Abhishek Agarwal · Follow
--
This tutorial will help you get to get started with SDN and OpenFlow. We will set up a Testbed with OpenFlow based SDN environment.
This tutorial will assume you are using a linux distribution, preferably Ubuntu or Debian.
We will use-
1) Mininet
Mininet is a very popular tool used to create a virtual network on a single machine.It runs a collection of end-hosts, switches, routers, and links on a single Linux kernel. It uses lightweight virtualization to make a single system look like a complete network, running the same kernel, system, and user code. Mininet is also a great way to develop, share, and experiment with OpenFlow and Software-Defined Networking systems.
2) Floodlight Controller
Floodlight Controller is a very popular Open SDN Controller. It works well with physical- and virtual- switches that speak the OpenFlow protocol. It is Java-based, but provides a wide range of APIs to work with.
Ubuntu and Debian users shouldn’t have a problem getting Mininet using the following command:
sudo apt-get install mininetIf you are facing some problem with the above command,take a look at alternative installation methods here.
The tools and dependencies can be installed via the following command.
sudo apt-get install git build-essential ant maven python-devThen, go the directory where you want to install floodlight and download the Floodlight source from github:
sudo git clone git://github.com/floodlight/floodlight.gitFinally, install the submodules and build floodlight.
cd floodlight
sudo git submodule init
sudo git submodule update
sudo antIf you want to get the Web GUI then download it from github too with the following command:
sudo git clone git://github.com/floodlight/floodlight-webuiA)Start the controller
To run floodlight controller, execute the following command from the floodlight directory.
sudo java -jar target/floodlight.jarThe output in the terminal should be somewhat like below. Observe the controller has opened port 6653 for listening to Open VSwitch. It has also opened port 8080 for accessing the Web UI.
B) Start Mininet
The following command will launch mininet creating a small network of 4 hosts and 1 switch, and connect the switch to the Floodlight controller using OpenFlow version 1.3:
sudo mn --controller=remote,ip=127.0.0.1,port=6653 --switch ovsk,protocols=OpenFlow13 --topo single,3In this it is assumed that floodlight controller is deployed on the same machine. If a different machine is used, just change the ip address from 127.0.0.1 to the ip address of the controller machine.
Once the command runs, Mininet CLI opens.
a) Interacting with Mininet and the virtual network
The Mininet CLI is straight forward to use. The names of the network nodes can be retrieved using the ‘nodes’ command. Connectivity in the network can be verified using the ‘pingall’ command. Just issue the command on the Mininet CLI and Mininet will have each network host ping every other host.
*Side-Note- Please ignore the ‘mininet-wifi’ handle in my screenshots. You will see the handle ‘mininet’ in your terminal when you interact with Mininet CLI.
Commands can be executed on individual nodes using the following sequence ‘ ’, for example ‘h1 ifconfig’ would execute the ‘ifconfig’ command on node ‘h1’. Moreover, hosts can be instructed to ping each other using this command method. Issuing the command ‘h1 ping h2’ on the Mininet CLI will cause ‘h1’ to ping ‘h2’.
The ‘xterm’ command can be used to open individual terminals for hosts. This can be useful for when you’d like to run a program from one host and view results or impact from another hosts.
You can also try and send different type of packets between the hosts. Iperf can be used to achieve this.
Using Iperf to send UDP and TCP packets
Install iperf
sudo apt-get install iperfIn the Mininet CLI, open terminal windows for h1 and h2 using:
xterm h1
xterm h2In the Xterm window of h1:
iperf -s -uHere -u specified the type of packets to be UDP.
In the Xterm window of h2:
iperf -c 10.0.0.1 -u10.0.0.1 is the IP address of the server host(which is h1 in this case.)
This is very useful. Later when you learn to define OpenFlow rules, you can create a rule dropping UDP packets from h2 to h1 and then again run these steps. You will observe that then the packets won’t forward.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
The ‘help’ command will bring up a full listing of available commands. To shutdown Mininet, issue the ‘exit’ command. When the Mininet CLI has closed, run ‘sudo mn -c’ to clean up anything leftover by the process.
b) Interacting with Switches
The switches used in the Mininet network are OpenVSwitch switches and rely on the ovs-ofctl tool for interaction. Open a separate terminal window using the ‘xterm s1’ command to interact with switch s1.
In s1’s terminal window, issuing the command the ‘dump-flows’ will print the flows currently installed in the switch and the ‘dump-tables’ command will print all the flow tables.
ovs-ofctl dump-flows s1 -O OpenFlow13
ovs-ofctl dump-tables s1 -O OpenFlow13Once you learn to write rules, you can set up some rules of your own and come back here to check if the flow rules have been properly installed in the switch.
Also,the snoop command can be actually used to see all incoming and outgoing traffic at s1.
ovs-ofctl snoop s1c) Interacting with the Floodlight controller
In general, controllers allow access via a REST interface at the ‘northbound’ interface of the controller. Many controllers also supply a Web UI. Floodlight has both. Firstly, the REST interface on Floodlight expects data to be sent in JSON format and returns data as JSON. Browser based tool like Postman can be used to send and retrieve data from the controller. Alternatively, tools like curl can be used from the terminal. The REST API is designed to allow external applications access to perform actions upon the network or retrieve information (e.g. statistics) from the network. Everything from installing flows to enabling/disable the firewall can be done. The Floodlight documentation provides full details on the REST API. You can have a look here.
Here we will use curl to access the Web UI(At port 8080) and it’s entries in json format,fetch the required data and modify the rules.
The following API call will return the switches currently connected to the controller:
curl http://127.0.0/wm/core/controller/switches/json | python -m json.toolThe python json tool can format the json output.
The command below is used to add a ACL. This new flow has been added which will drop all traffic going from 10.0.0.1 (h1) to 10.0.0.2 (h2).
curl -X POST -d '{"src-ip":"10.0.0.1/32","dst-ip":"10.0.0.2/32","action":"deny"}' http://127.0.0.1:8080/wm/acl/rules/jsonTo see all flows:
curl -X GET http://127.0.0.1:8080/wm/acl/rules/json | python -m json.toolTo add a new flow blocking UDP packets from h2 to h1:
curl -X POST -d '{"nw-proto":"UDP","src-ip":"10.0.0.1/32","dst-ip":"10.0.0.2/32","action":"deny"}' http://127.0.0.1:8080/wm/acl/rules/jsonNow you can try the iperf exercise again and check if the rule works.
To access the Web GUI page, go the floodlight-webui-master folder. Go to pages and locate login.html.
Change the following lines in login.html:
var url = window.location.host.split(':');
var ip = url[0];
var port = url[1];
$.cookie('cip', ip, { expires: 7 });
$.cookie('cport', port, { expires: 7 });to:
var ip = "127.0.0.1";
var port = "8080";
$.cookie('cip', ip);
$.cookie('cport', port);Then go back to the webui folder and open index.html. Screenshot of the page is given below.
A Testbed doesn’t only offer the opportunity to test things, it also provides a platform to help better understand a technology. Using Mininet, a good understanding of SDN can be achieved by monitoring OpenFlow traffic between the network switches and the controller. A controller can be better understood by watching how it handles network events and traffic.
Below are some resources that you should definitely give a look to:
- https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/overview
- http://therandomsecurityguy.com/openvswitch-cheat-sheet/
Happy Learning!
