当前位置: 首页 > news >正文

ovs实现lb负载均衡

news 2025/6/5 10:51:14

负载均衡定义

负载均衡器的实现原理是通过硬件或软件设备将客户端访问流量根据转发策略分发到多个服务器或设备上,以确保系统的负载均衡。常见的实现方式包括:

  1. 二层负载均衡‌:使用虚拟MAC地址方式,根据OSI模型的二层进行负载均衡。
  2. ‌四层负载均衡‌:基于IP+端口的负载均衡,主要分析IP层及TCP/UDP层,实现四层负载均衡。
  3. ‌七层负载均衡‌:从应用层开始,根据虚拟的URL或IP、主机名接收请求,再转向相应的处理服务器。

二层负载均衡

  • 网络设备:交换机
  • 过程分析:只有当pod访问负载均衡vip且是首包的情况下匹配switch负载均衡,在group里采用select机制根据数据包五元组哈希选择一个endpoint,打上ct_mark标记,并dnat到endpoint
  • ovs流表:
 table=19, priority=120,ct_state=+new+trk,tcp,metadata=0x1,nw_dst=10.96.187.144,tp_dst=10001 actions=load:0->NXM_NX_XXREG0[97],load:0xa60bb90→NXM_NX_XXREG0[64..95],load:0x2711→NXM_NX_XXREG0[32..47],group:5# 在group里进行负载均衡group_id=5,type=select,selection_method=dp_hash,bucket=bucket_id:0,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.4:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:1,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.5:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:2,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.6:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:3,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.7:80),exec(load:0x1→NXM_NX_CT_MARK[1]))
  • ovn流表:
#  ovn-trace --ct=new node1 'inport=="ovn-poc_service-a-89c68dc96-f75t2" && eth.src== 0a:58:0a:f4:00:04 && eth.dst == 0a:58:0a:f4:00:01 && ip4.src==10.244.0.4 && ip.ttl==64 && ip4.dst==10.96.187.144 && tcp.dst==10001'
# tcp,reg14=0x3,vlan_tci=0x0000,dl_src=0a:58:0a:f4:00:04,dl_dst=0a:58:0a:f4:00:01,nw_src=10.244.0.4,nw_dst=10.96.187.144,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="node1", inport="ovn-poc_service-a-89c68dc96-f75t2")
---------------------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5649): ip, priority 100, uuid df97729freg0[0] = 1;next;5. ls_in_pre_lb (northd.c:5820): ip, priority 100, uuid 1990086areg0[2] = 1;next;6. ls_in_pre_stateful (northd.c:5852): reg0[2] == 1 && ip4 && tcp, priority 120, uuid 454a1f78reg1 = ip4.dst;reg2[0..15] = tcp.dst;ct_lb_mark;ct_lb_mark
----------7. ls_in_acl_hint (northd.c:5929): ct.new && !ct.est, priority 7, uuid 24ab3fd0reg0[7] = 1;reg0[9] = 1;next;8. ls_in_acl (northd.c:6545): ip && !ct.est, priority 1, uuid 8eaca776reg0[1] = 1;next;
11. ls_in_lb (northd.c:6858): ct.new && ip4.dst == 10.96.187.144 && tcp.dst == 10001, priority 120, uuid 4bf79ca8reg0[1] = 0;reg1 = 10.96.187.144;reg2[0..15] = 10001;ct_lb_mark(backends=10.244.0.4:80,10.244.0.5:80,10.244.0.6:80,10.244.0.7:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8465): eth.dst == 0a:58:0a:f4:00:01, priority 50, uuid 3c5ecd19outport = "stor-node1";output;egress(dp="node1", inport="ovn-poc_service-a-89c68dc96-f75t2", outport="stor-node1")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "stor-node1", priority 110, uuid 2d693c30next;1. ls_out_pre_acl (northd.c:5538): ip && outport == "stor-node1", priority 110, uuid c384472dnext;3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "stor-node1", type "patch" */ingress(dp="ovn_cluster_router", inport="rtos-node1")
-----------------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == 0a:58:0a:f4:00:01 && inport == "rtos-node1" && is_chassis_resident("cr-rtos-node1"), priority 50, uuid be29772fxreg0[0..47] = 0a:58:0a:f4:00:01;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1, priority 100, uuid 64a7073bnext;
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): ip4.dst == 10.244.0.0/24, priority 74, uuid 7546028cip.ttl--;reg8[0..15] = 0;reg0 = ip4.dst;reg1 = 10.244.0.1;eth.src = 0a:58:0a:f4:00:01;outport = "rtos-node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11660): outport == "rtos-node1" && reg0 == 10.244.0.6, priority 100, uuid 5eb2a06deth.dst = 0a:58:0a:f4:00:06;next;
18. lr_in_gw_redirect (northd.c:12060): outport == "rtos-node1", priority 50, uuid a372b2faoutport = "cr-rtos-node1";next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;/* Replacing type "chassisredirect" outport "cr-rtos-node1" with distributed port "rtos-node1". */egress(dp="ovn_cluster_router", inport="rtos-node1", outport="rtos-node1")
--------------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;6. lr_out_delivery (northd.c:12225): outport == "rtos-node1", priority 100, uuid c027ddcdoutput;/* output to "rtos-node1", type "patch" */ingress(dp="node1", inport="stor-node1")
----------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid dea94017next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid 9594bbf7next;7. ls_in_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid 2c071dfereg0[10] = 1;next;
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == 0a:58:0a:f4:00:06, priority 50, uuid d57c86c5outport = "ovn-poc_service-a-89c68dc96-tgkwt";output;egress(dp="node1", inport="stor-node1", outport="ovn-poc_service-a-89c68dc96-tgkwt")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-tgkwt", type "" */

二层负载均衡

  • 网络设备:路由器
  • 过程分析:只host访问负载均衡vip且是首包走3层router负载均衡,在group里采用select机制根据数据包五元组哈希选择一个endpoint,dnat到endpoint,再通过dnat后的网段进行路由到ovn_cluster_router,转发到pod
  • ovs流表:
table=14,  priority=120,ct_state=+new+trk,tcp,reg0=0xa60bb90,reg9=0x27110000/0xffff0000,metadata=0x7 actions=load:0x1->NXM_NX_REG10[3],group:6# 在group里进行负载均衡group_id=6,type=select,selection_method=dp_hash,bucket=bucket_id:0,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.4:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:1,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.5:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:2,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.6:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:3,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.7:80),exec(load:0x1->NXM_NX_CT_MARK[1]))
  • ovn流表:
# ovn-trace --ct=new ext_node1 'inport=="brenp0s10_node1" && eth.src==fa:92:01:b6:d4:fd && eth.dst==fa:92:01:b6:d4:fd && ip4.src==169.254.169.2 && ip4.dst==10.96.187.144 && ip && ip.ttl==64 && tcp.dst==10001'
# tcp,reg14=0x1,vlan_tci=0x0000,dl_src=fa:92:01:b6:d4:fd,dl_dst=fa:92:01:b6:d4:fd,nw_src=169.254.169.2,nw_dst=10.96.187.144,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="ext_node1", inport="brenp0s10_node1")
-------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "brenp0s10_node1", priority 110, uuid 51131891next;
17. ls_in_arp_rsp (northd.c:7749): inport == "brenp0s10_node1", priority 100, uuid 55db24b2next;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == fa:92:01:b6:d4:fd, priority 50, uuid 034b6bbeoutport = "etor-GR_node1";output;egress(dp="ext_node1", inport="brenp0s10_node1", outport="etor-GR_node1")
-------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "etor-GR_node1", priority 110, uuid 2762bbbbnext;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "etor-GR_node1", type "l3gateway" */ingress(dp="GR_node1", inport="rtoe-GR_node1")
----------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == fa:92:01:b6:d4:fd && inport == "rtoe-GR_node1", priority 50, uuid 8b77bd84xreg0[0..47] = fa:92:01:b6:d4:fd;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1 || reg9[3] == 0, priority 100, uuid 2c666711next;5. lr_in_defrag (northd.c:10148): ip && ip4.dst == 10.96.187.144 && tcp, priority 110, uuid d7c84c30reg0 = 10.96.187.144;reg9[16..31] = tcp.dst;ct_dnat;ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------6. lr_in_dnat (northd.c:9766): ct.new && ip4 && reg0 == 10.96.187.144 && tcp && reg9[16..31] == 10001, priority 120, uuid 16accb91flags.force_snat_for_lb = 1;ct_lb_mark(backends=10.244.0.4:80,10.244.0.5:80,10.244.0.6:80,10.244.0.7:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): reg7 == 0 && ip4.dst == 10.244.0.0/16, priority 49, uuid b99c65d6ip.ttl--;reg8[0..15] = 0;reg0 = 100.64.0.1;reg1 = 100.64.0.3;eth.src = 0a:58:64:40:00:03;outport = "rtoj-GR_node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11493): ip4, priority 0, uuid 7becfca7get_arp(outport, reg0);/* MAC binding to 0a:58:64:40:00:01. */next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;egress(dp="GR_node1", inport="rtoe-GR_node1", outport="rtoj-GR_node1")
