-
-
Save anonymous/1543a410d57f491352c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
INGRESS & EGRESS RULES FROM NEUTRON API CALLS (INGRESS 1st) | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@ | |
### Group 1 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group1 --description "Group 1" | |
neutron security-group-list | |
neutron security-group-rule-create --direction ingress --protocol tcp group1 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group1 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group1 | |
# Flowmod: | |
# -------- | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1 | |
# New Flowmod: | |
# -------- | |
table=90, priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
@@@@@@@@@@@@@@@ | |
### Group 2 ### | |
@@@@@@@@@@@@@@@ | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group2 --description "Group 2" | |
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group2 | |
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group2 | |
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group2 | |
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group2 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group2 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group2 | |
# Flowmods: | |
# ------------- | |
Rule #6 ingress PortSec Rule is: TCP Protocol tcp, TCP Port Min 22, TCP Port Max null, IP Prefix null | |
cookie=0x0, duration=73.984s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=73.963s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=54,tcp_flags=0x002 actions=goto_table:100 | |
cookie=0x0, duration=73.967s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=1633,tcp_flags=0x002 actions=goto_table:100 | |
cookie=0x0, duration=73.970s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=22,tcp_flags=0x002 actions=goto_table:100 | |
cookie=0x0, duration=73.976s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=80,tcp_flags=0x002 actions=goto_table:100 | |
@@@@@@@@@@@@@@@ | |
### Group 3 ### | |
@@@@@@@@@@@@@@@ | |
#----------------------------------------------------------------------------------------------------------------- | |
# 3rd Rule Match: PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 10.200.0.0/16 | |
#----------------------------------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group3 --description "Group 3" | |
neutron security-group-rule-create --direction ingress --protocol tcp --remote-ip-prefix 10.200.0.0/16 group3 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group3 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group3 | |
Flowmods: | |
--------- | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:13:b2:d0,tcp_flags=0x002 actions=drop | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=output:4 | |
New Flowmods: | |
------------- | |
cookie=0x0, duration=11.696s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_dst=fa:16:3e:20:71:ce,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=11.694s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
@@@@@@@@@@@@@@@ | |
### Group 4 ### | |
@@@@@@@@@@@@@@@ | |
#-------------------------------------------------------------------------------------------------------------------- | |
# 5th Rule Match: PortSec Rule is: TCP Protocol null, TCP Port Min null, TCP Port Max null, IP Prefix 172.24.0.0/16 - | |
#-------------------------------------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group4 --description "Group 4" | |
neutron security-group-rule-create --direction ingress --remote-ip-prefix 172.24.0.0/16 group4 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group4 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group4 | |
# Flowmods: | |
# --------- | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36884,tcp,tun_id=0x582,dl_dst=fa:16:3e:b8:91:9d,tcp_flags=0x002 actions=drop | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=output:2 | |
New Flowmods: | |
------------- | |
cookie=0x0, duration=7.398s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
cookie=0x0, duration=1140.609s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
@@@@@@@@@@@@@@@ | |
### Group 5 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group5 --description "Group 5" | |
neutron security-group-list | |
neutron security-group-rule-create --direction ingress --protocol tcp group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group5 | |
# Fedora1 | |
#--------- | |
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group5 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group5 | |
# Flowmod: | |
# -------- | |
cookie=0x3, duration=4.980s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=1633,tcp_flags=0x002 actions=output:3 | |
cookie=0x4, duration=4.950s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=80,tcp_flags=0x002 actions=output:3 | |
cookie=0x6, duration=4.892s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=22,tcp_flags=0x002 actions=output:3 | |
cookie=0x5, duration=4.917s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=54,tcp_flags=0x002 actions=output:3 | |
cookie=0x2, duration=5.047s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:3 | |
# New Flowmods (Fix Priorites) | |
-------------- | |
cookie=0x5, duration=10.592s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=1633,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x7, duration=10.582s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=80,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x6, duration=10.588s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=54,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x4, duration=10.597s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=22,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x3, duration=10.599s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36904,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=10.453s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=54,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x0, duration=10.457s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=80,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x0, duration=10.447s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=1633,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x0, duration=10.464s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=22,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc | |
cookie=0x0, duration=10.510s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=10.443s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xf/0xc | |
cookie=0x0, duration=81.999s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:fd:10,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=8.590s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36004,tcp,tun_id=0x582,dl_dst=fa:16:3e:57:1f:8e,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=8.557s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x10/0xc | |
cookie=0x0, duration=81.986s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x10/0xc | |
@@@@@@@@@@@@@@@ | |
### Group 6 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group6 --description "Group 6" | |
neutron security-group-list | |
neutron security-group-rule-create --direction ingress --protocol tcp --remote-ip-prefix 0.0.0.0/0 group6 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group6 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group6 | |
# Flowmod: | |
# -------- | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1 | |
# New Flowmod: | |
# ----------- | |
cookie=0x0, duration=3.736s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=0.0.0.0,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
cookie=0x0, duration=203.860s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
