|
Step 3: Firewall
For this experiment we will run an OpenFlow Firewall.
- Log into switch and run the following commands to download and run the firewall controller:
wget https://www.dropbox.com/s/wc4szossxjeairn/gpo-ryu-firewall.tar.gz
gunzip gpo-ryu-firewall.tar.gz
tar xvf gpo-ryu-firewall.tar
/tmp/ryu/bin/ryu-manager simple_firewall.py loading app simple_firewall.py
- Log into right and run a nc server:
nc -l 5001
- Log into left and run a nc client:
nc 10.10.11.1 5001
- Type some text in left and it should appear in right and vis versa.
- In the terminal for switch you should see messages about the flow being passed or not:
Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
- CTRL-C to kill nc in each terminal.
- Run nc server on port 5002, then 5003. Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file? Feel free to modify the configuration file to block other traffic.
|
Step 4: NAT
While conducting experiments in GENI, you will often want to run commands directly on the nodes. In this optional step, you will log in to a node and issue commands directly to it.
- Follow these instructions and log in to the client node
- When you have successfully logged in, run this command:
iperf -c server -P 2
This task shouldn't take more than 30 seconds. Change the number after the ` -P ` argument and watch how the performance is affected while you change the number of parallel TCP connections.
- Scroll all the way down the server iperf log, and look at the logs for your transfers
|