Changes between Version 2 and Version 3 of GENIEducation/SampleAssignments/OpenFlowAssignment/ForInstructors


Ignore:
Timestamp:
05/22/13 09:58:37 (11 years ago)
Author:
shuang@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIEducation/SampleAssignments/OpenFlowAssignment/ForInstructors

    v2 v3  
    3333 In this exercise, you will build a stateful firewall controller for TCP connections in OpenFlow. The first packet of each connection will be handled by the controller, but all other connection packets will be handled by the OpenFlow-enabled router or switch without contacting your controller. This design will allow you to write powerful firewall rule sets without unduly impacting packet forwarding speeds. Your controller will parse a simple configuration file to load its rules. Complete stateful firewalls often handle multiple TCP/IP protocols (generally at least both TCP and UDP), track transport protocol operational states, and often understand some application protocols, particularly those utilizing multiple transport streams (such as FTP, SIP, and DHCP). The firewall you will implement for this exercise, however, needs handle only TCP, and will not directly process packet headers or data. [[BR]] [[BR]]
    3434
    35   '''Question 1. fill up the blanks in function `switch_ready` to insert rules into the openflow switch that allow ICMP and ARP packets to go through''' [[BR]]
    36   '''Question 2. fill up the blanks in function `packet_in` to insert a flow match in the OpenFlow device that allows the packets (as well as those in the reverse path) that match rules in the fw.conf to pass''' [[BR]]
    37   '''Question 3. fill up the blanks in function `packet_in` to insert rules that drops all other packets that does not match the rules specified in fw.conf''' [[BR]]
     35  Question 1. fill up the blanks in function `switch_ready` to insert rules into the openflow switch that allow ICMP and ARP packets to go through [[BR]]
     36  Question 2. fill up the blanks in function `packet_in` to insert a flow match in the OpenFlow device that allows the packets (as well as those in the reverse path) that match rules in the fw.conf to pass [[BR]]
     37  Question 3. fill up the blanks in function `packet_in` to insert rules that drops all other packets that does not match the rules specified in fw.conf [[BR]]
    3838  '''Solution: the source code for the OpenFlow Controller as well as a sample configuration file can be downloaded from [http://www.gpolab.bbn.com/experiment-support/OpenFlowExampleExperiment/firewall-solution1.rb firewall-solution1.rb] and [http://www.gpolab.bbn.com/experiment-support/OpenFlowExampleExperiment/fw-solution1.conf fw-solution1.conf] [[BR]]'''
    3939  '''Change the name to firewall.rb and fw.conf respectively after you downloaded these two files''' [[BR]]