def __init__(self, logger, sender, config):
self.logger = logger
self.sender = sender
self.config = config
self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"])
self.vmac_builder = VMACBuilder(self.config.vmac_options)
def __init__(self, logger, sender, config):
self.logger = logger
self.sender = sender
self.config = config
self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"])
self.vmac_builder = VMACBuilder(self.config.vmac_options)
class GSS(object):
def __init__(self, logger, sender, config):
self.logger = logger
self.sender = sender
self.config = config
self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"])
self.vmac_builder = VMACBuilder(self.config.vmac_options)
def handle_BGP(self, rule_type):
### BGP traffic to route server
port = self.config.route_server.ports[0]
self.logger.debug("JEROENDEBUG-----------" + str(port))
action = {"fwd": [port.id]}
match = {"eth_dst": port.mac, "tcp_src": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action)
match = {"eth_dst": port.mac, "tcp_dst": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action)
### BGP traffic to participants
for participant in self.config.peers.values():
for port in participant.ports:
match = {"eth_dst": port.mac, "tcp_src": BGP}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action)
match = {"eth_dst": port.mac, "tcp_dst": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, BGP_PRIORITY, match, action)
def handle_ARP_in_main(self, rule_type):
### direct all ARP responses for the route server to it
port = self.config.route_server.ports[0]
match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action)
for participant in self.config.peers.values():
### make sure ARP replies reach the participants
for port in participant.ports:
match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action)
### direct gratuituous ARPs only to the respective participant
i = 0
for port in participant.ports:
vmac = self.vmac_builder.part_port_match(participant.name, i, inbound_bit = False)
vmac_mask = self.vmac_builder.part_port_mask(False)
match = {"in_port": "arp",
"eth_type": ETH_TYPE_ARP,
"eth_dst": (vmac, vmac_mask)}
action = {"set_eth_dst": MAC_BROADCAST, "fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, ARP_PRIORITY, match, action)
i += 1
### flood ARP requests that have gone through the arp switch, but only on non switch-switch ports
match = {"in_port": "arp",
"eth_type": ETH_TYPE_ARP,
"eth_dst": MAC_BROADCAST}
ports = []
for participant in self.config.peers.values():
for port in participant.ports:
ports.append(port.id)
ports.append(self.config.route_server.ports[0].id)
action = {"fwd": ports}
self.fm_builder.add_flow_mod("insert", rule_type, ARP_BROADCAST_PRIORITY, match, action)
### forward all ARP requests to the arp switch
match = {"eth_type": ETH_TYPE_ARP}
action = {"fwd": ["arp"]}
self.fm_builder.add_flow_mod("insert", rule_type, VNH_ARP_FILTER_PRIORITY, match, action)
def handle_ARP_in_arp(self, rule_type):
### direct ARP requests for VNHs to ARP proxy
port = self.config.arp_proxy.ports[0]
match = {"in_port": "main",
"eth_type": ETH_TYPE_ARP,
"arp_tpa": (str(self.config.vnhs.network), str(self.config.vnhs.netmask))}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, VNH_ARP_PRIORITY, match, action)
### send all other ARP requests back
match = {"eth_type": ETH_TYPE_ARP, "in_port": "main"}
action = {"fwd": [OFPP_IN_PORT]}
self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action)
### send all ARP replies from the ARP proxy to the main switch
match = {"eth_type": ETH_TYPE_ARP, "in_port": "arp proxy"}
action = {"fwd": ["main"]}
self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action)
def handle_participant_with_outbound(self, rule_type):
for participant in self.config.peers.values():
### outbound policies specified
if participant.outbound_rules:
mac = None
for port in participant.ports:
if mac is None:
mac = port.mac
match = {"in_port": port.id}
action = {"set_eth_src": mac, "fwd": ["outbound"]}
self.fm_builder.add_flow_mod("insert", rule_type, OUTBOUND_PRIORITY, match, action)
def handle_participant_with_inbound(self, rule_type, mask_inbound_bit):
for participant in self.config.peers.values():
### inbound policies specified
if participant.inbound_rules:
i = 0
for port in participant.ports:
vmac = self.vmac_builder.part_port_match(participant.name, i, False)
i += 1
vmac_mask = self.vmac_builder.part_port_mask(mask_inbound_bit)
match = {"eth_dst": (vmac, vmac_mask)}
action = {"set_eth_dst": port.mac,
"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, FORWARDING_PRIORITY, match, action)
def default_forwarding(self, rule_type):
for participant in self.config.peers.values():
### default forwarding
if not participant.inbound_rules:
vmac = self.vmac_builder.next_hop_match(participant.name, False)
vmac_mask = self.vmac_builder.next_hop_mask(False)
port = participant.ports[0]
match = {"eth_dst": (vmac, vmac_mask)}
action = {"set_eth_dst": port.mac,
"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, FORWARDING_PRIORITY, match, action)
def default_forwarding_inbound(self, rule_type, fwd):
## set the inbound bit to zero
for participant in self.config.peers.values():
if participant.inbound_rules:
port = participant.ports[0]
vmac_match = self.vmac_builder.next_hop_match(participant.name, False)
vmac_match_mask = self.vmac_builder.next_hop_mask(False)
vmac_action = self.vmac_builder.part_port_match(participant.name, 0, False)
match = {"eth_dst": (vmac_match, vmac_match_mask)}
action = {"set_eth_dst": vmac_action, "fwd": [fwd]}
self.fm_builder.add_flow_mod("insert", "inbound", INBOUND_PRIORITY, match, action)
def handle_inbound(self, rule_type):
vmac = self.vmac_builder.only_first_bit()
match = {"eth_dst": (vmac, vmac)}
action = {"fwd": ["outbound"]}
self.fm_builder.add_flow_mod("insert", rule_type, INBOUND_BIT_PRIORITY, match, action)
def match_any_fwd(self, rule_type, dst):
match = {}
action = {"fwd": [dst]}
self.fm_builder.add_flow_mod("insert", rule_type, DEFAULT_PRIORITY, match, action)
def delete_flow_rule(self, rule_type, cookie, cookie_mask):
self.fm_builder.delete_flow_mod("remove", rule_type, cookie, cookie_mask)
def start(self):
self.logger.info('start')
self.init_fabric()
self.sender.send(self.fm_builder.get_msg())
self.logger.info('sent flow mods to reference monitor')
class GSS(object):
def __init__(self, logger, sender, config):
self.logger = logger
self.sender = sender
self.config = config
self.fm_builder = FlowModMsgBuilder(0, self.config.flanc_auth["key"])
self.vmac_builder = VMACBuilder(self.config.vmac_options)
def handle_BGP(self, rule_type):
### BGP traffic to route server
port = self.config.route_server.ports[0]
action = {"fwd": [port.id]}
match = {"eth_dst": port.mac, "tcp_src": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action)
match = {"eth_dst": port.mac, "tcp_dst": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match, action)
### BGP traffic to participants
for participant in self.config.peers.values():
for port in participant.ports:
match = {"eth_dst": port.mac, "tcp_src": BGP}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match,
action)
match = {"eth_dst": port.mac, "tcp_dst": BGP}
self.fm_builder.add_flow_mod("insert", rule_type, "bgp", match,
action)
def handle_ARP_in_main(self, rule_type):
### direct all ARP responses for the route server to it
port = self.config.route_server.ports[0]
match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "arp", match, action)
for participant in self.config.peers.values():
### make sure ARP replies reach the participants
for port in participant.ports:
match = {"eth_type": ETH_TYPE_ARP, "eth_dst": port.mac}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "arp", match,
action)
### direct gratuituous ARPs only to the respective participant
i = 0
for port in participant.ports:
vmac = self.vmac_builder.part_port_match(participant.name,
i,
inbound_bit=False)
vmac_mask = self.vmac_builder.part_port_mask(False)
match = {
"in_port": "arp",
"eth_type": ETH_TYPE_ARP,
"eth_dst": (vmac, vmac_mask)
}
action = {"set_eth_dst": MAC_BROADCAST, "fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "arp", match,
action)
i += 1
