[pox-dev] Multiple controllers

Silvia Fichera fichera.sil at gmail.com
Tue Dec 10 03:51:17 PST 2013 

I'm trying to follow the second option.
The forwarding process is working just one way.
I would like prepare the switch to forward the ack response from the host,
so I want to install a proctive rule.
I've tried to do it in this way:

            actions2=[]
            actions2.append(of.ofp_action_dl_addr.set_dst(mac2))
            actions2.append(of.ofp_action_output(port=inport))
            match = of.ofp_match()
            match.in_port=1
            match.dl_src=mac
            match.dl_dst=mac2
            match.nw_proto=6
            match.nw_src=dstaddr
            match.nw_dst=srcaddr
            msg=of.ofp_flow_mod(command=of.OFPFC_ADD,
                              #idle_timeout=FLOW_IDLE_TIMEOUT,
                              hard_timeout=of.OFP_FLOW_PERMANENT,
                              buffer_id=event.ofp.buffer_id,
                              actions=actions2,match=match)
            event.connection.send(msg.pack())

where:
mac = self.arpTable[dpid][dstaddr].mac #dst host mac addr
mac2 = self.arpTable[dpid][srcaddr].mac #src host mac addr
dstaddr = packet.next.dstip
srcaddr = packet.next.srcip

the in port is setted 1 because it's the default port to/from core network.

When I try this implementation I've got this error:

WARNING:libopenflow_01:Fields ignored due to unspecified prerequisites:
nw_dst nw_src nw_proto

ERROR:openflow.of_01:[00-00-00-00-00-01 3] OpenFlow Error:
[00-00-00-00-00-01 3] Error: header:
[00-00-00-00-00-01 3] Error:   version: 1
[00-00-00-00-00-01 3] Error:   type:    1 (OFPT_ERROR)
[00-00-00-00-00-01 3] Error:   length:  76
[00-00-00-00-00-01 3] Error:   xid:     17
[00-00-00-00-00-01 3] Error: type: OFPET_BAD_REQUEST (1)
[00-00-00-00-00-01 3] Error: code: OFPBRC_BUFFER_EMPTY (7)
[00-00-00-00-00-01 3] Error: datalen: 64
[00-00-00-00-00-01 3] Error: 0000: 01 0e 00 60 00 00 00 11  00 10 00 12 00
01 76 57   |...`..........vW|
[00-00-00-00-00-01 3] Error: 0010: 3b c6 e3 37 de c9 a5 fe  9c ee 00 00 00
00 00 00   |;..7............|
[00-00-00-00-00-01 3] Error: 0020: 00 00 00 00 00 00 00 00  00 00 00 00 00
00 00 00   |................|
[00-00-00-00-00-01 3] Error: 0030: 00 00 00 00 00 00 00 00  00 00 00 00 00
00 80 00   |................|

What's wrong?

Thank you.




2013/12/10 Silvia Fichera <fichera.sil at gmail.com>

> Hi Murphy,
>
> I would like to have controller C1 connected only to the access network.
> It checks if the source is honest pretending the mechanism of 3WHS if the
> source is unknown. So when it receives a SYN request it answers with the
> SYN ACK and, only if the source sends the ACK it is added to a whitelist,
> and it's allowed to send packet in the network. If the source is in
> whitelist when it wants send packet sends againg SYN but this time is a
> controller C0 that install the forwarding rules because it's connected to
> all switches of the network. C0 and C1 could share a list of valid source
> or malicious source (whitelist and blacklist).
>
> Another solution could be connect C1 only to the access network and C0 to
> the core network,
>
> After the mechanism of 3WHS check, C1 installs the rule to forward the
> packet through the port connected to the core network (a sort of default
> gateway). When the packet arrives on the switch belonging to the core
> network C0 will install forwanding rules to the destination (that is never
> in my access network).
> But here the problem is have a mechanism to know a priori the output port
> of all access switches or to set it when I build the network.
>
> Have you got any suggestions?
>
> Bests,
>
>
> 2013/12/9 Murphy McCauley <murphy.mccauley at gmail.com>
>
>> So you want to have two controllers which communicate with the same
>> switch, but that do different things?  There's no straightforward way to do
>> this with straight OpenFlow 1.0, but it may be possible with some of the
>> Open vSwitch extensions related to multiple controllers.  You should look
>> into those OVS features (controller role, controller ID, etc.).
>>
>> I assume you have a good reason for wanting to use two separate
>> controllers.  From your description, it's not obvious.
>>
>> -- Murphy
>>
>> On Dec 9, 2013, at 4:11 AM, Silvia Fichera <fichera.sil at gmail.com> wrote:
>>
>> > Hi all,
>> > I've a l3_learning controller that check if a TCP request connection is
>> valid.
>> > In a tree topology I would like that this one checks only the edge
>> switches and, if the connection if valid, another controller will install
>> flow rule on the switches.
>> >
>> > So, if I receive a tcp SYN packet first of all the switch talks to my
>> controller, it checks the "honesty" of the source:
>> > - if it's not honest "install" a drop rule on the switch
>> > - else I would that the switch forwards the connection request to the
>> regular controller that install flows.
>> >
>> > How can I contact the regular controller from the switch?
>> >
>> > Thank you
>> >
>> > --
>> > Silvia Fichera
>>
>
>
>
> --
> Silvia Fichera
>



-- 
Silvia Fichera
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noxrepo.org/pipermail/pox-dev-noxrepo.org/attachments/20131210/7f8bd7ba/attachment-0002.htm>

More information about the pox-dev mailing list