ovn: improve OVN tutorial.

Improve the tutorial of the basic OVN features. The addresses and port_security
columns of the logical port is described in more detail.

Signed-off-by: nickcooper-zhangtonghao <nickcooper-zhangtonghao@opencloud.tech>
Signed-off-by: Russell Bryant <russell@ovn.org>

tutorial/OVN-Tutorial.md

@@ -221,6 +221,38 @@ that it is output to both ports `2` and `3`.
 
     $ ovn/env1/packet2.sh
 
+The logical port may have an unknown set of Ethernet addresses.  When an OVN logical
+switch processes a unicast Ethernet frame whose destination MAC address is not in any
+logical port’s addresses column, it delivers it to the port (or ports) whose addresses
+columns include unknown.
+
+[View ovn/env1/add-unknown-ports.sh][env1unknownports].
+
+    $ ovn/env1/add-unknown-ports.sh
+
+This trace shows a packet from `sw0-port1` to `sw0-port4`, `sw0-port5` whose addresses
+columns include unknown.  You will see that it is output to both ports `4` and `5`.
+
+[View ovn/env1/packet3.sh][env1packet3].
+
+    $ ovn/env1/packet3.sh
+
+The logical port would restrict the host to sending packets from and receiving packets
+to the ethernet addresses defined in the logical port’s port_security column.
+In addition to the restrictions described for Ethernet addresses above, such an element
+of port_security restricts the IPv4 or IPv6 addresses from which the host may send and
+to which it may receive packets to the specified addresses.
+
+[View ovn/env1/add-security-ip-ports.sh][env1securityport].
+
+    $ ovn/env1/add-security-ip-ports.sh
+
+This trace shows a packet from `sw0-port6` to `sw0-port7`.
+
+[View ovn/env1/packet4.sh][env1packet4].
+
+    $ ovn/env1/packet4.sh
+
 2) 2 switches, 4 ports
 ----------------------
 
@@ -867,6 +899,10 @@ hypervisors. Please see the tutorial 3 above.
 [env1packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet1.sh
 [env1packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/packet2.sh
 [env1thirdport]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env1/add-third-port.sh
+[env1unknownports]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-unknown-ports.sh
+[env1securityport]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/add-security-ip-ports.sh
+[env1packet3]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet3.sh
+[env1packet4]:https://github.com/nickcooper-zhangtonghao/ovs/blob/master/tutorial/ovn/env1/packet4.sh
 [env2setup]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/setup.sh
 [env2packet1]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet1.sh
 [env2packet2]:https://github.com/openvswitch/ovs/blob/master/tutorial/ovn/env2/packet2.sh

tutorial/automake.mk

@@ -12,7 +12,11 @@ EXTRA_DIST += \
 	tutorial/ovn/env1/setup.sh \
 	tutorial/ovn/env1/packet1.sh \
 	tutorial/ovn/env1/packet2.sh \
+	tutorial/ovn/env1/packet3.sh \
+	tutorial/ovn/env1/packet4.sh \
 	tutorial/ovn/env1/add-third-port.sh \
+	tutorial/ovn/env1/add-unknown-ports.sh \
+	tutorial/ovn/env1/add-security-ip-ports.sh \
 	tutorial/ovn/env2/setup.sh \
 	tutorial/ovn/env2/packet1.sh \
 	tutorial/ovn/env2/packet2.sh \

tutorial/ovn/env1/add-security-ip-ports.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+ovn-nbctl lsp-add sw0 sw0-port6
+ovn-nbctl lsp-add sw0 sw0-port7
+ovn-nbctl lsp-set-addresses sw0-port6 "00:00:00:00:00:06"
+ovn-nbctl lsp-set-addresses sw0-port7 "00:00:00:00:00:07"
+ovn-nbctl lsp-set-port-security sw0-port6 00:00:00:00:00:06 192.168.1.10/24
+ovn-nbctl lsp-set-port-security sw0-port7 00:00:00:00:00:07 192.168.1.20/24
+ovs-vsctl add-port br-int lport6 -- set Interface lport6 external_ids:iface-id=sw0-port6
+ovs-vsctl add-port br-int lport7 -- set Interface lport7 external_ids:iface-id=sw0-port7

tutorial/ovn/env1/add-unknown-ports.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+ovn-nbctl lsp-add sw0 sw0-port4
+ovn-nbctl lsp-add sw0 sw0-port5
+ovn-nbctl lsp-set-addresses sw0-port4 unknown
+ovn-nbctl lsp-set-addresses sw0-port5 unknown
+ovn-nbctl lsp-set-port-security sw0-port4 00:00:00:00:00:04 00:00:00:00:00:05
+ovn-nbctl lsp-set-port-security sw0-port5 00:00:00:00:00:04 00:00:00:00:00:05
+ovs-vsctl add-port br-int lport4 -- set Interface lport4 external_ids:iface-id=sw0-port4
+ovs-vsctl add-port br-int lport5 -- set Interface lport5 external_ids:iface-id=sw0-port5

tutorial/ovn/env1/packet3.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+# Trace a packet from sw0-port1 to sw0-port4, sw0-port5 which address is set as unknown.
+ovs-appctl ofproto/trace br-int in_port=1,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:04 -generate

tutorial/ovn/env1/packet4.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -o xtrace
+
+# Trace a packet from sw0-port6 to sw0-port7.
+ovs-appctl ofproto/trace br-int in_port=6,dl_type=0x0800,dl_src=00:00:00:00:00:06,dl_dst=00:00:00:00:00:07,nw_src=192.168.1.10,nw_dst=192.168.1.20  -generate