----------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;1. lr_out_undnat (northd.c:13462): ip, priority 50, uuid 998e6c30flags.loopback = 1;ct_dnat;ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------2. lr_out_post_undnat (northd.c:13464): ip && ct.new, priority 50, uuid 13cbb26fct_commit;next;6. lr_out_delivery (northd.c:12225): outport == "rtoj-GR_node1", priority 100, uuid 215be6d1output;/* output to "rtoj-GR_node1", type "l3gateway" */ingress(dp="join", inport="jtor-GR_node1")
------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "jtor-GR_node1", priority 110, uuid e6087be9next;
23. ls_in_l2_lkup (northd.c:8465): eth.dst == 0a:58:64:40:00:01, priority 50, uuid 6a3b96d6outport = "jtor-ovn_cluster_router";output;egress(dp="join", inport="jtor-GR_node1", outport="jtor-ovn_cluster_router")
----------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "jtor-ovn_cluster_router", priority 110, uuid 843f9c76next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "jtor-ovn_cluster_router", type "patch" */ingress(dp="ovn_cluster_router", inport="rtoj-ovn_cluster_router")
------------------------------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == 0a:58:64:40:00:01 && inport == "rtoj-ovn_cluster_router", priority 50, uuid 4a2c861fxreg0[0..47] = 0a:58:64:40:00:01;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1, priority 100, uuid 64a7073bnext;
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): ip4.dst == 10.244.0.0/24, priority 74, uuid 7546028cip.ttl--;reg8[0..15] = 0;reg0 = ip4.dst;reg1 = 10.244.0.1;eth.src = 0a:58:0a:f4:00:01;outport = "rtos-node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11660): outport == "rtos-node1" && reg0 == 10.244.0.4, priority 100, uuid 98d8234deth.dst = 0a:58:0a:f4:00:04;next;
18. lr_in_gw_redirect (northd.c:12060): outport == "rtos-node1", priority 50, uuid a372b2faoutport = "cr-rtos-node1";next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;/* Replacing type "chassisredirect" outport "cr-rtos-node1" with distributed port "rtos-node1". */egress(dp="ovn_cluster_router", inport="rtoj-ovn_cluster_router", outport="rtos-node1")
---------------------------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;6. lr_out_delivery (northd.c:12225): outport == "rtos-node1", priority 100, uuid c027ddcdoutput;/* output to "rtos-node1", type "patch" */ingress(dp="node1", inport="stor-node1")
----------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid dea94017next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid 9594bbf7next;7. ls_in_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid 2c071dfereg0[10] = 1;next;
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == 0a:58:0a:f4:00:04, priority 50, uuid 50aab262outport = "ovn-poc_service-a-89c68dc96-f75t2";output;egress(dp="node1", inport="stor-node1", outport="ovn-poc_service-a-89c68dc96-f75t2")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-f75t2", type "" */

hairpin(特殊场景lb)

