From patchwork Wed Jul 13 17:50:58 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Russell Bryant X-Patchwork-Id: 648003 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3rqRG43K91z9sC4 for ; Thu, 14 Jul 2016 03:51:08 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 32731106FD; Wed, 13 Jul 2016 10:51:07 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id C158A10617 for ; Wed, 13 Jul 2016 10:51:05 -0700 (PDT) Received: from bar6.cudamail.com (localhost [127.0.0.1]) by mx3v3.cudamail.com (Postfix) with ESMTPS id 54805162F45 for ; Wed, 13 Jul 2016 11:51:05 -0600 (MDT) X-ASG-Debug-ID: 1468432263-0b3237256a026d0001-byXFYA Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar6.cudamail.com with ESMTP id 4sXwKUXv0J41QvDS (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 13 Jul 2016 11:51:03 -0600 (MDT) X-Barracuda-Envelope-From: russell@ovn.org X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1 Received: from unknown (HELO mx1.redhat.com) (209.132.183.28) by mx1-pf1.cudamail.com with ESMTPS (DHE-RSA-AES256-SHA encrypted); 13 Jul 2016 17:51:02 -0000 Received-SPF: neutral (mx1-pf1.cudamail.com: 209.132.183.28 is neither permitted nor denied by SPF record at ovn.org) X-Barracuda-Apparent-Source-IP: 209.132.183.28 X-Barracuda-RBL-IP: 209.132.183.28 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6FFF1F07F6; Wed, 13 Jul 2016 17:51:01 +0000 (UTC) Received: from x1c.redhat.com (ovpn-112-104.phx2.redhat.com [10.3.112.104]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u6DHoxrd013914; Wed, 13 Jul 2016 13:51:00 -0400 X-CudaMail-Envelope-Sender: russell@ovn.org From: Russell Bryant To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E1-712049667 X-CudaMail-DTE: 071316 X-CudaMail-Originating-IP: 209.132.183.28 Date: Wed, 13 Jul 2016 13:50:58 -0400 X-ASG-Orig-Subj: [##CM-E1-712049667##][PATCH] ovn-sbctl: Adjust formatting of lflow-list. Message-Id: <1468432258-29605-1-git-send-email-russell@ovn.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 13 Jul 2016 17:51:01 +0000 (UTC) X-Barracuda-Connect: UNKNOWN[192.168.24.1] X-Barracuda-Start-Time: 1468432263 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH] ovn-sbctl: Adjust formatting of lflow-list. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@openvswitch.org Sender: "dev" Adjust the field width for a couple of elements in the output of the lflow-list sub-command of ovn-sbctl. We now have a table ID of 10, so set a field width of 2 to keep output aligned. Table names have grown to a max of 19 characters, so update the field width to keep output aligned. Finally, left justify values in fields, as I find that to look a little nicer. Also update sample output in OVN-Tutorial.md to match the current state. Signed-off-by: Russell Bryant Acked-by: Ben Pfaff --- ovn/utilities/ovn-sbctl.c | 2 +- tutorial/OVN-Tutorial.md | 199 ++++++++++++++++++++++++++++------------------ 2 files changed, 121 insertions(+), 80 deletions(-) diff --git a/ovn/utilities/ovn-sbctl.c b/ovn/utilities/ovn-sbctl.c index 37e4bce..c762cc8 100644 --- a/ovn/utilities/ovn-sbctl.c +++ b/ovn/utilities/ovn-sbctl.c @@ -739,7 +739,7 @@ cmd_lflow_list(struct ctl_context *ctx) } const char *table_name = smap_get(&lflow->external_ids, "stage-name"); - printf(" table=%" PRId64 "(%16s), priority=%5" PRId64 + printf(" table=%-2" PRId64 "(%-19s), priority=%-5" PRId64 ", match=(%s), action=(%s)\n", lflow->table_id, table_name ? table_name : "", lflow->priority, lflow->match, lflow->actions); diff --git a/tutorial/OVN-Tutorial.md b/tutorial/OVN-Tutorial.md index 1c3ab91..e8e9697 100644 --- a/tutorial/OVN-Tutorial.md +++ b/tutorial/OVN-Tutorial.md @@ -89,32 +89,46 @@ that reflect its own local view of the network. The `ovn-sbctl` command can show the logical flows. $ ovn-sbctl lflow-list - Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) - Datapath: d3466847-2b3a-4f17-8eb2-34f5b0727a70 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) + Datapath: 2503dd42-14b1-414a-abbf-33e554e09ddc Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == “sw0-port1” && eth.src == {00:00:00:00:00:01}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == “sw0-port2” && eth.src == {00:00:00:00:00:02}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port1” && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port1” && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port2” && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == “sw0-port2” && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == “sw0-port1” && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == “sw0-port2” && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = “_MC_flood”; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(outport = “sw0-port1”; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = “sw0-port2”; output;) + Datapath: 2503dd42-14b1-414a-abbf-33e554e09ddc Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == “sw0-port1” && eth.dst == {00:00:00:00:00:01}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == “sw0-port2” && eth.dst == {00:00:00:00:00:02}), action=(output;) Now we can start taking a closer look at how `ovn-controller` has programmed the local switch. Before looking at the flows, we can use `ovs-ofctl` to verify the @@ -294,59 +308,86 @@ Physically, all ports reside on the same chassis. OVN creates separate logical flows for each logical switch. $ ovn-sbctl lflow-list - Datapath: 5aa8be0b-8369-49e2-a878-f68872a8d211 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw1-port1" && eth.src == {00:00:00:00:00:03}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw1-port2" && eth.src == {00:00:00:00:00:04}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && arp.sha == 00:00:00:00:00:03), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:03) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:03)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && arp.sha == 00:00:00:00:00:04), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:04) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:04)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw1-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw1-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:03), action=(outport = "sw1-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:04), action=(outport = "sw1-port2"; output;) - Datapath: 5aa8be0b-8369-49e2-a878-f68872a8d211 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw1-port1" && eth.dst == {00:00:00:00:00:03}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw1-port2" && eth.dst == {00:00:00:00:00:04}), action=(output;) - Datapath: 631fb3c9-b0a3-4e56-bac3-1717c8cbb826 Pipeline: ingress - table=0(ls_in_port_sec_l2), priority= 100, match=(eth.src[40]), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 100, match=(vlan.present), action=(drop;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) - table=0(ls_in_port_sec_l2), priority= 50, match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) - table=1(ls_in_port_sec_ip), priority= 0, match=(1), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) - table=2(ls_in_port_sec_nd), priority= 90, match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 80, match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) - table=2(ls_in_port_sec_nd), priority= 0, match=(1), action=(next;) - table=3( ls_in_pre_acl), priority= 0, match=(1), action=(next;) - table=4( ls_in_acl), priority= 0, match=(1), action=(next;) - table=5(ls_in_arp_nd_rsp), priority= 0, match=(1), action=(next;) - table=6( ls_in_l2_lkup), priority= 100, match=(eth.mcast), action=(outport = "_MC_flood"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) - table=6( ls_in_l2_lkup), priority= 50, match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) - Datapath: 631fb3c9-b0a3-4e56-bac3-1717c8cbb826 Pipeline: egress - table=0( ls_out_pre_acl), priority= 0, match=(1), action=(next;) - table=1( ls_out_acl), priority= 0, match=(1), action=(next;) - table=2(ls_out_port_sec_ip), priority= 0, match=(1), action=(next;) - table=3(ls_out_port_sec_l2), priority= 100, match=(eth.mcast), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) - table=3(ls_out_port_sec_l2), priority= 50, match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) - + Datapath: 7ee908c1-b0d3-4d03-acc9-42cd7ef7f27d Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw1-port1" && eth.src == {00:00:00:00:00:03}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw1-port2" && eth.src == {00:00:00:00:00:04}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && arp.sha == 00:00:00:00:00:03), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port1" && eth.src == 00:00:00:00:00:03 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:03) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:03)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && arp.sha == 00:00:00:00:00:04), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw1-port2" && eth.src == 00:00:00:00:00:04 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:04) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:04)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw1-port1" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw1-port2" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:03), action=(outport = "sw1-port1"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:04), action=(outport = "sw1-port2"; output;) + Datapath: 7ee908c1-b0d3-4d03-acc9-42cd7ef7f27d Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw1-port1" && eth.dst == {00:00:00:00:00:03}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw1-port2" && eth.dst == {00:00:00:00:00:04}), action=(output;) + Datapath: 9ea0c8f9-4f82-4be3-a6c7-6e6f9c2de583 Pipeline: ingress + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(eth.src[40]), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=100 , match=(vlan.present), action=(drop;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw0-port1" && eth.src == {00:00:00:00:00:01}), action=(next;) + table=0 (ls_in_port_sec_l2 ), priority=50 , match=(inport == "sw0-port2" && eth.src == {00:00:00:00:00:02}), action=(next;) + table=1 (ls_in_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && arp.sha == 00:00:00:00:00:01), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port1" && eth.src == 00:00:00:00:00:01 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:01) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:01)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && arp.sha == 00:00:00:00:00:02), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=90 , match=(inport == "sw0-port2" && eth.src == 00:00:00:00:00:02 && ip6 && nd && ((nd.sll == 00:00:00:00:00:00 || nd.sll == 00:00:00:00:00:02) || ((nd.tll == 00:00:00:00:00:00 || nd.tll == 00:00:00:00:00:02)))), action=(next;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw0-port1" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=80 , match=(inport == "sw0-port2" && (arp || nd)), action=(drop;) + table=2 (ls_in_port_sec_nd ), priority=0 , match=(1), action=(next;) + table=3 (ls_in_pre_acl ), priority=0 , match=(1), action=(next;) + table=4 (ls_in_pre_lb ), priority=0 , match=(1), action=(next;) + table=5 (ls_in_pre_stateful ), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=5 (ls_in_pre_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_in_acl ), priority=0 , match=(1), action=(next;) + table=7 (ls_in_lb ), priority=0 , match=(1), action=(next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=8 (ls_in_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=8 (ls_in_stateful ), priority=0 , match=(1), action=(next;) + table=9 (ls_in_arp_rsp ), priority=0 , match=(1), action=(next;) + table=10(ls_in_l2_lkup ), priority=100 , match=(eth.mcast), action=(outport = "_MC_flood"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:01), action=(outport = "sw0-port1"; output;) + table=10(ls_in_l2_lkup ), priority=50 , match=(eth.dst == 00:00:00:00:00:02), action=(outport = "sw0-port2"; output;) + Datapath: 9ea0c8f9-4f82-4be3-a6c7-6e6f9c2de583 Pipeline: egress + table=0 (ls_out_pre_lb ), priority=0 , match=(1), action=(next;) + table=1 (ls_out_pre_acl ), priority=0 , match=(1), action=(next;) + table=2 (ls_out_pre_stateful), priority=100 , match=(reg0[0] == 1), action=(ct_next;) + table=2 (ls_out_pre_stateful), priority=0 , match=(1), action=(next;) + table=3 (ls_out_lb ), priority=0 , match=(1), action=(next;) + table=4 (ls_out_acl ), priority=0 , match=(1), action=(next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[1] == 1), action=(ct_commit; next;) + table=5 (ls_out_stateful ), priority=100 , match=(reg0[2] == 1), action=(ct_lb;) + table=5 (ls_out_stateful ), priority=0 , match=(1), action=(next;) + table=6 (ls_out_port_sec_ip ), priority=0 , match=(1), action=(next;) + table=7 (ls_out_port_sec_l2 ), priority=100 , match=(eth.mcast), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw0-port1" && eth.dst == {00:00:00:00:00:01}), action=(output;) + table=7 (ls_out_port_sec_l2 ), priority=50 , match=(outport == "sw0-port2" && eth.dst == {00:00:00:00:00:02}), action=(output;) In this setup, `sw0-port1` and `sw0-port2` can send packets to each other, but not to either of the ports on `sw1`. This first trace shows a packet from