Changes between Version 17 and Version 18 of GENIExperimenter/Tutorials/OpenFlowNetworkDevices/NAT


Ignore:
Timestamp:
07/08/16 11:48:13 (8 years ago)
Author:
Ben Newton
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GENIExperimenter/Tutorials/OpenFlowNetworkDevices/NAT

    v17 v18  
    110110
    111111== 3 Handle ARP and ICMP ==
    112 One of very common mistakes that people make, when writing OF controller, is forgetting to handle ARP and ICMP message and finding their controller does not work as expected.
     112One common mistake experimenters make, when writing OpenFlow controllers, is forgetting to handle ARP and ICMP message causing their controllers to not work as expected.
    113113
    114 === 3.1 ARP ===
    115 As we mentioned before, we should insert rules into the OF switch that allow ARP packets to go through, probably after the switch is connected.
     114Handling ARP is trivial in this example, as NAT does not involve ARP. However, that is not the case for ICMP. If you only process translations for TCP/UDP, you will find you cannot ping between `outside` and `insideX`, though nc is working properly. Handling ICMP is not as straightforward as for TCP/UDP because for ICMP you cannot get port information to bind with. Our provided solution makes use of the ICMP echo identifier. You could come up with different approach using ICMP sequence numbers, etc.  To see ICMP working do the following.
    116115
    117 === 3.2 ICMP ===
    118 Handling ARP is trivial as NAT does not involve ARP. However, it's not the case for ICMP. If you only process translation for TCP/UDP, you will find you cannot ping between `outside` and `insideX` while nc is working properly. Handling ICMP is even not as straightforward as for TCP/UDP. Because for ICMP, you cannot get port information to bind with. Our provided solution makes use of ICMP echo identifier. You may come up with different approach involves ICMP sequence number or others.
    119 
    120 a. On `inside1`, start a ping to `outside`.
     116a. On `inside1`, start pinging `outside`.
    121117{{{
    122118inside1:~$ ping 128.128.128.2
     
    128124}}}
    129125
    130 You should see both pinging are working.
     126You should see both ping commands are working.
    131127
    132128c. On `outside`, use `tcpdump` to check the packets it receives.
     
    135131}}}
    136132
    137 You should see it's receiving two groups of icmp packets, differentiated by id.
     133Notice that it is receiving two groups of icmp packets, differentiated by id.
    138134
    139135= [.. Return to the main page] =