  • 网络设备:交换机
  • 过程分析:当pod访问serviceIP,经过负载均衡后的endpoint是自己时,snat将源ip改为vip,源目mac互换,跳过2层转发回到源pod,此过程在switch即可完成,不需要再经过router
  • ovs流表:
table=22, priority=100,ct_state=+trk,ip,metadata=0x1 actions=load:0->NXM_NX_REG10[7],resubmit(,68),move:NXM_NX_REG10[7]→NXM_NX_XXREG0[102],load:0→NXM_NX_REG10[7],resubmit(,69),move:NXM_NX_REG10[7]→NXM_NX_XXREG0[108],resubmit(,23)
table=68, priority=100,ct_mark=0x2/0x2,tcp,reg1=0xa60b85f,reg2=0x2711/0xffff,nw_src=10.244.0.4,nw_dst=10.244.0.4,tp_dst=80 actions=load:0x1->NXM_NX_REG10[7],learn(table=69,delete_learned,cookie=0x8a0b4179,OXM_OF_METADATA[],eth_type=0x800,NXM_OF_IP_SRC[],ip_dst=10.96.184.95,nw_proto=6,NXM_OF_TCP_SRC[]=NXM_OF_TCP_DST[],load:0x1→NXM_NX_REG10[7])
  • ovn流表:
# ovn-trace --ct=new node1 'inport=="ovn-poc_service-a-89c68dc96-fm272" && eth.src== 0a:58:0a:f4:00:04 && eth.dst == 0a:58:0a:f4:00:01 && ip4.src==10.244.0.4 && ip.ttl==64 && ip4.dst==10.96.184.95 && tcp.dst==10001'
2023-11-16T02:15:46Z|00001|ovntrace|WARN|ovn-poc_service-a-89c68dc96-f75t2: unknown logical port
2023-11-16T02:15:46Z|00002|ovntrace|WARN|ovn-poc_service-a-89c68dc96-f75t2: unknown logical port
# tcp,reg14=0x3,vlan_tci=0x0000,dl_src=0a:58:0a:f4:00:04,dl_dst=0a:58:0a:f4:00:01,nw_src=10.244.0.4,nw_dst=10.96.184.95,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="node1", inport="ovn-poc_service-a-89c68dc96-fm272")
---------------------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5649): ip, priority 100, uuid df97729freg0[0] = 1;next;5. ls_in_pre_lb (northd.c:5820): ip, priority 100, uuid 1990086areg0[2] = 1;next;6. ls_in_pre_stateful (northd.c:5852): reg0[2] == 1 && ip4 && tcp, priority 120, uuid 454a1f78reg1 = ip4.dst;reg2[0..15] = tcp.dst;ct_lb_mark;ct_lb_mark
----------7. ls_in_acl_hint (northd.c:5929): ct.new && !ct.est, priority 7, uuid 24ab3fd0reg0[7] = 1;reg0[9] = 1;next;8. ls_in_acl (northd.c:6545): ip && !ct.est, priority 1, uuid 8eaca776reg0[1] = 1;next;
11. ls_in_lb (northd.c:6858): ct.new && ip4.dst == 10.96.184.95 && tcp.dst == 10001, priority 120, uuid 6b816103reg0[1] = 0;reg1 = 10.96.184.95;reg2[0..15] = 10001;ct_lb_mark(backends=10.244.0.4:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
15. ls_in_nat_hairpin (northd.c:6940): ip && ct.new && ct.trk && reg0[6] == 1, priority 100, uuid 89e48276ct_snat_to_vip;*** ct_snat_to_vip action not implementednext;
16. ls_in_hairpin (northd.c:6965): (reg0[6] == 1 || reg0[12] == 1), priority 1, uuid 4680c239eth.dst <-> eth.src;outport = inport;flags.loopback = 1;output;egress(dp="node1", inport="ovn-poc_service-a-89c68dc96-fm272", outport="ovn-poc_service-a-89c68dc96-fm272")
-----------------------------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-fm272", type "" */

相关文章:

ovs实现lb负载均衡

负载均衡定义 负载均衡器的实现原理是通过硬件或软件设备将客户端访问流量根据转发策略分发到多个服务器或设备上&#xff0c;以确保系统的负载均衡。常见的实现方式包括&#xff1a; 二层负载均衡‌&#xff1a;使用虚拟MAC地址方式&#xff0c;根据OSI模型的二层进行负载均…...

编程日记 2025/1/22 12:12:43

机器学习-核函数(Kernel Function)

核函数&#xff08;Kernel Function&#xff09;是一种数学函数&#xff0c;主要用于将数据映射到一个更高维的特征空间&#xff0c;以便于在这个新特征空间中更容易找到数据的结构或模式。核函数的主要作用是在不需要显式计算高维特征空间的情况下&#xff0c;通过内积操作来实…...

