wiki:GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall

Version 15 (modified by sedwards@bbn.com, 4 years ago) (diff)

--

OpenFlow Firewall

This exercise is based on as assignment by Sonia Famy, Ethan Blanton and Sriharsha Gangam of Purdue University.

For this experiment we will run an OpenFlow Firewall.

http://groups.geni.net/geni/raw-attachment/wiki/GENIExperimenter/Tutorials/OpenFlowNetworkDevices/Firewall/Firewall-2.png

  1. Log into switch and run the following commands to download and run the firewall controller:
    wget http://www.gpolab.bbn.com/exp/OpenFlowExampleExperiment/ryu/gpo-ryu-firewall.tar.gz
    tar xvfz gpo-ryu-firewall.tar.gz
    cd gpo-ryu-firewall/
    /tmp/ryu/bin/ryu-manager simple_firewall.py
    
  2. Log into right and run a nc server:
    nc -l 5001
    
  3. Log into left and run a nc client:
    nc 10.10.11.1 5001
    
  4. Type some text in left and it should appear in right and vis versa.
  5. In the terminal for switch you should see messages about the flow being passed or not:
    Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
    Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
    
  6. CTRL-C to kill nc in each terminal.
  7. Run a nc server on port 5002, then 5003. Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file? Feel free to modify the configuration file to block other traffic.

Return to the main page

Attachments (2)

Download all attachments as: .zip