Intra site routing (Example 3 Firewall)
In this example, we will show you that how can you use OSDF to enforce an access control policy. Suppose the network topology that we illustrate here:
- Suppose we want to configure the network to enforce the following access control policy between the hosts:
| H1 (10.0.0.1) | (H2) 10.0.0.2 | (H3) 10.0.0.3 | H4(10.0.0.4) | |
|---|---|---|---|---|
| H1(10.0.0.1) | NONE | PING | DENY | DENY |
| H2(10.0.0.2) | PING | NONE | DENY | DENY |
| H3(10.0.0.3) | DENY | DENY | NONE | WEB |
| H4(10.0.0.4) | DENY | DENY | WEB | NONE |
- To enforce the above access control policy, we should define the following high level polices:
- Route PING traffic in siteA between H1 and H2 using the default priority.
- Route WEB traffic in siteA between H3 and H4 using the default priority.
To achieve the above goal, we should do the following steps:
- First change the current directory to the example1 directory using the following command:
- cd OSDF-REACTIVE-APP/osdf-reactive/src/main/java/org/osdfreactive/tools/mininet/example4
-
Execute the following scripts from two separate terminals to setup a mininet simulation scenario, define required region, post configuration details, and enter the polices into the system.
- sudo python example4.py
- regions.sh
- sudo python config.py
- sudo python polices.sh
-
After the above steps, just H1 and H2 should be able to ping each other and H3 and H4 should be able to send web traffic to each other.