Hi,
Sorry for the late reply.
I have done as you suggested to the the output:normal again. I ran both
rest_firewall and ofctl_rest through ryu-manager and did the command as you
advised. But i still couldn't ping one another between my two PCs.
Below is the output of the flow before ping:
{
"1": [
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 0,
"cookie": 0,
"duration_nsec": 125163555,
"duration_sec": 213,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 88,
"match": {
"dl_type": 2054
},
"packet_count": 0,
"priority": 65534,
"table_id": 0
},
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 0,
"cookie": 1,
"duration_nsec": 85626243,
"duration_sec": 95,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 112,
"match": {
"dl_type": 2048,
"nw_dst": "10.0.0.2/255.255.255.255",
"nw_proto": 1,
"nw_src": "10.0.0.1/255.255.255.255"
},
"packet_count": 0,
"priority": 1,
"table_id": 0
},
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 0,
"cookie": 2,
"duration_nsec": 618908488,
"duration_sec": 31,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 112,
"match": {
"dl_type": 2048,
"nw_dst": "10.0.0.1/255.255.255.255",
"nw_proto": 1,
"nw_src": "10.0.0.2/255.255.255.255"
},
"packet_count": 0,
"priority": 1,
"table_id": 0
},
{
"actions": [
"OUTPUT:CONTROLLER"
],
"byte_count": 6588,
"cookie": 0,
"duration_nsec": 125060275,
"duration_sec": 213,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 80,
"match": {},
"packet_count": 12,
"priority": 0,
"table_id": 0
}
]
}
Below is the flow after the ping:
{
"1": [
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 1140,
"cookie": 0,
"duration_nsec": 676362399,
"duration_sec": 745,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 88,
"match": {
"dl_type": 2054
},
"packet_count": 19,
"priority": 65534,
"table_id": 0
},
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 0,
"cookie": 1,
"duration_nsec": 636823937,
"duration_sec": 627,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 112,
"match": {
"dl_type": 2048,
"nw_dst": "10.0.0.2/255.255.255.255",
"nw_proto": 1,
"nw_src": "10.0.0.1/255.255.255.255"
},
"packet_count": 0,
"priority": 1,
"table_id": 0
},
{
"actions": [
"OUTPUT:NORMAL"
],
"byte_count": 0,
"cookie": 2,
"duration_nsec": 170106132,
"duration_sec": 564,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 112,
"match": {
"dl_type": 2048,
"nw_dst": "10.0.0.1/255.255.255.255",
"nw_proto": 1,
"nw_src": "10.0.0.2/255.255.255.255"
},
"packet_count": 0,
"priority": 1,
"table_id": 0
},
{
"actions": [
"OUTPUT:CONTROLLER"
],
"byte_count": 87975,
"cookie": 0,
"duration_nsec": 676257789,
"duration_sec": 745,
"flags": 0,
"hard_timeout": 0,
"idle_timeout": 0,
"length": 80,
"match": {},
"packet_count": 263,
"priority": 0,
"table_id": 0
}
]
}
And i have noticed one more thing related to the rules of the firewall.
Even if i tried to set the action: "ALLOW", when i confirm the rules it
always shows "DENY". Can this be a problem ?
[
{
"access_control_list": [
{
"rules": [
{
"actions": "DENY",
"dl_type": "IPv4",
"nw_dst": "10.0.0.2/255.255.255.255",
"nw_proto": "ICMP",
"nw_src": "10.0.0.1/255.255.255.255",
"priority": 1,
"rule_id": 1
},
{
"actions": "DENY",
"dl_type": "IPv4",
"nw_dst": "10.0.0.1/255.255.255.255",
"nw_proto": "ICMP",
"nw_src": "10.0.0.2/255.255.255.255",
"priority": 1,
"rule_id": 2
}
]
}
],
"switch_id": "0000000000000001"
}
]
Thanks,
Panha
On Thu, Nov 10, 2016 at 5:03 PM, Iwase Yusuke <[email protected]>
wrote:
> Hi,
>
>
> On 2016年11月10日 14:22, ホンパンニャー wrote:
>
>> Hi,
>>
>> Thanks for responding.
>>
>> I have tried to test the output:normal by running ofctl_rest.py as you
>> suggested. After running that i did the following command.
>>
>> # Delete all flow entries from the switch dpid=1
>> $ curl -X DELETE http://localhost:8080/stats/flowentry/clear/1
>>
>> # Add flow entry with output:normal action
>> $ curl -X POST -d '{
>> "dpid": "1",
>> "actions": [
>> {
>> "port": "NORMAL",
>> "type": "OUTPUT"
>> }
>> ]
>> }' http://localhost:8080/stats/flowentry/add
>>
>> # Confirm flow entries
>> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m json.tool
>>
>> {
>>
>> "1": [
>>
>> {
>>
>> "actions": [
>>
>> "OUTPUT:NORMAL"
>>
>> ],
>>
>> "byte_count": 1238,
>>
>> "cookie": 0,
>>
>> "duration_nsec": 826712542,
>>
>> "duration_sec": 4,
>>
>> "flags": 0,
>>
>> "hard_timeout": 0,
>>
>> "idle_timeout": 0,
>>
>> "length": 80,
>>
>> "match": {},
>>
>> "packet_count": 4,
>>
>> "priority": 0,
>>
>> "table_id": 0
>>
>> }
>>
>> ]
>>
>> }
>>
>> And then i connected two PCs to the switch and tried to ping one another,
>> but it didn't work. Below is the ping result.
>>
>> hongpanha$ ping -c 4 10.0.0.1
>>
>> PING 10.0.0.1 (10.0.0.1): 56 data bytes
>>
>> Request timeout for icmp_seq 0
>>
>> Request timeout for icmp_seq 1
>>
>> Request timeout for icmp_seq 2
>>
>>
>> --- 10.0.0.1 ping statistics ---
>>
>> 4 packets transmitted, 0 packets received, 100.0% packet loss
>>
>
> Well, this shows output:normal action does not work.
> This seems to be the problem on the Lagopus side...
>
> For making sure that Ryu can install the flows correctly,
> please check the flow entries by using ofctl_rest.py.
>
> e.g.)
> # Run rest_firewall and ofctl_rest
> $ ryu-manager ryu.app.rest_firewall ryu.app.ofctl_rest
>
> # Enable firewall on switch dpid=1
> $ curl -X PUT http://localhost:8080/firewall/module/enable/000000000000000
> 1
>
> # Install rules for ICMP connectivity.
> # The following is sample rules from Ryu-Book.
> $ curl -X POST -d '{"nw_src": "10.0.0.1/32", "nw_dst": "10.0.0.2/32",
> "nw_proto": "ICMP"}' http://localhost:8080/firewall/rules/0000000000000001
> $ curl -X POST -d '{"nw_src": "10.0.0.2/32", "nw_dst": "10.0.0.1/32",
> "nw_proto": "ICMP"}' http://localhost:8080/firewall/rules/0000000000000001
>
> # Confirm the flows.
> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m json.tool
> {
> "1": [
> {
> "actions": [
> "OUTPUT:NORMAL"
> ],
> "byte_count": 168,
> "cookie": 0,
> "duration_nsec": 105000000,
> "duration_sec": 488,
> "flags": 0,
> "hard_timeout": 0,
> "idle_timeout": 0,
> "length": 88,
> "match": {
> "dl_type": 2054
> },
> "packet_count": 4, # Packet count should be incremented
> "priority": 65534,
> "table_id": 0
> },
> {
> "actions": [
> "OUTPUT:NORMAL"
> ],
> "byte_count": 294,
> "cookie": 1,
> "duration_nsec": 268000000,
> "duration_sec": 439,
> "flags": 0,
> "hard_timeout": 0,
> "idle_timeout": 0,
> "length": 104,
> "match": {
> "dl_type": 2048,
> "nw_dst": "10.0.0.2",
> "nw_proto": 1,
> "nw_src": "10.0.0.1"
> },
> "packet_count": 3, # Packet count should be incremented
> "priority": 1,
> "table_id": 0
> },
> {
> "actions": [
> "OUTPUT:NORMAL"
> ],
> "byte_count": 294,
> "cookie": 2,
> "duration_nsec": 882000000,
> "duration_sec": 429,
> "flags": 0,
> "hard_timeout": 0,
> "idle_timeout": 0,
> "length": 104,
> "match": {
> "dl_type": 2048,
> "nw_dst": "10.0.0.1",
> "nw_proto": 1,
> "nw_src": "10.0.0.2"
> },
> "packet_count": 3, # Packet count should be incremented
> "priority": 1,
> "table_id": 0
> },
> {
> "actions": [
> "OUTPUT:CONTROLLER"
> ],
> "byte_count": 0,
> "cookie": 0,
> "duration_nsec": 105000000,
> "duration_sec": 488,
> "flags": 0,
> "hard_timeout": 0,
> "idle_timeout": 0,
> "length": 80,
> "match": {},
> "packet_count": 0,
> "priority": 0,
> "table_id": 0
> }
> ]
> }
>
> If ping (ICPM packets) can communicate, "packet_count" fields should be
> incremented.
