Changes between Version 9 and Version 10 of GENIEducation/SampleAssignments/OpenFlowAssignment/ExerciseLayout/Execute


Ignore:
Timestamp:
05/21/13 17:30:17 (12 years ago)
Author:
shuang@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIEducation/SampleAssignments/OpenFlowAssignment/ExerciseLayout/Execute

    v9 v10  
    138138   - Remember that OpenFlow switches are an Ethernet switch first and foremost, and that not all packets on an Ethernet are IP. In particular, your hosts will require ARP in order to pass IP traffic through the switch!
    139139   - You may pass ICMP packets without limitation, to make debugging easier.
    140    - The Trema ''Match'' class has a ''compare()'' method that accepts a ''Match'' argument and may be useful to you — consider the ''ExactMatch#from()'' method in conjunction.
     140   - The Trema ''Match'' class has a ''compare()'' method that accepts a ''Match'' argument and may be useful to you — consider the ''!ExactMatch#from()'' method in conjunction.
    141141
    142142  '''Extra Credit''' [[BR]]
     
    155155  The extended firewall will perform flow matching as before, with one added check: if the number of existing flows allowed by a given rule exceeds the limit specified in the configuration, a new flow matching that rule will be denied. The number of existing flows matching a given rule is computed as the number of currently active flow matches in the OpenFlow device for that rule. You may wish to look into the ''OFPT_FLOW_REMOVED'' message for help in implementing this. If a connection rule specifies any as the flow limit, no limiting will be performed by the controller. [[BR]]
    156156  Note that the timeout-based nature of flow removal dictates that small connection limits will be quite limiting. Keep this in mind when testing your firewall!
     157
     158  '''Hints: Want to get the complete firewall.rb? ask your instructor or visit here (you need a password to get it), or send an email''' [[BR]]
     159  You probably want to change the `rule` structure defined in function `add_rule` to add two members: `limit` and `count` to store the maximum number of active flows allowed and the current number of active flows. [[BR]]
     160  You should also over-ride the function `flow_removed` to subtract `count` when-ever a flow rule expired. [[BR]]
     161  To verify your implementation, use `-P` option in iperf to add TCP flows.
    157162
    158163