编程日记 2025/1/22 12:10:39

计算最接近的数

计算最接近的数 真题目录: 点击去查看 E B卷 100分题型 题目描述 给定一个数组X和正整数K&#xff0c;请找出使表达式&#xff1a; X[i] - X[i 1] - … - X[i K - 1] 结果最接近于数组中位数的下标 i &#xff0c;如果有多个 i 满足条件&#xff0c;请返回最大的 i. 其中&…...

编程日记 2025/1/22 12:09:37

【QNX】QNX侧查看内存信息的方法

在QNX实时操作系统中&#xff0c;&#x1f251;查看内存信息的方法有showmem、pidin、top以及hogs等&#x1f447;&#x1f3fb;。 ① showmem &#x1f98b;&#x1f98b;&#x1f98b;showmem可用于显示进程的内存使用情况。 &#x1f98b;&#x1f98b;&#x1f98b;通过…...

编程日记 2025/1/22 12:07:32

逐笔成交逐笔委托Level2高频数据下载和分析:20250121

逐笔成交逐笔委托下载 链接: https://pan.baidu.com/s/15NI2zLXYiczrUMQtwHgUrg?pwdbeiu 提取码: beiu Level2逐笔成交逐笔委托数据分享下载 通过Level2的逐笔成交与委托记录&#xff0c;这种高精度的毫秒级数据能够洞察诸多重要信息&#xff0c;包括庄家目的、误导性行为&am…...

编程日记 2025/1/22 12:06:30

AutoSar架构学习笔记

1.AUTOSAR&#xff08;Automotive Open System Architecture&#xff0c;汽车开放系统架构&#xff09;是一个针对汽车行业的软件架构标准&#xff0c;旨在提升汽车电子系统的模块化、可扩展性、可重用性和互操作性。AUTOSAR的目标是为汽车电子控制单元&#xff08;ECU&#xf…...

编程日记 2025/1/22 12:03:27

2024年智慧消防一体化安全管控年度回顾与2025年预测

随着科技的飞速发展&#xff0c;智慧营区一体化安全管控在2024年取得了显著进展&#xff0c;同时也为2025年的发展奠定了坚实基础。 2024年年度回顾 政策支持力度持续加大&#xff1a;国家对消防安全的重视程度不断提高&#xff0c;出台了一系列涵盖技术创新、市场应用、人才培…...

编程日记 2025/1/22 12:02:26

基于单片机的智能台灯设计

摘要: 方向和亮度,采用的是手动调节。而对于儿童来说,他们通常不知道如何调整以及调整到何种程度。本文设计了一款智能台灯,当有人的 台灯是用于阅读学习而设计使用的灯,一般台灯用的灯泡是白炽灯、节能灯泡以及市面上流行的护眼台灯,可以调节高度、光照的时候,可以根据…...

编程日记 2025/1/22 12:00:24

HJ108 求最小公倍数(Java版本)

一、试题地址 求最小公倍数_牛客题霸_牛客网 二、试题描述 描述 对于给定的两个正整数 a,b&#xff0c;它们的最小公倍数 lcm⁡(a,b) 是指能同时被 a 和 b 整除的最小正整数。 求解 lcm⁡(a,b)。 输入描述&#xff1a; 在一行上输入两个整数 a,b(1≦a,b≦105)。 输出描述…...

编程日记 2025/1/22 11:56:18

使用tritonserver完成clip-vit-large-patch14图像特征提取模型的工程化。

1、关于clip-vit-large-patch14模型 关于openapi开源的clip-vit-large-patch14模型的特征提取&#xff0c;可以参考之前的文章&#xff1a;Elasticsearch向量检索需要的数据集以及768维向量生成这篇文章详细介绍了模型的下载地址、使用方式、测试脚本&#xff0c;可以让你一步…...

编程日记 2025/1/22 11:54:15

实操演练第003讲-数据通途:客户端连接SQL Server的完美攻略

SQL Server简介 基本概念 SQL Server是由微软公司开发的关系型数据库管理系统。它基于SQL&#xff08;Structured Query Language&#xff0c;结构化查询语言&#xff09;来管理和操作数据。SQL Server可以存储大量结构化数据&#xff0c;如客户信息、订单记录、库存数据等&a…...

