Comments inline: On Jul 15, 2008, at 8:00 PM, David Erickson wrote:
> One feature that is critical to the demo we are working on is the > capability to 'shortcut' past an in-network gateway and send packets > straight to the destination. For example, two hosts that are > connected to the same physical OF switch, but on different subnets. > The goal would be such that the two can communicate without having > to go through an intermediate gateway. This requires intercepting > their packets destined for the gateway, modifying the route to be > directly between the two, and rewriting the destination MAC addresses. > > I had a look through authenticator/routing and determined two > modifications that could enable this: > > 1) In authenticator.cc for a packet_in event a lookup is performed > based on the destination MAC address to determine the destination > ConnPtr that will be passed along in the flow_in event. I believe > this could be modified such that it first checks to see if there is > a known ip:mac binding for the destination ip, and if the dest mac > differs from this binding, it instead uses the ConnPtr from the > ip:mac binding as the destination in the flow_in event. > > 2) To support the rewrite that will be required, the Link structure > could be extended to contain a list of action structures that > correspond to OpenFlow actions. Then authenticator would need to > signal through the flow_in that a MAC rewrite is necessary, and > routing would see this and add the MAC rewrite to the last entry in > the route as it gets pushed down into the switches. > > This leads me to a couple of questions. > > -Is there an index in to the database of known hosts based on IP > address? The only one I saw in a brief skim was the hosts variable, > which appeared to be an index from dl->nw dest->datapathid/port. > From this I would gather that one would need to iterate through all > MACs looking for the IP? Is there an easier way to do this or some > sample code? > The bindings_storage component described in Dan's response to 'Exposing authenticator information to python apps' thread is the interface for searching on IP. authenticator is really only suppose to serve as a quick lookup for received packets and thus doesn't need a separate ip only lookup. > -What mac:ip bindings does NOX track, and how does it get them? For > example does it only track mac:ip bindings that it receives through > ARPs? > NOX tracks all mac:ip pairs seen in a packet, even if the sending host does not own the MAC interface (e.g. hosts behind a router will have the router's MAC address). Currently authenticator by default tracks every mac:ip pair seen in a packet received by the controller, but eventually will only track bindings in packets sent by hosts that have adequately authenticated with the network.. > Thanks! > David Natasha _______________________________________________ nox-dev mailing list [email protected] http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
