On 2016年11月17日 16:18, ホンパンニャー wrote: > Hi, > > Thanks for the response. > > Could you explain me a bit about the Ryu-manager log ? Why > dst='239.255.255.250' > instead of dst='10.0.0.2 ' ?
Do you mean this packet? >>> [FW][INFO] dpid=0000000000000001: Blocked packet = >>> ethernet(dst='01:00:5e:7f:ff:fa',ethertype=2048,src='b8:6b:23:59:07:10'), >>> ipv4(csum=41548,dst='239.255.255.250',flags=0,header_length= >>> 5,identification=7465,offset=0,option=None,proto=17,src=' >>> 10.0.0.1',tos=0,total_length=125,ttl=1,version=4), >>> udp(csum=58769,dst_port=1900,src_port=56636,total_length=105), 'M-SEARCH >>> * >>> HTTP/1.1\r\nHost:239.255.255.250:1900 >>> \r\nST:upnp:rootdevice\r\nMan:"ssdp:discover"\r\nMX:3\r\n\r\n' dst='239.255.255.250' means the UPnP packet (from Google search results), but I don't know further... Thanks, Iwase > > Just now i noticed if I ping from 10.0.0.1 to 10.0.0.2, the ping message > will look like this: > > ping 10.0.0.2 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. >>From 10.0.0.1 icmp_seq=1 Destination Host Unreachable >>From 10.0.0.1 icmp_seq=2 Destination Host Unreachable >>From 10.0.0.1 icmp_seq=3 Destination Host Unreachable > ^C > --- 10.0.0.2 ping statistics --- > 4 packets transmitted, 4 received, 0% packet loss, > > > Actually, I also try to reach Lagopus developer on Github but I haven't got > any response yet. > > Best Regards, > Hong Panha > > > > > > On Thu, Nov 17, 2016 at 3:47 PM, Iwase Yusuke <[email protected]> > wrote: > >> Hi, >> >> >> On 2016年11月17日 14:32, ホンパンニャー wrote: >> >>> Hi, >>> >>> Sorry for the inconvenience. >>> >>> 1. The rest_firewall is fixed. >>> >> >> Thank you for testing my patch! >> I will post the patch later. >> >> >> >>> 2. I did the experiment again today. The flow status remains the same. >>> Only >>> the first and the last flow's "packet_count" are increased. >>> >>> -- Below is the output of the ping : >>> >>> hongpanha$ ping -c 4 10.0.0.1 >>> PING 10.0.0.1 (10.0.0.1): 56 data bytes >>> Request timeout for icmp_seq 0 >>> Request timeout for icmp_seq 1 >>> Request timeout for icmp_seq 2 >>> >>> --- 10.0.0.1 ping statistics --- >>> 4 packets transmitted, 0 packets received, 100.0% packet loss >>> >>> -- Below is a part of ryu-manager log: >>> >>> [FW][INFO] dpid=0000000000000001: Blocked packet = >>> ethernet(dst='ff:ff:ff:ff:ff:ff',ethertype=2048,src='0c:c4:7a:6d:41:3b'), >>> ipv4(csum=30894,dst='255.255.255.255',flags=0,header_length= >>> 5,identification=0,offset=0,option=None,proto=17,src='0.0. >>> 0.0',tos=0,total_length=576,ttl=64,version=4), >>> udp(csum=47429,dst_port=67,src_port=68,total_length=556), >>> dhcp(boot_file='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 >>> \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00',chaddr='0c:c4:7a:6d:41:3b',ciaddr='0. >>> 0.0.0',flags=0,giaddr='0.0.0.0',hlen=6,hops=0,htype=1,op=1, >>> options=options(magic_cookie='99.130.83.99',option_list=[ >>> option(length=1,tag=53,value='\x01'), >>> option(length=7,tag=61,value='\x01\x0c\xc4zmA;'), >>> option(length=12,tag=60,value='udhcp 1.12.0'), >>> option(length=2,tag=57,value='\x02@'), >>> option(length=7,tag=55,value='\x01\x03\x06\x0c\x0f\x1c*')],o >>> ptions_len=312),secs=0,siaddr='0.0.0.0',sname=u'\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ >>> x00\x00\x00\x00\x00\x00',xid=1336449065,yiaddr='0.0.0.0') >>> >>> [FW][INFO] dpid=0000000000000001: Blocked packet = >>> ethernet(dst='01:00:5e:7f:ff:fa',ethertype=2048,src='b8:6b:23:59:07:10'), >>> ipv4(csum=41548,dst='239.255.255.250',flags=0,header_length= >>> 