Version 25 (modified by Ben Newton, 4 years ago) (diff)


OpenFlow Firewall and NAT Devices


This is a very simple tutorial with two topologies demonstrating an OpenFlow Firewall and an OpenFlow NAT.


For this tutorial you need a GENI Experimenter Portal account and be a member of at least one project.


All the tools will already be installed at your nodes. For your reference we are going to use:
  • A Ryu controller.

Where to get help:

For any questions or problem with the tutorial please email

Step-by-step Instructions


Step 1: Get Ready:

The first thing we need to do is login to the portal.
  1. Go to the GENI Experimenter Portal and click the Use GENI button.
  2. From the Drop Down menu select your institution. If you got an account through the GENI Identity Provider, please select GENI Project Office.
    Tip: Start typing the name of your institution and see the list become smaller.
  3. You will be transferred to the Login Page of your institution. Fill in your username and password.

Step 2: Launch your experiment:

  1. At the portal home page click the +New slice button.
    Tip: If you are not a member of any project and you don't know how to procede, email us
  2. Name your slice xxxfw (where xxx are your initials), since slice names within a project must be unique. If you like, enter a description of the slice (optional).
  3. Click Create slice .
  4. Once the slice page loads, click the Add Resources button placed at the top left part of the screen.
    NOTE: If you get a warning about not having uploaded ssh keys just follow the instructions on providing an ssh key before you proceed.
  5. In the Choose RSpec section, choose the OpenFlow Firewall choice.
  6. You will need to choose an aggregate where you want this topology to be instantiated. Click on the Site 1 box and a panel on the left side of the canvas will appear. Choose any aggregate with InstaGENI in it's name.
  7. Click on the Reserve Resources button on them bottom left part of the screen.
  8. Repeat the above steps to create a second slice called xxxnat (where xxx are your initials) using the OpenFlow NAT RSpec
  9. Wait while your resources are being reserved. This will take several minutes so be patient. The nodes will turn green to signify that your resources are ready.
Add Aggregate

Step 3: OpenFlow Network Devices

You have reserved two topologies on different slices. In each of them you will run a different controller on an OVS switch to turn the switch into either a firewall or a NAT respectively.
  1. Follow the detailed steps for the Firewall controller.
  2. Follow the detailed steps for the NAT controller.

Step 4: Cleanup experiment:

After you are done with your experiment, you should always release your resources so that other experimenters can use the resources. In order to cleanup your slice :
  1. Press the Delete button in the bottom of your Jacks canvas.
Wait and after a few moments all the resources will have been released and you will have an empty canvas again. Notice that your slice is still there. There is no way to delete a slice, it will be removed automatically after its expiration date, but remember that a slice is just an empty container so it doesn't take up any resources.

Attachments (1)

Download all attachments as: .zip