|
CSEP 561: Network Systems, Winter 2020
|
|
|
|
|
Project 1: Software Defined Networking and Mininet
Turnin: Online
Project Overview.
|
In this project you will learn about Software Defined Networking (SDN). Using Virtualbox, Mininet, and Pox as the implementers of the OpenFlow protocol, you will build simple networks using SDN primitives.
-
First you will learn to use mininet, a SDN-enabled network emulator.
-
For the second portion you will be using POX to implement a simple L2 firewall.
Projects 2 and 3 will build off of this platform.
|
Background.
|
Software Defined Networking and OpenFlow
|
Software-Defined Networking (SDN) is a recently developed networking paradigm in which the data and control planes are decoupled from one another. One can think of the control plane as being the networks "brain", i.e., it is responsible for making all decisions, for example, how to forward data, while the data plane is what actually moves the data. In traditional networks, both the control- and data planes are tightly integrated and implemented in the forwarding devices that comprise a network. The SDN control plane is implemented by the "controller" and the data plane by "switches". The controller acts as the "brain" of the network, and sends commands ("rules") to the switches on how to handle traffic. OpenFlow has emerged as the de facto SDN standard and specifies how the controller and the switches communicate as well as the rules controllers install on switches.
|
Mininet
|
Mininet is a software stack that creates a virtual network on your computer/laptop. It accomplishes this task by creating host namespaces (h1, h2, etc) and connecting them through virtual interfaces. So when we run ping between the linux namespaces h1 and h2, the ping will run from h1s namespace through a virtual interface pair created for h1 and h2, before it reaches h2. If h1 and h2 are connected through a switch as shown in the python code in the Mininet walkthrough, the ping will transit multiple virtual interface pairs. The switches that we will be using are running OpenVSwitch (OVS), a software-defined networking stack. Mininet will connect additional virtual interfaces between each virtual port on the switch with each connected host. The host name space allows each host to see the same file system, but operates as its own process that will run separately from each of the other host processes. The OVS version running on the Ubuntu image supports OpenFlow.
|
POX
|
Pox is a research/academic implementation of an OpenVFlow controller. It provides python hooks to program mininet-based software emulated networks.
|
Assignment
|
Part 1: Mininet Primer
|
VirtualBox Installation
Mininet is a virtual machine image with a number of network emulation tools built into it. The first step of getting mininet set up is to install a Virtualization Platform. We suggest VirtualBox, an open source and freely available stack. The manual is available here. If you wish to use other virtualization platforms that's fine, but the TAs and staff will not support them.
There are a well known set of issues in using virtualization. If you encounter issues, reach out online and we'll see how we can help. Some common issues and answers are:
-
- Did you download the correct version? (32-bit vs 64-bit)
-
- Is your computer really old? It might not be able to be virtualized -- talk to the TA.
-
- Make sure that virtualization is enabled in your BIOS.
Mininet Installation
With VirtualBox (or other virtualization platform) installed, we now need to grab the Mininet image from here. It is based off of Ubuntu 14.04 and includes a default set of mininet binaries and example scripts. Once you've downloaded an image that fits your own VM installation, import and it and boot them VM.
Using Mininet
Using mininet is described here. You can run it by typing: sudo mn
Inside of the the mininet CLI, try running other commands like help, net, nodes, links and dump. Mininet starts with a default network that you can poke at. Find the mac address of the hosts, the ethernet ports connected, and the hostnames in the system.
Programming Mininet Topologies
Mininet is also programmable using the python programming language. We have provided some sample topologies here. To install this in the virtual machine, you may with to use the wget command (outside of Mininet). Download and unzip this file and you'll find two different directories: topo and pox. Ignore the pox directory for now (it's used in part2). In the topo folder there are a variety of python files. These each define a topology for each of the following project portions. Run the project 1 file with sudo python 461_mininet/topos/part1.py. It will drop you into the CLI with the network topology defined in the python script.
Recommended steps to take:
- Read parts of Mininet Walkthrough: "Start Wireshark" and "Interact with Hosts and Switches".
- Play around with mininet commands.
Deliverables:
Your task in part one is to modify part1.py to represent the following network topology:
[h1]-----{s1}------[h2]
[h3]----/ \-----[h4]
Where [x] means you create a host named x, {y} means a switch named y, and --- means there is a link between the node and the switch.
