现有拓扑结构如下的网络结构(s1-s4为交换机,h1-h9为主机),现欲让h1和h2白天ping不通,晚上ping的通。
# 拓扑结构:
------------------------------------------------------
-------------------------s1---------------------------
---------------------/---|---\-------------------------
-----------------/-------|------\---------------------
--------------/----------|---------\------------------
------------/------------|------------\---------------
---------s2--------------s3--------------s4-----------
-------/--|--\---------/--|--\---------/--|--\--------
------h1--h2--h3------h4--h5--h6------h7--h8--h9------
------------------------------------------------------
------------------------------------------------------
正常情况下h1和h2是可以ping的通的,要让其ping不通,只需要添加一条流表项,使得h1发送给h2的报文被丢弃即可。
OVS添加流表有两种方式:
1:使用OpenvSwitch的ovs-ofctl add-flow 命令添加流表
2:调用控制器的北向接口下发流表,这里用的是OpenDayLight控制器利用REST API的形式下发流表。
要实现白天和晚上区别处理,普通发送流表显然无法满足要求。故考虑在以上两种方式的基础上拓展对于时间的处理,在白天下发表项晚上删除表项即可。
具体方法:
1:编写shell脚本A,脚本内利用ovs的命令下发流表,将A设定为每天白天执行一次。
编写shell脚本B,脚本内删除流表,将B设定为每天晚上执行一次。
2:编写Python脚本C,脚本内利用OpenDayLight控制器的REST API下发流表,将C设定为每天白天执行一次。
编写Python脚本D,脚本内删除流表,将D设定为每天晚上执行一次。
定时执行脚本的实现:利用crontab
查看执行日志:vim /var/log/cron
修改全局:vim /etc/crontab
修改当前用户: crontab -e
sudo ovs-ofctl -O OpenFlow13 dump-flows s2
sudo ovs-ofctl -O OpenFlow13 add-flow s2 idle_timeout=2000,priority=100,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,action=drop
sudo ovs-ofctl -O OpenFlow13 del-flows s2 dl_src=00:00:00:00:00:01
运行 sudo vim /etc/crontab
添加:
00 06 * * * root bash /home/cheney/Downloads/h1_ping_h2/h1_ping_h2.sh
00 18 * * * root bash /home/cheney/Downloads/h1_ping_h2/h1_ping_h2_del.sh
URL:控制器ip地址:8181/restconf/config/opendaylight-inventory:nodes/node/交换机switch_id/flow-node-inventory:table/0/flow/demo_1
vim h1_ping_h2.py
#!/usr/bin/python
import requests
from requests.auth import HTTPBasicAuth
def http_put(url,jstr):
url= url
headers = {'Content-Type':'application/json'}
resp = requests.put(url,jstr,headers=headers,auth=HTTPBasicAuth('admin', 'admin'))
return resp
if __name__ == "__main__":
url = 'http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:2/flow-node-inventory:table/0/flow/1'
with open('h1_ping_h2.json') as f:
jstr = f.read()
resp = http_put(url,jstr)
print resp.content
vim h1_ping_h2.json
{
"flow": [
{
"id": "1",
"flow-name": "demo_1",
"table_id": 0,
"match": {
"ethernet-match": {
"ethernet-source": {
"mask": "ff:ff:ff:ff:ff:ff",
"address": "00:00:00:00:00:01"
},
"ethernet-destination": {
"mask": "ff:ff:ff:ff:ff:ff",
"address": "00:00:00:00:00:02"
}
}
},
"instructions": {
"instruction": [
{
"order": "0",
"apply-actions": {
"action": [
{
"order": "0",
"drop-action": {
}
}
]
}
}
]
}
}
]
}
vim h1_ping_h2_del.py
#!/usr/bin/python
import requests
from requests.auth import HTTPBasicAuth
if __name__ == "__main__":
url = 'http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:2/flow-node-inventory:table/0/flow/1'
headers = {'Content-Type':'application/xml','Accept': 'application/xml'}
requests.delete(url,headers=headers,auth=HTTPBasicAuth('admin', 'admin'))
运行 sudo vim /etc/crontab
添加:
00 06 * * * root python /home/cheney/Downloads/h1_ping_h2/h1_ping_h2.py
00 18 * * * root python /home/cheney/Downloads/h1_ping_h2/h1_ping_h2_del.py
由于实际程序执行周期需要24小时,这里改变一下时间用于测试:
