I am trying to add a flow entry using
RYU OFCTL REST based api (ryu.readthedocs.io/en/latest/app/ofctl_rest.html) for adding flows to an OVS Switch running on mininet
RYU is running ofctl_rest and simple_switch these two applications
I am using a simple topology with one switch 3 hosts ...
h1 = 10.0.0.1
h2 = 10.0.0.2
h3 = 10.0.0.3
How do i add a flow entry to block all incoming packets from host h1.
I used a json object
data={
"dpid": 1,
"cookie": 2802,
"priority": 3000,
"match":{
"nw_src": "10.0.0.1",
},
"actions": [ ]
}
But this flow entry is blocking all the pings from all the machines ...
can someone suggest how to add and IP address filtering rule in OVS using API
I tried same thing and used the command below:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 100,
"flags": 1,
"match":{
"nw_src": "10.0.0.1",
"dl_type": 2048
},
"actions":[
]
}' http://localhost:8080/stats/flowentry/add
Result is ok.
mininet> dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6.722s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,ip,nw_src=10.0.0.1 actions=drop
...
After inserting this rule:
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
mininet> h2 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.147 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.063 ms
I've used ofctl_rest app for this setup and first insert all necessary rules to make host reachable each other. Here is the script for inserting those rules:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 0,
"flags": 1,
"match":{},
"actions":[
{
"type":"OUTPUT",
"port": "CONTROLLER"
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":2,
"dl_dst":"00:00:00:00:00:01"
},
"actions":[
{
"type":"OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":1,
"dl_dst":"00:00:00:00:00:02"
},
"actions":[
{
"type":"OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":3,
"dl_dst":"00:00:00:00:00:01"
},
"actions":[
{
"type":"OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":1,
"dl_dst":"00:00:00:00:00:03"
},
"actions":[
{
"type":"OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":3,
"dl_dst":"00:00:00:00:00:02"
},
"actions":[
{
"type":"OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":2,
"dl_dst":"00:00:00:00:00:03"
},
"actions":[
{
"type":"OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我欲成王,谁敢阻挡 的文章《Adding an IP based flow entry using RYU REST API》','https://www.manongdao.com/article-943506.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}