Hi Giorgos,
I see the below two options,
1. You can delete the old flow
(or)
2. set the timeout (idle_timeout, hard_timeout) value for those flows, so
that those flows will be removed after that time.
Thanks
suresh
On Wed, Aug 29, 2018 at 2:00 PM Giorgos Dimopoulos <gior...@talaia.io>
wrote:
> Hi Quoc, thanks a lot for clarifying this. I did try to add the flow with
> the default priority but that didn't work either.
> It seems that the two first flows are always prioritized over the one that
> I'm adding. It only works when I lower the priorities of the first two
> flows.
>
> Is there any way to add the new flow and override the others without
> having to modify their priorities?
>
> Thanks!
> Giorgos
>
> On 29/08/18 01:06, quockhanh...@gmail.com wrote:
>
> Hi Giorgos,
>
>
>
> From your flow table, it’s very likely that the flow entry you used to
> drop traffic between 2 hosts has a lower priority (=100) than the
> priorities of the other 2 entries (*default priority*). As mentioned in
> this <http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html>,
> “when adding a flow, if the field is not specified, *the flow's priority
> will default to 32768*.” Therefore, incoming packets will always be
> matched and forwarded between h1 and h2 by the first 2 flow entries instead
> of being drop by the last one.
>
>
>
> Hope it helps.
>
>
>
> Regards,
>
> Quoc Khanh
>
>
>
> *From: *Giorgos Dimopoulos <gior...@talaia.io>
> *Sent: *Tuesday, 28 August 2018 10:55 PM
> *To: *ryu-devel@lists.sourceforge.net
> *Subject: *[Ryu-devel] Rule to drop traffic between hosts in mininet
> doesn'twork
>
>
>
> Hello,
>
>
>
> I'm running mininet with the following configuration:
>
> sudo mn --topo single,2 --mac --controller remote --switch
>
> ovs,protocols=OpenFlow10
>
>
>
> on the host computer I'm running ryu with simple_switch and ofct_rest:
>
> ryu-manager --verbose --app-lists ryu.app.simple_switch,ryu.app.ofctl_rest
>
>
>
> then I'm using the REST API to block all traffic from h1 to h2:
>
> curl -X POST -d '{
>
> "dpid": 1,
>
> "cookie": 0,
>
> "table_id": 0,
>
> "priority": 100,
>
> "flags": 1,
>
> "match":{
>
> "nw_src": "10.0.0.1/32",
>
> "nw_dst": "10.0.0.2/32",
>
> "dl_type": 2048
>
> },
>
> "actions":[
>
> ]
>
> }' http://localhost:8080/stats/flowentry/add
>
>
>
> in mininet the OF rule appears correctly:
>
> mininet> sh ovs-ofctl -O OpenFlow10 dump-flows s1
>
> cookie=0x0, duration=40.692s, table=0, n_packets=4, n_bytes=336,
>
> in_port="s1-eth1",dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02
>
> actions=output:"s1-eth2"
>
> cookie=0x0, duration=40.687s, table=0, n_packets=3, n_bytes=238,
>
> in_port="s1-eth2",dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01
>
> actions=output:"s1-eth1"
>
> cookie=0x0, duration=5.286s, table=0, n_packets=0, n_bytes=0,
>
> priority=100,ip,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=drop
>
>
>
> but the rule doesn't work since h1 can still ping h2:
>
> mininet> h1 ping h2
>
> PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
>
> 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.496 ms
>
> 64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.061 ms
>
> 64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.065 ms
>
>
>
> am I missing something here?
>
>
>
> Thanks in advance!
>
>
>
> Giorgos
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
> Ryu-devel mailing list
>
> Ryu-devel@lists.sourceforge.net
>
> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Ryu-devel mailing list
> Ryu-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>
--
*Regards, *
*Knet solutions.*
website: http://knetsolutions.in/
Facebook Page : https://www.facebook.com/sdntraining/
youtube channel: https://www.youtube.com/channel/UCTD6X9_oDqIYs_xpE7moFnQ
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
