Context Navigation

OpenFlowNFVFirewall

Timestamp:: 11/20/15 14:19:31 (8 years ago)
Author:: nriga@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIExperimenter/Tutorials/OpenFlowNFVFirewall

-                      v5
+                      v6
 <h3 align="left"> <u>Overview: </u> </h3>
 In this tutorial you will learn <b> how to build a Firewall for a network using OpenFlow. We will use the following network topology for this experiment. You will also learn how to <b> take advantage of kernel L3 routing while using OVS </b>.
 <img border="0" src="http://www.gpolab.bbn.com/experiment-support/NFVApps/GENI-NFV-NAT.png" alt="route topology"  align="center" width="350" title="nat topology" />
+<img border="0" src="http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png" alt="firewall topology"  align="center" width="350" title="firewall topology" />
 </td>
 …
                 <td >
                  <ol type="a">
+            <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller:
+<pre>
+sudo apt-get install python-pip python-dev libxml2-dev libxslt-dev zlib1g-dev
+sudo pip install oslo.config
+</pre>
+</li>
 <li>
 Run a simple learning switch controller:
 …
-For this experiment we will run an !OpenFlow Firewall.
-[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png, 50%, nolink)]]
-{{{
-#!html
-            <table border="0">
-              <tr>
-                <td >
-                 <ol type="a">
-            <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller:
-<pre>
-sudo apt-get install python-pip python-dev libxml2-dev libxslt-dev zlib1g-dev
-sudo pip install oslo.config
-</pre>
-</li>
-<li>
-Run a simple learning switch controller:
-<pre>
-cd /tmp/ryu
-./bin/ryu-manager --verbose ryu/app/simple_switch.py
-</pre>
-</li>
-<li> Verify simple connectivity by logging into <tt>right</tt> ping <tt>left</tt>
-<pre>
-ping left
-</pre>
-Notice the printouts of the ryu simple switch controller.
-</li>
-<li>
-   Stop your controller by Ctrl-c and remove all your flows
-<pre>
-sudo ovs-ofctl del-flows br0
-</pre>
-<li> Make your switch into a firewall by downloading and running the appropriate Ryu controller:
-<pre>
-wget http://www.gpolab.bbn.com/exp/OpenFlowExampleExperiment/ryu/gpo-ryu-firewall.tar.gz
-tar xvfz gpo-ryu-firewall.tar.gz
-cd gpo-ryu-firewall/
-/tmp/ryu/bin/ryu-manager simple_firewall.py
-</pre>
-<b> WARNING </b> If at some point your controller prints an error, kill it (ctrc-c) and start it again.
- </li>
-            <li>Log into <tt>right</tt> and run a <tt>nc</tt> server:
-<pre>
-nc -l 5001
-</pre>
-</li>
-            <li>Log into <tt>left</tt> and run a <tt>nc</tt> client:
-<pre>
-nc 10.10.11.1 5001
-</pre></li>
-            <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vise versa.</li>
-            <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not:
-<pre>
-Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
-Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
-</pre>
-</li>
-            <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li>
-            <li>Run a <tt>nc</tt> server on port 5002, then 5003.
-       <ul>
-         <li> Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i>
-         <li> Stop the Firewall controller and run a simple switch controller. Is there any traffic being blocked now? Don't forget to delete the flows after you stop the controller</li>
-         <li>  Feel free to modify the configuration file to allow more traffic.</li>
-      </ul>
-           </ol>
-}}}
-= [.. Return to the main page] =