Consider the three-node network below, that uses flow-based generalized forwarding (e.g., as in OpenFlow) in the network's routers.  In the question below, we'll want to create match+action entries in the flow table at router r2, with three ports labelled 1,2,3 (in black).  In the question, matches are constrained to be over only four fields: the IP source address, the IP destination address, the upper-layer protocol field of the IP datagram, and the destination port number of the transport-layer segment. The actions are either to drop or to forward(i), that is, to forward a matching packet on port i. The default action (unless stated otherwise) is that if a packet doesn't match a rule, it will be dropped.
Question: Suppose we want to implement the following rule: r2 should act as a firewall, only allowing TCP traffic into the 22.33/16 network from any network.  Specify a single flow table row entry to implement this rule, indicating the column entries for the row below. The * is a wildcard match, which matches everything.

 

Transcribed Image Text:

128.119/16 53.106/16 4 r1 5 2 OpenFlow controller 1 source IP dest. IP match 3 22.33/16 protocol dest. port action (a) Suppose we want to implement the following rule: r2 should act as a firewall, only allowing TCP traffic into the 22.33/16 network from any network. Specify a single flow table row entry to implement this rule, indicating the column entries for the row below. The * is a wildcard match, which matches everything.

Transcribed Image Text:

In the "source IP" column, the flow table entry should be: In the "dest. IP" column, the flow table entry should be: In the "protocol" column, the flow table entry should be: In the "action" column, the flow table entry should be: [Choose ] [Choose] TCP UDP forward(2) * forward(3) 22.33/16 128.119/16 drop 53.106/16 forward(1)