= OpenFlow Firewall =
''This exercise is based on as assignment by [http://groups.geni.net/geni/wiki/GENIEducation/SampleAssignments/OpenFlowFirewallAssignment Sonia Famy].''
For this experiment we will run an !OpenFlow Firewall.
[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png, 50%, nolink)]]
{{{
#!html
- Log into switch and run the following commands to download and run the firewall controller:
wget http://www.gpolab.bbn.com/exp/OpenFlowExampleExperiment/ryu/gpo-ryu-firewall.tar.gz
tar xvfz gpo-ryu-firewall.tar.gz
cd gpo-ryu-firewall/
/tmp/ryu/bin/ryu-manager simple_firewall.py
- Log into right and run a nc server:
nc -l 5001
- Log into left and run a nc client:
nc 10.10.11.1 5001
- Type some text in left and it should appear in right and vis versa.
- In the terminal for switch you should see messages about the flow being passed or not:
Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
- CTRL-C to kill nc in each terminal.
- Run a nc server on port 5002, then 5003. Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file? Feel free to modify the configuration file to block other traffic.
}}}
= [.. Return to the main page] = |