使用RYU REST API添加基于IP的流条目

时间:2017-07-19 09:08:10

标签: rest openflow ryu

我正在尝试使用添加流条目 基于RYU OFCTL REST的api(ryu.readthedocs.io/en/latest/app/ofctl_rest.html),用于向小型机上运行的OVS交换机添加流量

RYU正在运行 ofctl_rest simple_switch 这两个应用程序

我使用一个简单的拓扑结构,一个交换机3个主机... h1 = 10.0.0.1

h2 = 10.0.0.2

h3 = 10.0.0.3

如何添加流条目以阻止来自主机h1的所有传入数据包 我使用了json对象

data={
  "dpid": 1,
  "cookie": 2802,
  "priority": 3000,
  "match":{
   "nw_src": "10.0.0.1",
  },
  "actions": [ ]
}

但是这个流条目阻止了所有机器的所有ping ...

有人可以建议如何使用API​​

在OVS中添加和IP地址过滤规则

1 个答案:

答案 0 :(得分:0)

我尝试了同样的事情并使用了以下命令:

curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 100,
    "flags": 1,
    "match":{
        "nw_src": "10.0.0.1",
         "dl_type": 2048
    },
    "actions":[
    ]
 }' http://localhost:8080/stats/flowentry/add

结果还可以。

mininet> dpctl dump-flows
*** s1 ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6.722s, table=0, n_packets=0, n_bytes=0, idle_age=6, priority=100,ip,nw_src=10.0.0.1 actions=drop
...

插入此规则后:

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms

mininet> h2 ping h3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.147 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.063 ms

我已使用ofctl_rest应用程序进行此设置,并首先插入所有必要的规则以使主机可以相互访问。以下是插入这些规则的脚本:

curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 0,
    "flags": 1,
    "match":{},
    "actions":[
        {
            "type":"OUTPUT",
            "port": "CONTROLLER"
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


  curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":2,
                "dl_dst":"00:00:00:00:00:01"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 1
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":1,
                "dl_dst":"00:00:00:00:00:02"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 2
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":3,
                "dl_dst":"00:00:00:00:00:01"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 1
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":1,
                "dl_dst":"00:00:00:00:00:03"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 3
        }
    ]
 }' http://localhost:8080/stats/flowentry/add



 curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":3,
                "dl_dst":"00:00:00:00:00:02"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 2
        }
    ]
 }' http://localhost:8080/stats/flowentry/add


 curl -X POST -d '{
    "dpid": 1,
    "cookie": 0,
    "table_id": 0,
    "priority": 1,
    "flags": 1,
    "match":{
        "in_port":2,
                "dl_dst":"00:00:00:00:00:03"
    },
    "actions":[
        {
            "type":"OUTPUT",
            "port": 3
        }
    ]
 }' http://localhost:8080/stats/flowentry/add
相关问题
最新问题