Professional Documents
Culture Documents
(OpenFlow)
Overview 2
References 24
Overview
In this use-case, we will show the basic L2 and L3 networking using OpenDaylight and mininet
as a simulated network. The network topology consists of 2 OpenFlow switches, 5 hosts and
OpenDaylight as an SDN controller. Two hosts will be attached to the first switch at the same
subnet. The other three hosts will be attached to the second switch with different subnets. The
following diagram shows how our use-case network topology is constructed.
Pre-requisites
OpenDaylight Boron release: Download an OpenDaylight distribution from
https://www.opendaylight.org/downloads
VirtualBox: Download VirtualBox on your host machine and install it from
https://www.virtualbox.org/wiki/Downloads
Vagrant: Download Vagrant on your host machine and install it from
https://www.vagrantup.com/downloads.html
Resources:
The VMs vagrant file and mininet custom topology can be found here:
https://github.com/serngawy/DevOp-VMs/tree/master/Vagrant-mininet
Step By Step Tutorial:
1. After downloading the tutorial resources, go to the vagrant-mininet directory and run the
following command to spawn the mininet VM:
$ cd vagrant-mininet
$ vagrant up
2. Start OpenDaylight and install the required OpenFlow features. Go to the OpenDaylight
distribution directory and start OpenDaylight using the karaf script (as shown below).
$ cd distribution-karaf-0.5.2-Boron-SR2/
$ ./bin/karaf
Apache Karaf starting up. Press Enter to open the shell now 100%
[========================================================================]
opendaylight-user@root>
Install OpenFlows features using the following command in the OpenDaylight karaf
console:
3. After successfully spawning the VM, login to the mininet VM using the following
command:
$ vagrant ssh
vagrant@vagrant-mininet#$
4. We will create the custom network topology using the myTopology.py python script.
You will need to change the controller IP-address in the myTopology.py file to match
your OpenDaylight distribution host IP-Address. Use the following commands to open
myTopology.py and change the IP-Address:
vagrant@vagrant-mininet#$ cd /vagrant/
vagrant@vagrant-mininet#$ sudo vi myTopology.py
#!/usr/bin/python
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, OVSController
from mininet.node import CPULimitedHost, Host, Node
from mininet.node import OVSKernelSwitch, UserSwitch
from mininet.node import IVSSwitch
from mininet.cli import CLI
from mininet.log import setLogLevel, info
from mininet.link import TCLink, Intf
from subprocess import call
def myNetwork():
net = Mininet( topo=None,
build=False)
info( '*** Adding controller\n' )
c1=net.addController(name='c1',
controller=RemoteController,
ip='{ODL_IP-Address}',
protocol='tcp',
port=6633)
info( '*** Add switches\n')
#r5 = net.addHost('r5', cls=Node, ip='10.0.2.5')
#r5.cmd('sysctl -w net.ipv4.ip_forward=1')
s4 = net.addSwitch('s4', cls=OVSKernelSwitch)
s3 = net.addSwitch('s3', cls=OVSKernelSwitch)
info( '*** Add hosts\n')
h1 = net.addHost('h1', cls=Host, ip='10.0.1.2', defaultRoute=None)
h2 = net.addHost('h2', cls=Host, ip='10.0.1.3', defaultRoute=None)
h3 = net.addHost('h3', cls=Host, ip='10.0.2.3', defaultRoute=None)
h4 = net.addHost('h4', cls=Host, ip='10.0.2.4', defaultRoute=None)
h5 = net.addHost('h5', cls=Host, ip='10.0.5.5', defaultRoute=None)
info( '*** Add links\n')
net.addLink(s3, s4)
net.addLink(s4, h5)
#net.addLink(s3, r5)
net.addLink(h1, s3)
net.addLink(h2, s3)
net.addLink(s4, h3)
net.addLink(s4, h4)
info( '*** Starting network\n')
net.build()
info( '*** Starting controllers\n')
for controller in net.controllers:
controller.start()
info( '*** Starting switches\n')
net.get('s4').start([c1])
net.get('s3').start([c1])
info( '*** Post configure switches and hosts\n')
#s4.cmd('ifconfig s4 10.0.2.0/24')
#s3.cmd('ifconfig s3 10.0.1.0/24')
CLI(net)
net.stop()
if __name__ == '__main__':
setLogLevel( 'info' )
myNetwork()
5. After you change the IP-Address, we will execute myTopology.py to create the network
using the following command:
6. At the tutorial host machine, open another console session to the mininet VM and check
the flow rules for the created bridges, S1 and S2.
