Hi again,
On 2016年12月06日 15:39, ホンパンニャー wrote: > > Hi everyone, > > I am doing an experiment with my mini-server running > > OVS > > ryu 4.7 > > mininet > > > In mininet, i used below command to create a network topology which has one > switch and 2 hosts. > > > sudo mn --topo single,3 --mac --switch ovsk --controller remote -x > > > and then i changed the ip of each host as below > > > h1: 10.0.0.1/28 <http://10.0.0.1/28> > > h2: 10.0.0.17/28 <http://10.0.0.17/28> > > > I want to implement the firewall into my network topology by running > rest_firewall.py through ryu-manager. After running rest_firewall.py on ryu > controller, I execute these command: > > > # Enable firewall on switch dpid=1 > > $ curl -X PUT http://localhost:8080/firewall/module/enable/0000000000000001 > > > # Install rules for ICMP connectivity. > > $ curl -X POST -d '{"nw_src": "10.0.0.0/28 <http://10.0.0.0/28>", "nw_dst": > "10.0.0.16/28 <http://10.0.0.16/28>", "nw_proto": "ICMP"}' > http://localhost:8080/firewall/rules/0000000000000001 > > $ curl -X POST -d '{"nw_src": "10.0.0.16/28 <http://10.0.0.16/28>", "nw_dst": > "10.0.0.1/28 <http://10.0.0.1/28>", "nw_proto": "ICMP"}' > http://localhost:8080/firewall/rules/0000000000000001 > > > Then i tried to ping from h1 to h2 from mininet but i got an error message > which said "network couldn't be reached". It seems like there is no route to > each network. So my question are: > > 1. Does rest_firewall.py work across the networks ? > 2. If it works, How to set the route to each network ? This is because rest_firewall does not provide L3 routing features, I guess. As rest_router doing, you need to resolve L3 reachability at your switch, first. Thanks, Iwase > > Best Regards, > Hong Panha > -- > 東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次 > ホン パンニャー > HONG Panha > Tel: 090 6523 1168 > Email: c011361...@edu.teu.ac.jp <mailto:c011361...@edu.teu.ac.jp> > 〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室 > > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/xeonphi > > > > _______________________________________________ > Ryu-devel mailing list > Ryu-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ryu-devel > ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
