Re: [Ryu-devel] Value of Rule/Flow of REST_FIREWALL

Hi Juan, Well... Yes... If you install a Drop rule with "10.0.2.0/32", the packets whose IP header contains "10.0.2.0" will be dropped with exact matching rule. rest_firewall does not recognize which IP network the hosts(sender/receiver) belongs to. Only IP address in IP header will be used. T

Re: [Ryu-devel] Value of Rule/Flow of REST_FIREWALL

Ok , sorry ... I want to block an IP address network for example 10.0.2.0 using a netmask 32. Its correct using this netmask in a rule of rest firewall "10.0.2.0/32"... To block or accept traffic in a whole network(in this case network 10.0.2.0)? Regards El 2 mar. 2017 11:31 PM, "Iwase Y

Re: [Ryu-devel] Can't see FlowstatsReply every second

Hi Alan, Sorry, I don't have NS3 simulator environment though. First, please confirm: 1. if simple_monitor_13 sent OFPFlowStatsRequest after packet_in_handler, and Ns3-ofsoftswtich13 received them 2. if Ns3-ofsoftswtich13 sent OFPFlowStatsReply every second, and simple_monitor_13 receiv

Re: [Ryu-devel] Value of Rule/Flow of REST_FIREWALL

Hi Juan, Sorry, please make question more clear... Your question is "Is using /32 for setting rest_firewall rules allowed or not?" ??? I mention again... Prefix ("32" in this case) in rest_firewall APIs means: "How many high-order bits should be matched against IP address in IP packet header"

Re: [Ryu-devel] Can't see FlowstatsReply every second

Hi , Thanks for your reply. I am wrong. I want to use simple_monitor13 and Ns3 to simulate. However I send OFPFlowStatsRequest to Ns3-ofsoftswtich13 every second, but Ns3-ofsoftswtich13 can't receive OFPFlowStatsReply every second, especially After packet_in_handler. Controller can't get the

Re: [Ryu-devel] Value of Rule/Flow of REST_FIREWALL

Thank you again... But what about to use netmask /32 ? In a IP address network?? Juan Regards El 2 mar. 2017 8:40 PM, "Iwase Yusuke" escribió: > Hi Juan, > > The concept for the IP address wildcarding is the same with that of > OpenFlow protocol matching. > > To match against "10.1.1.0/24" netw

Re: [Ryu-devel] Can't see FlowstatsReply every second

Hi, On 2017年02月25日 21:06, Alan Wang wrote: > HI All, > > I tried to combined the simple_switch_13 and simple_monitor. "ryu/app/simple_monitor_13.py" inherits ryu/app/simple_switch_13.py: https://github.com/osrg/ryu/blob/master/ryu/app/simple_monitor_13.py#L25 simple_monitor_13.py should do L2

Re: [Ryu-devel] Packet-in Handler

Hi Alan, On 2017年03月01日 08:02, Alan Helal wrote: > Hello guys. Im trying to drop all the packets except the ones from a > whitelist. Here is the code that Im using: > > @set_ev_cls(ofp_event.EventOFPPacketIn, MAIN_DISPATCHER) > def _packet_in_handler(self, ev): > global flag1 >

Re: [Ryu-devel] Value of Rule/Flow of REST_FIREWALL

Hi Juan, The concept for the IP address wildcarding is the same with that of OpenFlow protocol matching. To match against "10.1.1.0/24" network, *mostly* you need to set nw_dest/nw_src="10.1.1.0/24". But please note this rule also matches the packet sent to "10.1.1.1/28", because the high-orde

[Ryu-devel] Get A New Website or Upgrade Your Existing Website To Drive More Sales & Clients (TC9)

Hello,We are team of graphic designers and website developers and we provide Website Design and Development Solutions throughout the globe.  We have been working for over 5 years now providing designing, website and software solutions to clients globally.  The website will be custom made per yo

[Ryu-devel] Regarding "Middleboxes (Network Functions) Traffic Steering through OpenFlow_1.3"

Dear Sir/Madam, I am working on "Middleboxes Traffic Steering" concept considering middlebox resources (CPU or memory usage). If you have any examples to get basic Idea how to implement it. Middleboxes are nothing but Network Functions i.e ( Firewall, IDS and Proxy) etc. I would like to steer the