Hi,
On 2016年12月08日 13:57, ホンパンニャー wrote: > Hi Iwase, > > Thanks for your reply. > > So if this is the case, can we run rest_firewall and rest_router at the same > time ? I saw the same question before, but unfortunately it is not possible without any modification, I guess. The two Apps are not designed for working together, the flows installed by them might conflict each other. So, you need to modify some by your self. Thanks, Iwase > > Best Regards, > Hong Panha > > > On Thu, Dec 8, 2016 at 1:50 PM, Iwase Yusuke <iwase.yusu...@gmail.com > <mailto:iwase.yusu...@gmail.com>> wrote: > > Hi again, > > > On 2016年12月06日 15:39, ホンパンニャー wrote: > > > > Hi everyone, > > > > I am doing an experiment with my mini-server running > > > > OVS > > > > ryu 4.7 > > > > mininet > > > > > > In mininet, i used below command to create a network topology which has > one switch and 2 hosts. > > > > > > sudo mn --topo single,3 --mac --switch ovsk --controller remote -x > > > > > > and then i changed the ip of each host as below > > > > > > h1: 10.0.0.1/28 <http://10.0.0.1/28> <http://10.0.0.1/28> > > > > h2: 10.0.0.17/28 <http://10.0.0.17/28> <http://10.0.0.17/28> > > > > > > I want to implement the firewall into my network topology by running > rest_firewall.py through ryu-manager. After running rest_firewall.py on ryu > controller, I execute these command: > > > > > > # Enable firewall on switch dpid=1 > > > > $ curl -X PUT > http://localhost:8080/firewall/module/enable/0000000000000001 > <http://localhost:8080/firewall/module/enable/0000000000000001> > > > > > > # Install rules for ICMP connectivity. > > > > $ curl -X POST -d '{"nw_src": "10.0.0.0/28 <http://10.0.0.0/28> > <http://10.0.0.0/28>", "nw_dst": "10.0.0.16/28 <http://10.0.0.16/28> > <http://10.0.0.16/28>", "nw_proto": "ICMP"}' > http://localhost:8080/firewall/rules/0000000000000001 > <http://localhost:8080/firewall/rules/0000000000000001> > > > > $ curl -X POST -d '{"nw_src": "10.0.0.16/28 <http://10.0.0.16/28> > <http://10.0.0.16/28>", "nw_dst": "10.0.0.1/28 <http://10.0.0.1/28> > <http://10.0.0.1/28>", "nw_proto": "ICMP"}' > http://localhost:8080/firewall/rules/0000000000000001 > <http://localhost:8080/firewall/rules/0000000000000001> > > > > > > Then i tried to ping from h1 to h2 from mininet but i got an error > message which said "network couldn't be reached". It seems like there is no > route to each network. So my question are: > > > > 1. Does rest_firewall.py work across the networks ? > > 2. If it works, How to set the route to each network ? > > This is because rest_firewall does not provide L3 routing features, I > guess. > As rest_router doing, you need to resolve L3 reachability at your switch, > first. > > Thanks, > Iwase > > > > > > Best Regards, > > Hong Panha > > -- > > 東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次 > > ホン パンニャー > > HONG Panha > > Tel: 090 6523 1168 > > Email: c011361...@edu.teu.ac.jp <mailto:c011361...@edu.teu.ac.jp> > <mailto:c011361...@edu.teu.ac.jp <mailto:c011361...@edu.teu.ac.jp>> > > 〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室 > > > > > > > ------------------------------------------------------------------------------ > > Developer Access Program for Intel Xeon Phi Processors > > Access to Intel Xeon Phi processor-based developer platforms. > > With one year of Intel Parallel Studio XE. > > Training and support from Colfax. > > Order your platform today.http://sdm.link/xeonphi > > > > > > > > _______________________________________________ > > Ryu-devel mailing list > > Ryu-devel@lists.sourceforge.net <mailto:Ryu-devel@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/ryu-devel > <https://lists.sourceforge.net/lists/listinfo/ryu-devel> > > > > > > > -- > 東京工科大学 コンピュータサイエンス学部 ネットワークコース 4年次 > ホン パンニャー > HONG Panha > Tel: 090 6523 1168 > Email: c011361...@edu.teu.ac.jp <mailto:c011361...@edu.teu.ac.jp> > 〒192-0372 東京都八王子市下柚木1987-1大学セミナーハウス102号室 > > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/xeonphi > > > > _______________________________________________ > Ryu-devel mailing list > Ryu-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ryu-devel > ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Ryu-devel mailing list Ryu-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ryu-devel
