OpenFlow Firewall and NAT Devices


This is a very simple tutorial with two topologies demonstrating an OpenFlow Firewall and an OpenFlow NAT.


For this tutorial you need a GENI Experimenter Portal account and be a member of at least one project.


All the tools will already be installed at your nodes. For your reference we are going to use:
  • A Ryu controller.

Where to get help:

For any questions or problem with the tutorial please email

Step-by-step Instructions


Step 1: Get Ready:

The first thing we need to do is login to the portal.
  1. Go to the GENI Experimenter Portal and click the Use GENI button.
  2. From the Drop Down menu select your institution. If you got an account through the GENI Identity Provider, please select GENI Project Office.
    Tip: Start typing the name of your institution and see the list become smaller.
  3. You will be transferred to the Login Page of your institution. Fill in your username and password.

Step 2: Launch your experiment:

  1. At the portal home page click the +New slice button.
    Tip: If you are not a member of any project and you don't know how to procede, email us
  2. Name your slice xxxfw (where xxx are your initials), since slice names within a project must be unique. If you like, enter a description of the slice (optional).
  3. Click Create slice .
  4. Once the slice page loads, click the Add Resources button.
    NOTE: If you get a warning about not having uploaded ssh keys just follow the instructions on providing an ssh key before you proceed.
  5. Scroll down to the Choose RSpec section, and from the drop down list select the existing RSpec labeled OpenFlow Firewall.
  6. Notice that a graphical representation of the proposed topology appears on the canvas above the Choose RSpec section. Click the Site 1 node, and then select any InstaGENI aggregate (any with InstaGENI in it's name) from the Site drop down list which appears on the left.
  7. Next, click the Reserve Resources near the button of the page. After a few moments a results page should display details for the resources which have been reserved and are now being provisioned.
  8. Click Home on the top menu bar, and repeat the above steps to create a second slice named xxxnat (where xxx are your initials) which instead makes use of the OpenFlow NAT RSpec.
  9. Click Home on the top menu bar, and then select one of your slices. In the canvas you should see your network. Once your resources are imaged and booted, each associated icon on the canvas will turn green, indicating it is ready to be used. Be patient, this will likely take several minutes to complete.
Add Aggregate

Step 3: OpenFlow Network Devices

You have reserved two topologies on different slices. In each of them you will run a different controller on an OVS switch to turn the switch into either a firewall or a NAT respectively.
  1. Follow the detailed steps for the Firewall controller.
  2. Follow the detailed steps for the NAT controller.

Step 4: Cleanup experiment:

After you are done with your experiment, you should always release your resources so that other experimenters can use the resources. In order to cleanup your slice :
  1. Press the Delete button in the bottom of your Jacks canvas.
Wait and after a few moments all the resources will have been released and you will have an empty canvas again. Notice that your slice is still there. There is no way to delete a slice, it will be removed automatically after its expiration date, but remember that a slice is just an empty container so it doesn't take up any resources.
Last modified 6 years ago Last modified on 07/07/16 17:45:49

Attachments (1)

Download all attachments as: .zip