| | 1 | == Distribute individual flow entries == |
| | 2 | |
| | 3 | |
| | 4 | Last but not least, we will make use of the Flow Entry module. In this module, you can install individual flow entries as you would do using any of the controllers GUIs or the command line interface of OVS. The module is fed with information of your experiment such as the IP or MAC addresses of all interfaces of your nodes. This reduces the possibility of errors that happen when you manually install flow entries using other tools. Often, you may want to distribute a single flow entry to multiple switches (e.g. as we did with ARP flows above); this module allows you to accomplish this task. |
| | 5 | 1. '''Load Module''' |
| | 6 | |
| | 7 | |
| | 8 | First, open the module. |
| | 9 | |
| | 10 | |
| | 11 | [[Image(fentry.png)]] |
| | 12 | |
| | 13 | 1. '''Define Flow''' |
| | 14 | |
| | 15 | |
| | 16 | Suppose that we want drop all UDP traffic incoming to all the switches for an hour. We will first define the flow match accordingly that will match all UDP traffic. On the actions tab, we will not add any operation (i.e. the package will be dropped). Next, we will setup a hard (or soft) timeout to 1 hour, and we will give the flow a priority of 50. |
| | 17 | |
| | 18 | On the summary tab, you will see all the flow definition you have done so far plus the set of selected switches where the flow will be distributed. If it is empty, select all the OVS nodes where you want the flow rule to be installed. Finally, install the flow entry. |
| | 19 | |
| | 20 | Your final flow definition should look like this |
| | 21 | |
| | 22 | |
| | 23 | [[Image(flowentrysummary.png)]] |
| | 24 | |
| | 25 | 1. '''Testing Flow''' |
| | 26 | |
| | 27 | |
| | 28 | First, make sure you can ping from '''h1''' to '''h2'''. Then |
| | 29 | |
| | 30 | '''h1 terminal''': Start a netcat UDP server on port 3000. |
| | 31 | {{{ |
| | 32 | user@h1:~$ nc -l -u 3000 |
| | 33 | }}} |
| | 34 | |
| | 35 | Now try to connect '''h2''' to that server and you will notice that connection is unsuccessful after typing words (i.e. packets do not reach '''h1'''). |
| | 36 | |
| | 37 | '''h2''' terminal: Try to establish connection with '''h1''' UDP server. |
| | 38 | {{{ |
| | 39 | user@h2:~$ nc -u h1 3000 |
| | 40 | this is |
| | 41 | the UDP test |
| | 42 | 1 |
| | 43 | 2 |
| | 44 | 3 |
| | 45 | }}} |
| | 46 | |
| | 47 | You may want to monitor the new installed flow entries and check that UDP traffic is in fact dropped. Since h2 is connected to s3 in our topology, you can check the flow entries at s3 in the Flow Monitor module. |
| | 48 | |
| | 49 | |
| | 50 | [[Image(dropflow.png)]] |
| | 51 | |
| | 52 | |
| | 53 | [wiki:GENIExperimenter/Tutorials/GENIDesktop/aag Back to Tutorial] |
