sdnagent

module

v2.3.20181123+incompat... Latest Latest Go to latest Published: Oct 18, 2018 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yunionio/sdnagent

Links

Open Source Insights

README ¶

todo

failsafe trigger
more usable cmdline

add-flow br1 cookie=0x99,priority=99,,actions=
lock yunioncloud/pkg/log in Gopkg.toml
ping check on startup
encode who in cookie
intranet, external net
config file
vlan and ct zone allocation
match field, order by Name()
ovsdb port external_id
hostconfig with ct zone management, collision with ovn-controller?
check availability of conntrack
cgo libopenvswitch
maybe, robustness, add logic to detect ct() , ct_state arguments order
TODO redirect broadcast ip traffic to sec_IN
do we need to kill existing connection when new secrule applies
- delete zone conntrack entries
conntrack entry timeout setting

Test

Prepare dummy desc directory

br0 in namespaces as physical hosts
veth in namespace as virtual hosts

virtual hosts with single nic on the same host or different hosts

2 on the same hosts
2 on different hosts

virtual host with 2 nics enslaved to the same br0

1 with 2 nics on different networks
1 with the above as gateway in one of the network
1 with the above as gateway in the other network

test ftp rel
regrestion test
nat for testing purposes

traffic control test

server start
server stop
server change bandwidth
zero bandwidth: no limit: api forbids this
qdisc statistics no reset on normal running

qdisc automatic restore after manual delete, change

 sudo tc qdisc delete dev vnet2-197 root
 sudo tc qdisc replace dev vnet2-197 root handle 1: tbf rate 100Kbit burst 100b latency 10ms

initial noqueue
initial with ingress
initial pfifo_fast
minimize erruption on restart

plan: stateless flavour

PRO: More efficient
PRO: More straightforward, less error-prone
CON: Bob can DoS Alice with invalid TCP traffic

in:<ACTION> any

dl_dst=<MAC_VM>,ip[,nw_src=<NET>] <ACTION>

out:<ACTION> any

dl_src=<MAC_VM>,ip[,nw_dst=<NET>] <ACTION>

in:<ACTION> tcp

dl_dst=<MAC_VM>,tcp,tcpflags=+syn-ack[,tp_dst=<PORT>][,nw_src=<NET>] <ACTION>
dl_dst=<MAC_VM>,tcp[,tp_dst=<PORT>][,nw_src=<NET>] accept
dl_src=<MAC_VM>,tcp[,tp_src=<PORT>][,nw_dst=<NET>] accept

out:<ACTION> tcp

dl_src=<MAC_VM>,tcp,tcpflags=+syn-ack[,tp_dst=<PORT>][,nw_dst=<NET>] <ACTION>
dl_dst=<MAC_VM>,tcp[,tp_src=<PORT>][,nw_src=<NET>] accept
dl_src=<MAC_VM>,tcp[,tp_dst=<PORT>][,nw_dst=<NET>] accept

in:<ACTION> udp

dl_dst=<MAC_VM>.udp[,tp_dst=<PORT>][,nw_src=<NET>] <ACTION>
dl_src=<MAC_VM>.udp[,tp_src=<PORT>][,nw_dst=<NET>] <ACTION>

out:<ACTION> udp

dl_src=<MAC_VM>.udp[,tp_dst=<PORT>][,nw_dst=<NET>] <ACTION>
dl_dst=<MAC_VM>.udp[,tp_src=<PORT>][,nw_src=<NET>] <ACTION>

in:<ACTION> icmp

dl_dst=<MAC_VM>,icmp[,nw_src=<NET>] <ACTION>

out:<ACTION> icmp

dl_src=<MAC_VM>,icmp[,nw_dst=<NET>] <ACTION>

Directories ¶

Path	Synopsis
cmd
sdnagent
sdncli
sdncli/cli
sdncli/cmd
pkg
agent
agent/common
agent/proto
agent/server
agent/utils
tc

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL