CSEP 561: Network Systems, Winter 2020
  CSE Home   About Us   Search   Contact Info 
Course Home
Home

Administration
Overview

Resources
Canvas
    Project 2: Link and Network with Software Defined Networking
Turnin: Online

Project Overview.

In this project, we will extend our earlier knowledge of POX and Mininet to implement a simple router.

  1. For the first part you will be building an entire network, with multiple switches capable of handling ARP and other traffic.
  2. Lastly, you will be modifying your part 1 solution to implement an actual L3 IP router that handles ARP and routes traffic.

Background.

This project builds directly off of the project 1 Mininet implementation. See project 1 for more details.


Assignment

Part 3: A real network

In project 1 you implemented a simple firewall that allowed ICMP packets, but blocked all other packets. For project 2, you will be expanding on this to implement routing between subnets, and implementing firewalls for certain subnets. The idea is to simulate an actual production network.
We will be simulating a network for a small company. The company has a 3 floor building, with each floor having its own switch and subnet. Additionally, we have a switch and subnet for all the servers in the data center, and a core switch connecting everything together. Note that the names and IPs are not to be changed. Note that we provided the topology (461_mininet/topos/part3.py) as well as a skeleton controller (461_mininet/pox/part3controller.py) in the same file as project 1. As with project 1: part 2, you need only modify the controller. 

[h10@10.0.1.10/24]--{s1}--\
[h20@10.0.2.20/24]--{s2}--{cores21}--{dcs31}--[serv1@10.0.4.10/24]
[h30@10.0.3.30/24]--{s3}--/    |
                               |
                    [hnotrust1@172.16.10.100/24

Your goal will be to allow traffic to be transmitted between all the hosts. In this assignment, you will be allowed to flood traffic on the secondary routers (s1,s2,s3,dcs31) in the same method that you did in part2 (using a destination port of of.OFPP_FLOOD). However, for the core router (cores21) you will need to specify specific ports for all IP traffic. You may do this however you choose-- however, you may find it easiest to determine the correct destination port by using the destination IP address and source IP address, as well as the source port on the switch that the packet originated from. Additionally, to protect our servers from the untrusted Internet, we will be blocking all IP traffic from the Untrusted Host to Server 1. To block the Internet from discovering our internal IP addresses, we will also block all ICMP traffic from the Untrusted Host. In summary of your goals:
  • Create a Pox controller (as per project 1) with the following features: All nodes able to communicate EXCEPT
    • hnotrust1 cannot send ICMP traffic to h10, h20, h30, or serv1.
    • hnotrust1 cannot send any IP traffic to serv1.

Deliverables:
  • 1) A screenshot of the pingall command. All nodes but hnotrust should be able to send and respond to pings.
  • 2) A screenshot of the iperf hnotrust1 h10 and iperf h10 serv1 commands. Though not shown in these commands, hnotrust should not be able to transfer to serv1. It should be able to transfer to other hosts.
  • 3) A screenshot of the output of the dpctl dump-flows command. This should contain all of the rules you've inserted into your switches.
  • 4) Your part3controller.py file.

Part 4: A learning router

For part 4, we're extending your part 3 code to implement an actual level-3 router out of the cores21 switch. Copy the part3controller.py file to part4controller.py, there is no new skeleton. For the topology, we again provide a file (part4.py). The difference between part3.py and part4.py topologies is that the default route 'h10-eth0' was changed to 'via 10.0.1.1' where '10.0.1.1' is the IP address of the gateway (i.e. router) for that particular subnet. This effectively changes the network from a switched network (with hosts sending to a MAC address) into a routed network (hosts sending to an IP address). Your part3controller should not work on this new topology! To complete the assignment cores21 will need to:

  • Handle ARP traffic across subnets (without forwarding); and
  • Forward IP traffic across link domains (changing the ethernet header);
As a hint, you will need to compose a ARP response and send it back to the sender. You may want to check the POX Wiki on how to compose a ARP response and construct a packet from object. Also, you should make use of resend_packet() method provided. This also must be done in a learning fashion: you may not install static routes on cores21 startup. Instead, your router must learn of IP address through the ARP messages sent (this type of learning is normally done at the MAC layers, but there's a bunch of implementations of those in mininet already) and install these routes into the router dynamically. Imagine this as an alternative form of DHCP where hosts instead inform the router of their addresses (conflicts be damned!). You may handle each of the individual ARP packets in the controller (i.e., not with flow rules) for part 4. The IP routers must be done with flow rules. The other switches (e.g., s1) do not need to be modified and can continue to flood traffic.

Deliverables:
  • 1) A screenshot of the pingall command. All nodes but hnotrust should be able to send and respond to pings. Note that some pings will fail as the router learns of routes (why would that be the case?).
  • 2) A screenshot of the iperf hnotrust1 h10 and iperf h10 serv1 commands. Note that this should be done after the above pingall command (which will fill the ARP table). hnotrust should not be able to transfer to serv1, but should be able to transfer to other hosts
  • 3) A screenshot of the output of the dpctl dump-flows command. This should contain all of the rules you've inserted into your switches.
  • 4) Your part4controller.py file.

Turn-in
When you're ready to turn in your assignment, do the following:
  1. The files you submit should be placed in a directory named project2. There should be no other files in that directory.
  2. Inside of the project2 directory, create subdirectories for each of the project parts (part3/,part4/).
  3. Inside of each part directory, place your topo file (e.g., part3.py), controller file (part3controller.py) and your screenshots.
  4. Archive all the materials (project2 folder and everything in it) in a single .tar file named netid.tar.
  5. Submit the netid.tar file to the canvas.
Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 fax
[comments to kheimerl at cs.washington.edu]