ovs实现lb负载均衡

负载均衡定义

负载均衡器的实现原理是通过硬件或软件设备将客户端访问流量根据转发策略分发到多个服务器或设备上，以确保系统的负载均衡。常见的实现方式包括：

二层负载均衡‌：使用虚拟MAC地址方式，根据OSI模型的二层进行负载均衡。
‌四层负载均衡‌：基于IP+端口的负载均衡，主要分析IP层及TCP/UDP层，实现四层负载均衡。
‌七层负载均衡‌：从应用层开始，根据虚拟的URL或IP、主机名接收请求，再转向相应的处理服务器。

二层负载均衡

网络设备：交换机
过程分析：只有当pod访问负载均衡vip且是首包的情况下匹配switch负载均衡，在group里采用select机制根据数据包五元组哈希选择一个endpoint，打上ct_mark标记，并dnat到endpoint
ovs流表：

 table=19, priority=120,ct_state=+new+trk,tcp,metadata=0x1,nw_dst=10.96.187.144,tp_dst=10001 actions=load:0->NXM_NX_XXREG0[97],load:0xa60bb90→NXM_NX_XXREG0[64..95],load:0x2711→NXM_NX_XXREG0[32..47],group:5# 在group里进行负载均衡group_id=5,type=select,selection_method=dp_hash,bucket=bucket_id:0,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.4:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:1,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.5:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:2,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.6:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:3,weight:100,actions=ct(commit,table=20,zone=NXM_NX_REG13[0..15],nat(dst=10.244.0.7:80),exec(load:0x1→NXM_NX_CT_MARK[1]))

ovn流表：

#  ovn-trace --ct=new node1 'inport=="ovn-poc_service-a-89c68dc96-f75t2" && eth.src== 0a:58:0a:f4:00:04 && eth.dst == 0a:58:0a:f4:00:01 && ip4.src==10.244.0.4 && ip.ttl==64 && ip4.dst==10.96.187.144 && tcp.dst==10001'
# tcp,reg14=0x3,vlan_tci=0x0000,dl_src=0a:58:0a:f4:00:04,dl_dst=0a:58:0a:f4:00:01,nw_src=10.244.0.4,nw_dst=10.96.187.144,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="node1", inport="ovn-poc_service-a-89c68dc96-f75t2")
---------------------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5649): ip, priority 100, uuid df97729freg0[0] = 1;next;5. ls_in_pre_lb (northd.c:5820): ip, priority 100, uuid 1990086areg0[2] = 1;next;6. ls_in_pre_stateful (northd.c:5852): reg0[2] == 1 && ip4 && tcp, priority 120, uuid 454a1f78reg1 = ip4.dst;reg2[0..15] = tcp.dst;ct_lb_mark;ct_lb_mark
----------7. ls_in_acl_hint (northd.c:5929): ct.new && !ct.est, priority 7, uuid 24ab3fd0reg0[7] = 1;reg0[9] = 1;next;8. ls_in_acl (northd.c:6545): ip && !ct.est, priority 1, uuid 8eaca776reg0[1] = 1;next;
11. ls_in_lb (northd.c:6858): ct.new && ip4.dst == 10.96.187.144 && tcp.dst == 10001, priority 120, uuid 4bf79ca8reg0[1] = 0;reg1 = 10.96.187.144;reg2[0..15] = 10001;ct_lb_mark(backends=10.244.0.4:80,10.244.0.5:80,10.244.0.6:80,10.244.0.7:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8465): eth.dst == 0a:58:0a:f4:00:01, priority 50, uuid 3c5ecd19outport = "stor-node1";output;egress(dp="node1", inport="ovn-poc_service-a-89c68dc96-f75t2", outport="stor-node1")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "stor-node1", priority 110, uuid 2d693c30next;1. ls_out_pre_acl (northd.c:5538): ip && outport == "stor-node1", priority 110, uuid c384472dnext;3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "stor-node1", type "patch" */ingress(dp="ovn_cluster_router", inport="rtos-node1")
-----------------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == 0a:58:0a:f4:00:01 && inport == "rtos-node1" && is_chassis_resident("cr-rtos-node1"), priority 50, uuid be29772fxreg0[0..47] = 0a:58:0a:f4:00:01;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1, priority 100, uuid 64a7073bnext;
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): ip4.dst == 10.244.0.0/24, priority 74, uuid 7546028cip.ttl--;reg8[0..15] = 0;reg0 = ip4.dst;reg1 = 10.244.0.1;eth.src = 0a:58:0a:f4:00:01;outport = "rtos-node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11660): outport == "rtos-node1" && reg0 == 10.244.0.6, priority 100, uuid 5eb2a06deth.dst = 0a:58:0a:f4:00:06;next;
18. lr_in_gw_redirect (northd.c:12060): outport == "rtos-node1", priority 50, uuid a372b2faoutport = "cr-rtos-node1";next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;/* Replacing type "chassisredirect" outport "cr-rtos-node1" with distributed port "rtos-node1". */egress(dp="ovn_cluster_router", inport="rtos-node1", outport="rtos-node1")
--------------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;6. lr_out_delivery (northd.c:12225): outport == "rtos-node1", priority 100, uuid c027ddcdoutput;/* output to "rtos-node1", type "patch" */ingress(dp="node1", inport="stor-node1")
----------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid dea94017next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid 9594bbf7next;7. ls_in_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid 2c071dfereg0[10] = 1;next;
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == 0a:58:0a:f4:00:06, priority 50, uuid d57c86c5outport = "ovn-poc_service-a-89c68dc96-tgkwt";output;egress(dp="node1", inport="stor-node1", outport="ovn-poc_service-a-89c68dc96-tgkwt")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-tgkwt", type "" */

二层负载均衡

网络设备：路由器
过程分析：只host访问负载均衡vip且是首包走3层router负载均衡，在group里采用select机制根据数据包五元组哈希选择一个endpoint，dnat到endpoint，再通过dnat后的网段进行路由到ovn_cluster_router，转发到pod
ovs流表：

table=14,  priority=120,ct_state=+new+trk,tcp,reg0=0xa60bb90,reg9=0x27110000/0xffff0000,metadata=0x7 actions=load:0x1->NXM_NX_REG10[3],group:6# 在group里进行负载均衡group_id=6,type=select,selection_method=dp_hash,bucket=bucket_id:0,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.4:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:1,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.5:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:2,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.6:80),exec(load:0x1->NXM_NX_CT_MARK[1])),bucket=bucket_id:3,weight:100,actions=ct(commit,table=15,zone=NXM_NX_REG11[0..15],nat(dst=10.244.0.7:80),exec(load:0x1->NXM_NX_CT_MARK[1]))

ovn流表：

# ovn-trace --ct=new ext_node1 'inport=="brenp0s10_node1" && eth.src==fa:92:01:b6:d4:fd && eth.dst==fa:92:01:b6:d4:fd && ip4.src==169.254.169.2 && ip4.dst==10.96.187.144 && ip && ip.ttl==64 && tcp.dst==10001'
# tcp,reg14=0x1,vlan_tci=0x0000,dl_src=fa:92:01:b6:d4:fd,dl_dst=fa:92:01:b6:d4:fd,nw_src=169.254.169.2,nw_dst=10.96.187.144,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="ext_node1", inport="brenp0s10_node1")
-------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "brenp0s10_node1", priority 110, uuid 51131891next;
17. ls_in_arp_rsp (northd.c:7749): inport == "brenp0s10_node1", priority 100, uuid 55db24b2next;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == fa:92:01:b6:d4:fd, priority 50, uuid 034b6bbeoutport = "etor-GR_node1";output;egress(dp="ext_node1", inport="brenp0s10_node1", outport="etor-GR_node1")
-------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "etor-GR_node1", priority 110, uuid 2762bbbbnext;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "etor-GR_node1", type "l3gateway" */ingress(dp="GR_node1", inport="rtoe-GR_node1")
----------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == fa:92:01:b6:d4:fd && inport == "rtoe-GR_node1", priority 50, uuid 8b77bd84xreg0[0..47] = fa:92:01:b6:d4:fd;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1 || reg9[3] == 0, priority 100, uuid 2c666711next;5. lr_in_defrag (northd.c:10148): ip && ip4.dst == 10.96.187.144 && tcp, priority 110, uuid d7c84c30reg0 = 10.96.187.144;reg9[16..31] = tcp.dst;ct_dnat;ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------6. lr_in_dnat (northd.c:9766): ct.new && ip4 && reg0 == 10.96.187.144 && tcp && reg9[16..31] == 10001, priority 120, uuid 16accb91flags.force_snat_for_lb = 1;ct_lb_mark(backends=10.244.0.4:80,10.244.0.5:80,10.244.0.6:80,10.244.0.7:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): reg7 == 0 && ip4.dst == 10.244.0.0/16, priority 49, uuid b99c65d6ip.ttl--;reg8[0..15] = 0;reg0 = 100.64.0.1;reg1 = 100.64.0.3;eth.src = 0a:58:64:40:00:03;outport = "rtoj-GR_node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11493): ip4, priority 0, uuid 7becfca7get_arp(outport, reg0);/* MAC binding to 0a:58:64:40:00:01. */next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;egress(dp="GR_node1", inport="rtoe-GR_node1", outport="rtoj-GR_node1")
----------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;1. lr_out_undnat (northd.c:13462): ip, priority 50, uuid 998e6c30flags.loopback = 1;ct_dnat;ct_dnat /* assuming no un-dnat entry, so no change */
-----------------------------------------------------2. lr_out_post_undnat (northd.c:13464): ip && ct.new, priority 50, uuid 13cbb26fct_commit;next;6. lr_out_delivery (northd.c:12225): outport == "rtoj-GR_node1", priority 100, uuid 215be6d1output;/* output to "rtoj-GR_node1", type "l3gateway" */ingress(dp="join", inport="jtor-GR_node1")
------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "jtor-GR_node1", priority 110, uuid e6087be9next;
23. ls_in_l2_lkup (northd.c:8465): eth.dst == 0a:58:64:40:00:01, priority 50, uuid 6a3b96d6outport = "jtor-ovn_cluster_router";output;egress(dp="join", inport="jtor-GR_node1", outport="jtor-ovn_cluster_router")
----------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5538): ip && outport == "jtor-ovn_cluster_router", priority 110, uuid 843f9c76next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "jtor-ovn_cluster_router", type "patch" */ingress(dp="ovn_cluster_router", inport="rtoj-ovn_cluster_router")
------------------------------------------------------------------0. lr_in_admission (northd.c:10835): eth.dst == 0a:58:64:40:00:01 && inport == "rtoj-ovn_cluster_router", priority 50, uuid 4a2c861fxreg0[0..47] = 0a:58:64:40:00:01;next;1. lr_in_lookup_neighbor (northd.c:10979): 1, priority 0, uuid e1a8324creg9[2] = 1;next;2. lr_in_learn_neighbor (northd.c:10988): reg9[2] == 1, priority 100, uuid 64a7073bnext;
10. lr_in_ip_routing_pre (northd.c:11214): 1, priority 0, uuid 7dd0d651reg7 = 0;next;
11. lr_in_ip_routing (northd.c:9629): ip4.dst == 10.244.0.0/24, priority 74, uuid 7546028cip.ttl--;reg8[0..15] = 0;reg0 = ip4.dst;reg1 = 10.244.0.1;eth.src = 0a:58:0a:f4:00:01;outport = "rtos-node1";flags.loopback = 1;next;
12. lr_in_ip_routing_ecmp (northd.c:11290): reg8[0..15] == 0, priority 150, uuid 95a7470dnext;
13. lr_in_policy (northd.c:11457): 1, priority 0, uuid 9fff15f1reg8[0..15] = 0;next;
14. lr_in_policy_ecmp (northd.c:11459): reg8[0..15] == 0, priority 150, uuid f7115b27next;
15. lr_in_arp_resolve (northd.c:11660): outport == "rtos-node1" && reg0 == 10.244.0.4, priority 100, uuid 98d8234deth.dst = 0a:58:0a:f4:00:04;next;
18. lr_in_gw_redirect (northd.c:12060): outport == "rtos-node1", priority 50, uuid a372b2faoutport = "cr-rtos-node1";next;
19. lr_in_arp_request (northd.c:12178): 1, priority 0, uuid d469dbb2output;/* Replacing type "chassisredirect" outport "cr-rtos-node1" with distributed port "rtos-node1". */egress(dp="ovn_cluster_router", inport="rtoj-ovn_cluster_router", outport="rtos-node1")
---------------------------------------------------------------------------------------0. lr_out_chk_dnat_local (northd.c:13442): 1, priority 0, uuid 43040472reg9[4] = 0;next;6. lr_out_delivery (northd.c:12225): outport == "rtos-node1", priority 100, uuid c027ddcdoutput;/* output to "rtos-node1", type "patch" */ingress(dp="node1", inport="stor-node1")
----------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid dea94017next;5. ls_in_pre_lb (northd.c:5535): ip && inport == "stor-node1", priority 110, uuid 9594bbf7next;7. ls_in_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid 2c071dfereg0[10] = 1;next;
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
23. ls_in_l2_lkup (northd.c:8394): eth.dst == 0a:58:0a:f4:00:04, priority 50, uuid 50aab262outport = "ovn-poc_service-a-89c68dc96-f75t2";output;egress(dp="node1", inport="stor-node1", outport="ovn-poc_service-a-89c68dc96-f75t2")
------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-f75t2", type "" */

hairpin（特殊场景lb）

网络设备：交换机
过程分析：当pod访问serviceIP，经过负载均衡后的endpoint是自己时，snat将源ip改为vip，源目mac互换，跳过2层转发回到源pod，此过程在switch即可完成，不需要再经过router
ovs流表：

table=22, priority=100,ct_state=+trk,ip,metadata=0x1 actions=load:0->NXM_NX_REG10[7],resubmit(,68),move:NXM_NX_REG10[7]→NXM_NX_XXREG0[102],load:0→NXM_NX_REG10[7],resubmit(,69),move:NXM_NX_REG10[7]→NXM_NX_XXREG0[108],resubmit(,23)
table=68, priority=100,ct_mark=0x2/0x2,tcp,reg1=0xa60b85f,reg2=0x2711/0xffff,nw_src=10.244.0.4,nw_dst=10.244.0.4,tp_dst=80 actions=load:0x1->NXM_NX_REG10[7],learn(table=69,delete_learned,cookie=0x8a0b4179,OXM_OF_METADATA[],eth_type=0x800,NXM_OF_IP_SRC[],ip_dst=10.96.184.95,nw_proto=6,NXM_OF_TCP_SRC[]=NXM_OF_TCP_DST[],load:0x1→NXM_NX_REG10[7])

ovn流表：

# ovn-trace --ct=new node1 'inport=="ovn-poc_service-a-89c68dc96-fm272" && eth.src== 0a:58:0a:f4:00:04 && eth.dst == 0a:58:0a:f4:00:01 && ip4.src==10.244.0.4 && ip.ttl==64 && ip4.dst==10.96.184.95 && tcp.dst==10001'
2023-11-16T02:15:46Z|00001|ovntrace|WARN|ovn-poc_service-a-89c68dc96-f75t2: unknown logical port
2023-11-16T02:15:46Z|00002|ovntrace|WARN|ovn-poc_service-a-89c68dc96-f75t2: unknown logical port
# tcp,reg14=0x3,vlan_tci=0x0000,dl_src=0a:58:0a:f4:00:04,dl_dst=0a:58:0a:f4:00:01,nw_src=10.244.0.4,nw_dst=10.96.184.95,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=0,tp_dst=10001,tcp_flags=0ingress(dp="node1", inport="ovn-poc_service-a-89c68dc96-fm272")
---------------------------------------------------------------0. ls_in_check_port_sec (northd.c:7727): 1, priority 50, uuid 03dc908creg0[15] = check_in_port_sec();next;4. ls_in_pre_acl (northd.c:5649): ip, priority 100, uuid df97729freg0[0] = 1;next;5. ls_in_pre_lb (northd.c:5820): ip, priority 100, uuid 1990086areg0[2] = 1;next;6. ls_in_pre_stateful (northd.c:5852): reg0[2] == 1 && ip4 && tcp, priority 120, uuid 454a1f78reg1 = ip4.dst;reg2[0..15] = tcp.dst;ct_lb_mark;ct_lb_mark
----------7. ls_in_acl_hint (northd.c:5929): ct.new && !ct.est, priority 7, uuid 24ab3fd0reg0[7] = 1;reg0[9] = 1;next;8. ls_in_acl (northd.c:6545): ip && !ct.est, priority 1, uuid 8eaca776reg0[1] = 1;next;
11. ls_in_lb (northd.c:6858): ct.new && ip4.dst == 10.96.184.95 && tcp.dst == 10001, priority 120, uuid 6b816103reg0[1] = 0;reg1 = 10.96.184.95;reg2[0..15] = 10001;ct_lb_mark(backends=10.244.0.4:80);ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------
14. ls_in_pre_hairpin (northd.c:6931): ip && ct.trk, priority 100, uuid 1328c195reg0[6] = chk_lb_hairpin();reg0[12] = chk_lb_hairpin_reply();*** chk_lb_hairpin_reply action not implementednext;
15. ls_in_nat_hairpin (northd.c:6940): ip && ct.new && ct.trk && reg0[6] == 1, priority 100, uuid 89e48276ct_snat_to_vip;*** ct_snat_to_vip action not implementednext;
16. ls_in_hairpin (northd.c:6965): (reg0[6] == 1 || reg0[12] == 1), priority 1, uuid 4680c239eth.dst <-> eth.src;outport = inport;flags.loopback = 1;output;egress(dp="node1", inport="ovn-poc_service-a-89c68dc96-fm272", outport="ovn-poc_service-a-89c68dc96-fm272")
-----------------------------------------------------------------------------------------------------------0. ls_out_pre_lb (northd.c:5822): ip, priority 100, uuid fe121cbfreg0[2] = 1;next;1. ls_out_pre_acl (northd.c:5651): ip, priority 100, uuid 105736e5reg0[0] = 1;next;2. ls_out_pre_stateful (northd.c:5872): reg0[2] == 1, priority 110, uuid 1c6b05efct_lb_mark;ct_lb_mark /* default (use --ct to customize) */
------------------------------------------------3. ls_out_acl_hint (northd.c:5992): ct.est && ct_mark.blocked == 0, priority 1, uuid f77da843reg0[10] = 1;next;8. ls_out_check_port_sec (northd.c:5505): 1, priority 0, uuid 4fb4d39freg0[15] = check_out_port_sec();next;9. ls_out_apply_port_sec (northd.c:5510): 1, priority 0, uuid 6d6e8323output;/* output to "ovn-poc_service-a-89c68dc96-fm272", type "" */