Ask is moving to Stack Overflow and Serverfault.com! Please use the "opendaylight" tag on either of these sites. This site is now in Read-Only mode

0

Firewall using ODL.

asked 2015-07-21 08:56:43 -0700

singnikhil gravatar image

I'm using mininet to simulate a network and the controller is ODL. I want to have a control over the packet flows. For example, upon finding certain anomolous activity I want to sent a REST call to ODL to drop all the packets from one host or block request coming from certain port or allow request going to certain port.

I found out that it can be done by SFC, but I couldn't find any documentation regarding firewall, and certain things in userguide are hard to understand.

Also, I found out that I can manipulte the flowtable to do same, but I'm still trying to understand it.

I'm new to SDN and ODL , so any help will is appreciated.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-07-22 00:47:02 -0700

subhash gravatar image

updated 2015-07-22 00:47:27 -0700

@singhnikhil you can try to install the flows to the switch to drop the packets with required match fields.

you can refer to following wiki for the installation of flow :

https://wiki.opendaylight.org/view/OpenDaylightOpenFlowPlugin:EndtoEnd_Flows

edit flag offensive delete publish link more

Comments

Hi Subhash, Thanks for replying. I tried it but it worked only for MAC Address. When I'm giving IP Addresses, it's not wokring. flow dump is for blocking icmp: cookie=0xa, duration=1.726s, table=0, n_packets=0, n_bytes=0, priority=6200,icmp,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=drop

singnikhil ( 2015-07-22 13:01:46 -0700 )edit

just remember that if you adding any rule based on the IP address then you must fulfil the prerequisite of match i.e. if you have match on ip address then there should be match on eth_type = ip.

subhash ( 2015-07-22 13:41:30 -0700 )edit

Oh yea.. It worked thanks..:) Also, if have any tutorial or could provide me with anything that could help me with SFC implementation, it'll be great. I've understood the concept behind it, but I'm not able to implement it.

singnikhil ( 2015-07-22 14:40:38 -0700 )edit

You are welcome :) Could you please accept the answer if the answer helped you, so that other can also refer the answer. !!

subhash ( 2015-07-22 23:18:26 -0700 )edit

Do you plan to use SFC only for firewall? If yes, it seems like overkill. Why not consider writing your own firewall application? It would be a good way to familiarize with ODL as well as get what you want out of it.

Vishal Thapar ( 2015-07-23 00:03:32 -0700 )edit
0

answered 2015-07-27 01:47:55 -0700

etscript gravatar image

Do you solve the problem of Firewall using ODL ?

edit flag offensive delete publish link more
Login/Signup to Answer

Question Tools

Follow

subscribe to rss feed

Stats

Asked: 2015-07-21 08:56:43 -0700

Seen: 1,332 times

Last updated: Jul 27 '15

Related questions

Could not add flow via Rest API.

Add flows via restconf to build VXLAN - Resolved

Added flow to operational datastore has other id, than specified

dynamic change of path

How to backup the data of flows in opendaylight-inventory

What version of Maven do I use to build the "SFC 101" Tutorial?

SFF not display the connected bridges

Need Help to understand SFC.

SFC 101 sending packet issue

Classifier - Service Function Chaining Creation?

Unless otherwise stated, content on this site is licensed under a
Creative Commons Attribution 4.0 International license.
about | faq | help | create an account
OpenDaylight | Powered by Askbot