Hi Iwase, thank you so much... Another question Do you know any resource of
a wildcard calculator that could works With the rest firewall?, for example
for define a range of IP address in a network to accept o deny traffic?
Regards
Juab
El 2 mar. 2017 12:35 AM, "Iwase Yusuke" <[email protected]> escribió:
> Hi Juan,
>
> Sorry, I misunderstood.
>
> I guess, it comes from the constraint of OpenFlow Matching rule.
> If you specify nw_dst="10.0.0.1/24", this means:
> "The high-order 24 bits are used for IP address matching and other is
> wildcarded"
> and does NOT mean:
> "Matching to the destination 10.0.0.1 address in the 10.0.0.0/24
> network"
> These are very similar, but strictly speaking these does not have the same
> meaning.
> Please refer to "7.2.3.4 Flow Matching" in OpenFlow Spec 1.3 for details.
>
> e.g.)
> With nw_dst="10.0.0.1/24", this rule will be translated to "10.0.0.*" (*
> means wildcarded).
> packets to 10.0.0.2: MATCH
> packets to 10.1.0.1: NOT MATCH
>
> If you want to distinguish the packets only which have "10.0.0.1" in "
> 10.0.0.0/24" network
> as the destination, you need to set nw_dst="10.0.0.1/32" in OpenFlow
> match field.
> 32 means the exact match for "10.0.0.1" address.
>
> Thanks,
> Iwase
>
> On 2017年03月01日 20:32, Juan Francisco Guano wrote:
> > Hi Iwase, thank you so much by your reply... I know that 255.000.000.00
> Is same "8" for format. Now if you check my original question , you can
> appreciate that I así for an specific IP address "10.0.0.2/8 <
> http://10.0.0.2/8> " why Is the same in flow that "10.0.0.3/8 <
> http://10.0.0.3/8>" rule in a switch(I check this with dump-flows
> command and I get 10.0.0.0/255.0.0.0 <http://10.0.0.0/255.0.0.0> in both
> case )? How the controller/switch distinguish this flows? Why the flows
> are replace it in the switch? Why with a netmask 32 the flows/rules are
> different? Is it possible that this case Is linked with wildcarding
> function un the app?
> >
> > Any help Is welcome...
> >
> > Regards
> >
> > Juan
> >
> > El 1 mar. 2017 2:58 AM, "Iwase Yusuke" <[email protected] <mailto:
> [email protected]>> escribió:
> >
> > Hi Juan,
> >
> > First, "255.0.0.0" in "10.0.0.0/255.0.0.0 <http://10.0.0.0/255.0.0.0>"
> means the subnet mask and has the same meaning with "8".
> > "8" is just formatted in the prefix representation.
> >
> > And, when your get without the mask, like "10.0.0.0", the subnet
> mask "255.255.255.0"(="32" in
> > the prefix representation) is just omitted for the readability.
> > So, you can set the netmask other than 32.
> >
> > Thanks,
> > Iwase
> >
> > On 2017年03月01日 15:54, Juan Francisco Guano wrote:
> > > Hi everybody
> > >
> > > I know, if this value is correct when I set a rule in a REST
> FIREWALL, this directly linked with the netmask, if I set a rule for the IP
> Address and your netmask ;10.0.0.2/8 <http://10.0.0.2/8> <
> http://10.0.0.2/8>, when I get the rules the IP address is the below;
> .... "nw_dst": "10.0.0.0/255.0.0.0 <http://10.0.0.0/255.0.0.0> <
> http://10.0.0.0/255.0.0.0>".... what is the meaning of that? I cant set
> any rule with a different netmask of 32? for example I set the rule for
> the IP Address and your netmask ;10.0.0.1/32 <http://10.0.0.1/32> <
> http://10.0.0.1/32> and I get a rule without any mask;.... "nw_dst":
> "10.0.0.1"....
> > > Please any explanation is welcome..
> > >
> > > Regards
> > >
> > > Juan
> > >
> > >
> > > ------------------------------------------------------------
> ------------------
> > > Check out the vibrant tech community on one of the world's most
> > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > >
> > >
> > >
> > > _______________________________________________
> > > Ryu-devel mailing list
> > > [email protected] <mailto:Ryu-devel@lists.
> sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/ryu-devel <
> https://lists.sourceforge.net/lists/listinfo/ryu-devel>
> > >
> >
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >
> >
> >
> > _______________________________________________
> > Ryu-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/ryu-devel
> >
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ryu-devel