$ cd vagrant-mininet
$ vagrant ssh
vagrant@vagrant-mininet#$ sudo ovs-ofctl dump-flows s3
NXST_FLOW reply (xid=0x4):
vagrant@vagrant-mininet#$ sudo ovs-ofctl dump-flows s4
NXST_FLOW reply (xid=0x4):
Note: there are currently no flow rules for the switches, S1 and S2.
7. We will allow the hosts (h1 and h2) at S3 to communicate with each other by pushing the
following flow rules. In the OpenDaylight distribution host, run the following commands:
In the mininet VM console, re-run the dump flow command at S3, you will see there are
2 flow rules that have been written to the switch.
mininet> h1 ping h2
PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 10.0.1.3: icmp_seq=2 ttl=64 time=0.053 ms
64 bytes from 10.0.1.3: icmp_seq=3 ttl=64 time=0.000 ms
8. We will allow the communication between H3, H4 and H5 by pushing the following flow
rules to S4. In the OpenDaylight distribution host, run the following curl commands:
Back to the mininet VM console, re-run the dump flow command at S4, you will see
there are 3 flow rules that have been written to the switch.
In the mininet console (CLI), test the connection between the hosts by executing the
pingall command.
mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 X X X
h2 -> h1 X X X
h3 -> X X h4 h5
h4 -> X X h3 h5
h5 -> X X h3 h4
*** Results: 60% dropped (8/20 received)
Note: as you can see, the connection between S4 and S3 is not reachable, which means that H1
and H2 cannot connect to H3, H4 and H5.
9. In the previous steps, we learn how to use OpenDaylight to push initial flow rules that
allow communication between specific hosts in our network. Now, we will install
OpenDaylights L2Switch features that will let OpenDaylight work as ARP resolver to
the coming ARP requests in our network. In the OpenDaylight distribution karaf CLI, use
the following command to install the L2Switch features:
As you can see, OpenDaylight has pushed new flow rules to S3 and S4. Lets take a deeper look
at two of these flow rules (shown below).
A) c ookie=0x2b00000000000001, duration=89.065s, table=0, n_packets=17,
n_bytes=1445, idle_age=4, priority=100,dl_type=0x88cc
actions=CONTROLLER:65535
The previous flow rule will forward any LLDP packet that comes to the switch S3/S4 to
OpenDaylight. OpenDaylight will solve the LLDP request based on the network topology that
exists.
B) cookie=0x2b00000000000004, duration=81.414s, table=0, n_packets=0, n_bytes=0,
idle_age=81, priority=2,in_port=2
actions=output:1,output:3,output:4,CONTROLLER:65535
The previous flow rule will output the flow packets that comes from port 2 to all other ports that
are connected in the switch. Port 1, 3 and 4 will then output the flow packets to OpenDaylight.
11. Back in the mininet console (CLI), re-test the connection between the hosts by executing
the pingall command.
mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 h3 h4 h5
h2 -> h1 h3 h4 h5
h3 -> h1 h2 h4 h5
h4 -> h1 h2 h3 h5
h5 -> h1 h2 h3 h4
*** Results: 0% dropped (20/20
received)
14. We can use OpenDaylight to write more advance flow rules to construct a flow rules
pipeline. The following flow rules show ARP packet type flow rules with ethernet source
and destination match, ICMP packet type flow rules with IPv4 source and destination
match and TCP packet type flow rules with IPv4 source and destination match. In the
OpenDaylight distribution host, you can run the following commands:
As you can see, these advance flow rules will let you control (allow/restrict) the network
communications based on the source/destination ethernet address, source/destination IPv4
address and packet type. In some situation such as mitigating DDoS attack, using these advanced
flow rules will be useful to provide the best solution.
References
https://github.com/mininet/openflow-tutorial/wiki/Advanced-Topology
https://github.com/mininet/openflow-tutorial/wiki/Router-Exercise
https://github.com/mininet/openflow-tutorial/wiki/Create-Firewall
https://github.com/mininet/openflow-tutorial/wiki
https://wiki.opendaylight.org/view/Editing_OpenDaylight_OpenFlow_Plugin:End_to_En
d_Flows:Example_Flows