PrivateNote-UCloudFlowLaws

Pipeline DHCP Packet-In

1	cookie=0x20000, table=0, priority=60030,udp,dl_dst=ff:ff:ff:ff:ff:ff,tp_src=68,tp_dst=67 actions=CONTROLLER:65535

Pipeline ARP Broadcast Packet-In

1	cookie=0x20000, table=0, priority=60010,arp,dl_dst=ff:ff:ff:ff:ff:ff actions=CONTROLLER:65535,resubmit(,251)

Pipeline Unicast Request Gateway ARP Packet-In

1	cookie=0x20000, table=0, priority=60010,arp,dl_dst=fa:ff:ff:ff:ff:ff actions=CONTROLLER:65535

Pipeline Table Miss Packet-In

1	cookie=0x20000, table=0, actions=CONTROLLER:65535,resubmit(,251)

Pipeline Global Hook Point To Table1

1	cookie=0x20003, table=0, priority=62000,metadata=0 actions=set_field:0x1->metadata,resubmit(,1)

Pipeline Table1 Default Resubmit To Table0

1	cookie=0x20004, table=1, priority=0,metadata=0x1 actions=set_field:0x2->metadata,resubmit(,0)

Pipeline GRE Encapsulation

1	cookie=0x20005, table=100, priority=1000,metadata=0x100 actions=resubmit(,120),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],move:NXM_NX_REG1[]->NXM_NX_TUN_IPV4_DST[],output:NXM_NX_REG2[]

Pipeline GRE Encapsulation Ext DecTTL

1	cookie=0x20005, table=100, priority=1100,ip,metadata=0x100 actions=resubmit(,120),dec_ttl,move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],move:NXM_NX_REG1[]->NXM_NX_TUN_IPV4_DST[],output:NXM_NX_REG2[]

Pipeline RFC1918 Drop

1
2
3

cookie=0x20006, table=0, priority=60001,ip,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=192.168.0.0/16 actions=drop
cookie=0x20006, table=0, priority=60001,ip,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=10.0.0.0/8 actions=drop
cookie=0x20006, table=0, priority=60001,ip,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=172.16.0.0/12 actions=drop

Pipeline ACL Egress Hook

1	cookie=0x20007, table=1, priority=30001,tun_id=0,metadata=0x1 actions=resubmit(,111),resubmit(,115)

Pipeline ACL Ingress Hook

1	cookie=0x20007, table=1, priority=30000,metadata=0x1 actions=resubmit(,110),resubmit(,115)

Pipeline ACL Egress Default Access

1	cookie=0x20007, table=111, actions=load:0->NXM_NX_REG0[]

Pipeline ACL Ingress Default Access

1	cookie=0x20007, table=110, actions=load:0->NXM_NX_REG0[]

Pipeline ACL Access Action

1	cookie=0x20007, table=115, priority=30000,reg0=0 actions=set_field:0x3->metadata,resubmit(,0)

Pipeline ACL Deny Action

1	cookie=0x20007, table=115, priority=30000,reg0=0x1 actions=exit

Pipeline ACL Local Redirect

1	cookie=0x20007, table=101, priority=1000,metadata=0x5 actions=resubmit(,110),set_field:0x6->metadata,resubmit(,101)

Pipeline ACL Local Judge

1	cookie=0x20007, table=101, priority=30000,reg0=0x1,metadata=0x6 actions=exit

Pipeline Non-ACL
/usr/share/openvswitch/scripts/controller-flow
目前只有北京快杰 ACL 专区以外的宿主机，增加该 openvswitch 服务 ExecStartPost 持久化逻辑
1
2
cookie=0x20004, table=1, priority=40000,metadata=0x1 actions=set_field:0x2->metadata,resubmit(,0)
cookie=0x20007, table=101, priority=40000,metadata=0x5 actions=note:11

Pipeline BBv4

cookie=0x20004, table=1, priority=40000,tcp,metadata=0x1,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:10.72.137.61->tun_dst,output:"wildcard_gre",move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)

[x] Pipeline CNAT2 Egress_EX

1	cookie=0x99, table=0, priority=61000,in_port=64200,dl_dst=fa:ff:ff:ff:ff:ff actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_PKT_MARK[],output:1

