<div dir="ltr"><div>Hi Murphy,<br><br>I would like to have controller C1 connected only to the access network. It checks if the source is honest pretending the mechanism of 3WHS if the source is unknown. So when it receives a SYN request it answers with the SYN ACK
and, only if the source sends the ACK it is added to a whitelist, and it's allowed to send packet in
the network. If the source is in whitelist when it wants send packet sends againg SYN but this time is a controller C0 that install the forwarding rules because it's connected to all switches of the network. C0 and C1 could share a list of valid source or malicious source (whitelist and blacklist).<br>
<br></div>Another solution could be connect C1 only to the access network and C0 to the core network,<br><div><br>After the mechanism of 3WHS check, C1 installs the rule to forward the packet through the port
connected to the core network (a sort of default gateway). When the
packet arrives on the switch belonging to the core network C0 will
install forwanding rules to the destination (that is never in my access network).<br></div><div>But here the problem is have a mechanism to know a priori the output port of all access switches or to set it when I build the network.<br>
<br></div><div>Have you got any suggestions?<br></div><div><br></div><div>Bests,<br> </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/12/9 Murphy McCauley <span dir="ltr"><<a href="mailto:murphy.mccauley@gmail.com" target="_blank">murphy.mccauley@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So you want to have two controllers which communicate with the same switch, but that do different things? There's no straightforward way to do this with straight OpenFlow 1.0, but it may be possible with some of the Open vSwitch extensions related to multiple controllers. You should look into those OVS features (controller role, controller ID, etc.).<br>
<br>
I assume you have a good reason for wanting to use two separate controllers. From your description, it's not obvious.<br>
<span class="HOEnZb"><font color="#888888"><br>
-- Murphy<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Dec 9, 2013, at 4:11 AM, Silvia Fichera <<a href="mailto:fichera.sil@gmail.com">fichera.sil@gmail.com</a>> wrote:<br>
<br>
> Hi all,<br>
> I've a l3_learning controller that check if a TCP request connection is valid.<br>
> In a tree topology I would like that this one checks only the edge switches and, if the connection if valid, another controller will install flow rule on the switches.<br>
><br>
> So, if I receive a tcp SYN packet first of all the switch talks to my controller, it checks the "honesty" of the source:<br>
> - if it's not honest "install" a drop rule on the switch<br>
> - else I would that the switch forwards the connection request to the regular controller that install flows.<br>
><br>
> How can I contact the regular controller from the switch?<br>
><br>
> Thank you<br>
><br>
> --<br>
> Silvia Fichera<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Silvia Fichera
</div>