That assumes the policy/rule has already been configured. We do that also. But I am talking about when a policy/rule is configured in the firewall.
The policy/rule in the firewall is configured any time regardless of when packets matching the rule may be received by the datapath. At this time (i.e. when the rule is configured in teh firewall), the firewall does not know what the cookie/flow-id would be. On Fri, Dec 19, 2014 at 1:55 PM, Justin Pettit <jpet...@nicira.com> wrote: > The controller can associate a cookie with a flow, and that will be sent > to the controller if you've told the flow to send packets to the > controller. I'm not sure why you wouldn't just push the action down at > that the time of the flow insertion, though. > > --Justin > > > > On Dec 19, 2014, at 1:27 PM, Ashok Chippa <a.n.chi...@gmail.com> wrote: > > > > Hi Justin, > > > > Thank you for the reply. Appreciate it. > > > > Is cookie the flow_id? It seems like it. In that case, I am requesting > for a programmatic API to get the cookie given match fields... > > > > Use case: Example Firewall. Let's say a user configures a policy/rule in > the Firewall using its north-bound API. The Firewall needs to save this > policy/rule somewhere in its database. Subsequently, when a packet is > received (that would match this firewall rule) in the OVS datapath, OVS > would punt it to the controller (firewall in my case)... The firewall needs > to lookup the matching rule and tell the OVS datapath what ACTION to take. > Now, the firewall can do its own searching into its database and find the > matching rule. But this would require some CPU cycles. Why not just use the > cookie (flow_id) so that when the packet is punted (along with the > flow_id), the firewall simply looks the matching rule using the flow_id... > Speeds up the performance... > > > > The API would request the OVS datapath so: "If I were to receive a > packet with these matching fields, what would your cookie/flow_id be?"... > > > > I hope it is clear now. > > > > Thanks, > > Ashok > > > > On Fri, Dec 19, 2014 at 12:29 PM, Justin Pettit <jpet...@nicira.com> > wrote: > > I'm not sure I understand the question. Do you mean you just want some > sort of flow ID through OpenFlow? What about the cookie field? > > > > --Justin > > > > > > > On Dec 19, 2014, at 12:11 PM, Ashok Chippa <a.n.chi...@gmail.com> > wrote: > > > > > > Hi, > > > > > > Just in case you missed, I'm resending my question: > > > > > > I am looking for an API to get a flow_id from OVS datapath, given > bunch of match fields... > > > In CLI this would look something like: "ovs-ofctl get-flowid flow"... > Needed for simplifying > > > the user app (FW in my case) that can just store the policy-rule using > the flow-id as an > > > index... Will also simplify the rule lookup when a packet is punted to > the app by the OVS > > > datapath... > > > > > > If there is no such thing available, is it ok for me to write one? If > so, could someone point > > > out to me place(s) in the code I should be focusing on... I have not > looked at the OVS > > > datapath code at all... So this will be the first for me... > > > > > > Appreciate anyone's help. Looking forward to a reply... > > > > > > Thanks, > > > Ashok > > > > > > > > > > > > _______________________________________________ > > > discuss mailing list > > > discuss@openvswitch.org > > > http://openvswitch.org/mailman/listinfo/discuss > > > > > >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