编程日记 2025/1/22 11:51:12

golang接口

1.概念 golang接口是一个动态类型和动态值的集合&#xff0c;定义了对象的行为&#xff0c;不指定实现。只要一个类型定义了接口全部的方法&#xff0c;就可被认为是实现接口 **动态类型&#xff1a;**实现接口的具体数据类型 **动态值&#xff1a;**实现接口的数据的值或者引…...

编程日记 2025/1/22 11:41:00

LeetCode:37. 解数独

跟着carl学算法&#xff0c;本系列博客仅做个人记录&#xff0c;建议大家都去看carl本人的博客&#xff0c;写的真的很好的&#xff01; 代码随想录 LeetCode&#xff1a;37. 解数独 编写一个程序&#xff0c;通过填充空格来解决数独问题。 数独的解法需 遵循如下规则&#xff…...

编程日记 2025/1/22 11:38:56

数据结构与算法之递归: LeetCode 37. 解数独 (Ts版)

解数独 https://leetcode.cn/problems/sudoku-solver/description/ 描述 编写一个程序&#xff0c;通过填充空格来解决数独问题数独的解法需 遵循如下规则&#xff1a; 数字 1-9 在每一行只能出现一次数字 1-9 在每一列只能出现一次数字 1-9 在每一个以粗实线分隔的 3x3 宫内…...

编程日记 2025/1/22 11:37:53

【氮化镓】香港科技大学陈Kevin-单片集成GaN比较器

一、引言(Introduction) GaN HEMT的重要性 文章开篇便强调了氮化镓(GaN)高电子迁移率晶体管(HEMT)在下一代功率转换系统中的巨大潜力。GaN HEMT具备高开关频率、低导通电阻、高击穿电压以及宽工作温度范围等优势,使其成为功率电子领域的热门研究对象。这些特性使得GaN…...

编程日记 2025/1/22 11:36:52

axios的使用总结

一、Axios 简介 Axios 是一个基于 Promise 的 HTTP 客户端&#xff0c;用于浏览器和 Node.js。在 Vue 项目中&#xff0c;它主要用于发送 HTTP 请求来获取数据&#xff08;如从 API 获取数据&#xff09;或者提交数据&#xff08;如用户登录、注册等表单数据&#xff09;。 二…...

编程日记 2025/1/22 11:28:36

革新未来:高效智能数字人技术引领多元化应用

随着科技的不断进步&#xff0c;数字人技术已逐渐成为企业数字化转型中的重要工具。数字人不仅能够优化客户体验&#xff0c;还可以显著提升企业运营效率。本文将详细介绍一种高性能、高质量、低延迟、快速响应以及安全稳定的数字人技术方案&#xff0c;帮助企业在多元化场景中…...

编程日记 2025/1/22 11:26:32

使用批处理文件清除系统垃圾

第一步&#xff1a;打开记事本&#xff0c;里面的命令如下 echo off echo 正在清理临时文件&#xff0c;请稍候...:: 清理系统临时文件 echo 清理系统临时文件... del /q /f /s "%TEMP%\*.*" del /q /f /s "%WINDIR%\Temp\*.*" rd /s /q "%WINDIR%\T…...

编程日记 2025/1/22 11:25:28

总结5..

#include<stdio.h> struct nb {//结构体列队 int x, y;//x为横坐标&#xff0c;y为纵坐标 int s, f;//s为步数&#xff0c;//f为方向 }link[850100]; int n, m, x, y, p, q, f; int hard 1, tail 1; int a[52][52], b[52][52], book[52][52][91]; int main() { …...

编程日记 2025/1/22 11:22:25

Java 在包管理与模块化中的优势:与其他开发语言的比较

在开发复杂的、规模庞大的软件系统时&#xff0c;包管理和模块化设计起着至关重要的作用。它们不仅决定了代码的组织和可维护性&#xff0c;还直接影响到团队协作效率、扩展性和性能。在众多编程语言中&#xff0c;Java 凭借其成熟的生态系统、强类型系统和标准化的包管理机制&…...

编程日记 2025/1/22 11:21:24

机器学习与深度学习07-随机森林01

目录 前文回顾1.随机森林的定义2.随机森林中的过拟合3.随机森林VS单一决策树4.随机森林的随机性 前文回顾 上一篇文章链接&#xff1a;地址 1.随机森林的定义 随机森林&#xff08;Random Forest&#xff09;是一种集成学习算法&#xff0c;用于解决分类和回归问题。它基于决…...

编程新知 2025/6/5 10:46:31

安全-JAVA开发-第二天

Web资源访问的流程 由此可见 客户访问JAVA开发的应用时 会先通过 监听器&#xff08;Listener&#xff09;和 过滤器&#xff08;Filter&#xff09; 今天简单的了解下这两个模块的开发过程 监听器&#xff08;Listener&#xff09; 主要是监听 我们触发了什么行为 并进行反应…...

编程新知 2025/6/5 10:05:50

智能工业时代:工业场景下的 AI 大模型体系架构与应用探索

自工业革命以来&#xff0c;工业生产先后经历了机械化、电气化、自动化、信息化的演进&#xff0c;正从数字化向智能化迈进&#xff0c;人工智能技术是新一轮科技革命和产业变革的重要驱动力量&#xff0c;AI 大模型以其强大的学习计算能力掀开了人工智能通用化的序幕&#xff…...

编程新知 2025/6/5 3:01:48

torch.distributed.launch 、 torchrun 和 torch.distributed.run 无法与 nohup 兼容

问题现象&#xff1a; 使用nohup 启动torch的分布式训练后&#xff0c; 由于ssh断开与服务器的连接&#xff0c; 导致训练过程出错&#xff1a; WARNING:torch.distributed.elastic.agent.server.api:Received 1 death signal, shutting down workers WARNING:torch.distribu…...

编程新知 2025/6/5 2:07:49

Git 中移除已追踪的文件

你已经成功提交了部分文件到 Git&#xff0c;但 sqlserver/data/ 目录下的一些日志文件&#xff08;如 .xel 和 machine-key&#xff09;仍然被追踪或未被忽略。你想 彻底忽略整个 sqlserver/data/* 目录下的所有内容。 ✅ 目标 让 Git 忽略以下路径&#xff1a; sqlserver/d…...

编程新知 2025/6/5 0:07:37

RAG架构中用到的模型学习思考

前言 RAG&#xff08;Retrieval-Augmented Generation&#xff0c;检索增强生成&#xff09;架构结合了检索和生成能力&#xff0c;通过引入外部知识库来提升大语言模型&#xff08;LLM&#xff09;的回答准确性和可靠性。以下是RAG架构中常用的模型及其总结&#xff1a; 一、…...

编程新知 2025/6/4 21:11:55

使用nginx配置反向代理,负载均衡

首先啥叫反向代理 咋配置呢&#xff0c;那当然是在nginx目录下改conf文件了 具体咋改呢&#xff0c;那就新增一个新的server配置&#xff0c;然后在location里新增你想代理的服务器 实际上负载均衡也就是根据反向代理的思路来的&#xff0c;如下所示 配置的话实际上也与上…...

编程新知 2025/6/4 18:50:56

BaseTypeHandler用法-笔记

1.BaseTypeHandler简介 org.apache.ibatis.type.BaseTypeHandler 是 MyBatis 提供的一个抽象类&#xff0c;通过继承该类并实现关键方法&#xff0c;可用于实现 Java 类型 与 JDBC 类型 之间的双向转换。当数据库字段类型与 Java 对象属性类型不一致时&#xff08;如&#xff…...

编程新知 2025/6/4 16:21:41

【Elasticsearch】search_after不支持随机到哪一页,只能用于上一页或下一页的场景

search_after 确实不支持随机访问&#xff08;即直接跳到任意一页&#xff09;&#xff0c;因此在前端需要随机跳转到某一页的场景中&#xff0c;使用 search_after 是不合适的。这种情况下&#xff0c;更适合使用 from 和 size 来实现分页。 为什么 search_after 不支持随机访…...

编程新知 2025/6/4 16:03:24

AutoGenTestCase - 借助AI大模型生成测试用例

想象一下&#xff0c;你正在为一个复杂的支付系统编写测试用例&#xff0c;需求文档堆积如山&#xff0c;边缘场景层出不穷&#xff0c;手动编写让你焦头烂额。现在&#xff0c;有了AutoGenTestCase&#xff0c;这个AI驱动的“测试用例生成机”可以从需求文档中自动生成数百个测…...

编程新知 2025/6/4 15:00:19