Context Navigation

← Previous Change
Wiki History
Next Change →

OpenFlowNFVFirewall

Timestamp:: 11/20/15 14:11:37 (8 years ago)
Author:: nriga@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIExperimenter/Tutorials/OpenFlowNFVFirewall

                       v1
+= OpenFlow Firewall =
+''This exercise is based on as assignment by [http://groups.geni.net/geni/wiki/GENIEducation/SampleAssignments/OpenFlowFirewallAssignment Sonia Famy, Ethan Blanton and Sriharsha Gangam of Purdue University].''
+For this experiment we will run an !OpenFlow Firewall.
+[[Image(http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png, 50%, nolink)]]
+{{{
+#!html
+            <table border="0">
+              <tr>
+                <td >
+                 <ol type="a">
+            <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller:
+<pre>
+sudo apt-get install python-pip python-dev libxml2-dev libxslt-dev zlib1g-dev
+sudo pip install oslo.config
+</pre>
+</li>
+<li>
+Run a simple learning switch controller:
+<pre>
+cd /tmp/ryu
+./bin/ryu-manager --verbose ryu/app/simple_switch.py
+</pre>
+</li>
+<li> Verify simple connectivity by logging into <tt>right</tt> ping <tt>left</tt>
+<pre>
+ping left
+</pre>
+Notice the printouts of the ryu simple switch controller.
+</li>
+<li>
+   Stop your controller by Ctrl-c and remove all your flows
+<pre>
+sudo ovs-ofctl del-flows br0
+</pre>
+<li> Make your switch into a firewall by downloading and running the appropriate Ryu controller:
+<pre>
+wget http://www.gpolab.bbn.com/exp/OpenFlowExampleExperiment/ryu/gpo-ryu-firewall.tar.gz
+tar xvfz gpo-ryu-firewall.tar.gz
+cd gpo-ryu-firewall/
+/tmp/ryu/bin/ryu-manager simple_firewall.py
+</pre>
+<b> WARNING </b> If at some point your controller prints an error, kill it (ctrc-c) and start it again.
+ </li>
+            <li>Log into <tt>right</tt> and run a <tt>nc</tt> server:
+<pre>
+nc -l 5001
+</pre>
+</li>
+            <li>Log into <tt>left</tt> and run a <tt>nc</tt> client:
+<pre>
+nc 10.10.11.1 5001
+</pre></li>
+            <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vise versa.</li>
+            <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not:
+<pre>
+Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
+Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
+</pre>
+</li>
+            <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li>
+            <li>Run a <tt>nc</tt> server on port 5002, then 5003.
+       <ul>
+         <li> Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i>
+         <li> Stop the Firewall controller and run a simple switch controller. Is there any traffic being blocked now? Don't forget to delete the flows after you stop the controller</li>
+         <li>  Feel free to modify the configuration file to allow more traffic.</li>
+      </ul>
+           </ol>
+}}}
+= [.. Return to the main page] =