From 1e25f5caef5c1b6378bfee3f6ed0d1cb04e61e0c Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Sun, 10 Jul 2016 17:46:26 -0400 Subject: ovn-sbctl: Adjust formatting of lflow-list. Adjust the field width for a couple of elements in the output of the lflow-list sub-command of ovn-sbctl. We now have a table ID of 10, so set a field width of 2 to keep output aligned. Table names have grown to a max of 19 characters, so update the field width to keep output aligned. Finally, left justify values in fields, as I find that to look a little nicer. Also update sample output in OVN-Tutorial.md to match the current state. Signed-off-by: Russell Bryant Acked-by: Ben Pfaff --- tutorial/OVN-Tutorial.md | 199 ++++++++++++++++++++++++++++------------------- 1 file changed, 120 insertions(+), 79 deletions(-) (limited to 'tutorial') diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md index 1c3ab913e..e8e96974b 100644 --- a/tutorial/OVN-Tutorial.md +++ b/tutorial/OVN-Tutorial.md @@ -89,32 +89,46 @@ that reflect its own local view of the network. The `ovn-sbctl` command can show the logical flows. $ ovn-sbctl lflow-list - Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) - Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) + Datapath: 2503dd42-14b1-414a-abbf-33e554e09ddc Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == “sw0-port1” && eth.src == {00:00:00:00:00:01}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == “sw0-port2” && eth.src == {00:00:00:00:00:02}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port1” && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port1” && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port2” && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port2” && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == “sw0-port1” && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == “sw0-port2” && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = “_MC_flood”; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(outport = “sw0-port1”; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = “sw0-port2”; output;) + Datapath: 2503dd42-14b1-414a-abbf-33e554e09ddc Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == “sw0-port1” && eth.dst == {00:00:00:00:00:01}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == “sw0-port2” && eth.dst == {00:00:00:00:00:02}), action=(output;) Now we can start taking a closer look at how `ovn-controller` has programmed the local switch. Before looking at the flows, we can use `ovs-ofctl` to verify the @@ -294,59 +308,86 @@ Physically, all ports reside on the same chassis. OVN creates separate logical flows for each logical switch. $ ovn-sbctl lflow-list - Datapath: 5aa8be0b-8369-49e2-a878-f68872a8d211 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw1-port1" && eth.src == {00:00:00:00:00:03}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw1-port2" && eth.src == {00:00:00:00:00:04}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && arp.sha == 00:00:00:00:00:03), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:03) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:03)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && arp.sha == 00:00:00:00:00:04), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:04) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:04)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw1-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw1-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:03), action=(outport = "sw1-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:04), action=(outport = "sw1-port2"; output;) - Datapath: 5aa8be0b-8369-49e2-a878-f68872a8d211 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw1-port1" && eth.dst == {00:00:00:00:00:03}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw1-port2" && eth.dst == {00:00:00:00:00:04}), action=(output;) - Datapath: 631fb3c9-b0a3-4e56-bac3-1717c8cbb826 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) - Datapath: 631fb3c9-b0a3-4e56-bac3-1717c8cbb826 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) - + Datapath: 7ee908c1-b0d3-4d03-acc9-42cd7ef7f27d Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw1-port1" && eth.src == {00:00:00:00:00:03}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw1-port2" && eth.src == {00:00:00:00:00:04}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && arp.sha == 00:00:00:00:00:03), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:03) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:03)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && arp.sha == 00:00:00:00:00:04), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:04) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:04)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw1-port1" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw1-port2" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:03), action=(outport = "sw1-port1"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:04), action=(outport = "sw1-port2"; output;) + Datapath: 7ee908c1-b0d3-4d03-acc9-42cd7ef7f27d Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw1-port1" && eth.dst == {00:00:00:00:00:03}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw1-port2" && eth.dst == {00:00:00:00:00:04}), action=(output;) + Datapath: 9ea0c8f9-4f82-4be3-a6c7-6e6f9c2de583 Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) + Datapath: 9ea0c8f9-4f82-4be3-a6c7-6e6f9c2de583 Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) In this setup, `sw0-port1` and `sw0-port2` can send packets to each other, but not to either of the ports on `sw1`. This first trace shows a packet from -- cgit v1.2.1