'[ovs-discuss] Openflow Tables Openvswitch'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvswitch-discuss
Subject:    [ovs-discuss] Openflow Tables Openvswitch
From:       jasousa () uoldiveo ! com (Jose Augusto de Sousa)
Date:       2014-03-27 21:20:17
Message-ID: EBCCF64945E0B44289D406C94E6B56410134EB9323 () A4-SALOMAO8 ! uolcorp ! intranet
[Download RAW message or body]

Dears,
I have  some rules in table0.
Can I split the layer2 rules, layer 3 rules, for table?
Like the layer2 rules, has an action to send to layer 3 rules, after processing.

I try to do universal rules, likeDHCP, DNS  for all switch port.
And specific anti spoofing rules, mac/ip peer port and specific layer 3 rules by ip \
and port.

I try this.

#drop everything
ovs-ofctl add-flow br0  "priority=10 actions=drop"

#allow icmp
ovs-ofctl add-flow br0 "table=0,priority=65535,icmp actions=normal"

#allow dns
ovs-ofctl add-flow br0 "table=0,priority=65534,udp,tp_src=*,tp_dst=53 actions=normal"

#allow  traffic in out  public interface
#public interface
ovs-ofctl add-flow br0 "in_port=4 actions=NORMAL"

#antispoofing
ovs-ofctl add-flow br0 "table=0 \
priority=500,arp,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 \
actions=normal" ovs-ofctl add-flow br0 "table=0 \
priority=500,ip,in_port=3,dl_src=00:50:56:B5:02:07,nw_src=10.133.22.107,idle_timeout=0 \
actions=normal"

#drop ip
ovs-ofctl add-flow br0 "table=0,priority=400,ip,in_port=3 actions=drop"

#allow ports
ovs-ofctl add-flow br0 \
"table=0,priority=550,tcp,in_port=3,dl_src=00:50:56:b5:02:07,dl_dst=*,nw_src=10.133.22.107,nw_dst=*,nw_tos=0,tp_src=22,tp_dst=* \
actions=normal"


I want to separate  layer2 rules and layer3 rules in tables, after past in layer2 \
rules send directly to layer3 rules.

Make sense, is it possible?


Thanks in advanced

[]'s

Jos? Augusto de Sousa
Skype: jaugustos1
Gtalk: Joseaugusto.sousa at gmail.com



________________________________

AVISO: A informa??o contida neste e-mail, bem como em qualquer de seus anexos, ? \
CONFIDENCIAL e destinada ao uso exclusivo do(s) destinat?rio(s) acima referido(s), \
podendo conter informa??es sigilosas e/ou legalmente protegidas. Caso voc? n?o seja o \
destinat?rio desta mensagem, informamos que qualquer divulga??o, distribui??o ou \
c?pia deste e-mail e/ou de qualquer de seus anexos ? absolutamente proibida. \
Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, \
e que o original desta mensagem e de seus anexos, bem como toda e qualquer c?pia e/ou \
impress?o realizada a partir destes, sejam permanentemente apagados e/ou destru?dos. \
Informa??es adicionais sobre nossa empresa podem ser obtidas no site \
http://sobre.uol.com.br/.

NOTICE: The information contained in this e-mail and any attachments thereto is \
CONFIDENTIAL and is intended only for use by the recipient named herein and may \
contain legally privileged and/or secret information. If you are not the e-mail?s \
intended recipient, you are hereby notified that any dissemination, distribution or \
copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please \
immediately notify the sender replying to the above mentioned e-mail address, and \
permanently delete and/or destroy the original and any copy of this e-mail and/or its \
attachments, as well as any printout thereof. Additional information about our \
company may be obtained through the site http://www.uol.com.br/ir/.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic