def __init__(self, logger, sender, config): self.logger = logger self.sender = sender self.config = config self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"]) self.vmac_builder = VMACBuilder(self.config.vmac_options)
class GSS(object): def __init__(self, logger, sender, config): self.logger = logger self.sender = sender self.config = config self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"]) self.vmac_builder = VMACBuilder(self.config.vmac_options) def handle_BGP(self, rule_type): ### BGP traffic to route server port = self.config.route_server.ports[0] self.logger.debug("JEROENDEBUG-----------" + str(port)) action = {"fwd": [port.id]} match = {"eth_dst": port.mac, "tcp_src": BGP} self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action) match = {"eth_dst": port.mac, "tcp_dst": BGP} self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action) ### BGP traffic to participants for participant in self.config.peers.values(): for port in participant.ports: match = {"eth_dst": port.mac, "tcp_src": BGP} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action) match = {"eth_dst": port.mac, "tcp_dst": BGP} self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action) def handle_ARP_in_main(self, rule_type): ### direct all ARP responses for the route server to it port = self.config.route_server.ports[0] match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action) for participant in self.config.peers.values(): ### make sure ARP replies reach the participants for port in participant.ports: match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action) ### direct gratuituous ARPs only to the respective participant i = 0 for port in participant.ports: vmac = self.vmac_builder.part_port_match(participant.name, i, inbound_bit = False) vmac_mask = self.vmac_builder.part_port_mask(False) match = {"in_port": "arp", "eth_type": ETH_TYPE_ARP, "eth_dst": (vmac, vmac_mask)} action = {"set_eth_dst": MAC_BROADCAST, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action) i += 1 ### flood ARP requests that have gone through the arp switch, but only on non switch-switch ports match = {"in_port": "arp", "eth_type": ETH_TYPE_ARP, "eth_dst": MAC_BROADCAST} ports = [] for participant in self.config.peers.values(): for port in participant.ports: ports.append(port.id) ports.append(self.config.route_server.ports[0].id) action = {"fwd": ports} self.fm_builder.add_flow_mod("insert", rule_type, ARP_BROADCAST_PRIORITY, match, action) ### forward all ARP requests to the arp switch match = {"eth_type": ETH_TYPE_ARP} action = {"fwd": ["arp"]} self.fm_builder.add_flow_mod("insert", rule_type, VNH_ARP_FILTER_PRIORITY, match, action) def handle_ARP_in_arp(self, rule_type): ### direct ARP requests for VNHs to ARP proxy port = self.config.arp_proxy.ports[0] match = {"in_port": "main", "eth_type": ETH_TYPE_ARP, "arp_tpa": (str(self.config.vnhs.network), str(self.config.vnhs.netmask))} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, VNH_ARP_PRIORITY, match, action) ### send all other ARP requests back match = {"eth_type": ETH_TYPE_ARP, "in_port": "main"} action = {"fwd": [OFPP_IN_PORT]} self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action) ### send all ARP replies from the ARP proxy to the main switch match = {"eth_type": ETH_TYPE_ARP, "in_port": "arp proxy"} action = {"fwd": ["main"]} self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action) def handle_participant_with_outbound(self, rule_type): for participant in self.config.peers.values(): ### outbound policies specified if participant.outbound_rules: mac = None for port in participant.ports: if mac is None: mac = port.mac match = {"in_port": port.id} action = {"set_eth_src": mac, "fwd": ["outbound"]} self.fm_builder.add_flow_mod("insert", rule_type, OUTBOUND_PRIORITY, match, action) def handle_participant_with_inbound(self, rule_type, mask_inbound_bit): for participant in self.config.peers.values(): ### inbound policies specified if participant.inbound_rules: i = 0 for port in participant.ports: vmac = self.vmac_builder.part_port_match(participant.name, i, False) i += 1 vmac_mask = self.vmac_builder.part_port_mask(mask_inbound_bit) match = {"eth_dst": (vmac, vmac_mask)} action = {"set_eth_dst": port.mac, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, FORWARDING_PRIORITY, match, action) def default_forwarding(self, rule_type): for participant in self.config.peers.values(): ### default forwarding if not participant.inbound_rules: vmac = self.vmac_builder.next_hop_match(participant.name, False) vmac_mask = self.vmac_builder.next_hop_mask(False) port = participant.ports[0] match = {"eth_dst": (vmac, vmac_mask)} action = {"set_eth_dst": port.mac, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, FORWARDING_PRIORITY, match, action) def default_forwarding_inbound(self, rule_type, fwd): ## set the inbound bit to zero for participant in self.config.peers.values(): if participant.inbound_rules: port = participant.ports[0] vmac_match = self.vmac_builder.next_hop_match(participant.name, False) vmac_match_mask = self.vmac_builder.next_hop_mask(False) vmac_action = self.vmac_builder.part_port_match(participant.name, 0, False) match = {"eth_dst": (vmac_match, vmac_match_mask)} action = {"set_eth_dst": vmac_action, "fwd": [fwd]} self.fm_builder.add_flow_mod("insert", "inbound", INBOUND_PRIORITY, match, action) def handle_inbound(self, rule_type): vmac = self.vmac_builder.only_first_bit() match = {"eth_dst": (vmac, vmac)} action = {"fwd": ["outbound"]} self.fm_builder.add_flow_mod("insert", rule_type, INBOUND_BIT_PRIORITY, match, action) def match_any_fwd(self, rule_type, dst): match = {} action = {"fwd": [dst]} self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action) def delete_flow_rule(self, rule_type, cookie, cookie_mask): self.fm_builder.delete_flow_mod("remove", rule_type, cookie, cookie_mask) def start(self): self.logger.info('start') self.init_fabric() self.sender.send(self.fm_builder.get_msg()) self.logger.info('sent flow mods to reference monitor')
class GSS(object): def __init__(self, logger, sender, config): self.logger = logger self.sender = sender self.config = config self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"]) self.vmac_builder = VMACBuilder(self.config.vmac_options) def handle_BGP(self, rule_type): ### BGP traffic to route server port = self.config.route_server.ports[0] action = {"fwd": [port.id]} match = {"eth_dst": port.mac, "tcp_src": BGP} self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action) match = {"eth_dst": port.mac, "tcp_dst": BGP} self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action) ### BGP traffic to participants for participant in self.config.peers.values(): for port in participant.ports: match = {"eth_dst": port.mac, "tcp_src": BGP} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action) match = {"eth_dst": port.mac, "tcp_dst": BGP} self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action) def handle_ARP_in_main(self, rule_type): ### direct all ARP responses for the route server to it port = self.config.route_server.ports[0] match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "arp", match, action) for participant in self.config.peers.values(): ### make sure ARP replies reach the participants for port in participant.ports: match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac} action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "arp", match, action) ### direct gratuituous ARPs only to the respective participant i = 0 for port in participant.ports: vmac = self.vmac_builder.part_port_match(participant.name, i, inbound_bit=False) vmac_mask = self.vmac_builder.part_port_mask(False) match = { "in_port": "arp", "eth_type": ETH_TYPE_ARP, "eth_dst": (vmac, vmac_mask) } action = {"set_eth_dst": MAC_BROADCAST, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "arp", match, action) i += 1 ### flood ARP requests that have gone through the arp switch, but only on non switch-switch ports match = { "in_port": "arp", "eth_type": ETH_TYPE_ARP, "eth_dst": MAC_BROADCAST } ports = [] for participant in self.config.peers.values(): for port in participant.ports: ports.append(port.id) ports.append(self.config.route_server.ports[0].id) action = {"fwd": ports} self.fm_builder.add_flow_mod("insert", rule_type, "arp_broadcast", match, action) ### forward all ARP requests to the arp switch match = {"eth_type": ETH_TYPE_ARP} action = {"fwd": ["arp"]} self.fm_builder.add_flow_mod("insert", rule_type, "arp_filter", match, action) def handle_ARP_in_arp(self, rule_type): ### direct ARP requests for VNHs to ARP proxy port = self.config.arp_proxy.ports[0] match = { "in_port": "main", "eth_type": ETH_TYPE_ARP, "arp_tpa": (str(self.config.vnhs.network), str(self.config.vnhs.netmask)) } action = {"fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "vnh_arp", match, action) ### send all other ARP requests back match = {"eth_type": ETH_TYPE_ARP, "in_port": "main"} action = {"fwd": [OFPP_IN_PORT]} self.fm_builder.add_flow_mod("insert", rule_type, "default", match, action) ### send all ARP replies from the ARP proxy to the main switch match = {"eth_type": ETH_TYPE_ARP, "in_port": "arp proxy"} action = {"fwd": ["main"]} self.fm_builder.add_flow_mod("insert", rule_type, "default", match, action) def handle_participant_with_outbound(self, rule_type): for participant in self.config.peers.values(): ### outbound policies specified if participant.outbound_rules: mac = None for port in participant.ports: if mac is None: mac = port.mac match = {"in_port": port.id} action = {"set_eth_src": mac, "fwd": ["outbound"]} self.fm_builder.add_flow_mod("insert", rule_type, "outbound", match, action) def handle_participant_with_inbound(self, rule_type, mask_inbound_bit): for participant in self.config.peers.values(): ### inbound policies specified if participant.inbound_rules: i = 0 for port in participant.ports: vmac = self.vmac_builder.part_port_match( participant.name, i, False) i += 1 vmac_mask = self.vmac_builder.part_port_mask( mask_inbound_bit) match = {"eth_dst": (vmac, vmac_mask)} action = {"set_eth_dst": port.mac, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "output", match, action) def default_forwarding(self, rule_type): for participant in self.config.peers.values(): ### default forwarding if not participant.inbound_rules: vmac = self.vmac_builder.next_hop_match( participant.name, False) vmac_mask = self.vmac_builder.next_hop_mask(False) port = participant.ports[0] print "VMAC default rule match:", (vmac, vmac_mask) match = {"eth_dst": (vmac, vmac_mask)} action = {"set_eth_dst": port.mac, "fwd": [port.id]} self.fm_builder.add_flow_mod("insert", rule_type, "output", match, action) def default_forwarding_inbound(self, rule_type, fwd): ## set the inbound bit to zero for participant in self.config.peers.values(): if participant.inbound_rules: port = participant.ports[0] vmac_match = self.vmac_builder.next_hop_match( participant.name, False) vmac_match_mask = self.vmac_builder.next_hop_mask(False) vmac_action = self.vmac_builder.part_port_match( participant.name, 0, False) print "VMAC default rule match:", (vmac_match, vmac_match_mask) match = {"eth_dst": (vmac_match, vmac_match_mask)} action = {"set_eth_dst": vmac_action, "fwd": [fwd]} self.fm_builder.add_flow_mod("insert", "inbound", "inbound", match, action) def handle_inbound(self, rule_type): vmac = self.vmac_builder.only_first_bit() match = {"eth_dst": (vmac, vmac)} action = {"fwd": ["outbound"]} self.fm_builder.add_flow_mod("insert", rule_type, "inbound", match, action) def match_any_fwd(self, rule_type, dst): match = {} action = {"fwd": [dst]} self.fm_builder.add_flow_mod("insert", rule_type, "default", match, action) def delete_flow_rule(self, rule_type, cookie, cookie_mask): self.fm_builder.delete_flow_mod("remove", rule_type, cookie, cookie_mask) def start(self): self.logger.info('start') self.init_fabric() self.sender.send(self.fm_builder.get_msg()) self.logger.info('sent flow mods to reference monitor')