- Log into switch and run the following commands to download and run the firewall controller:
sudo pip install oslo.config
-
Run a simple learning switch controller:
cd /tmp/ryu
./bin/ryu-manager --verbose ryu/app/simple_switch.py
- To verify simple connectivity, log into right in a separate ssh terminal and ping left
ping left
Notice the printouts of the ryu simple switch controller.
-
Back in the switch ssh session, stop your controller with Ctrl-c and remove all your flows using the following command:
sudo ovs-ofctl del-flows br0
(optinal) Notice that you can no longer ping left from right.
- On the switch ssh session, make your switch into a firewall by downloading and running the appropriate Ryu controller:
cd
wget https://github.com/GENI-NSF/geni-tutorials/raw/master/OpenFlowNetworkDeviceFirewall/gpo-ryu-firewall.tar.gz
tar xvfz gpo-ryu-firewall.tar.gz
cd gpo-ryu-firewall/
/tmp/ryu/bin/ryu-manager simple_firewall.py
WARNING If at some point your controller prints an error, kill it (ctrc-c) and start it again.
- On the right ssh session run a nc server:
nc -l 5001
- Log into left and run a nc client:
nc 10.10.11.1 5001
- Type some text in left and it should appear in right and vise versa.
- In the terminal for switch you should see messages similar to those below about the flow being passed or not:
Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
- Type CTRL-C (on left or right) to kill nc.
- Run a nc server on port 5002, then 5003.
- Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file?
- Stop the Firewall controller and run a simple switch controller. Is there any traffic being blocked now? Don't forget to delete the flows after you stop the controller
- Feel free to modify the configuration file to allow more traffic.
}}}
= [.. Return to the main page] = |