wiki:GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall

Version 9 (modified by sedwards@bbn.com, 9 years ago) (diff)

--

OpenFlow Firewall

For this experiment we will run an OpenFlow Firewall.

http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png

  1. Log into switch and run the following commands to download and run the firewall controller:
    http://www.gpolab.bbn.com/exp/OpenFlowExampleExperiment/ryu/gpo-ryu-firewall.tar.gz
    tar xvfz gpo-ryu-firewall.tar.gz
    /tmp/ryu/bin/ryu-manager simple_firewall.py
    
  2. Log into right and run a nc server:
    nc -l 5001
    
  3. Log into left and run a nc client:
    nc 10.10.11.1 5001
    
  4. Type some text in left and it should appear in right and vis versa.
  5. In the terminal for switch you should see messages about the flow being passed or not:
    Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
    Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
    
  6. CTRL-C to kill nc in each terminal.
  7. Run a nc server on port 5002, then 5003. Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file? Feel free to modify the configuration file to block other traffic.

Attachments (2)

Download all attachments as: .zip