OpenFlow Firewall and NAT Devices
Overview:
This is a very simple tutorial with two topologies demonstrating an OpenFlow Firewall and an OpenFlow NAT. |
|
Prerequisites:
For this tutorial you need a GENI Experimenter Portal account and be a member of at least one project.
- If you don't have an account yet sign up!
|
Tools:
All the tools will already be installed at your nodes. For your reference we are going to use:
|
|
Where to get help:
For any questions or problem with the tutorial please email geni-users@googlegroups.com
|
Step-by-step Instructions
Step 1: Get Ready:
The first thing we need to do is login to the portal.
- Go to the GENI Experimenter Portal and click the Use GENI button
. From the Drop Down menu select your institution. If you got an account through the GENI Identity Provider, please select GENI Project Office.
Tip: Start typing the name of your institution and see the list become smaller.
| |
You will be transferred to the Login Page of your institution. Fill in your username and password.
Step 2: Launch your experiment:
- At the portal home page press the +New slice button from your project.
Tip: If you are not a member of any project and you don't know how to procede, email us
- Name your slice something like xxxfw (where xxx are your initials)
- Once the slice page loads, click the Add Resources button placed at the top left part of the screen.
NOTE: If you get a warning about not having uploaded ssh keys just follow the instructions on providing an ssh key before you proceed.
- In the Choose RSpec section, choose the OpenFlow Firewall choice.
- You will need to choose an aggregate where you want this topology to be instantiated. Click on the Site 1 box and a panel on the left side of the canvas will appear. Choose any aggregate with InstaGENI in it's name.
- Click on the Reserve Resources button on them bottom left part of the screen.
- Repeat the above steps to create a second slice called xxxnat (where xxx are your initials) using the OpenFlow NAT RSpec
- Wait while your resources are being reserved. This will take several minutes so be patient. The nodes will turn green to signify that your resources are ready.
|
|
|
Step 3: OpenFlow Network Devices
You have reserved two topologies on different slices. In each of them you will run a different controller on an OVS switch to turn the switch into either a firewall or a NAT respectively.
- Follow the detailed steps for the Firewall controller.
- Follow the detailed steps for the NAT controller.
|
Step 4: Cleanup experiment:
After you are done with your experiment, you should always release your resources so that other experimenters can use
the resources. In order to cleanup your slice :
- Press the Delete button in the bottom of your Jacks canvas.
Wait and after a few moments all the resources will have been released and you will have an empty canvas again. Notice that your slice is still there. There is no way to delete a slice, it will be removed automatically after its expiration date, but remember that a slice is just an empty container so it doesn't take up any resources.
|