Merge pull request #1128 from gizmoguy/update-exmaple-configs

Update example configurations for faucet/gauge to show newer features.

etc/ryu/faucet/acls.yaml

@@ -0,0 +1,84 @@
+acls:
+    office-vlan-protect:
+        # Prevent IPv4 communication betwen Office/Guest networks
+        - rule:
+            dl_type: 0x800      # ipv4
+            ipv4_src: 10.0.100.0/24
+            ipv4_src: 10.0.200.0/24
+            actions:
+                allow: 0        # drop
+        - rule:
+            actions:
+                allow: 1        # allow
+
+    access-port-protect:
+        # Drop dhcp servers
+        - rule:
+            dl_type: 0x800      # ipv4
+            nw_proto: 17        # udp
+            udp_src: 67         # bootps
+            udp_dst: 68         # bootpc
+            actions:
+                allow: 0        # drop
+        # Drop dhcpv6 servers
+        - rule:
+            dl_type: 0x86dd     # ipv6
+            nw_proto: 17        # udp
+            udp_src: 547        # dhcpv6-server
+            udp_dst: 546        # dhcpv6-client
+            actions:
+                allow: 0        # drop
+        # Drop icmpv6 RAs
+        - rule:
+            dl_type: 0x86dd     # ipv6
+            nw_proto: 58        # icmpv6
+            icmpv6_type: 134    # router advertisement
+            actions:
+                allow: 0        # drop
+        # Drop SMTP
+        - rule:
+            dl_type: 0x800      # ipv4
+            nw_proto: 6         # tcp
+            tcp_dst: 25         # smtp
+            actions:
+                allow: 0        # drop
+        # Force DNS to our DNS server
+        - rule:
+            dl_type: 0x800      # ipv4
+            nw_proto: 17        # udp
+            udp_dst: 53         # dns
+            actions:
+                output:
+                    dl_dst: "72:b8:3c:4c:dc:4d"
+                    port: 5     # s1 container
+        # Force DNS to our DNS server
+        - rule:
+            dl_type: 0x800      # ipv4
+            nw_proto: 6         # tcp
+            tcp_dst: 53         # dns
+            actions:
+                output:
+                    dl_dst: "72:b8:3c:4c:dc:4d"
+                    port: 5     # s1 container
+        - rule:
+            actions:
+                allow: 1        # allow
+
+    service-port-protect:
+        # Drop icmpv6 RAs
+        - rule:
+            dl_type: 0x86dd     # ipv6
+            nw_proto: 58        # icmpv6
+            icmpv6_type: 134    # router advertisement
+            actions:
+                allow: 0        # drop
+        # Drop SMTP
+        - rule:
+            dl_type: 0x800      # ipv4
+            nw_proto: 6         # tcp
+            tcp_dst: 25         # smtp
+            actions:
+                allow: 0        # drop
+        - rule:
+            actions:
+                allow: 1        # allow

