Hi Giorgos,
Just need to make sure your flow has higher priority than the other two.
The best practice is to explicitly specify the priority of all flows
instead of leaving them to the default. For example, set the priority of
the first 2 flow entries to 10 and the flow to drop traffic between 2 hosts
to 100.
Regards,
Quoc Khanh
On Wed, Aug 29, 2018, 6:29 PM Giorgos Dimopoulos <gior...@talaia.io> wrote:
> Hi Quoc, thanks a lot for clarifying this. I did try to add the flow with
> the default priority but that didn't work either.
> It seems that the two first flows are always prioritized over the one that
> I'm adding. It only works when I lower the priorities of the first two
> flows.
>
> Is there any way to add the new flow and override the others without
> having to modify their priorities?
>
> Thanks!
> Giorgos
>
> On 29/08/18 01:06, quockhanh...@gmail.com wrote:
>
> Hi Giorgos,
>
>
>
> From your flow table, it’s very likely that the flow entry you used to
> drop traffic between 2 hosts has a lower priority (=100) than the
> priorities of the other 2 entries (*default priority*). As mentioned in
> this <http://www.openvswitch.org/support/dist-docs/ovs-ofctl.8.html>,
> “when adding a flow, if the field is not specified, *the flow's priority
> will default to 32768*.” Therefore, incoming packets will always be
> matched and forwarded between h1 and h2 by the first 2 flow entries instead
> of being drop by the last one.
>
>
>
> Hope it helps.
>
>
>
> Regards,
>
> Quoc Khanh
>
>
>
> *From: *Giorgos Dimopoulos <gior...@talaia.io>
> *Sent: *Tuesday, 28 August 2018 10:55 PM
> *To: *ryu-devel@lists.sourceforge.net
> *Subject: *[Ryu-devel] Rule to drop traffic between hosts in mininet
> doesn'twork
>
>
>
> Hello,
>
>
>
> I'm running mininet with the following configuration:
>
> sudo mn --topo single,2 --mac --controller remote --switch
>
> ovs,protocols=OpenFlow10
>
>
>
> on the host computer I'm running ryu with simple_switch and ofct_rest:
>
> ryu-manager --verbose --app-lists ryu.app.simple_switch,ryu.app.ofctl_rest
>
>
>
> then I'm using the REST API to block all traffic from h1 to h2:
>
> curl -X POST -d '{
>
> "dpid": 1,
>
> "cookie": 0,
>
> "table_id": 0,
>
> "priority": 100,
>
> "flags": 1,
>
> "match":{
>
> "nw_src": "10.0.0.1/32",
>
> "nw_dst": "10.0.0.2/32",
>
> "dl_type": 2048
>
> },
>
> "actions":[
>
> ]
>
> }' http://localhost:8080/stats/flowentry/add
>
>
>
> in mininet the OF rule appears correctly:
>
> mininet> sh ovs-ofctl -O OpenFlow10 dump-flows s1
>
> cookie=0x0, duration=40.692s, table=0, n_packets=4, n_bytes=336,
>
> in_port="s1-eth1",dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02
>
> actions=output:"s1-eth2"
>
> cookie=0x0, duration=40.687s, table=0, n_packets=3, n_bytes=238,
>
> in_port="s1-eth2",dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01
>
> actions=output:"s1-eth1"
>
> cookie=0x0, duration=5.286s, table=0, n_packets=0, n_bytes=0,
>
> priority=100,ip,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=drop
>
>
>
> but the rule doesn't work since h1 can still ping h2:
>
> mininet> h1 ping h2
>
> PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
>
> 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.496 ms
>
> 64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.061 ms
>
> 64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.065 ms
>
>
>
> am I missing something here?
>
>
>
> Thanks in advance!
>
>
>
> Giorgos
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
> Ryu-devel mailing list
>
> Ryu-devel@lists.sourceforge.net
>
> https://lists.sourceforge.net/lists/listinfo/ryu-devel
>
>
>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