@@@@@@@@@@@@@@@ | |
### Group 7 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group7 --description "Group 7" | |
neutron security-group-list | |
neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 443 --port-range-max 443 --remote-ip-prefix 172.16.240.128/25 group7 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group7 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group7 | |
# Flowmod: | |
# -------- | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop | |
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1 | |
# New Flowmod: | |
# -------- | |
table=90, priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
EGRESS RULES ARE NEXT | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
@@@@@@@@@@@@@@@ | |
### Group 1 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group1 --description "Group 1" | |
neutron security-group-list | |
neutron security-group-rule-create --direction egress --protocol tcp group1 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group1 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group1 | |
# Flowmod: | |
# ----------- | |
Rule #7 | |
cookie=0x0, duration=13.469s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=goto_table:100 | |
@@@@@@@@@@@@@@@ | |
### Group 2 ### | |
@@@@@@@@@@@@@@@ | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group2 --description "Group 2" | |
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 54 --port-range-max 54 group2 | |
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 80 --port-range-max 80 group2 | |
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 1633 --port-range-max 1633 group2 | |
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 22 --port-range-max 22 group2 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group2 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group2 | |
# Flowmod: | |
# -------- | |
Rule #6 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min 80, TCP Port Max null, IP Prefix null | |
cookie=0x0, duration=17.998s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=17.995s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=54,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=17.982s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=80,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=17.985s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=1633,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=17.991s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=22,tcp_flags=0x002 actions=goto_table:50 | |
@@@@@@@@@@@@@@@ | |
### Group 3 ### | |
@@@@@@@@@@@@@@@ | |
#----------------------------------------------------------------------------------------------------------------- | |
#----------------------------------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group3 --description "Group 3" | |
neutron security-group-rule-create --direction egress --protocol tcp --remote-ip-prefix 10.200.0.0/16 group3 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group3 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group3 | |
Flowmods: | |
--------- | |
Rule #3 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 10.200.0.0/16 | |
cookie=0x0, duration=74.789s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_dst=10.200.0.0/16,tcp_flags=0x002 actions=goto_table:100 | |
cookie=0x0, duration=74.797s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_src=fa:16:3e:e7:ce:ff,tcp_flags=0x002 actions=drop | |
@@@@@@@@@@@@@@@ | |
### Group 4 ### | |
@@@@@@@@@@@@@@@ | |
#-------------------------------------------------------------------------------------------------------------------- | |
#-------------------------------------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group4 --description "Group 4" | |
neutron security-group-rule-create --direction egress --remote-ip-prefix 172.24.0.0/16 group4 | |
# Fedora1 | |
#--------- | |
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group4 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group4 | |
Flowmods: | |
--------- | |
Rule #4 egress PortSec Rule is: TCP Protocol null, TCP Port Min null, TCP Port Max null, IP Prefix 172.24.0.0/16 | |
cookie=0x0, duration=66.339s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36004,tcp,tun_id=0x582,dl_src=fa:16:3e:26:8a:3f,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=66.336s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_dst=172.24.0.0/16,tcp_flags=0x002 actions=goto_table:100 | |
@@@@@@@@@@@@@@@ | |
### Group 5 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group5 --description "Group 5" | |
neutron security-group-list | |
neutron security-group-rule-create --direction egress --protocol tcp group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group5 | |
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group5 | |
# Fedora1 | |
#--------- | |
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group5 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group5 | |
# Flowmod: | |
# -------- | |
Rule #7 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix null | |
cookie=0x0, duration=140.577s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=140.581s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=22,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=140.589s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=80,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=140.608s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=1633,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=140.605s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=54,tcp_flags=0x002 actions=goto_table:50 | |
@@@@@@@@@@@@@@@ | |
### Group 6 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group6 --description "Group 6" | |
neutron security-group-list | |
neutron security-group-rule-create --direction egress --protocol tcp --remote-ip-prefix 0.0.0.0/0 group6 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group6 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group6 | |
# Flowmod: | |
# -------- | |
Rule #3 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 0.0.0.0/0 | |
cookie=0x0, duration=38.543s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_src=fa:16:3e:d5:85:84,tcp_flags=0x002 actions=drop | |
cookie=0x0, duration=38.541s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_dst=0.0.0.0,tcp_flags=0x002 actions=goto_table:50 | |
@@@@@@@@@@@@@@@ | |
### Group 7 ### | |
@@@@@@@@@@@@@@@ | |
#---------------------------------------------------------------------------------------- | |
#---------------------------------------------------------------------------------------- | |
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410 | |
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2 | |
#--- Add Security Group and Rules --- # | |
neutron security-group-create group7 --description "Group 7" | |
neutron security-group-list | |
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 443 --port-range-max 443 --remote-ip-prefix 172.16.240.128/25 group7 | |
# Fedora1 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group7 | |
# Fedora2 | |
#--------- | |
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group7 | |
# Flowmod: | |
# -------- | |
Rule #2 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min 443, TCP Port Max null, IP Prefix 172.16.240.128/25 | |
cookie=0x0, duration=20.061s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_src=fa:16:3e:92:3a:4e,nw_dst=172.16.240.128/25,tp_dst=443,tcp_flags=0x002 actions=goto_table:50 | |
cookie=0x0, duration=20.064s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36001,tcp,tun_id=0x582,dl_src=fa:16:3e:92:3a:4e,tcp_flags=0x002 actions=drop | |
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment