Re: [openflow-discuss] arbitrary wildcard

Mon, 16 Apr 2012 15:52:56 -0700 

On Mon, Apr 16, 2012 at 03:48:47PM -0700, Masoud Moshref Javadi wrote:
> By arbitrary IP address I mean defining  ip_src=10.0.1.3 to
> 10.0.1.128 just as one rule. 

You can implement this in terms of multiple bitwise match rules,
analogous to what is documented for tp_src and tp_dst:

       tp_src=port/mask
       tp_dst=port/mask
              Bitwise match on  TCP  (or  UDP)  source  or  destination  port,
              respectively.   The  port and mask are 16-bit numbers written in
              decimal or in hexadecimal prefixed by 0x.  Each  1-bit  in  mask
              requires  that  the  corresponding bit in port must match.  Each
              0-bit in mask causes the corresponding bit to be ignored.

              Bitwise matches on transport ports are rarely useful  in  isola‐
              tion,  but  a  group of them can be used to reduce the number of
              flows required to match on a  range  of  transport  ports.   For
              example, suppose that the goal is to match TCP source ports 1000
              to 1999, inclusive.  One way is to insert 1000  flows,  each  of
              which  matches  on a single source port.  Another way is to look
              at the binary representations of 1000 and 1999, as follows:
              01111101000
              11111001111
              and then to transform those into a  series  of  bitwise  matches
              that accomplish the same results:
              01111101xxx
              0111111xxxx
              10xxxxxxxxx
              110xxxxxxxx
              1110xxxxxxx
              11110xxxxxx
              1111100xxxx
              which  become  the following when written in the syntax required
              by ovs-ofctl:
              tcp,tp_src=0x03e8/0xfff8
              tcp,tp_src=0x03f0/0xfff0
              tcp,tp_src=0x0400/0xfe00
              tcp,tp_src=0x0600/0xff00
              tcp,tp_src=0x0700/0xff80
              tcp,tp_src=0x0780/0xffc0
              tcp,tp_src=0x07c0/0xfff0

              Only Open vSwitch 1.6 and later  supports  bitwise  matching  on
              transport ports.

              Like the exact-match forms of tp_src and tp_dst described above,
              the bitwise match forms apply only  when  dl_type  and  nw_proto
              specify TCP or UDP.

If indeed you insist on a single rule, yes, you are out of luck.

> Current classifier in openvswitch uses
> hashcode of the wildcard bit pattern to create a hashset for rules
> having the same wildcard bit pattern. OVS new flow setup time
> benefits from this limitation. Supporting this kind of rules needs a
> big change in the architecture.

Have you tried it?  How did it perform?
_______________________________________________
openflow-discuss mailing list
openflow-discuss@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/openflow-discuss

Reply via email to