### flood ARP requests that have gone through the arp switch, but only on non switch-switch ports
match = {
"in_port": "arp",
"eth_type": ETH_TYPE_ARP,
"eth_dst": MAC_BROADCAST
}
ports = []
for participant in self.config.peers.values():
for port in participant.ports:
ports.append(port.id)
ports.append(self.config.route_server.ports[0].id)
action = {"fwd": ports}
self.fm_builder.add_flow_mod("insert", rule_type, "arp_broadcast",
match, action)
### forward all ARP requests to the arp switch
match = {"eth_type": ETH_TYPE_ARP}
action = {"fwd": ["arp"]}
self.fm_builder.add_flow_mod("insert", rule_type, "arp_filter", match,
action)
def handle_ARP_in_arp(self, rule_type):
### direct ARP requests for VNHs to ARP proxy
port = self.config.arp_proxy.ports[0]
match = {
"in_port":
"main",
"eth_type":
ETH_TYPE_ARP,
"arp_tpa":
(str(self.config.vnhs.network), str(self.config.vnhs.netmask))
}
action = {"fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "vnh_arp", match,
action)
### send all other ARP requests back
match = {"eth_type": ETH_TYPE_ARP, "in_port": "main"}
action = {"fwd": [OFPP_IN_PORT]}
self.fm_builder.add_flow_mod("insert", rule_type, "default", match,
action)
### send all ARP replies from the ARP proxy to the main switch
match = {"eth_type": ETH_TYPE_ARP, "in_port": "arp proxy"}
action = {"fwd": ["main"]}
self.fm_builder.add_flow_mod("insert", rule_type, "default", match,
action)
def handle_participant_with_outbound(self, rule_type):
for participant in self.config.peers.values():
### outbound policies specified
if participant.outbound_rules:
mac = None
for port in participant.ports:
if mac is None:
mac = port.mac
match = {"in_port": port.id}
action = {"set_eth_src": mac, "fwd": ["outbound"]}
self.fm_builder.add_flow_mod("insert", rule_type,
"outbound", match, action)
def handle_participant_with_inbound(self, rule_type, mask_inbound_bit):
for participant in self.config.peers.values():
### inbound policies specified
if participant.inbound_rules:
i = 0
for port in participant.ports:
vmac = self.vmac_builder.part_port_match(
participant.name, i, False)
i += 1
vmac_mask = self.vmac_builder.part_port_mask(
mask_inbound_bit)
match = {"eth_dst": (vmac, vmac_mask)}
action = {"set_eth_dst": port.mac, "fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "output",
match, action)
def default_forwarding(self, rule_type):
for participant in self.config.peers.values():
### default forwarding
if not participant.inbound_rules:
vmac = self.vmac_builder.next_hop_match(
participant.name, False)
vmac_mask = self.vmac_builder.next_hop_mask(False)
port = participant.ports[0]
print "VMAC default rule match:", (vmac, vmac_mask)
match = {"eth_dst": (vmac, vmac_mask)}
action = {"set_eth_dst": port.mac, "fwd": [port.id]}
self.fm_builder.add_flow_mod("insert", rule_type, "output",
match, action)
def default_forwarding_inbound(self, rule_type, fwd):
## set the inbound bit to zero
for participant in self.config.peers.values():
if participant.inbound_rules:
port = participant.ports[0]
vmac_match = self.vmac_builder.next_hop_match(
participant.name, False)
vmac_match_mask = self.vmac_builder.next_hop_mask(False)
vmac_action = self.vmac_builder.part_port_match(
participant.name, 0, False)
print "VMAC default rule match:", (vmac_match, vmac_match_mask)
match = {"eth_dst": (vmac_match, vmac_match_mask)}
action = {"set_eth_dst": vmac_action, "fwd": [fwd]}
self.fm_builder.add_flow_mod("insert", "inbound", "inbound",
match, action)
def handle_inbound(self, rule_type):
vmac = self.vmac_builder.only_first_bit()
match = {"eth_dst": (vmac, vmac)}
action = {"fwd": ["outbound"]}
self.fm_builder.add_flow_mod("insert", rule_type, "inbound", match,
action)
def match_any_fwd(self, rule_type, dst):
match = {}
action = {"fwd": [dst]}
self.fm_builder.add_flow_mod("insert", rule_type, "default", match,
action)
def delete_flow_rule(self, rule_type, cookie, cookie_mask):
self.fm_builder.delete_flow_mod("remove", rule_type, cookie,
cookie_mask)
def start(self):
self.logger.info('start')
self.init_fabric()
self.sender.send(self.fm_builder.get_msg())
self.logger.info('sent flow mods to reference monitor')
