Create flow to block source external IP

asked 2016-11-21 13:14:18 -0700

Hi All,

I'm using Mininet to emulate a network and I'm trying to create a flow on ODL Lithium to block all traffic from external IPs. I can see the flow has been pushed to s1 and I run nmap to generate traffic from the external IP, but the flow doesn't match any packages.

nping --udp --source-ip --source-port 53 --data-length 1400 --rate 2000 --count 7000000 --no-capture --quiet

root@mininet:~/test# ovs-ofctl -O OpenFlow13 dump-flows s7 OFPSTFLOW reply (OF1.3) (xid=0x2): cookie=0x0, duration=64.028s, table=1, npackets=0, nbytes=0, idletimeout=1200, hardtimeout=600, priority=32535,ip,nwsrc= actions=drop

Below is my flow:


<flow xmlns="urn:opendaylight:flow:inventory"> <table_id>1</table_id> <id>block1</id> <priority>32535</priority> <flow-name>BlockDDoS</flow-name> <match> <ethernet-match> <ethernet-type> <type>2048</type> </ethernet-type> </ethernet-match> <ipv4-source></ipv4-source> </match> <instructions> <instruction> <order>0</order> <apply-actions> <action> <order>0</order> <drop-action/> </action> </apply-actions> </instruction> </instructions> <hard-timeout>600</hard-timeout> <idle-timeout>1200</idle-timeout> </flow>

I appreciate any help.

Thanks, Silvio

edit retag flag offensive close merge delete