Pipeline CNAT2 Egress

1	cookie=0x99, table=0, priority=61000,ip,in_port=64200 actions=dec_ttl,move:NXM_NX_TUN_ID[0..31]->NXM_NX_PKT_MARK[],set_field:fa:ff:ff:ff:ff:ff->eth_dst,output:1

Pipeline CNAT2 Ingress

1	cookie=0x99, table=1, priority=39999,metadata=0x1,in_port=1 actions=move:NXM_NX_PKT_MARK[]->NXM_NX_TUN_ID[0..31],set_field:0x2->metadata,resubmit(,0)

Pipeline CNAT2 Ingress_UXR

cookie=0x99, table=1, priority=40000,metadata=0x1,in_port=1,dl_src=fd:ff:ff:ff:ff:ff actions=move:NXM_NX_PKT_MARK[]->NXM_NX_REG0[],load:0xac1f9e02->NXM_NX_REG1[],set_field:0x100->metadata,set_field:fc:ff:ff:ff:ff:ff->eth_src,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

Pipeline ULB_Haproxy Egress
非我方维护

1	cookie=0x0, table=0, priority=60050,in_port=2,dl_dst=fa:ff:ff:ff:ff:ff actions=output:3

Pipeline ULB_Haproxy Ingress
非我方维护，tun_id 暂不确认是否为变量
1
cookie=0x0, table=0, priority=60050,tun_id=0x5c6dfc,in_port=3 actions=output:2

Pipeline BBv6

cookie=0x20004, table=1, priority=40000,tcp6,metadata=0x1,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:10.72.137.61->tun_dst,output:"wildcard_gre",move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)

ARP Boardcast Proxy

cookie=0x0, table=0, priority=60040,arp,in_port=173,dl_src=52:54:00:d3:8d:04,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.19.255.1 actions=set_field:52:54:00:f2:8e:b7->eth_src,set_field:52:54:00:d3:8d:04->eth_dst,set_field:2->arp_op,move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:10.19.255.1->arp_spa,set_field:52:54:00:f2:8e:b7->arp_sha,set_field:52:54:00:d3:8d:04->arp_tha,IN_PORT

[x] ARP Boardcast Egress EX

cookie=0x0, table=0, priority=60015,arp,in_port=643,dl_src=52:54:00:44:e5:27,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.19.129.53 actions=set_field:0xcb94a0->tun_id,set_field:10.64.2.15->tun_dst,output:64200

ARP Boardcast Egress
包含 gARP，SecondaryIP 的普通请求同源端口的 ARP 也会送往广播集群

cookie=0x0, table=0, priority=60015,arp,in_port=34,dl_src=52:54:00:50:06:a7,dl_dst=ff:ff:ff:ff:ff:ff,arp_tpa=10.42.46.13 actions=load:0x2ace06->NXM_NX_REG0[],load:0xa40020f->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

ARP Boardcast Ingress

1	cookie=0x0, table=0, priority=60015,arp,tun_id=0xcb94a0,in_port=64200,dl_src=52:54:00:bf:63:32,dl_dst=ff:ff:ff:ff:ff:ff actions=output:645,output:643,output:841

[x] ARP Unicast Egress EX

1	cookie=0x0, table=0, priority=60000,arp,in_port=54,dl_src=52:54:00:d1:8d:7f,dl_dst=52:54:00:8b:7d:3a actions=set_field:0xd841f0->tun_id,set_field:0xac128ea5->tun_dst,output:64200

ARP Unicast Egress

cookie=0x0, table=0, priority=60000,arp,in_port=54,dl_src=52:54:00:d1:8d:7f,dl_dst=52:54:00:8b:7d:3a actions=load:0xd841f0->NXM_NX_REG0[],load:0xac128ea5->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

[x] ARP Unicast Ingress EX_X

1	cookie=0x0, table=0, priority=60000,arp,tun_id=0x108a143,in_port=64200,dl_src=52:54:00:41:24:0c,dl_dst=52:54:00:a0:54:ec actions=output:855

ARP Unicast Local
不能被 fastpath 替代，同宿主需要 ACL 重定向，fastpath 会绕行 BGW

1	cookie=0x0, table=0, priority=60000,arp,in_port=3990,dl_src=52:54:00:34:1e:c4,dl_dst=52:54:00:05:5a:be actions=set_field:0x5->metadata,resubmit(,101),output:92

