REST API IPV4 flow rule sets incorrect IP
36 views
Skip to first unread message
Tom Harding
Jun 22, 2022, 10:38:12 AM6/22/22
to ONOS Discuss
I am trying to set a flow rule via the REST API to block all flows from a particular IP address:
flow_json = {'flows':
[{
"priority": 40000,
"isPermanent": True,
"timeout": 0,
"deviceId": switches['s2'],
"treatment": {},
"selector": {
"criteria": [
{
"type": "IPV4_SRC",
"ip": "10.0.0.4/24"
}
]
}}]}
[{
"priority": 40000,
"isPermanent": True,
"timeout": 0,
"deviceId": switches['s2'],
"treatment": {},
"selector": {
"criteria": [
{
"type": "IPV4_SRC",
"ip": "10.0.0.4/24"
}
]
}}]}
However when I verify the rule has been set via the API or GUI, the IP has changed to 10.0.0.0/24. If I manually change the host IP to this address then the flow rule works and traffic is blocked! Am I missing something obvious or is this a bug anyone else has come across?
Thanks,
Tom
Tom Harding
Jun 22, 2022, 10:39:35 AM6/22/22
to ONOS Discuss, Tom Harding
correction, the IP in the JSON can be anything from 10.0.0.1 - 10.0.0.X
Eder Ollora
Jun 22, 2022, 11:56:24 AM6/22/22
to Tom Harding, ONOS Discuss
Hi,
If you want to block 1 IP you should use /32. If you want to use /24 then you are using a subnet. 10.0.0.0/24 blocks all IPs from 10.0.0.0 to 10.0.0.255. It does not matter if you use 10.0.0.0, 10.0.0.4 or 10.0.0.89 when you refer to the /24, because all those IPs belong to that same subnet.
Besides, don't you need to match against Ethertype 0x800 too?
Cheers,
--
You received this message because you are subscribed to the Google Groups "ONOS Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to onos-discuss...@onosproject.org.
To view this discussion on the web visit https://groups.google.com/a/onosproject.org/d/msgid/onos-discuss/fa9cc8fb-1f51-4245-b12a-906dd2771644n%40onosproject.org.
Reply all
Reply to author
Forward
0 new messages