Changes between Version 3 and Version 4 of GENIExperimenter/Tutorials/OpenFlowNFVNAT


Ignore:
Timestamp:
11/20/15 14:09:24 (8 years ago)
Author:
nriga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/OpenFlowNFVNAT

    v3 v4  
    128128d. You can also use Netcat (`nc`) to test reachability of TCP and UDP. The behavior should be the same.
    129129
    130 == 2 Start controller to enable NAT ==
    131 
    132 === 2.1 Access a server from behind the NAT ===
     130== 4 Start controller to enable NAT ==
     131
     132=== 4.1 Access a server from behind the NAT ===
    133133
    134134You can try to write your own controller to implement NAT. However, we a provide you a functional controller.
    135   i. Download the NAT Ryu module. At your controller node run:
     135  a. Download the NAT Ryu module. At your controller node run:
    136136     {{{
    137137cd /tmp/ryu/
     
    140140}}}
    141141
    142   ii. Start the controller on `NAT` host:
     142  b. Start the controller on `NAT` host:
    143143  {{{
    144144nat:~$ cd /tmp/ryu/; ./bin/ryu-manager ryu-nat.py
     
    155155}}}
    156156
    157 
    158 b. On `outside`, we start a nc server:
     157  c. On `outside`, we start a nc server:
    159158{{{
    160159host3:~$ nc -l 6666
     
    165164}}}
    166165
    167 c. Now send message between each other and try the same thing between `host3` and `host2`.
    168 
    169 d. On the terminal of `controller`, in which you started your controller, you should see a log similar to:
     166  d. Now send message between each other and try the same thing between `host3` and `host2`.
     167
     168  e. On the terminal of `controller`, in which you started your controller, you should see a log similar to:
    170169{{{
    171170Created mapping 192.168.0.3 31596 to 128.128.128.100 59997
     
    175174{{{
    176175#!comment
    177 === 2.2 Outside source ===
     176=== 4.2 Outside source ===
    178177
    179178You may be wondering whether it will behave the same if we use `insideX` hosts to be the nc server. You can try it and the answer is no. That's due to the nature of dynamic NAT.
     
    202201}}}
    203202
    204 == 3 Handle ARP and ICMP ==
     203== 5 Handle ARP and ICMP ==
    205204One of very common mistakes that people make, when writing OF controller, is forgetting to handle ARP and ICMP message and finding their controller does not work as expected.
    206205
    207 === 3.1 ARP ===
     206=== 5.1 ARP ===
    208207As we mentioned before, we should insert rules into the OF switch that allow ARP packets to go through, probably after the switch is connected.
    209208
    210 === 3.2 ICMP ===
     209=== 5.2 ICMP ===
    211210Handling ARP is trivial as NAT does not involve ARP. However, it's not the case for ICMP. If you only process translation for TCP/UDP, you will find you cannot ping between `outside` and `insideX` while nc is working properly. Handling ICMP is even not as straightforward as for TCP/UDP. Because for ICMP, you cannot get port information to bind with. Our provided solution makes use of ICMP echo identifier. You may come up with different approach involves ICMP sequence number or others.
    212211
     
    239238       <td>
    240239             
    241                <h3><u> 4. Cleanup </u></h3>
     240               <h3><u> 6. Cleanup </u></h3>
    242241           After you are done with the exercise and you have captured everything requested for the writeup, you should release your resources so that other experimenters can use
    243242them. In order to cleanup your slice :