Create flow to block source external IP

asked 2016-11-21 13:14:18 -0800

smartins gravatar image

Hi All,

I'm using Mininet to emulate a network and I'm trying to create a flow on ODL Lithium to block all traffic from external IPs. I can see the flow has been pushed to s1 and I run nmap to generate traffic from the external IP 192.168.1.100, but the flow doesn't match any packages.

nping --udp --source-ip 192.168.1.100 --source-port 53 --data-length 1400 --rate 2000 --count 7000000 --no-capture --quiet 10.0.4.2

root@mininet:~/test# ovs-ofctl -O OpenFlow13 dump-flows s7 OFPSTFLOW reply (OF1.3) (xid=0x2): cookie=0x0, duration=64.028s, table=1, npackets=0, nbytes=0, idletimeout=1200, hardtimeout=600, priority=32535,ip,nwsrc=192.168.1.100 actions=drop

Below is my flow:

http://<odl-ip>:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:7/table/1/flow/block1

<flow xmlns="urn:opendaylight:flow:inventory"> <table_id>1</table_id> <id>block1</id> <priority>32535</priority> <flow-name>BlockDDoS</flow-name> <match> <ethernet-match> <ethernet-type> <type>2048</type> </ethernet-type> </ethernet-match> <ipv4-source>192.168.1.100/32</ipv4-source> </match> <instructions> <instruction> <order>0</order> <apply-actions> <action> <order>0</order> <drop-action/> </action> </apply-actions> </instruction> </instructions> <hard-timeout>600</hard-timeout> <idle-timeout>1200</idle-timeout> </flow>

I appreciate any help.

Thanks, Silvio

edit retag flag offensive close merge delete