Changes between Initial Version and Version 1 of GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall


Ignore:
Timestamp:
07/11/15 15:13:53 (9 years ago)
Author:
sedwards@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall

    v1 v1  
     1{{{
     2#!html
     3<table  border="0" cellpadding="0" cellspacing="0">
     4  <tr>
     5     <td valign="top" align="left">
     6        <img src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/Graphics/execute.png?format=raw" height="150" alt="Execute"></a>
     7      </td>
     8      <td>
     9         <h3><u> Step 3: Firewall</u></h3>
     10         For this experiment we will run an OpenFlow Firewall. 
     11            <table border="0">
     12              <tr>
     13                <td >
     14                 <ol type="a">
     15            <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller:
     16<pre>wget https://www.dropbox.com/s/wc4szossxjeairn/gpo-ryu-firewall.tar.gz
     17gunzip gpo-ryu-firewall.tar.gz
     18tar xvf gpo-ryu-firewall.tar
     19/tmp/ryu/bin/ryu-manager simple_firewall.py loading app simple_firewall.py
     20</pre>
     21 </li>
     22            <li>Log into <tt>right</tt> and run a <tt>nc</tt> server:
     23<pre>
     24nc -l 5001
     25</pre>
     26</li>
     27            <li>Log into <tt>left</tt> and run a <tt>nc</tt> client:
     28<pre>
     29nc 10.10.11.1 5001
     30</pre></li>
     31            <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vis versa.</li>
     32            <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not:
     33<pre>
     34Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
     35Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
     36</pre>
     37</li>
     38            <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li>
     39            <li>Run a <tt>nc</tt> server on port 5002, then 5003.  Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i> Feel free to modify the configuration file to block other traffic.</li>
     40
     41           </ol>
     42                </td>
     43     
     44             </tr>
     45           </table>
     46}}}