> And if the flow is installed as expected and packet counts are not
> incremented,
> Lagopus might drop packets or not make matching packets to the flow.
>
>
> Thanks,
> Iwase
>
>
>> Regards,
>> Panha
>>
>> On Wed, Nov 9, 2016 at 9:47 AM, Iwase Yusuke <[email protected]>
>> wrote:
>>
>> Hi,
>>>
>>> Sorry for the delay.
>>>
>>> I have no environment for running DPDK-enabled Lagopus,
>>> and it takes times to investigate why...
>>> (I know KVM can be available, but have not tried yet...)
>>>
>>> For pointing the cause, could you test your Lagopus whether
>>> output:normal action works well or not?
>>>
>>> e.g.) If you use ofctl_rest.py,
>>> $ ryu-manager ryu.app.ofctl_rest
>>> ...
>>>
>>> # Delete all flow entries from the switch dpid=1
>>> $ curl -X DELETE http://localhost:8080/stats/flowentry/clear/1
>>>
>>> # Add flow entry with output:normal action
>>> $ curl -X POST -d '{
>>> "dpid": "1",
>>> "actions": [
>>> {
>>> "port": "NORMAL",
>>> "type": "OUTPUT"
>>> }
>>> ]
>>> }' http://localhost:8080/stats/flowentry/add
>>>
>>> # Confirm flow entries
>>> # --> Please confirm the flow table has only one with output:normal
>>> action
>>> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m json.tool
>>> {
>>> "1": [
>>> {
>>> "actions": [
>>> "OUTPUT:NORMAL"
>>> ],
>>> "byte_count": 0,
>>> "cookie": 0,
>>> "duration_nsec": 653000000,
>>> "duration_sec": 25,
>>> "flags": 0,
>>> "hard_timeout": 0,
>>> "idle_timeout": 0,
>>> "length": 80,
>>> "match": {},
>>> "packet_count": 0,
>>> "priority": 0,
>>> "table_id": 0
>>> }
>>> ]
>>> }
>>>
>>> # Test ping
>>> $ ping -c 1 <Dest IP>
>>> ...
>>>
>>> If ping does not work, output:normal action does not work as expected.
>>>
>>>
>>> Thanks,
>>> Iwase
>>>
>>>
>>> On 2016年10月25日 19:28, ホンパンニャー wrote:
>>>
>>> Hi,
>>>>
>>>> Today, I already reinstalled Lagopus 0.2.6 on my environment with Hybrid
>>>> enable following QUICKSTART.md.
>>>> $ cd lagopus
>>>> $ ./configure --with-dpdk-dir=${RTE_SDK} --enable-hybrid=yes
>>>> $ make
>>>> $ sudo make install
>>>>
>>>> After the installation, Lagopus works well with "simple_switch_13.py",
>>>> But
>>>> still not working with "rest_firewall.py". I did my experiment following
>>>> Ryu-Book but I still cannot ping between host.
>>>>
>>>> Do you have any suggestions ?
>>>>
>>>> Thanks,
>>>> Panha
>>>>
>>>> On Thu, Aug 18, 2016 at 4:15 PM, ホンパンニャー <[email protected]>
>>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>>>
>>>>> Thanks for your responding.
>>>>>
>>>>> I will try to reinstall Lagopus with DPDK support ("./configure
>>>>> --enable-hybrid=yes") and I will let you know again if it works or not.
>>>>>
>>>>> Once again thanks.
>>>>>
>>>>> Best Regards,
>>>>> Panha
>>>>>
>>>>> On Thu, Aug 18, 2016 at 10:19 AM, Iwase Yusuke <
>>>>> [email protected]>
>>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>>
>>>>>> Sorry, I don't know much about Lagopus, but I think you need to
>>>>>> reinstall
>>>>>> Lagopus with "--enable-hybrid=yes" configure option.
>>>>>> e.g.) According to the QUICKSTART.md and "./configure --help" page,
>>>>>> $ cd lagopus
>>>>>> $ ./configure --enable-hybrid=yes
>>>>>> $ make
>>>>>> $ sudo make install
>>>>>>
>>>>>> On my environment, I couldn't use the DPDK support, I use the
>>>>>> following
>>>>>> configure option:
>>>>>> $ ./configure --disable-dpdk --enable-hybrid=yes
>>>>>> but, it seems that "output": "normal" action does not work well.
>>>>>>
>>>>>> Could you try with the DPDK support?
>>>>>>
>>>>>> Thanks,
>>>>>> Iwase
>>>>>>
>>>>>>
>>>>>> On 2016年08月14日 21:55, ホンパンニャー wrote:
>>>>>>
>>>>>> Hi Iwase,
>>>>>>
>>>>>>>
>>>>>>> I am sorry to disturb you again.
>>>>>>>
>>>>>>> I have read the Lagopus issues page that you suggested last time and
>>>>>>> i
>>>>>>> totally have the same problem. However, i don't know how to specify
>>>>>>> "--enable-hybrid" to Lagopus switch. I did ask them and they said
>>>>>>> that
>>>>>>> i
>>>>>>> have to specify it through configure command during installing steps,
>>>>>>> but I
>>>>>>> already installed lagopus following the QUICKSTART.md. Do i have to
>>>>>>> reinstall it or what ? Are there any other solutions ? Can it be the
>>>>>>> problem with Ryu like STP case?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Panha
>>>>>>>
>>>>>>> On Wed, Aug 3, 2016 at 2:07 PM, University <[email protected]
>>>>>>> >
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>>> Thanks for responding.
>>>>>>>>
>>>>>>>> I am figuring out how to specify "--enable-hybrid" in lagopus
>>>>>>>> configure
>>>>>>>> now. I will let you know if it's work.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Panha
>>>>>>>>
>>>>>>>> Sent from my iPhone
>>>>>>>>
>>>>>>>> On Aug 3, 2016, at 12:04 PM, Iwase Yusuke <[email protected]>
>>>>>>>>
>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> According to the issues page on Lagopus GitHub,
>>>>>>>>> you need to specify '--enable-hybrid' in configure, I guess.
>>>>>>>>> https://github.com/lagopus/lagopus/issues/76
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Iwase
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 2016年08月02日 17:25, Hong Panha wrote:
>>>>>>>>>
>>>>>>>>> Hi everyone,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I am trying run rest_firewall.py with ryu-manager, it’s not
>>>>>>>>>> function
>>>>>>>>>>
>>>>>>>>>> well. I am using Lagopus as my open flow switch. Even I set the
>>>>>>>>>>
>>>>>>>>> rule to
>>>>>>>>>
>>>>>>>>> give the permission for the packet but i still cannot ping. Please
>>>>>>>> refer to
>>>>>>>> the attachment file which consist of log from ryu- manager and rules
>>>>>>>> of
>>>>>>>> firewall.
>>>>>>>>
>>>>>>>>
>>>>>>>> I am looking forward to hearing back from you.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Best Regards,
>>>>>>>>>> Hong Panha
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> ------------------
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Ryu-devel mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------
>>>>>>> ------------------
>>>>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
>>>>>>> traffic
>>>>>>> patterns at an interface-level. Reveals which users, apps, and
>>>>>>> protocols
>>>>>>> are
>>>>>>> consuming the most bandwidth. Provides multi-vendor support for
>>>>>>> NetFlow,
>>>>>>> J-Flow, sFlow and other flows. Make informed decisions using capacity
>>>>>>> planning reports. http://sdm.link/zohodev2dev
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ryu-devel mailing list
>>>>>>> [email protected]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> --
>>>>> 東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次
>>>>> ホン パンニャー
>>>>> HONG Panha
>>>>> Tel: 090 6523 1168
>>>>> Email: [email protected]
>>>>> 〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------
>>>> ------------------
>>>> The Command Line: Reinvented for Modern Developers
>>>> Did the resurgence of CLI tooling catch you by surprise?
>>>> Reconnect with the command line and become more productive.
>>>> Learn the new .NET and ASP.NET CLI. Get your free copy!
>>>> http://sdm.link/telerik
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ryu-devel mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>>>>
>>>>
>>>>
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Developer Access Program for Intel Xeon Phi Processors
>> Access to Intel Xeon Phi processor-based developer platforms.
>> With one year of Intel Parallel Studio XE.
>> Training and support from Colfax.
>> Order your platform today. http://sdm.link/xeonphi
>>
>>
>>
>> _______________________________________________
>> Ryu-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>>
>>
--
東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次
ホン パンニャー
HONG Panha
Tel: 090 6523 1168
Email: [email protected]
〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel
