Mail Archive: Open Networks
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
code attached
Hi Rob,
My Testbed looks like this
192.168.34.23 192.168.35.18
Source Accelar Destination
-------- --------- -----------
| | | | | |
| | | | | |
| |-------------->| |-------------->| |
| | ----->| | | |
-------- | --------- -----------
ORE 0.3.3 | JVM/ORE ORE 0.3.3
|
V
---------
| |
| |
| |
---------
HTTP Server also running ORE 0.3.3
My TestImpl.java code is attached. I have attempted to create a filter
between 192.168.34.23 and 192.168.35.18 with the intention to drop all the
traffic between them using the IpFilterMapping.BIT_BUCKET option.
The oplet gets loaded as part of the startup oplets succesfully on the
accelar . I expect that the matching frames will not to be forwarded,
however when I start traffic generators in either directions they
succesfully get through with full throughput.
I can't see the filter from the GUI or CLI or that any of the
corresponding MIBs being set.
Where have I gone wrong?
BTW Bret,
I have never tried mirroring but have been sucessful at exploiting the
Diffserv rules feature in the IP Filters for our work here.
For example to set a filter between the above machines such that only the
traffic between 192.168.34.23 port 5001 and 192.168.35.18 is forwarded I
do the following
Working from the GUI - device manager
* First insert a Source Filter named Test with Mode - Forward
* Insert a Source Filter set named test_set and select my Test filter as
part of the set.
* Select the port on the accelar in the Filtered Ports Tab and select the
test_set to be applied to the port. Enable it and select the DefaultAction
as drop.
If you want to add more filters or modify them, first disable the Filtered
port then do any changes.
Remember to click Apply, refresh after every step.
There is a useful Actions table on the page 6-4, IP Filtering section of
"Networking Concepts for the Accelar 1000 Series Routing Switch".
Cheers
Muneyb
_________________________________________________________
Muneyb Minhazuddin - Telecommunications Research Engineer
CSIRO Telecommunication and Industrial Physics
Marsfield, NSW, Australia.
Phone no. : 61 2 9372 4113
FAX : 61 2 9372 4490
e-mail : mminhazu@tip.csiro.au
Home Page : http://www-networks.tip.csiro.au/~mminhazu
---------------------------------------------------------
package jfwdtest;
import com.nortelnetworks.ore.*;
import com.nortelnetworks.ore.service.jfwd.*;
import java.util.*;
class JFwdTestImpl implements JFwdTest
{
void start(OpletContext context)
{
new Thread() {
public void run() {
System.err.println("In new thread...");
doit();
}
}.start();
}
void stop(OpletContext context)
{
}
void doit()
{
IpFilterRegion r;
IpFilterAuthor m;
try {
r = new IpFilterRegion("IP Filter");
}
catch (Exception e) {
// got an exception
System.out.println("Got exception " + e.getMessage());
System.exit(1);
return;
}
try {
m = new IpFilterAuthor(r);
}
catch (Exception e) {
// got an exception
System.out.println("Got exception " + e.getMessage());
System.exit(1);
return;
}
Vector v = new Vector();
v.addElement(new Integer(50));
// first mapping in:
IpFilterMapping ifm =
new IpFilterMapping((short)6,
new IpAddr("192.168.35.18"),
new IpAddr("255.255.255.255"),
new IpAddr("192.168.34.24"),
new IpAddr("255.255.255.255"),
(short)0,
(short)0,
5,
IpFilterMapping.BIT_BUCKET,
v); // priority = 5
if (m.activate(ifm, 0) != 0) {
System.out.println("failure in activating my mapping");
}
if (ifm.isActive()) {
System.out.println("*** the mapping is indeed active");
}
System.out.println("activated mapping");
}
}
Home |
Date Index |
Thread Index