Changes between Version 9 and Version 10 of GENIEducation/SampleAssignments/OpenFlowAssignment/ExerciseLayout/Execute
- Timestamp:
- 05/21/13 17:30:17 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIEducation/SampleAssignments/OpenFlowAssignment/ExerciseLayout/Execute
v9 v10 138 138 - Remember that OpenFlow switches are an Ethernet switch first and foremost, and that not all packets on an Ethernet are IP. In particular, your hosts will require ARP in order to pass IP traffic through the switch! 139 139 - You may pass ICMP packets without limitation, to make debugging easier. 140 - The Trema ''Match'' class has a ''compare()'' method that accepts a ''Match'' argument and may be useful to you — consider the '' ExactMatch#from()'' method in conjunction.140 - The Trema ''Match'' class has a ''compare()'' method that accepts a ''Match'' argument and may be useful to you — consider the ''!ExactMatch#from()'' method in conjunction. 141 141 142 142 '''Extra Credit''' [[BR]] … … 155 155 The extended firewall will perform flow matching as before, with one added check: if the number of existing flows allowed by a given rule exceeds the limit specified in the configuration, a new flow matching that rule will be denied. The number of existing flows matching a given rule is computed as the number of currently active flow matches in the OpenFlow device for that rule. You may wish to look into the ''OFPT_FLOW_REMOVED'' message for help in implementing this. If a connection rule specifies any as the flow limit, no limiting will be performed by the controller. [[BR]] 156 156 Note that the timeout-based nature of flow removal dictates that small connection limits will be quite limiting. Keep this in mind when testing your firewall! 157 158 '''Hints: Want to get the complete firewall.rb? ask your instructor or visit here (you need a password to get it), or send an email''' [[BR]] 159 You probably want to change the `rule` structure defined in function `add_rule` to add two members: `limit` and `count` to store the maximum number of active flows allowed and the current number of active flows. [[BR]] 160 You should also over-ride the function `flow_removed` to subtract `count` when-ever a flow rule expired. [[BR]] 161 To verify your implementation, use `-P` option in iperf to add TCP flows. 157 162 158 163