5,identification=7465,offset=0,option=None,proto=17,src=' >>> 10.0.0.1',tos=0,total_length=125,ttl=1,version=4), >>> udp(csum=58769,dst_port=1900,src_port=56636,total_length=105), 'M-SEARCH >>> * >>> HTTP/1.1\r\nHost:239.255.255.250:1900 >>> \r\nST:upnp:rootdevice\r\nMan:"ssdp:discover"\r\nMX:3\r\n\r\n' >>> >>> [FW][INFO] dpid=0000000000000001: Blocked packet = >>> ethernet(dst='01:00:5e:7f:ff:fa',ethertype=2048,src='b8:6b:23:59:07:10'), >>> ipv4(csum=40572,dst='239.255.255.250',flags=0,header_length= >>> 5,identification=7466,offset=0,option=None,proto=17,src=' >>> 10.0.0.1',tos=0,total_length=332,ttl=4,version=4), >>> udp(csum=38033,dst_port=1900,src_port=1900,total_length=312), 'NOTIFY * >>> HTTP/1.1\r\nLOCATION: http://10.0.0.1:53872/\r\nDATE: Thu, 17 Nov 2016 >>> 4:28:29 GMT\r\nHOST: 239.255.255.250:1900\r\nSERVER: WINDOWS, UPnP/1.0, >>> Intel MicroStack/1.0.1497\r\nNTS: ssdp:alive\r\nUSN: >>> uuid:8a18129f-e628-57e1-cbfb-e0f72d882a46::upnp:rootdevice\r >>> \nCACHE-CONTROL: >>> max-age=300\r\nNT: upnp:rootdevice\r\n\r\n' >>> >> >> Hummm... ping command shows that the first flow for ARP packets works well >> and >> the second and third flows for ICMP flows do not match ICMP packets, then >> the >> last flow for reporting packets does match them. >> >> I could not investigate why, because Ryu does install the flows >> correctly... >> It seems to be the problems on Lagopus for me... >> >> Thanks, >> Iwase >> >> >> >>> >>> Best Regards, >>> Hong Panha >>> >>> On Wed, Nov 16, 2016 at 4:07 PM, Iwase Yusuke <[email protected]> >>> wrote: >>> >>> Hi, >>>> >>>> >>>> On 2016年11月14日 15:46, ホンパンニャー wrote: >>>> >>>> Hi, >>>>> >>>>> Sorry for the late reply. >>>>> >>>>> I have done as you suggested to the the output:normal again. I ran both >>>>> rest_firewall and ofctl_rest through ryu-manager and did the command as >>>>> you >>>>> advised. But i still couldn't ping one another between my two PCs. >>>>> >>>>> Below is the output of the flow before ping: >>>>> >>>>> { >>>>> >>>>> "1": [ >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 0, >>>>> >>>>> "cookie": 0, >>>>> >>>>> "duration_nsec": 125163555, >>>>> >>>>> "duration_sec": 213, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 88, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2054 >>>>> >>>>> }, >>>>> >>>>> "packet_count": 0, >>>>> >>>>> "priority": 65534, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 0, >>>>> >>>>> "cookie": 1, >>>>> >>>>> "duration_nsec": 85626243, >>>>> >>>>> "duration_sec": 95, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 112, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2048, >>>>> >>>>> "nw_dst": "10.0.0.2/255.255.255.255", >>>>> >>>>> "nw_proto": 1, >>>>> >>>>> "nw_src": "10.0.0.1/255.255.255.255" >>>>> >>>>> }, >>>>> >>>>> "packet_count": 0, >>>>> >>>>> "priority": 1, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 0, >>>>> >>>>> "cookie": 2, >>>>> >>>>> "duration_nsec": 618908488, >>>>> >>>>> "duration_sec": 31, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 112, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2048, >>>>> >>>>> "nw_dst": "10.0.0.1/255.255.255.255", >>>>> >>>>> "nw_proto": 1, >>>>> >>>>> "nw_src": "10.0.0.2/255.255.255.255" >>>>> >>>>> }, >>>>> >>>>> "packet_count": 0, >>>>> >>>>> "priority": 1, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:CONTROLLER" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 6588, >>>>> >>>>> "cookie": 0, >>>>> >>>>> "duration_nsec": 125060275, >>>>> >>>>> "duration_sec": 213, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 80, >>>>> >>>>> "match": {}, >>>>> >>>>> "packet_count": 12, >>>>> >>>>> "priority": 0, >>>>> >>>>> "table_id": 0 >>>>> >>>>> } >>>>> >>>>> ] >>>>> >>>>> } >>>>> >>>>> Below is the flow after the ping: >>>>> >>>>> { >>>>> >>>>> "1": [ >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 1140, >>>>> >>>>> "cookie": 0, >>>>> >>>>> "duration_nsec": 676362399, >>>>> >>>>> "duration_sec": 745, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 88, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2054 >>>>> >>>>> }, >>>>> >>>>> "packet_count": 19, >>>>> >>>>> "priority": 65534, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 0, >>>>> >>>>> "cookie": 1, >>>>> >>>>> "duration_nsec": 636823937, >>>>> >>>>> "duration_sec": 627, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 112, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2048, >>>>> >>>>> "nw_dst": "10.0.0.2/255.255.255.255", >>>>> >>>>> "nw_proto": 1, >>>>> >>>>> "nw_src": "10.0.0.1/255.255.255.255" >>>>> >>>>> }, >>>>> >>>>> "packet_count": 0, >>>>> >>>>> "priority": 1, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:NORMAL" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 0, >>>>> >>>>> "cookie": 2, >>>>> >>>>> "duration_nsec": 170106132, >>>>> >>>>> "duration_sec": 564, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 112, >>>>> >>>>> "match": { >>>>> >>>>> "dl_type": 2048, >>>>> >>>>> "nw_dst": "10.0.0.1/255.255.255.255", >>>>> >>>>> "nw_proto": 1, >>>>> >>>>> "nw_src": "10.0.0.2/255.255.255.255" >>>>> >>>>> }, >>>>> >>>>> "packet_count": 0, >>>>> >>>>> "priority": 1, >>>>> >>>>> "table_id": 0 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": [ >>>>> >>>>> "OUTPUT:CONTROLLER" >>>>> >>>>> ], >>>>> >>>>> "byte_count": 87975, >>>>> >>>>> "cookie": 0, >>>>> >>>>> "duration_nsec": 676257789, >>>>> >>>>> "duration_sec": 745, >>>>> >>>>> "flags": 0, >>>>> >>>>> "hard_timeout": 0, >>>>> >>>>> "idle_timeout": 0, >>>>> >>>>> "length": 80, >>>>> >>>>> "match": {}, >>>>> >>>>> "packet_count": 263, >>>>> >>>>> "priority": 0, >>>>> >>>>> "table_id": 0 >>>>> >>>>> } >>>>> >>>>> ] >>>>> >>>>> } >>>>> >>>>> >>>> The first flow in the above is the flow for ARP packets and this flow >>>> seems to be installed when switch connecting. >>>> The second and third flows are for ICMP (ping) packets, but >>>> "packet_count" >>>> fields are not incremented. >>>> And, the last one is for reporting packets to the controller, and its >>>> "packet_count" is incremented. >>>> >>>> Then, how the outputs of ping command and ryu-manager logs look like? >>>> If the first flow works well, ARP request should be resolved, and ping >>>> command will look like: >>>> >>>> # No message will be shown. >>>> mininet> h1 ping h2 >>>> PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. >>>> ^C >>>> --- 10.0.0.2 ping statistics --- >>>> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms >>>> >>>> If the first flow does NOT work well, because ARP request should not be >>>> resolved, ping command will look: >>>> >>>> # ping shows the destination is not reachable. >>>> mininet> h1 ping h2 >>>> PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. >>>> From 10.0.0.1 icmp_seq=1 Destination Host Unreachable >>>> From 10.0.0.1 icmp_seq=2 Destination Host Unreachable >>>> From 10.0.0.1 icmp_seq=3 Destination Host Unreachable >>>> ^C >>>> --- 10.0.0.2 ping statistics --- >>>> 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time >>>> 3014ms >>>> pipe 3 >>>> >>>> Furthermore, if the last flow works well, ryu-manager will output: >>>> [FW][INFO] dpid=0000000000000001: Blocked packet = >>>> ethernet(dst='00:00:00:00:00:02',ethertype=2048,src='00:00:0 >>>> 0:00:00:01'), >>>> ipv4(csum=36240,dst='10.0.0.2',flags=2,header_length=5,ident >>>> ification=39190,offset=0,option=None,proto=1,src='10.0.0.1', >>>> tos=0,total_length=84,ttl=64,version=4), icmp(code=0,csum=12505,data=ec >>>> ho(data=b'\xb2\x02,X\x00\x00\x00\x00\xbf\x97\n\x00\x00\x00\ >>>> x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f >>>> !"#$%&\'()*+,-./01234567',id=24658,seq=15),type=8) >>>> >>>> >>>> Could you tell us these messages? >>>> >>>> >>>> >>>> And i have noticed one more thing related to the rules of the firewall. >>>>> Even if i tried to set the action: "ALLOW", when i confirm the rules it >>>>> always shows "DENY". Can this be a problem ? >>>>> >>>>> [ >>>>> >>>>> { >>>>> >>>>> "access_control_list": [ >>>>> >>>>> { >>>>> >>>>> "rules": [ >>>>> >>>>> { >>>>> >>>>> "actions": "DENY", >>>>> >>>>> "dl_type": "IPv4", >>>>> >>>>> "nw_dst": "10.0.0.2/255.255.255.255", >>>>> >>>>> "nw_proto": "ICMP", >>>>> >>>>> "nw_src": "10.0.0.1/255.255.255.255", >>>>> >>>>> "priority": 1, >>>>> >>>>> "rule_id": 1 >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "actions": "DENY", >>>>> >>>>> "dl_type": "IPv4", >>>>> >>>>> "nw_dst": "10.0.0.1/255.255.255.255", >>>>> >>>>> "nw_proto": "ICMP", >>>>> >>>>> "nw_src": "10.0.0.2/255.255.255.255", >>>>> >>>>> "priority": 1, >>>>> >>>>> "rule_id": 2 >>>>> >>>>> } >>>>> >>>>> ] >>>>> >>>>> } >>>>> >>>>> ], >>>>> >>>>> "switch_id": "0000000000000001" >>>>> >>>>> } >>>>> >>>>> ] >>>>> >>>>> >>>> Hummm... it looks like a bug of rest_firewall.py. >>>> Does the following fix this bug? >>>> >>>> $ git diff >>>> diff --git a/ryu/app/rest_firewall.py b/ryu/app/rest_firewall.py >>>> index a04525f..16b2932 100644 >>>> --- a/ryu/app/rest_firewall.py >>>> +++ b/ryu/app/rest_firewall.py >>>> @@ -1101,7 +1101,7 @@ class Action(object): >>>> @staticmethod >>>> def to_rest(dp, openflow): >>>> if REST_ACTION in openflow: >>>> - action_allow = 'OUTPUT:%d' % dp.ofproto.OFPP_NORMAL >>>> + action_allow = 'OUTPUT:NORMAL' >>>> if openflow[REST_ACTION] == [action_allow]: >>>> action = {REST_ACTION: REST_ACTION_ALLOW} >>>> else: >>>> >>>> Thanks, >>>> Iwase >>>> >>>> >>>> >>>> >>>>> Thanks, >>>>> Panha >>>>> >>>>> On Thu, Nov 10, 2016 at 5:03 PM, Iwase Yusuke <[email protected]> >>>>> wrote: >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> >>>>>> On 2016年11月10日 14:22, ホンパンニャー wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>>> >>>>>>> Thanks for responding. >>>>>>> >>>>>>> I have tried to test the output:normal by running ofctl_rest.py as you >>>>>>> suggested. After running that i did the following command. >>>>>>> >>>>>>> # Delete all flow entries from the switch dpid=1 >>>>>>> $ curl -X DELETE http://localhost:8080/stats/flowentry/clear/1 >>>>>>> >>>>>>> # Add flow entry with output:normal action >>>>>>> $ curl -X POST -d '{ >>>>>>> "dpid": "1", >>>>>>> "actions": [ >>>>>>> { >>>>>>> "port": "NORMAL", >>>>>>> "type": "OUTPUT" >>>>>>> } >>>>>>> ] >>>>>>> }' http://localhost:8080/stats/flowentry/add >>>>>>> >>>>>>> # Confirm flow entries >>>>>>> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m >>>>>>> json.tool >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "1": [ >>>>>>> >>>>>>> { >>>>>>> >>>>>>> "actions": [ >>>>>>> >>>>>>> "OUTPUT:NORMAL" >>>>>>> >>>>>>> ], >>>>>>> >>>>>>> "byte_count": 