From dd52c85cef8054d7c667067f9545b5178b98c46e Mon Sep 17 00:00:00 2001
From: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Date: Mon, 4 Jul 2016 08:03:49 -0700
Subject: ovn: improve OVN tutorial.

Improve the tutorial of the basic OVN features. The addresses and port_security
columns of the logical port is described in more detail.

Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Signed-off-by: Russell Bryant <russell@ovn.org>
---
 tutorial/OVN-Tutorial.md                   | 36 ++++++++++++++++++++++++++++++
 tutorial/automake.mk                       |  4 ++++
 tutorial/ovn/env1/add-security-ip-ports.sh | 25 +++++++++++++++++++++
 tutorial/ovn/env1/add-unknown-ports.sh     | 25 +++++++++++++++++++++
 tutorial/ovn/env1/packet3.sh               | 19 ++++++++++++++++
 tutorial/ovn/env1/packet4.sh               | 19 ++++++++++++++++
 6 files changed, 128 insertions(+)
 create mode 100755 tutorial/ovn/env1/add-security-ip-ports.sh
 create mode 100755 tutorial/ovn/env1/add-unknown-ports.sh
 create mode 100755 tutorial/ovn/env1/packet3.sh
 create mode 100755 tutorial/ovn/env1/packet4.sh

(limited to 'tutorial')

diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md
index 811224db3..1c3ab913e 100644
--- a/tutorial/OVN-Tutorial.md
+++ b/tutorial/OVN-Tutorial.md
@@ -221,6 +221,38 @@ that it is output to both ports `2` and `3`.
 
     $ ovn/env1/packet2.sh
 
+The logical port may have an unknown set of Ethernet addresses.  When an OVN logical
+switch processes a unicast Ethernet frame whose destination MAC address is not in any
+logical port’s addresses column, it delivers it to the port (or ports) whose addresses
+columns include unknown.
+
+[View ovn/env1/add-unknown-ports.sh][env1unknownports].
+
+    $ ovn/env1/add-unknown-ports.sh
+
+This trace shows a packet from `sw0-port1` to `sw0-port4`, `sw0-port5` whose addresses
+columns include unknown.  You will see that it is output to both ports `4` and `5`.
+
+[View ovn/env1/packet3.sh][env1packet3].
+
+    $ ovn/env1/packet3.sh
+
+The logical port would restrict the host to sending packets from and receiving packets
+to the ethernet addresses defined in the logical port’s port_security column.
+In addition to the restrictions described for Ethernet addresses above, such an element
+of port_security restricts the IPv4 or IPv6 addresses from which the host may send and
+to which it may receive packets to the specified addresses.
+
+[View ovn/env1/add-security-ip-ports.sh][env1securityport].
+
+    $ ovn/env1/add-security-ip-ports.sh
+
+This trace shows a packet from `sw0-port6` to `sw0-port7`.
+
+[View ovn/env1/packet4.sh][env1packet4].
+
+    $ ovn/env1/packet4.sh
+
 2) 2 switches, 4 ports
 ----------------------
 
@@ -867,6 +899,10 @@ hypervisors. Please see the tutorial 3 above.
 [env1packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet1.sh
 [env1packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet2.sh
 [env1thirdport]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/add-third-port.sh
+[env1unknownports]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-unknown-ports.sh
+[env1securityport]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-security-ip-ports.sh
+[env1packet3]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet3.sh
+[env1packet4]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet4.sh
 [env2setup]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/setup.sh
 [env2packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet1.sh
 [env2packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet2.sh
diff --git a/tutorial/automake.mk b/tutorial/automake.mk
index 7e835f23b..5e0d868dd 100644
--- a/tutorial/automake.mk
+++ b/tutorial/automake.mk
@@ -12,7 +12,11 @@ EXTRA_DIST += \
 	tutorial/ovn/env1/setup.sh \
 	tutorial/ovn/env1/packet1.sh \
 	tutorial/ovn/env1/packet2.sh \
+	tutorial/ovn/env1/packet3.sh \
+	tutorial/ovn/env1/packet4.sh \
 	tutorial/ovn/env1/add-third-port.sh \
+	tutorial/ovn/env1/add-unknown-ports.sh \
+	tutorial/ovn/env1/add-security-ip-ports.sh \
 	tutorial/ovn/env2/setup.sh \
 	tutorial/ovn/env2/packet1.sh \
 	tutorial/ovn/env2/packet2.sh \
diff --git a/tutorial/ovn/env1/add-security-ip-ports.sh b/tutorial/ovn/env1/add-security-ip-ports.sh
new file mode 100755
index 000000000..5be152849
--- /dev/null
+++ b/tutorial/ovn/env1/add-security-ip-ports.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+ovn-nbctl lsp-add sw0 sw0-port6
+ovn-nbctl lsp-add sw0 sw0-port7
+ovn-nbctl lsp-set-addresses sw0-port6 "00:00:00:00:00:06"
+ovn-nbctl lsp-set-addresses sw0-port7 "00:00:00:00:00:07"
+ovn-nbctl lsp-set-port-security sw0-port6 00:00:00:00:00:06 192.168.1.10/24
+ovn-nbctl lsp-set-port-security sw0-port7 00:00:00:00:00:07 192.168.1.20/24
+ovs-vsctl add-port br-int lport6 -- set Interface lport6 external_ids:iface-id=sw0-port6
+ovs-vsctl add-port br-int lport7 -- set Interface lport7 external_ids:iface-id=sw0-port7
diff --git a/tutorial/ovn/env1/add-unknown-ports.sh b/tutorial/ovn/env1/add-unknown-ports.sh
new file mode 100755
index 000000000..be161d25d
--- /dev/null
+++ b/tutorial/ovn/env1/add-unknown-ports.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+ovn-nbctl lsp-add sw0 sw0-port4
+ovn-nbctl lsp-add sw0 sw0-port5
+ovn-nbctl lsp-set-addresses sw0-port4 unknown
+ovn-nbctl lsp-set-addresses sw0-port5 unknown
+ovn-nbctl lsp-set-port-security sw0-port4 00:00:00:00:00:04 00:00:00:00:00:05
+ovn-nbctl lsp-set-port-security sw0-port5 00:00:00:00:00:04 00:00:00:00:00:05
+ovs-vsctl add-port br-int lport4 -- set Interface lport4 external_ids:iface-id=sw0-port4
+ovs-vsctl add-port br-int lport5 -- set Interface lport5 external_ids:iface-id=sw0-port5
diff --git a/tutorial/ovn/env1/packet3.sh b/tutorial/ovn/env1/packet3.sh
new file mode 100755
index 000000000..b26680157
--- /dev/null
+++ b/tutorial/ovn/env1/packet3.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+# Trace a packet from sw0-port1 to sw0-port4, sw0-port5 which address is set as unknown.
+ovs-appctl ofproto/trace br-int in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:04 -generate
diff --git a/tutorial/ovn/env1/packet4.sh b/tutorial/ovn/env1/packet4.sh
new file mode 100755
index 000000000..2fa45305e
--- /dev/null
+++ b/tutorial/ovn/env1/packet4.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+# Trace a packet from sw0-port6 to sw0-port7.
+ovs-appctl ofproto/trace br-int in_port=6,dl_type=0x0800,dl_src=00:00:00:00:00:06,dl_dst=00:00:00:00:00:07,nw_src=192.168.1.10,nw_dst=192.168.1.20  -generate
-- 
cgit v1.2.1