ARP Egress Fastpath

cookie=0x65, table=251, priority=40000,arp,in_port=3572,dl_src=52:54:00:68:17:c6,arp_tpa=192.168.100.0/24 actions=load:0x10060b2->NXM_NX_REG0[],load:0xac1cd9d7->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

ARP Any Request Gateway Proxy Fastpath
Any：controller 逻辑对于 unicast arp request 下发的 proxy flow 为匹配广播
Fastpath：北冥代答网关信息

cookie=0x0, priority=60040,arp,in_port=34,dl_src=52:54:00:16:2c:12,arp_op=1,arp_tpa=10.9.0.1 actions=set_field:fa:ff:ff:ff:ff:ff->eth_src,set_field:52:54:00:16:2c:12->eth_dst,set_field:2->arp_op,move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],set_field:10.9.0.1->arp_spa,set_field:fa:ff:ff:ff:ff:ff->arp_sha,set_field:52:54:00:16:2c:12->arp_tha,IN_PORT

[x] IP L2 Egress EX

1	cookie=0x0, table=0, priority=60000,ip,in_port=52,dl_src=52:54:00:fe:f6:85,dl_dst=52:54:00:86:e0:c1 actions=set_field:0xd841f0->tun_id,set_field:0xac1293df->tun_dst,output:64200

IP L2 Egress

cookie=0x0, table=0, priority=60000,ip,in_port=52,dl_src=52:54:00:fe:f6:85,dl_dst=52:54:00:86:e0:c1 actions=load:0xd841f0->NXM_NX_REG0[],load:0xac1293df->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

[x] IP L2 Ingress EX_X

1	cookie=0x0, table=0, priority=60000,ip,tun_id=0x4d9de5,in_port=64200,dl_src=52:54:00:d0:09:66,dl_dst=52:54:00:7f:49:9a actions=output:22

IP L2 Local

1	cookie=0x0, table=0, priority=60000,ip,in_port=54,dl_src=52:54:00:d1:8d:7f,dl_dst=52:54:00:01:8e:1b actions=set_field:0x5->metadata,resubmit(,101),output:32

[x] IP L3 Egress EX

1	cookie=0x0, table=0, priority=60000,ip,in_port=24,dl_src=52:54:00:dd:b5:ee,dl_dst=fa:ff:ff:ff:ff:ff,nw_src=10.42.180.41 actions=set_field:0x1013267->tun_id,set_field:0xac1293df->tun_dst,output:64200

IP L3 Egress EX_X
最早的路由 flow priority 为 60050，也需要清理掉

cookie=0x0, table=0, priority=60035,ip,in_port=22,dl_src=52:54:00:7f:49:9a,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=10.9.70.64 actions=load:0x1013267->NXM_NX_REG0[],set_field:52:54:00:38:a8:29->eth_dst,load:0xac1293df->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

IP L3 Egress

cookie=0x0, table=0, priority=60035,ip,in_port=54,dl_src=52:54:00:d1:8d:7f,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=10.9.175.220 actions=load:0xd841f0->NXM_NX_REG0[],set_field:52:54:00:d6:2e:8b->eth_dst,set_field:fa:ff:ff:ff:ff:ff->eth_src,load:0xa458e0c->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

[x] IP L3 Ingress EX_X
因源端不修正的目标宿主只会是承载公共服务的宿主，可清理

1	cookie=0x0, table=0, priority=60000,ip,tun_id=0x2ace06,in_port=64200,dl_src=52:54:00:28:5a:f5,dl_dst=52:54:00:50:06:a7 actions=set_field:fa:ff:ff:ff:ff:ff->eth_src,output:34

Ingress

1	cookie=0x0, table=0, priority=60000,tun_id=0xd841f0,in_port=64200,dl_dst=52:54:00:fe:f6:85 actions=output:52

Ingress Fastpath
后期优化为 Ingress，只是下发方式不一样，也无需区分

1	cookie=0x65, duration=542492.782s, table=0, n_packets=4376536796, n_bytes=1941348117150, priority=59990,tun_id=0xd841f0,in_port=64200,dl_dst=52:54:00:fe:f6:85 actions=output:52

IP Egress Fastpath

cookie=0x65, table=251, priority=40000,ip,in_port=3572,dl_src=52:54:00:68:17:c6 actions=load:0x10060b2->NXM_NX_REG0[],load:0xac1cd9d7->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