1238, >>>>>>> >>>>>>> "cookie": 0, >>>>>>> >>>>>>> "duration_nsec": 826712542, >>>>>>> >>>>>>> "duration_sec": 4, >>>>>>> >>>>>>> "flags": 0, >>>>>>> >>>>>>> "hard_timeout": 0, >>>>>>> >>>>>>> "idle_timeout": 0, >>>>>>> >>>>>>> "length": 80, >>>>>>> >>>>>>> "match": {}, >>>>>>> >>>>>>> "packet_count": 4, >>>>>>> >>>>>>> "priority": 0, >>>>>>> >>>>>>> "table_id": 0 >>>>>>> >>>>>>> } >>>>>>> >>>>>>> ] >>>>>>> >>>>>>> } >>>>>>> >>>>>>> And then i connected two PCs to the switch and tried to ping one >>>>>>> another, >>>>>>> but it didn't work. Below is the ping result. >>>>>>> >>>>>>> hongpanha$ ping -c 4 10.0.0.1 >>>>>>> >>>>>>> PING 10.0.0.1 (10.0.0.1): 56 data bytes >>>>>>> >>>>>>> Request timeout for icmp_seq 0 >>>>>>> >>>>>>> Request timeout for icmp_seq 1 >>>>>>> >>>>>>> Request timeout for icmp_seq 2 >>>>>>> >>>>>>> >>>>>>> --- 10.0.0.1 ping statistics --- >>>>>>> >>>>>>> 4 packets transmitted, 0 packets received, 100.0% packet loss >>>>>>> >>>>>>> >>>>>>> Well, this shows output:normal action does not work. >>>>>> This seems to be the problem on the Lagopus side... >>>>>> >>>>>> For making sure that Ryu can install the flows correctly, >>>>>> please check the flow entries by using ofctl_rest.py. >>>>>> >>>>>> e.g.) >>>>>> # Run rest_firewall and ofctl_rest >>>>>> $ ryu-manager ryu.app.rest_firewall ryu.app.ofctl_rest >>>>>> >>>>>> # Enable firewall on switch dpid=1 >>>>>> $ curl -X PUT http://localhost:8080/firewall >>>>>> /module/enable/000000000000000 >>>>>> 1 >>>>>> >>>>>> # Install rules for ICMP connectivity. >>>>>> # The following is sample rules from Ryu-Book. >>>>>> $ curl -X POST -d '{"nw_src": "10.0.0.1/32", "nw_dst": "10.0.0.2/32", >>>>>> "nw_proto": "ICMP"}' http://localhost:8080/firewall >>>>>> /rules/0000000000000001 >>>>>> $ curl -X POST -d '{"nw_src": "10.0.0.2/32", "nw_dst": "10.0.0.1/32", >>>>>> "nw_proto": "ICMP"}' http://localhost:8080/firewall >>>>>> /rules/0000000000000001 >>>>>> >>>>>> # Confirm the flows. >>>>>> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m json.tool >>>>>> { >>>>>> "1": [ >>>>>> { >>>>>> "actions": [ >>>>>> "OUTPUT:NORMAL" >>>>>> ], >>>>>> "byte_count": 168, >>>>>> "cookie": 0, >>>>>> "duration_nsec": 105000000, >>>>>> "duration_sec": 488, >>>>>> "flags": 0, >>>>>> "hard_timeout": 0, >>>>>> "idle_timeout": 0, >>>>>> "length": 88, >>>>>> "match": { >>>>>> "dl_type": 2054 >>>>>> }, >>>>>> "packet_count": 4, # Packet count should be incremented >>>>>> "priority": 65534, >>>>>> "table_id": 0 >>>>>> }, >>>>>> { >>>>>> "actions": [ >>>>>> "OUTPUT:NORMAL" >>>>>> ], >>>>>> "byte_count": 294, >>>>>> "cookie": 1, >>>>>> "duration_nsec": 268000000, >>>>>> "duration_sec": 439, >>>>>> "flags": 0, >>>>>> "hard_timeout": 0, >>>>>> "idle_timeout": 0, >>>>>> "length": 104, >>>>>> "match": { >>>>>> "dl_type": 2048, >>>>>> "nw_dst": "10.0.0.2", >>>>>> "nw_proto": 1, >>>>>> "nw_src": "10.0.0.1" >>>>>> }, >>>>>> "packet_count": 3, # Packet count should be incremented >>>>>> "priority": 1, >>>>>> "table_id": 0 >>>>>> }, >>>>>> { >>>>>> "actions": [ >>>>>> "OUTPUT:NORMAL" >>>>>> ], >>>>>> "byte_count": 294, >>>>>> "cookie": 2, >>>>>> "duration_nsec": 882000000, >>>>>> "duration_sec": 429, >>>>>> "flags": 0, >>>>>> "hard_timeout": 0, >>>>>> "idle_timeout": 0, >>>>>> "length": 104, >>>>>> "match": { >>>>>> "dl_type": 2048, >>>>>> "nw_dst": "10.0.0.1", >>>>>> "nw_proto": 1, >>>>>> "nw_src": "10.0.0.2" >>>>>> }, >>>>>> "packet_count": 3, # Packet count should be incremented >>>>>> "priority": 1, >>>>>> "table_id": 0 >>>>>> }, >>>>>> { >>>>>> "actions": [ >>>>>> "OUTPUT:CONTROLLER" >>>>>> ], >>>>>> "byte_count": 0, >>>>>> "cookie": 0, >>>>>> "duration_nsec": 105000000, >>>>>> "duration_sec": 488, >>>>>> "flags": 0, >>>>>> "hard_timeout": 0, >>>>>> "idle_timeout": 0, >>>>>> "length": 80, >>>>>> "match": {}, >>>>>> "packet_count": 0, >>>>>> "priority": 0, >>>>>> "table_id": 0 >>>>>> } >>>>>> ] >>>>>> } >>>>>> >>>>>> If ping (ICPM packets) can communicate, "packet_count" fields should be >>>>>> incremented. >>>>>> And if the flow is installed as expected and packet counts are not >>>>>> incremented, >>>>>> Lagopus might drop packets or not make matching packets to the flow. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Iwase >>>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>>> Panha >>>>>>> >>>>>>> On Wed, Nov 9, 2016 at 9:47 AM, Iwase Yusuke <[email protected] >>>>>>>> >>>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>>> Sorry for the delay. >>>>>>>> >>>>>>>> I have no environment for running DPDK-enabled Lagopus, >>>>>>>> and it takes times to investigate why... >>>>>>>> (I know KVM can be available, but have not tried yet...) >>>>>>>> >>>>>>>> For pointing the cause, could you test your Lagopus whether >>>>>>>> output:normal action works well or not? >>>>>>>> >>>>>>>> e.g.) If you use ofctl_rest.py, >>>>>>>> $ ryu-manager ryu.app.ofctl_rest >>>>>>>> ... >>>>>>>> >>>>>>>> # Delete all flow entries from the switch dpid=1 >>>>>>>> $ curl -X DELETE http://localhost:8080/stats/flowentry/clear/1 >>>>>>>> >>>>>>>> # Add flow entry with output:normal action >>>>>>>> $ curl -X POST -d '{ >>>>>>>> "dpid": "1", >>>>>>>> "actions": [ >>>>>>>> { >>>>>>>> "port": "NORMAL", >>>>>>>> "type": "OUTPUT" >>>>>>>> } >>>>>>>> ] >>>>>>>> }' http://localhost:8080/stats/flowentry/add >>>>>>>> >>>>>>>> # Confirm flow entries >>>>>>>> # --> Please confirm the flow table has only one with output:normal >>>>>>>> action >>>>>>>> $ curl -X GET http://localhost:8080/stats/flow/1 | python -m >>>>>>>> json.tool >>>>>>>> { >>>>>>>> "1": [ >>>>>>>> { >>>>>>>> "actions": [ >>>>>>>> "OUTPUT:NORMAL" >>>>>>>> ], >>>>>>>> "byte_count": 0, >>>>>>>> "cookie": 0, >>>>>>>> "duration_nsec": 653000000, >>>>>>>> "duration_sec": 25, >>>>>>>> "flags": 0, >>>>>>>> "hard_timeout": 0, >>>>>>>> "idle_timeout": 0, >>>>>>>> "length": 80, >>>>>>>> "match": {}, >>>>>>>> "packet_count": 0, >>>>>>>> "priority": 0, >>>>>>>> "table_id": 0 >>>>>>>> } >>>>>>>> ] >>>>>>>> } >>>>>>>> >>>>>>>> # Test ping >>>>>>>> $ ping -c 1 <Dest IP> >>>>>>>> ... >>>>>>>> >>>>>>>> If ping does not work, output:normal action does not work as >>>>>>>> expected. >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Iwase >>>>>>>> >>>>>>>> >>>>>>>> On 2016年10月25日 19:28, ホンパンニャー wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>>> Today, I already reinstalled Lagopus 0.2.6 on my environment with >>>>>>>>> Hybrid >>>>>>>>> enable following QUICKSTART.md. >>>>>>>>> $ cd lagopus >>>>>>>>> $ ./configure --with-dpdk-dir=${RTE_SDK} --enable-hybrid=yes >>>>>>>>> $ make >>>>>>>>> $ sudo make install >>>>>>>>> >>>>>>>>> After the installation, Lagopus works well with >>>>>>>>> "simple_switch_13.py", >>>>>>>>> But >>>>>>>>> still not working with "rest_firewall.py". I did my experiment >>>>>>>>> following >>>>>>>>> Ryu-Book but I still cannot ping between host. >>>>>>>>> >>>>>>>>> Do you have any suggestions ? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Panha >>>>>>>>> >>>>>>>>> On Thu, Aug 18, 2016 at 4:15 PM, ホンパンニャー <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks for your responding. >>>>>>>>>> >>>>>>>>>> I will try to reinstall Lagopus with DPDK support ("./configure >>>>>>>>>> --enable-hybrid=yes") and I will let you know again if it works or >>>>>>>>>> not. >>>>>>>>>> >>>>>>>>>> Once again thanks. >>>>>>>>>> >>>>>>>>>> Best Regards, >>>>>>>>>> Panha >>>>>>>>>> >>>>>>>>>> On Thu, Aug 18, 2016 at 10:19 AM, Iwase Yusuke < >>>>>>>>>> [email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Sorry, I don't know much about Lagopus, but I think you need to >>>>>>>>>>> reinstall >>>>>>>>>>> Lagopus with "--enable-hybrid=yes" configure option. >>>>>>>>>>> e.g.) According to the QUICKSTART.md and "./configure --help" >>>>>>>>>>> page, >>>>>>>>>>> $ cd lagopus >>>>>>>>>>> $ ./configure --enable-hybrid=yes >>>>>>>>>>> $ make >>>>>>>>>>> $ sudo make install >>>>>>>>>>> >>>>>>>>>>> On my environment, I couldn't use the DPDK support, I use the >>>>>>>>>>> following >>>>>>>>>>> configure option: >>>>>>>>>>> $ ./configure --disable-dpdk --enable-hybrid=yes >>>>>>>>>>> but, it seems that "output": "normal" action does not work well. >>>>>>>>>>> >>>>>>>>>>> Could you try with the DPDK support? >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Iwase >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 2016年08月14日 21:55, ホンパンニャー wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Iwase, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I am sorry to disturb you again. >>>>>>>>>>>> >>>>>>>>>>>> I have read the Lagopus issues page that you suggested last time >>>>>>>>>>>> and >>>>>>>>>>>> i >>>>>>>>>>>> totally have the same problem. However, i don't know how to >>>>>>>>>>>> specify >>>>>>>>>>>> "--enable-hybrid" to Lagopus switch. I did ask them and they said >>>>>>>>>>>> that >>>>>>>>>>>> i >>>>>>>>>>>> have to specify it through configure command during installing >>>>>>>>>>>> steps, >>>>>>>>>>>> but I >>>>>>>>>>>> already installed lagopus following the QUICKSTART.md. Do i have >>>>>>>>>>>> to >>>>>>>>>>>> reinstall it or what ? Are there any other solutions ? Can it be >>>>>>>>>>>> the >>>>>>>>>>>> problem with Ryu like STP case? >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Panha >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Aug 3, 2016 at 2:07 PM, University < >>>>>>>>>>>> [email protected] >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thanks for responding. >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I am figuring out how to specify "--enable-hybrid" in lagopus >>>>>>>>>>>>> configure >>>>>>>>>>>>> now. I will let you know if it's work. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> Panha >>>>>>>>>>>>> >>>>>>>>>>>>> Sent from my iPhone >>>>>>>>>>>>> >>>>>>>>>>>>> On Aug 3, 2016, at 12:04 PM, Iwase Yusuke < >>>>>>>>>>>>> [email protected]> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> According to the issues page on Lagopus GitHub, >>>>>>>>>>>>>> you need to specify '--enable-hybrid' in configure, I guess. >>>>>>>>>>>>>> https://github.com/lagopus/lagopus/issues/76 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> Iwase >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On 2016年08月02日 17:25, Hong Panha wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi everyone, >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I am trying run rest_firewall.py with ryu-manager, it’s not >>>>>>>>>>>>>>> function >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> well. I am using Lagopus as my open flow switch. Even I set >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> rule to >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> give the permission for the packet but i still cannot ping. >>>>>>>>>>>>>> Please >>>>>>>>>>>>>> >>>>>>>>>>>>>> refer to >>>>>>>>>>>>> the attachment file which consist of log from ryu- manager and >>>>>>>>>>>>> rules >>>>>>>>>>>>> of >>>>>>>>>>>>> firewall. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> I am looking forward to hearing back from you. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>> Hong Panha >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------------------------------------------------ >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------ >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Ryu-devel mailing list >>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------------ >>>>>>>>>>>> ------------------ >>>>>>>>>>>> What NetFlow Analyzer can do for you? Monitors network bandwidth >>>>>>>>>>>> and >>>>>>>>>>>> traffic >>>>>>>>>>>> patterns at an interface-level. Reveals which users, apps, and >>>>>>>>>>>> protocols >>>>>>>>>>>> are >>>>>>>>>>>> consuming the most bandwidth. Provides multi-vendor support for >>>>>>>>>>>> NetFlow, >>>>>>>>>>>> J-Flow, sFlow and other flows. Make informed decisions using >>>>>>>>>>>> capacity >>>>>>>>>>>> planning reports. http://sdm.link/zohodev2dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Ryu-devel mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>> 東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次 >>>>>>>>>> ホン パンニャー >>>>>>>>>> HONG Panha >>>>>>>>>> Tel: 090 6523 1168 >>>>>>>>>> Email: [email protected] >>>>>>>>>> 〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------ >>>>>>>>> ------------------ >>>>>>>>> The Command Line: Reinvented for Modern Developers >>>>>>>>> Did the resurgence of CLI tooling catch you by surprise? >>>>>>>>> Reconnect with the command line and become more productive. >>>>>>>>> Learn the new .NET and ASP.NET CLI. Get your free copy! >>>>>>>>> http://sdm.link/telerik >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Ryu-devel mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------ >>>>>>> ------------------ >>>>>>> Developer Access Program for Intel Xeon Phi Processors >>>>>>> Access to Intel Xeon Phi processor-based developer platforms. >>>>>>> With one year of Intel Parallel Studio XE. >>>>>>> Training and support from Colfax. >>>>>>> Order your platform today. http://sdm.link/xeonphi >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Ryu-devel mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------ >>>>> ------------------ >>>>> Developer Access Program for Intel Xeon Phi Processors >>>>> Access to Intel Xeon Phi processor-based developer platforms. >>>>> With one year of Intel Parallel Studio XE. >>>>> Training and support from Colfax. >>>>> Order your platform today. http://sdm.link/xeonphi >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ryu-devel mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>>>> >>>>> >>>>> >>> >>> >>> >>> ------------------------------------------------------------ >>> ------------------ >>> >>> >>> >>> _______________________________________________ >>> Ryu-devel mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/ryu-devel >>> >>> > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Ryu-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ryu-devel > ------------------------------------------------------------------------------ _______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
