问题
I am trying to add a flow entry using RYU OFCTL REST based api (ryu.readthedocs.io/en/latest/app/ofctl_rest.html) for adding flows to an OVS Switch running on mininet
RYU is running ofctl_rest and simple_switch these two applications
I am using a simple topology with one switch 3 hosts ... h1 = 10.0.0.1
h2 = 10.0.0.2
h3 = 10.0.0.3
How do i add a flow entry to block all incoming packets from host h1.
I used a json object
data={
"dpid": 1,
"cookie": 2802,
"priority": 3000,
"match":{
"nw_src": "10.0.0.1",
},
"actions": [ ]
}
But this flow entry is blocking all the pings from all the machines ...
can someone suggest how to add and IP address filtering rule in OVS using API
回答1:
I tried same thing and used the command below:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 100,
"flags": 1,
"match":{
"nw_src": "10.0.0.1",
"dl_type": 2048
},
"actions":[
]
}' http://localhost:8080/stats/flowentry/add
Result is ok.
mininet> dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6.722s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,ip,nw_src=10.0.0.1 actions=drop
...
After inserting this rule:
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
mininet> h2 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.147 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.063 ms
I've used ofctl_rest app for this setup and first insert all necessary rules to make host reachable each other. Here is the script for inserting those rules:
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 0,
"flags": 1,
"match":{},
"actions":[
{
"type":"OUTPUT",
"port": "CONTROLLER"
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":2,
"dl_dst":"00:00:00:00:00:01"
},
"actions":[
{
"type":"OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":1,
"dl_dst":"00:00:00:00:00:02"
},
"actions":[
{
"type":"OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":3,
"dl_dst":"00:00:00:00:00:01"
},
"actions":[
{
"type":"OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":1,
"dl_dst":"00:00:00:00:00:03"
},
"actions":[
{
"type":"OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":3,
"dl_dst":"00:00:00:00:00:02"
},
"actions":[
{
"type":"OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"cookie": 0,
"table_id": 0,
"priority": 1,
"flags": 1,
"match":{
"in_port":2,
"dl_dst":"00:00:00:00:00:03"
},
"actions":[
{
"type":"OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
来源:https://stackoverflow.com/questions/45185910/adding-an-ip-based-flow-entry-using-ryu-rest-api