See below... On 28 Jul 2017, at 08:44, Michael Williams <[email protected]> wrote: > > Someone just reminded me that just because you add OpenvSwitch to a Wifi > access point does not make it a SDN device. What you've really created is a > hybrid device where where OvS may control part of it but other facilities > control other parts of it.When I was thinking about this problem last night > obviously the wireless devices were not going thru the datapath of OvS so > there was no way that it was going to be able manage that traffic. >
Maybe I can supply a slightly different meaning for use with OVS. I wrote a blog entry regarding integrating wireless and OVS: http://blog.raymond.burkholder.net/index.php?/archives/762-Using-Quilt-to-Patch-a-Debian-Package-hostapd.html So, in a nutshell, hostapd can handle the authentication and related wireless protocols. The traffic is then handed off to the OVS bridge. Using openvswitch-switch or by using open flow or by using ovs-ofctl or related commands, traffic can then be managed in whatever mechanism you would like. I haven’t tested it yet, but Michael Williams has just sent a link, and I believe the mechanism behind that link is that traffic from a wireless client will have to come in on the wireless link, hit the OVS bridge, where it can be manipulated by rules, and then will be transmitted back out the wireless link to another client (if the rules are built to allow that). Bottom line, client to client traffic doesn’t bypass the wireless network interface, it has to come to the interface, be processed then transmitted back out. So I think you can get the control you desire. > If the router supports it, a solution to the problem is to enable wireless > isolation within OpenWRT. Hybrid device, hybrid solution. Thanks for the help. > > > From: Blue Lang <[email protected] <mailto:[email protected]>> > Sent: Thursday, July 27, 2017 2:40 PM > To: Michael Williams > Cc: Joo Yong-Seok; [email protected] > <mailto:[email protected]> > Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports > > You'd need to get your wifi NIC or WAP to act as a transparent bridge so the > end devices appear as multiple MACs on the WLAN0 interface. Then you can use > (should be able to?) use OF write actions to control the traffic flow on the > wifi guests. > > There are quite a few hits on google covering very similar situations to the > one you're asking about here. > > Thanks, > > On Thu, Jul 27, 2017 at 1:59 PM, Michael Williams <[email protected] > <mailto:[email protected]>> wrote: > When I WiFi interface I mean WLAN0 and in this particular box we have WLAN0 > for the 5 GHz radio. > > When you add it to OvS you are just adding it as an individual port to the > bridge. But if you have for example 4 computers connect wirelessly its like > they are all connecting via that single port unlike if you plugged in 4 > computers via the wired ports where each computer would plug into a single > individual port. > > My problem is I want to be able to control the traffic between the wireless > devices using OvS in the same way that I can control the traffic between the > wired devices. > > When you said added multiple wifi interfaces do you mean that you have > multiple radios? Because we only have two and are only using one. > > > From: Joo Yong-Seok <[email protected] <mailto:[email protected]>> > Sent: Thursday, July 27, 2017 1:33 PM > To: Michael Williams > Cc: Ben Pfaff; [email protected] > <mailto:[email protected]> > > Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports > > When you say, "wifi interface", do you mean wlan interface (which is VAP) at > AP? or low-level wifi interface? > I don't know rate-limit since I've never tried but it works well for regular > OVS rules. > > - Drop everything > - Allow ARP > - Allow DHCP > - Allow DNS > > I applied the rule in one of ovs bridge and added multiple wifi interface > over GRE tunnel. > > At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT > package. > > Best regards, > > On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <[email protected] > <mailto:[email protected]>> wrote: > Hi Ben, > > I don't think I explained it properly. Between the wired ports we can apply > Openflow rules to limit traffic between computers connected via those wired > ports, and that works with standard OvS. On the wireless WiFi side I would > like to be able do the same thing and to limit the traffic between WiFi > connected devices. > > Since WiFi only has one interface and not multiple individual ports like the > wired stuff, my rules for dropping traffic between ports won't work. So I was > wondering if there was someway with OvS to limit or stop traffic between WiFi > connected computers? > > > > From: Ben Pfaff <[email protected] <mailto:[email protected]>> > Sent: Thursday, July 27, 2017 12:57 PM > To: Michael Williams > Cc: [email protected] <mailto:[email protected]> > Subject: Re: [ovs-discuss] Multiple Virtual Wireless Ports > > On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote: > > We have OvS running on a wireless router with 4 wired Ethernet > > ports. We can apply rules on the wired ports but when we try to apply > > rules on the wireless port the rules don't work between multiple > > wireless devices. Is there a way within OvS to treat the wireless > > interface like multiple virtual ports so that when a wireless device > > connects we can apply rules to govern behavior between the wireless > > devices like we can with the wired devices? > > OVS doesn't distinguish between different kinds of ports, so the > restrictions you're describing don't make sense; OVS doesn't work that > way. You might be using a vendor's modified version of OVS. If so, > then you should ask the vendor for assistance. > > _______________________________________________ > discuss mailing list > [email protected] <mailto:[email protected]> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss> > > > > _______________________________________________ > discuss mailing list > [email protected] <mailto:[email protected]> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss> > > > > > -- > Blue Lang > PM | Veracity > 3423 Piedmont Rd NE > Suite 350 > Atlanta, GA 30305 > Cell: (770) 265-1381 <tel:+17702651381> > https://www.linkedin.com/in/bluelang/ > <https://www.linkedin.com/in/bluelang/> > [email protected] <mailto:[email protected]> > www.veracity.io <http://www.veracity.io/> > <Veracity-horizontal-logo-tiny_sig.png> > > -- > This message has been scanned for viruses and > dangerous content by MailScanner <http://www.mailscanner.info/>, and is > believed to be clean. _______________________________________________ > discuss mailing list > [email protected] <mailto:[email protected]> > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss > <https://mail.openvswitch.org/mailman/listinfo/ovs-discuss> -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
