Changes between Version 15 and Version 16 of GENIExperimenter/Tutorials/OpenFlowNFVFirewall


Ignore:
Timestamp:
11/20/15 15:00:07 (8 years ago)
Author:
nriga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/OpenFlowNFVFirewall

    v15 v16  
    135135sudo ovs-ofctl del-flows br0
    136136</pre>
    137 <li> Make your switch into a firewall by downloading and running the appropriate Ryu controller:
    138 <pre>
     137<li> Make your switch into a firewall by downloading and running the appropriate Ryu controller at the controller node:
     138<pre>
     139cd /tmp/ryu
    139140wget http://www.gpolab.bbn.com/experiment-support/NFVApps/ryu-firewall.tar.gz
    140141tar xvfz ryu-firewall.tar.gz
     
    148149</pre>
    149150</li>
    150             <li>Log into <tt>host2 and host1 </tt> and run <tt>nc</tt> clients:
     151            <li>Log into <tt>host1 </tt> and run <tt>nc</tt> clients:
    151152<pre>
    152153nc 128.128.128.128 5001
    153154</pre></li>
    154             <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vise versa.</li>
    155             <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not:
    156 <pre>
    157 Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
    158 Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
     155            <li>Type some text in <tt>host1</tt> and it should appear in <tt>host2</tt> and vise versa.</li>
     156            <li>In the terminal for <tt>controller</tt> you should see messages about the flow being passed or not:
     157<pre>
     158Extracted rule {'sport': '39515', 'dport': '5002', 'sip': '10.10.1.2', 'dip': '128.128.128.128'}
     159Allow Connection rule {'dport': '5002', 'dip': '128.128.128.0/24', 'sip': '10.10.1.0/24', 'sport': 'any'}
    159160</pre>
    160161</li>
    161162            <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li>
    162             <li>Run a <tt>nc</tt> server on port 5002, then 5003.
     163            <li>Run a <tt>nc</tt> server on port 5002, then 5003. What if you start clients at host2? Or try and send traffic between host1 and host2?
    163164       <ul>
    164          <li> Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i>
     165         <li> Compare the observed behavior to the contents of <tt>ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i>
    165166         <li> Stop the Firewall controller and run a simple switch controller. Is there any traffic being blocked now? Don't forget to delete the flows after you stop the controller</li>
    166167         <li>  Feel free to modify the configuration file to allow more traffic.</li>