Ask Your Question

Firewall using ODL.

asked 2015-07-21 08:56:43 -0700

singnikhil gravatar image

I'm using mininet to simulate a network and the controller is ODL. I want to have a control over the packet flows. For example, upon finding certain anomolous activity I want to sent a REST call to ODL to drop all the packets from one host or block request coming from certain port or allow request going to certain port.

I found out that it can be done by SFC, but I couldn't find any documentation regarding firewall, and certain things in userguide are hard to understand.

Also, I found out that I can manipulte the flowtable to do same, but I'm still trying to understand it.

I'm new to SDN and ODL , so any help will is appreciated.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2015-07-22 00:47:02 -0700

updated 2015-07-22 00:47:27 -0700

@singhnikhil you can try to install the flows to the switch to drop the packets with required match fields.

you can refer to following wiki for the installation of flow :

edit flag offensive delete publish link more


Hi Subhash, Thanks for replying. I tried it but it worked only for MAC Address. When I'm giving IP Addresses, it's not wokring. flow dump is for blocking icmp: cookie=0xa, duration=1.726s, table=0, n_packets=0, n_bytes=0, priority=6200,icmp,nw_src=,nw_dst= actions=drop

singnikhil ( 2015-07-22 13:01:46 -0700 )edit

just remember that if you adding any rule based on the IP address then you must fulfil the prerequisite of match i.e. if you have match on ip address then there should be match on eth_type = ip.

subhash ( 2015-07-22 13:41:30 -0700 )edit

Oh yea.. It worked thanks..:) Also, if have any tutorial or could provide me with anything that could help me with SFC implementation, it'll be great. I've understood the concept behind it, but I'm not able to implement it.

singnikhil ( 2015-07-22 14:40:38 -0700 )edit

You are welcome :) Could you please accept the answer if the answer helped you, so that other can also refer the answer. !!

subhash ( 2015-07-22 23:18:26 -0700 )edit

Do you plan to use SFC only for firewall? If yes, it seems like overkill. Why not consider writing your own firewall application? It would be a good way to familiarize with ODL as well as get what you want out of it.

Vishal Thapar ( 2015-07-23 00:03:32 -0700 )edit

answered 2015-07-27 01:47:55 -0700

Do you solve the problem of Firewall using ODL ?

edit flag offensive delete publish link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]


Asked: 2015-07-21 08:56:43 -0700

Seen: 551 times

Last updated: Jul 27 '15