After creating the above architecture, provide the two items in a part1 folder in a compressed file:
-
1) Your modified part1.py file
-
2) Screenshots of the iperf, dump, and pingall commands (from mininet) in pdf format.
|
Part 2: SDN Controllers using POX
|
In part 1, we experimented with Mininet using its internal controller. In this (and future) parts, we will instead be using our own controller to send commands to the switches. We will be using the POX controller, which is written in Python.
For this assignment you will create a simple firewall using OpenFlow-enabled switches. The term "firewall" is derived from building construction: a firewall is a wall you place in buildings to stop a fire from spreading. In the case of networking, it is the act of providing security by not letting specified traffic pass through the firewall. This feature is good for minimizing attack vectors and limiting the network "surface" exposed to attackers. In this part, we will provide you with the Mininet topology, part2.py, to setup your network which assumes a remote controller listening on the default IP address and port number 127.0.0.1:6633. You do not need to (and should not) modify this file. The topology that this script will setup is as follows. Note that h1 and h4 are on the same subnet and a different one from h2 and h3.
[h1@10.0.1.2/24][h2@10.0.0.2/24][h3@10.0.0.3/24][h4@10.0.1.3/24]
\ \ / /
\ \ / /
\ \----{s1}---/ /
\-------------------/ | \-----------------/
|
(controller)
For part 2, we will also provide you with a skeleton POX controller:
part2controller.py. This file will be where you will make your modifications to
create the firewall. To run the controller, place 461_mininet/pox/part2controller.py
in the ~/pox/pox/misc directory. You can then launch the controller with the command sudo ~/pox/pox.py misc.part2controller. To run the mininet file, place it in ~ and run the command sudo python ~/461_mininet/topos/part2.py
The rules s1 will need to implement are as follows:
src ip |
dst ip |
protocol |
action |
any ipv4 |
any ipv4 |
icmp |
accept |
any |
any |
arp |
accept |
any ipv4 |
any ipv4 |
- |
drop |
Basically, your Firewall should allow all ARP and ICMP traffic to pass. However, any other type of traffic should be dropped. It as acceptable to flood the allowable traffic out all ports. Be careful! Flow tables match the rule with highest priority first, where priority is established based on the order rules are placed in the table. When you create a rule in the POX controller, you need to also have POX "install" the rule in the switch. This makes it so the switch "remembers" what to do for a few seconds. Do not handle each packet individually inside of the controller! Hint: To do this, look up ofp_flow_mod. The OpenFlow tutorial (specifically "
Sending OpenFlow messages with POX") and the POX Wiki for APIs that pox provides are both useful resources for understanding how to use POX.
Recommended steps to take:
- Read through OpenFlow tutorial - "Sending OpenFlow messages with POX" to learn about the APIs provided by POX to interact with the Openflow switch.
- While reading the tutorial, use POX Wiki and POX Document to learn more about the classes used in the tutorial.
- You will then be able to Google and find the rest. This process is painful but rewarding. And, this is the reality. (Come to OH if you still could not find what you want.)
Deliverables:
-
1) (10 Points) A screenshot of the pingall command. Note that h1 and h4 should be able to ping each other (h2 and h3 as well), but not across subnets. Also, the iperf command should fail (as you're blocking IP traffic). This is realized as the command hanging.
-
2) (20 Points) A screenshot of the output of the dpctl dump-flows command. This should contain all of the rules you've inserted into your switch.
-
3) Your part2controller.py file.
|
Turn-in
|
When you're ready to turn in your assignment, do the following:
-
The files you submit should be placed in a directory named project1. There should be no other files in that directory.
-
Inside of the project1 directory, create subdirectories for each of the project parts (part1/,part2/).
-
Inside of each part directory, place your topo file (e.g., part1.py), controller file (part1controller.py) if they exist (no controller for part 1), and your screenshots.
-
Archive all the materials (project1 folder and everything in it)
in a single .tar file named
netid.tar.
-
Submit the netid.tar file to the
canvas.
|
|
|
Computer Science & Engineering University of Washington Box 352350 Seattle, WA 98195-2350 (206) 543-1695 voice, (206) 543-2969 fax [comments
to kheimerl
at cs.washington.edu]
|
|