Hi Rebecca, Packets that don't match any existing flow entry are sent to the controller. Then, the controller can either install a flow entry and send the packet out, or do nothing, which will essentially drop the packet. However similar subsequent packets will keep being sent to the controller and dropped there.
An alternative, and probably more effective way to drop packets is to install a flow entry that matches the packets that you want to drop, and leave the action list of that flow entry empty. In that case, a packet that matches that flow entry will do exactly what the action list of that entry tells it: nothing. (it will just die right there, without even going to the controller) On Sat, Apr 28, 2012 at 5:53 PM, rebecca <[email protected]> wrote: > Hi everyone! > > I am new to OpenFlow and NOX. I am currently doing a project on OpenFlow > switch > implementation on NetFPGA. The network topology i use is > > Host A ----- Switch 1 -------- Switch 2 ------ Host B > > Both the switch will be connected to the NOX controller, ie, my laptop. I > have > installed NOX controller (NOX 0.9.1~full~beta (nox_core), compiled Apr 24 > 2012 > 09:53:23 Compiled with OpenFlow 0×01) > > I still not really understand the function and mechanism of the NOX core > modules. Now that i need to start off to work on the firewall. Where > should I > start to do it? I need to block certain range of IP address and drop the > packet > if the IP is match. > >
