Skip to content

Instantly share code, notes, and snippets.

/gistify230638.java Secret

Created September 2, 2014 06:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/1543a410d57f491352c8 to your computer and use it in GitHub Desktop.
Save anonymous/1543a410d57f491352c8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistify230638.java
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
INGRESS & EGRESS RULES FROM NEUTRON API CALLS (INGRESS 1st)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
### Group 1 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group1 --description "Group 1"
neutron security-group-list
neutron security-group-rule-create --direction ingress --protocol tcp group1
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group1
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group1
# Flowmod:
# --------
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1
# New Flowmod:
# --------
table=90, priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
@@@@@@@@@@@@@@@
### Group 2 ###
@@@@@@@@@@@@@@@
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group2 --description "Group 2"
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group2
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group2
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group2
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group2
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group2
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group2
# Flowmods:
# -------------
Rule #6 ingress PortSec Rule is: TCP Protocol tcp, TCP Port Min 22, TCP Port Max null, IP Prefix null
cookie=0x0, duration=73.984s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tcp_flags=0x002 actions=drop
cookie=0x0, duration=73.963s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=54,tcp_flags=0x002 actions=goto_table:100
cookie=0x0, duration=73.967s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=1633,tcp_flags=0x002 actions=goto_table:100
cookie=0x0, duration=73.970s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=22,tcp_flags=0x002 actions=goto_table:100
cookie=0x0, duration=73.976s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:a0:d4:de,tp_dst=80,tcp_flags=0x002 actions=goto_table:100
@@@@@@@@@@@@@@@
### Group 3 ###
@@@@@@@@@@@@@@@
#-----------------------------------------------------------------------------------------------------------------
# 3rd Rule Match: PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 10.200.0.0/16
#-----------------------------------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group3 --description "Group 3"
neutron security-group-rule-create --direction ingress --protocol tcp --remote-ip-prefix 10.200.0.0/16 group3
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group3
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group3
Flowmods:
---------
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:13:b2:d0,tcp_flags=0x002 actions=drop
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=output:4
New Flowmods:
-------------
cookie=0x0, duration=11.696s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_dst=fa:16:3e:20:71:ce,tcp_flags=0x002 actions=drop
cookie=0x0, duration=11.694s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
@@@@@@@@@@@@@@@
### Group 4 ###
@@@@@@@@@@@@@@@
#--------------------------------------------------------------------------------------------------------------------
# 5th Rule Match: PortSec Rule is: TCP Protocol null, TCP Port Min null, TCP Port Max null, IP Prefix 172.24.0.0/16 -
#--------------------------------------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group4 --description "Group 4"
neutron security-group-rule-create --direction ingress --remote-ip-prefix 172.24.0.0/16 group4
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group4
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group4
# Flowmods:
# ---------
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36884,tcp,tun_id=0x582,dl_dst=fa:16:3e:b8:91:9d,tcp_flags=0x002 actions=drop
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=output:2
New Flowmods:
-------------
cookie=0x0, duration=7.398s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
cookie=0x0, duration=1140.609s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
@@@@@@@@@@@@@@@
### Group 5 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group5 --description "Group 5"
neutron security-group-list
neutron security-group-rule-create --direction ingress --protocol tcp group5
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group5
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group5
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group5
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group5
# Fedora1
#---------
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group5
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group5
# Flowmod:
# --------
cookie=0x3, duration=4.980s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=1633,tcp_flags=0x002 actions=output:3
cookie=0x4, duration=4.950s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=80,tcp_flags=0x002 actions=output:3
cookie=0x6, duration=4.892s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=22,tcp_flags=0x002 actions=output:3
cookie=0x5, duration=4.917s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60007,tcp,tun_id=0x582,dl_dst=fa:16:3e:f1:98:39,tp_dst=54,tcp_flags=0x002 actions=output:3
cookie=0x2, duration=5.047s, table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:3
# New Flowmods (Fix Priorites)
--------------
