hey Ryan , You means when using dpctl add-flow ? Do you know why ACL command doesn't get to block the port of that ip address ?
Thanks in advance On Mon, Jun 27, 2016 at 5:05 PM, Ryan Izard <riz...@g.clemson.edu> wrote: > You need to specify the dl_type (ethertype) as IPv4 (unless you're using > IPv6, in which case it'll be IPv6). > > Ryan > > On Jun 27, 2016, at 9:54 AM, Hssan Driss <hssan.dr...@gmail.com> wrote: > > Hi everyone, > > Yes, as a matter of fact, on Floodlight ACL choosing UDP protocol is > translated into 11. Is that decimal or hex ? > There might be a confusion though ! 0x11 = 17 (dec) > And Since I'm using SIP on default 5060 port shall I precise it ? > > In addition, I tried adding the flow on the switch manually using dpctl > commands as below : > > # sudo dpctl add-flow unix:/var/run/dp0.sock > in_port=*,dl_vlan=*,dl_src=*,dl_dst=*,dl_type=*,nw_src=192.168.2.2,nw_dst=*,nw_proto=17,tp_src=*,tp_dst=5060,icmp_type=*,icmp_code=*,actions= > > I get : > > # sudo dpctl dump-flows unix:/var/run/dp0.sock > stats_reply (xid=0x54e91f95): flags=none type=1(flow) > cookie=0, duration_sec=1s, duration_nsec=552000000s, table_id=0, > priority=32768, n_packets=0, n_bytes=0, > idle_timeout=60,hard_timeout=0,actions= > > And packets are blocked ! but can't get why the flow rule doesn't exactly > match the rule added ! > > Thanks in advance for your help ! > > Kind Regards, > Hssan > > > On Fri, Jun 24, 2016 at 4:25 PM, Hssan Driss <hssan.dr...@gmail.com> > wrote: > >> Hi everyone, >> >> I'm working on SDN lab. When intend to block SIP Client IP. We are >> pushing the blocking order based on the Src-ip address to Floodlight >> controller through REST API. Which is translated on a switch level : >> >> # dpctl dump-flows unix:/var/run/dp0.sock >> stats_reply (xid=0x79853a73): flags=none type=1(flow) >> cookie=45035999707555269, duration_sec=9s, duration_nsec=451000000s, >> table_id=0, priority=29999, n_packets=0, n_bytes=0, >> idle_timeout=0,hard_timeout=0,ip,nw_src=192.168.2.2,nw_proto=11,tp_src=0,tp_dst=0,actions= >> cookie=4503599627370496, duration_sec=39s, duration_nsec=677000000s, >> table_id=0, priority=100, n_packets=514, n_bytes=231936, >> idle_timeout=5,hard_timeout=0,in_port=4,dl_src=00:21:9b:88:04:66,dl_dst=18:03:73:b5:78:4d,actions=output:3 >> cookie=4503599627370496, duration_sec=39s, duration_nsec=677000000s, >> table_id=0, priority=100, n_packets=685, n_bytes=383282, >> idle_timeout=5,hard_timeout=0,in_port=3,dl_src=18:03:73:b5:78:4d,dl_dst=00:21:9b:88:04:66,actions=output:4 >> >> SIP Client is on 192.168.2.2 >> >> The flow rule is placed on the switch flow table. However, the Proxy >> still receives the packets from that client. >> How can I debug and fix this ? >> Below my is topology! >> >> >> >> Controller Floodlight >> _________|________ >> | | | >> Netfpga ____OVS ___Netfpga >> | | | >> SIP Proxy SIP >> Client1 Client2 >> >> >> Thanks in advance, >> Best Regards, >> Hssan >> >> > > -- > Documentation and tutorials: > https://floodlight.atlassian.net/wiki/display/floodlightcontroller/Floodlight+Documentation > Posting guidelines: > https://floodlight.atlassian.net/wiki/pages/viewpage.action?pageId=24805428 > --- > You received this message because you are subscribed to the Google Groups > "Floodlight-developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to floodlight-dev+unsubscr...@openflowhub.org. > To post to this group, send email to floodlight-...@openflowhub.org. > Visit this group at > https://groups.google.com/a/openflowhub.org/group/floodlight-dev/. > To view this discussion on the web visit > https://groups.google.com/a/openflowhub.org/d/msgid/floodlight-dev/CAJpa1GBbUxxHb8Ws7oEKiHx2drgU0AeEnN%3Dm0aRUFPjwb5OMnQ%40mail.gmail.com > <https://groups.google.com/a/openflowhub.org/d/msgid/floodlight-dev/CAJpa1GBbUxxHb8Ws7oEKiHx2drgU0AeEnN%3Dm0aRUFPjwb5OMnQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > Documentation and tutorials: > https://floodlight.atlassian.net/wiki/display/floodlightcontroller/Floodlight+Documentation > Posting guidelines: > https://floodlight.atlassian.net/wiki/pages/viewpage.action?pageId=24805428 > --- > You received this message because you are subscribed to the Google Groups > "Floodlight-developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to floodlight-dev+unsubscr...@openflowhub.org. > To post to this group, send email to floodlight-...@openflowhub.org. > Visit this group at > https://groups.google.com/a/openflowhub.org/group/floodlight-dev/. > To view this discussion on the web visit > https://groups.google.com/a/openflowhub.org/d/msgid/floodlight-dev/DEEDC958-C00F-4D1E-9993-EF34FB71D057%40g.clemson.edu > <https://groups.google.com/a/openflowhub.org/d/msgid/floodlight-dev/DEEDC958-C00F-4D1E-9993-EF34FB71D057%40g.clemson.edu?utm_medium=email&utm_source=footer> > . >
_______________________________________________ openflow-discuss mailing list openflow-discuss@lists.stanford.edu https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
