Q$3$:

Consider the three$-$node network below, that uses flow$-$based generalized forwarding $($e$.$g$.,$ as in OpenFlow$)$ in the network's routers. In the question below, we'll want to create match$+$action entries in the flow table at router $\backslash (\backslash$mathbf$\{$r $2\}\backslash ),$ with three ports labelled $1,2,3($in black$).$ In the question, matches are constrained to be over only four fields: the IP source address, the IP destination address, the upper$-$layer protocol field of the IP datagram, and the destination port number of the transport$-$layer segment. The actions are either to drop or to forward $($i$),$ that is$,$ to forward a matching packet on port $\backslash ($ i $\backslash ).$ The default action $($unless stated otherwise$)$ is that if a packet doesn't match a rule, it will be dropped.

For the following questions, please specify the values for each column entry. The $*$ can be used as a wildcard match, which matches everything.

$($a$)$ Suppose we want to implement the following rule: $\backslash (\backslash$mathbf$\{$r$\}2\backslash )$ should act as a firewall, only allowing TCP traffic into the $\backslash (22\mathrm{.}33.\{\}^\{*\}\{\}^\{*\}\backslash )$ network from any network. Specify a single flow table row entry to implement this rule, indicating the column entries for the row below.

$($b$)$ Suppose we want to implement least$-$cost$-$path forwarding, so that packets from source network $22\mathrm{.}33.*.*$ to destination networks $128\mathrm{.}119.*.*$ and $53\mathrm{.}106.*.*$ are forwarded on the direct link from $\backslash ($ r $2\backslash )$ to each of these networks. However, we also want to implement a higher priority rule so that users within the $\backslash (22\mathrm{.}33.*\backslash ).*$ network are never allowed to connect to an external web server on port $80.$ Specify the flow table row entries to implement this rule. You can include the higher priority rule in the first row in the table, and the other rules are in subsequent rows.