[ovs-discuss] Arbitrary ranges

Tahir Rauf tahir.rauf1 at gmail.com
Sat Aug 20 19:45:23 UTC 2011


Hi,

I think that up till now, there is lack of support to add specific ranges.
However, you can add some general ranges like 192.168.2.1 to
192.168.2.*256*by adding rule like
192.168.2.0/8. You can only tell that how many consecutive LSBs you want to
ignore.
Another aspect of the problem is that although implementation of Range-match
in OVS is not difficult, the idea is not suitable for hardware based
switches. Hardware based switches have some inefficiencies with range
matching. Following paper seems relevant to understand the problem and
solution.
http://www.arnetminer.org/viewpub.do?pid=597050

Tahir

On Sat, Aug 20, 2011 at 11:36 PM, Usman Ajmal <usman.ajmal at xflowresearch.com
> wrote:

> That's what I am interested in too. For example, I can write a wildcarded
> rule for a particular subnet say 192.168.2.* where * denotes a wildcarded
> field but I couldn't find a functionality to specify a particular range, say
> 192.168.2.1 to 192.168.2.100, as Masoud mentioned.
>
> An example of such a rule will be something like, "If a packet received has
> an src_ip in the range mentioned above, forward it to port 2 of the
> switch (action.out_port = 2)".
>
>  As far as I know Openflow specification 1.0, also don't talk about this.
>
> Am I missing here something?
> --
> Usman
> xFlow Research
>
>
> On Wed, Aug 17, 2011 at 11:04 PM, Masoud Moshref Javadi <
> masood.moshref.j at gmail.com> wrote:
>
>> No I want non-overlapping rules. Something like [0.0.0.0, 10.0.0.9],
>> 10.0.0.10, [10.0.0.10, 255.255.255.255].
>> Having non-overlapping rules allows me to add/remove rules from a switch
>> without worrying about priorities (with removing a rule with high priority,
>> I need to remove rules with lower priority to keep the rule space semantic.
>> Low priority rules may have overlap with other rules in other dimensions and
>> this process repeats)
>>
>>
>> On 8/17/2011 10:43 AM, Justin Pettit wrote:
>>
>>> Wouldn't something along the lines of this accomplish that?
>>>
>>>        priority=1001,nw_src=10.0.0.**10,action=drop
>>>        priority=1000,nw_src=10.0.0.0/**24,action=normal<http://10.0.0.0/24,action=normal>
>>>
>>> --Justin
>>>
>>>
>>> On Aug 17, 2011, at 10:38 AM, Masoud Moshref Javadi wrote:
>>>
>>>  Thank you for your answer.
>>>> Suppose that we have two rules: first, permits packet from 10.0.0.0/24and the other denies packets from 10.0.0.10 (with higher priority). Is there
>>>> any way to partition this space efficiently into non-overlapping rules?
>>>>
>>>> On 8/17/2011 8:33 AM, Justin Pettit wrote:
>>>>
>>>>> There's support for IP address CIDR blocks.  Currently, there is no way
>>>>> to specify groups of ports; see the thread titled "Port range masking" on
>>>>> this list from a couple of weeks ago on the subject:
>>>>>
>>>>>        http://openvswitch.org/**pipermail/discuss/2011-August/**
>>>>> 005486.html<http://openvswitch.org/pipermail/discuss/2011-August/005486.html>
>>>>>
>>>>> If you have thoughts on the subject, please respond to that thread.
>>>>>
>>>>> --Justin
>>>>>
>>>>>
>>>>> On Aug 17, 2011, at 6:04 AM, Masoud Moshref Javadi wrote:
>>>>>
>>>>>  Is there any support for arbitrary ranges for rules, for IP addresses
>>>>>> or port/protocol numbers. I mean something like 10.0.0.0 to 10.0.0.10.
>>>>>> If no, is there any plan for it?
>>>>>> ______________________________**_________________
>>>>>> discuss mailing list
>>>>>> discuss at openvswitch.org
>>>>>> http://openvswitch.org/**mailman/listinfo/discuss<http://openvswitch.org/mailman/listinfo/discuss>
>>>>>>
>>>>> ______________________________**_________________
>> discuss mailing list
>> discuss at openvswitch.org
>> http://openvswitch.org/**mailman/listinfo/discuss<http://openvswitch.org/mailman/listinfo/discuss>
>>
>
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>


-- 
Tahir Rauf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20110821/e9ff5d5e/attachment.html>


More information about the discuss mailing list