etc/ryu/faucet/faucet.yaml

@@ -1,58 +1,68 @@
-version: 2
+include:
+    - acls.yaml
+
 vlans:
-    100:
-        name: "clock"
-        unicast_flood: True
-        max_hosts: 3
-    2001:
-        name: "trusted network"
-        unicast_flood: True
-    2002:
-        name: "untrusted network"
-        unicast_flood: False
-    2003:
-        name: "roof network"
-        unicast_flood: True
-        max_hosts: 10
-acls:
-    101:
-        - rule:
-            dl_src: "ae:ad:61:7d:02:2f"
-            actions:
-                allow: 1
-        - rule:
-            actions:
-                allow: 0
+    office:
+        vid: 100
+        description: "office network"
+        acl_in: office-vlan-protect
+        faucet_mac: "0e:00:00:00:10:01"
+        faucet_vips: ['10.0.100.254/24', '2001:100::1/64', 'fe80::c00:00ff:fe00:1001/64']
+        routes:
+            - route:
+                ip_dst: '192.168.0.0/24'
+                ip_gw: '10.0.100.2'
+    guest:
+        vid: 200
+        description: "guest network"
+        faucet_mac: "0e:00:00:00:20:01"
+        faucet_vips: ['10.0.200.254/24', '2001:200::1/64', 'fe80::c00:00ff:fe00:2001/64']
+
+routers:
+    router-office-guest:
+        vlans: [office, guest]
+
 dps:
-    zodiac-fx-1:
+    sw1:
         dp_id: 0x1
-        hardware: "ZodiacFX"
+        hardware: "Open vSwitch"
+        proactive_learn: True
         interfaces:
             1:
-                native_vlan: 100
-                name: "clock"
+                name: "h1"
+                description: "host1 container"
+                native_vlan: office
+                acl_in: access-port-protect
             2:
-                native_vlan: 100
-                name: "VLAN 2001"
-                acl_in: 101
-    windscale-faucet-1:
+                name: "h2"
+                description: "host2 container"
+                native_vlan: office
+                acl_in: access-port-protect
+            3:
+                name: "g1"
+                description: "guest1 container"
+                native_vlan: guest
+                acl_in: access-port-protect
+            4:
+                name: "s1"
+                description: "services1 container"
+                native_vlan: office
+                acl_in: service-port-protect
+            5:
+                name: "trunk"
+                description: "VLAN trunk to sw2"
+                tagged_vlans: [office]
+                acl_in: access-port-protect
+    sw2:
         dp_id: 0x2
-        description: "Josh's experimental AT-X930"
         hardware: "Allied-Telesis"
         interfaces:
             1:
-                tagged_vlans: [2001,2002,2003]
-                name: "port1.0.1"
-                description: "windscale"
-            2:
-                native_vlan: 2001
-                name: "port1.0.2"
-                description: "vek-x"
-            12:
-                native_vlan: 2002
-                name: "port1.0.12"
-                acl_in: 101
-            23:
-                native_vlan: 2003
-                name: "port1.0.23"
-                description: "roof switch"
+                name: "pi"
+                description: "Raspberry Pi"
+                native_vlan: office
+                acl_in: access-port-protect
+            24:
+                name: "trunk"
+                description: "VLAN trunk to sw1"
+                tagged_vlans: [office]

etc/ryu/faucet/gauge.yaml

@@ -1,37 +1,36 @@
-version: 2
 faucet_configs:
     - '/etc/ryu/faucet/faucet.yaml'
 watchers:
     port_status_poller:
         type: 'port_state'
-        dps: ['windscale-faucet-1']
+        dps: ['sw1', 'sw2']
         db: 'influx'
     port_stats_poller:
         type: 'port_stats'
-        dps: ['windscale-faucet-1']
+        dps: ['sw1', 'sw2']
         interval: 10
         #db: 'influx'
         db: 'prometheus'
     flow_table_poller:
         type: 'flow_table'
-        dps: ['windscale-faucet-1']
-        interval: 40
+        interval: 60
+        dps: ['sw1', 'sw2']
         #db: 'couchdb'
-        db: 'ft_file'
+        db: 'influx'
 dbs:
     ft_file:
         type: 'text'
-        file: 'flow_table.JSON'
+        file: 'flow_table.json'
     prometheus:
         type: 'prometheus'
-        prometheus_addr: 'localhost'
+        prometheus_addr: '0.0.0.0'
         prometheus_port: 9303
     influx:
         type: 'influx'
         influx_db: 'faucet'
-        influx_host: 'localhost'
+        influx_host: 'influxdb'
         influx_port: 8086
-        influx_user: 'grafana'
+        influx_user: 'faucet'
         influx_pwd: 'faucet'
         influx_timeout: 10
     couchdb:
@@ -50,4 +49,3 @@ dbs:
         switches_doc: 'switches_bak'
         flows_doc: 'flows_bak'
         db_update_counter: 2
-

setup.cfg

@@ -28,6 +28,7 @@ data_files =
         etc/ryu/ryu.conf
     etc/ryu/faucet =
         etc/ryu/faucet/faucet.yaml
+        etc/ryu/faucet/acls.yaml
         etc/ryu/faucet/gauge.yaml
         etc/ryu/faucet/aruba_pipeline.json
         etc/ryu/faucet/ofproto_to_ryu.json