[pox-dev] running multiple applications
durga
c.vijaya.durga at gmail.com
Mon Nov 11 23:50:34 PST 2013
Murphy,
That point you made about firewall being reactive is exactly what I wanted
to know. So seems it was not due to connectionup event, but rather a
packetIn event being processed by two components triggered the error.
both of my firewall component and the switch component, have PacketIn
handlers , I have now tried making the firewall proactive by installing
flow table entries as soon as a connection is set up instead of handling
the packet once received by the controller as below and it seemed to have
worked.
def _handle_ConnectionUp(self,event):#everytime a connection is
established, a prepopulate the firewall entries
#connection.addListeners(self)
print "in firewll"
filterlist = [('00:00:00:00:00:02','00:00:00:00:00:03')]
msg = of.ofp_flow_mod()
msg.match.dl_src = EthAddr(filterlist[0][0])
msg.match.dl_dst = EthAddr(filterlist[0][1])
msg.priority = 65535
print msg
event.connection.send(msg
result:
*** s2
------------------------------------------------------------------------
in_port(1),eth(src=00:00:00:00:00:02,dst=00:00:00:00:00:03),eth_type(0x0800),ipv4(src=10.0.0.2,dst=10.0.0.3,proto=1,tos=0,ttl=64,frag=no),icmp(type=8,code=0),
packets:4, bytes:392, used:1.468s, actions:drop
mininet>
I will reread the docs w.r.t priorities for the listeners though..
thanks again.
Cheers!
Durga
On Tue, Nov 12, 2013 at 6:26 PM, Murphy McCauley
<murphy.mccauley at gmail.com>wrote:
>
> On Nov 11, 2013, at 10:33 PM, durga <c.vijaya.durga at gmail.com> wrote:
>
> Hello All,
>
> Just a small question. Incase I run the a firewall application in
> conjecture to a l2 learning switch application , how does the controller
> work on the connectionup event?
>
> for example I run the command :
> mininet at mininet-vm:~/pox$ pox.py log.level -DEBUG l2_switching_v5
> l2_switching_firewall_v3 &
>
> I want firewall to take precedence over the l2 switch and have introduced
> priority as msg.priority = 65535 (highest priority), but what I am trying
> to understand is - its a single connection from the OVS switch to the pox
> controller and controller is running 2 applications - firewall and switch,
> so how do these 2 applications work on the same connection?
>
> Currently, my program sends 2 flow mod messages -
> 1.from firewall app with priority of 65535 for matching flows
> 2. from the switch for all other flows
> and the ovs installs flow with max priority. Is this the right way of
> doing??
> As of now, I am stuck with an error - OFPBRC_BUFFER_EMPTY = 7 - which as
> per openflow doc is error when a buffer is already in use..
>
>
> POX doesn't do any magic arbitration for you. If two components listen to
> the same event -- both of them get it. Which one gets it first is
> technically undefined *unless* the listeners have priorities set. I think
> revent priorities aren't really documented on the wiki yet... you'll have
> to read the docs/code in pox/lib/revent. If it wants to, the one that
> fires first can then cancel the event so that the second one doesn't get
> it. Again, you probably need to read the docstrings or code for this.
>
> Alternatively... read the code for the mac_blocker component (in misc) or
> the port blocker in the FAQ. These are examples of very simple firewalls.
> mac_blocker definitely uses both event priorities and event canceling.
>
> The problem you're having with BUFFER_EMPTY is probably because... I am
> guessing your firewall is "reactive" and both the firewall and the
> forwarding component are handling the PacketIn event. You probably want
> the firewall at a high priority, and when it wants to block, it should
> install the "block" table entry and cancel the event so that the forwarding
> component doesn't try to install an entry too. This is exactly what
> mac_blocker does.
>
> -- Murphy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noxrepo.org/pipermail/pox-dev-noxrepo.org/attachments/20131112/fe377987/attachment-0002.htm>
More information about the pox-dev
mailing list