Public Egress

cookie=0x0, table=0, priority=60035,ipv6,in_port=17,dl_src=52:75:00:02:ff:56,dl_dst=fa:ff:ff:ff:ff:ff,ipv6_dst=2003:da8:2004:1000:a17:47cf:91a:ae8e actions=load:0x91aae8e->NXM_NX_REG0[],push_vlan:0x8100,set_field:52:54:00:0a:2e:83->eth_dst,load:0xac14880c->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

Public ARP Ingress

1	cookie=0x0, table=0, priority=60005,arp,tun_id=0x91aae8e,in_port=64200,dl_src=52:54:00:0a:2e:83,dl_dst=52:75:00:02:ff:56 actions=push_vlan:0x8100,output:17

Public IP Ingress

1	cookie=0x0, table=0, priority=60005,ip,tun_id=0x91aae8e,in_port=64200,dl_src=52:54:00:0a:2e:83,dl_dst=52:75:00:02:ff:56 actions=push_vlan:0x8100,output:17

VPC Route

1	cookie=0x64, table=0, priority=60018,ip,in_port=34,dl_src=52:54:00:50:06:a7,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=10.42.192.0/18 actions=CONTROLLER:65535

GW Route
当目的为同子网的策略路由时，dl_dst 仍需要匹配 fa:ff:ff:ff:ff:ff (client 行为)

cookie=0x64, table=0, priority=60017,ip,in_port=52,dl_src=52:54:00:fe:f6:85,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=172.16.0.0/17 actions=load:0x13b7f6a->NXM_NX_REG0[],set_field:fa:ff:ff:ff:ff:ff->eth_dst,load:0xac1f9e06->NXM_NX_REG1[],load:0xfac8->NXM_NX_REG2[],set_field:0x100->metadata,resubmit(,100)

Default Route

cookie=0x0, table=0, priority=60000,ip,in_port=407,dl_src=52:54:00:1b:40:c8,dl_dst=fa:ff:ff:ff:ff:ff,nw_src=192.168.1.111 actions=load:0x92375ad->NXM_NX_REG0[],set_field:fa:ff:ff:ff:ff:ff->eth_dst,load:0xa42822f->NXM_NX_REG1[],set_field:0x100->metadata,load:0xfac8->NXM_NX_REG2[],resubmit(,100)

Default Route_eULB

cookie=0x64, table=0, priority=60002,ip,in_port=35,dl_src=52:54:00:d6:c9:15,dl_dst=fa:ff:ff:ff:ff:ff,nw_src=106.75.93.48 actions=load:0x5c6dfc->NXM_NX_REG0[],set_field:fa:ff:ff:ff:ff:ff->eth_dst,load:0xac1f95d8->NXM_NX_REG1[],load:0xfac8->NXM_NX_REG2[],set_field:0x100->metadata,resubmit(,100)

BB Offload Peer Ingress

cookie=0x0, table=1, idle_timeout=60, hard_timeout=90, priority=45000,tcp,metadata=0x1,dl_src=52:54:00:fd:6b:27,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:172.20.188.107->tun_dst,output:64200,move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)

BB Offload Peer L2 Egress

cookie=0x0, table=1, idle_timeout=60, hard_timeout=90, priority=45000,tcp,tun_id=0,metadata=0x1,dl_dst=52:54:00:fd:6b:27,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:172.20.188.107->tun_dst,output:64200,move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)

BB Offload Peer L3 Egress

cookie=0x0, table=1, idle_timeout=60, hard_timeout=90, priority=45000,tcp,tun_id=0,metadata=0x1,dl_dst=fa:ff:ff:ff:ff:ff,nw_dst=10.23.15.70,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:172.20.188.107->tun_dst,output:64200,move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)

BB Offload Local Ingress

cookie=0x0, table=1, idle_timeout=60, hard_timeout=90, priority=45000,tcp,tun_id=0x922024b,metadata=0x1,dl_dst=52:54:00:fd:6b:27,tp_src=11,tp_dst=11 actions=move:NXM_OF_IN_PORT[]->NXM_NX_REG0[0..15],move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG1[],set_field:0x8100->tun_id,set_field:0.0.0.0->tun_src,load:0->NXM_OF_IN_PORT[],set_field:172.20.188.107->tun_dst,output:64200,move:NXM_NX_REG0[0..15]->NXM_OF_IN_PORT[],move:NXM_NX_REG1[]->NXM_NX_TUN_ID[0..31],set_field:0x31->metadata,resubmit(,0)