e:79:79:1e),ipv4(dst=192.168.51.104,tos=0/0x3,ttl=62,frag=no)"
Flow: ip,tun_id=0x493e0,tun_src=10.72.10.2,tun_dst=10.72.10.4,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_erspan_ver=0,tun_flags=key,in_port=1,vlan_tci=0x0000,dl_src=fa:16:3e:3d:31:10,dl_dst=fa:16:3e:79:79:1e,nw_src=0.0.0.0,nw_dst=192.168.51.104,nw_proto=0,nw_tos=0,nw_ecn=0,nw_ttl=62

bridge("br-enat-tun")
---------------------
 0. ip,nw_dst=192.168.51.104, priority 40, cookie 0x87734538df93d4a4
    set_field:12.0.0.214->ip_dst
    set_field:fa:16:40:02:00:00->eth_src
    set_field:fa:16:3e:60:30:43->eth_dst
    set_field:0x49397->tun_id
    set_field:10.72.10.4->tun_src
    set_field:192.168.32.12->tun_dst
    dec_ttl
    IN_PORT
     -> output to native tunnel
     -> tunneling to 192.168.32.254 via tunnel-enat
     -> tunneling from fa:16:3e:f9:31:d6 10.72.10.4 to e4:a8:b6:53:61:f6 192.168.32.254

bridge("br-enat-dpdk")
----------------------
 0. in_port=3, priority 10, cookie 0x89c71082b0e09a0f
    mod_vlan_vid:32
    output:1

NAT流量走向

ELB南北流量走向 - 四层负载均衡

ELB南北流量走向 - 七层负载均衡

Endpoint流量走向

基础型云专线流量走向

缩略语

缩略语	英文全称	解释
EIP	Elastic IP Address	弹性IP地址，它可以提供独立的公网IP资源，包括公网IP地址与公网出口带宽服务。可以与弹性云服务器ECS、裸金属服务器BMS、虚拟IP、弹性负载均衡ELB、NAT网关等资源灵活地绑定及解绑。拥有多种灵活的计费方式，可以满足各种业务场景的需要。
NAT	Network Address Translation	在主机组网中，在只有一个IP网络供主机使用时，能够将虚拟机连接到外部网络的一种网络连接。网络地址转换设备在一个或多个虚拟机和外部网络之间传递数据，它对针对每个虚拟机的输入数据包进行辨识并且将它们发送到正确的目的地。
ELB	Elastic Load Balance	弹性负载均衡，通过将访问流量自动分发到多台弹性云服务器，扩展应用系统对外的服务能力，实现更高水平的应用程序容错性能。
VPC	Virtual Private Cloud	VPC即虚拟私有云，是通过逻辑方式进行网络隔离，提供安全、隔离的网络环境。您可以在VPC中定义与传统网络无差别的虚拟网络，同时提供弹性IP、安全组等高级网络服务。