cookie=0x5, duration=10.592s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=1633,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x7, duration=10.582s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=80,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x6, duration=10.588s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=54,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x4, duration=10.597s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=60001,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tp_dst=22,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x3, duration=10.599s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36904,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:bb:69,tcp_flags=0x002 actions=drop
cookie=0x0, duration=10.453s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=54,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x0, duration=10.457s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=80,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x0, duration=10.447s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=1633,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x0, duration=10.464s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tp_dst=22,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xd/0xc
cookie=0x0, duration=10.510s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_dst=fa:16:3e:7a:32:d9,tcp_flags=0x002 actions=drop
cookie=0x0, duration=10.443s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0xf/0xc
cookie=0x0, duration=81.999s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_dst=fa:16:3e:11:fd:10,tcp_flags=0x002 actions=drop
cookie=0x0, duration=8.590s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=36004,tcp,tun_id=0x582,dl_dst=fa:16:3e:57:1f:8e,tcp_flags=0x002 actions=drop
cookie=0x0, duration=8.557s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_src=172.24.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x10/0xc
cookie=0x0, duration=81.986s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x10/0xc
@@@@@@@@@@@@@@@
### Group 6 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group6 --description "Group 6"
neutron security-group-list
neutron security-group-rule-create --direction ingress --protocol tcp --remote-ip-prefix 0.0.0.0/0 group6
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group6
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group6
# Flowmod:
# --------
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1
# New Flowmod:
# -----------
cookie=0x0, duration=3.736s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=0.0.0.0,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
cookie=0x0, duration=203.860s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_src=10.200.0.0/16,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
@@@@@@@@@@@@@@@
### Group 7 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group7 --description "Group 7"
neutron security-group-list
neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 443 --port-range-max 443 --remote-ip-prefix 172.16.240.128/25 group7
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group7
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group7
# Flowmod:
# --------
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=36874,tcp,tun_id=0x582,dl_dst=fa:16:3e:e1:3b:6e,tcp_flags=0x002 actions=drop
table=20, n_packets=0, n_bytes=0, send_flow_rem priority=60006,tcp,tun_id=0x582,tcp_flags=0x002 actions=output:1
# New Flowmod:
# --------
table=90, priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=resubmit(,90),write_metadata:0x5a/0x5a
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
EGRESS RULES ARE NEXT
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
### Group 1 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group1 --description "Group 1"
neutron security-group-list
neutron security-group-rule-create --direction egress --protocol tcp group1
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group1
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group1
# Flowmod:
# -----------
Rule #7
cookie=0x0, duration=13.469s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=goto_table:100
@@@@@@@@@@@@@@@
### Group 2 ###
@@@@@@@@@@@@@@@
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group2 --description "Group 2"
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 54 --port-range-max 54 group2
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 80 --port-range-max 80 group2
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 1633 --port-range-max 1633 group2
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 22 --port-range-max 22 group2
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group2
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group2
# Flowmod:
# --------
Rule #6 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min 80, TCP Port Max null, IP Prefix null
cookie=0x0, duration=17.998s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36005,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tcp_flags=0x002 actions=drop
cookie=0x0, duration=17.995s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=54,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=17.982s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=80,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=17.985s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=1633,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=17.991s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=6507,tcp,tun_id=0x582,dl_src=fa:16:3e:b0:e6:69,tp_dst=22,tcp_flags=0x002 actions=goto_table:50
@@@@@@@@@@@@@@@
### Group 3 ###
@@@@@@@@@@@@@@@
#-----------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group3 --description "Group 3"
neutron security-group-rule-create --direction egress --protocol tcp --remote-ip-prefix 10.200.0.0/16 group3
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group3
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group3
Flowmods:
---------
Rule #3 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 10.200.0.0/16
cookie=0x0, duration=74.789s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_dst=10.200.0.0/16,tcp_flags=0x002 actions=goto_table:100
cookie=0x0, duration=74.797s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_src=fa:16:3e:e7:ce:ff,tcp_flags=0x002 actions=drop
@@@@@@@@@@@@@@@
### Group 4 ###
@@@@@@@@@@@@@@@
#--------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group4 --description "Group 4"
neutron security-group-rule-create --direction egress --remote-ip-prefix 172.24.0.0/16 group4
# Fedora1
#---------
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group4
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group4
Flowmods:
---------
Rule #4 egress PortSec Rule is: TCP Protocol null, TCP Port Min null, TCP Port Max null, IP Prefix 172.24.0.0/16
cookie=0x0, duration=66.339s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36004,tcp,tun_id=0x582,dl_src=fa:16:3e:26:8a:3f,tcp_flags=0x002 actions=drop
cookie=0x0, duration=66.336s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61009,tcp,tun_id=0x582,nw_dst=172.24.0.0/16,tcp_flags=0x002 actions=goto_table:100
@@@@@@@@@@@@@@@
### Group 5 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
# PortSec Rule is: TCP Protocol tcp, TCP Port Min 1633, TCP Port Max null, IP Prefix null
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group5 --description "Group 5"
neutron security-group-list
neutron security-group-rule-create --direction egress --protocol tcp group5
neutron security-group-rule-create --protocol tcp --port-range-min 54 --port-range-max 54 group5
neutron security-group-rule-create --protocol tcp --port-range-min 80 --port-range-max 80 group5
neutron security-group-rule-create --protocol tcp --port-range-min 1633 --port-range-max 1633 group5
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 group5
# Fedora1
#---------
# nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group5
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group5
# Flowmod:
# --------
Rule #7 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix null
cookie=0x0, duration=140.577s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61010,tcp,tun_id=0x582,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=140.581s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=22,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=140.589s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=80,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=140.608s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=1633,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=140.605s, table=90, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_dst=fa:16:3e:33:cf:f0,tp_dst=54,tcp_flags=0x002 actions=goto_table:50
@@@@@@@@@@@@@@@
### Group 6 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group6 --description "Group 6"
neutron security-group-list
neutron security-group-rule-create --direction egress --protocol tcp --remote-ip-prefix 0.0.0.0/0 group6
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group6
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group6
# Flowmod:
# --------
Rule #3 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min null, TCP Port Max null, IP Prefix 0.0.0.0/0
cookie=0x0, duration=38.543s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36003,tcp,tun_id=0x582,dl_src=fa:16:3e:d5:85:84,tcp_flags=0x002 actions=drop
cookie=0x0, duration=38.541s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61008,tcp,tun_id=0x582,nw_dst=0.0.0.0,tcp_flags=0x002 actions=goto_table:50
@@@@@@@@@@@@@@@
### Group 7 ###
@@@@@@@@@@@@@@@
#----------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------
neutron net-create vxlan2 --tenant_id $(keystone tenant-list | grep '\sadmin' | awk '{print $2}') --provider:network_type vxlan --provider:segmentation_id 1410
neutron subnet-create vxlan2 10.200.2.0/24 --name vxlan2
#--- Add Security Group and Rules --- #
neutron security-group-create group7 --description "Group 7"
neutron security-group-list
neutron security-group-rule-create --direction egress --protocol tcp --port-range-min 443 --port-range-max 443 --remote-ip-prefix 172.16.240.128/25 group7
# Fedora1
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-1 --security-groups group7
# Fedora2
#---------
nova boot --flavor m1.tiny --image $(nova image-list | grep 'cirros-0.3.1-x86_64-uec\s' | awk '{print $2}') --nic net-id=$(neutron net-list | grep 'vxlan2' | awk '{print $2}') vxlan2 --availability_zone=nova:fedora-odl-2 --security-groups group7
# Flowmod:
# --------
Rule #2 egress PortSec Rule is: TCP Protocol tcp, TCP Port Min 443, TCP Port Max null, IP Prefix 172.16.240.128/25
cookie=0x0, duration=20.061s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=61007,tcp,tun_id=0x582,dl_src=fa:16:3e:92:3a:4e,nw_dst=172.16.240.128/25,tp_dst=443,tcp_flags=0x002 actions=goto_table:50
cookie=0x0, duration=20.064s, table=40, n_packets=0, n_bytes=0, send_flow_rem priority=36001,tcp,tun_id=0x582,dl_src=fa:16:3e:92:3a:4e,tcp_flags=0x002 actions=drop
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment