0

我正在尝试使用基于 RYU OFCTL REST 的 api (ryu.readthedocs.io/en/latest/app/ofctl_rest.html) 添加流条目,以将流添加到在 mininet 上运行的 OVS 交换机

RYU 正在运行ofctl_restsimple_switch这两个应用程序

我正在使用一个简单的拓扑结构,一个交换机 3 个主机 ... h1 = 10.0.0.1

h2 = 10.0.0.2

h3 = 10.0.0.3

如何添加流条目以阻止来自主机 h1 的所有传入数据包。
我使用了一个 json 对象

data={
  "dpid": 1,
  "cookie": 2802,
  "priority": 3000,
  "match":{
   "nw_src": "10.0.0.1",
  },
  "actions": [ ]
}

但是这个流条目正在阻止来自所有机器的所有 ping ...

有人可以建议如何使用 API 在 OVS 中添加 IP 地址过滤规则

4

1 回答 1

1

我尝试了同样的事情并使用了以下命令:

curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 100,
    "flags": 1,
    "match":{
        "nw_src": "10.0.0.1",
         "dl_type": 2048
    },
    "actions":[
    ]
 }' http://localhost:8080/stats/flowentry/add

结果没问题。

mininet> dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6.722s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,ip,nw_src=10.0.0.1 actions=drop
...

插入此规则后:

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms

mininet> h2 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.147 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.063 ms

我为此设置使用了 ofctl_rest 应用程序,并首先插入所有必要的规则以使主机可以相互访问。这是插入这些规则的脚本:

curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 0,
    "flags": 1,
    "match":{},
    "actions":[
        {
            "type":"OUTPUT",
            "port": "CONTROLLER"
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


  curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":2,
                "dl_dst":"00:00:00:00:00:01"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 1
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":1,
                "dl_dst":"00:00:00:00:00:02"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 2
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":3,
                "dl_dst":"00:00:00:00:00:01"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 1
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":1,
                "dl_dst":"00:00:00:00:00:03"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 3
        }
    ]
 }' http://localhost:8080/stats/flowentry/add



 curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":3,
                "dl_dst":"00:00:00:00:00:02"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 2
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


 curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":2,
                "dl_dst":"00:00:00:00:00:03"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 3
        }
    ]
 }' http://localhost:8080/stats/flowentry/add
于 2017-07-26T14:25:49.077 回答