SD-WAN

Hi There,

I am trying to create a simple firewall app on the HP VAN SDN controller that has a list of firewall rules.

I was thinking of using a DIRECTOR packet sequencer that tries to match the packet in the packet-in message with the firewall rules and decide to ALLOW or DENY the packet. If there is no rule match or the matched rule is DENY, I could send out a packet out with empty action list and return TRUE. Now if there is an ALLOW, I could return FALSE and let some other packet sequencer module handle the packet.

What I wanted to know is whether my firewall module has to add flows based on the firewall rules to minimise packet-in messages. If yes, is there any module in the controller that centrally keeps track of the flows added to the switch? Or is it that each individual module can add flows to the switch using OfmFlowMod? If any module can add a flow to the switch, the issue of priority of rules from different modules comes up especially when match criteria with wild cards come into the picture. Could someone clarify this?

Thanks and Regards,

Sridhar

Hello Sridhar,

We are looking into the query and we will come back.

Thanks,
HP SDN Team

Hello Sridhar,

There is no module in the controller that centrally keeps track of the flows in the switch , The issue of priority of rules should be taken care by the application while framing the flow mods to avoid conflict.

Thanks,

HP SDN Team

Hello Sridhar,

Doing a follow up to check if you need any further assistance with respect to the query posted.
Please do let us know  if your problem is solved.

If you have more questions on the same topic please do reply on the same thread or open a new post if new topic.


Thanks
HP SDN Team