Changes between Version 27 and Version 28 of GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute


Ignore:
Timestamp:
12/16/16 11:23:36 (7 years ago)
Author:
lnevers@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute

    v27 v28  
    145145==== iii. Use Wireshark to see the OpenFlow messages ====
    146146
    147 Many times it is useful to see the OpenFlow messages being exchanged between your controller and the switch. This will tell you whether the messages that are created by your controller are correct and will allow you to see the details of any errors you might be seeing from the switch. You can use Wireshark on both ends of the connection, in hardware switches you have to rely only on the controller view.
     147Many times it is useful to see the OpenFlow messages being exchanged between your controller and the switch. This will tell you whether the messages that are created by your controller are correct and will allow you to see the details of any errors you might be seeing from the switch. You can use Wireshark on both ends of the connection; in hardware switches you have to rely only on the controller view.
    148148
    149149The controller host and OVS has the Wireshark application already installed, including the openflow dissector. For more information on Wireshark you can take a look at the [http://wiki.wireshark.org/ Wireshark wiki].
    150150
    151 Here we have a simple case of how to use the OpenFlow dissector for Wireshark.
     151[[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]]
     152To display the Wireshark window on your local host you must ''' ''setup X11 forwarding'' ''', many sites are available that explain how this is done. This is [http://www.seas.upenn.edu/cets/answers/x11-forwarding.html an example] that provides instructions for Windows, Linux and MAC operating systems.
     153
     154Here is how to use the OpenFlow dissector for Wireshark on the reserved controller host.
    152155
    153156If you are on a Linux friendly machine (this includes MACs) open a terminal and ssh to your controller machine using the -Y command line argument, i.e.
     
    156159}}}
    157160
    158 Assuming that the public IP address on the controller is eth0, run Wireshark by typing:
     161Assuming that the public IP address on the controller is on eth0, run Wireshark by typing:
    159162{{{
    160163sudo wireshark -i eth0&
    161164}}}
    162165
    163 When the Wireshark window pops up, you might still have to choose eth0 for a live capture.  And you will want to use a filter to cut down on the chatter in the Wireshark window.   One such filter might be just seeing what shows up on port 6653. To do that type ''tcp.port eq 6653'' in the filter window, assuming that 6653 is the port that the controller is
    164 listening on.   And once you have lines, you can choose one of the lines and choose "Decode as ...." and choose the ''OFP protocol''.
    165 
    166 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]]
    167 Make sure that you have a suitable '''X.org''' software component such as [https://www.xquartz.org/ XQuartz] on your local machine for Wireshark to work.
     166When the Wireshark window pops up, you might still have to choose eth0 for a live capture.  And you will want to use a filter to cut down on the chatter in the Wireshark window.   One such filter might be to see what shows up on port 6653. To do that type ''' ''tcp.port eq 6653'' ''' in the filter window, assuming that 6653 is the port that the controller is listening on.   Once messages are captured, you can choose one, right click to "Decode as ...." and then choose ''OFP protocol'' to see its content.
     167
     168
    168169
    169170=== 4e. Web GUI ===
     
    186187}}}
    187188
    188 In the output, we obtain a list of the devices that Floodlight Controller has learned about. Make sure you ''ping'' Host 2 & Host 3 from Host 1 before you issue this command. My output is pasted below. '''YOURS WILL BE DIFFERENT.'''
     189In the output, we obtain a list of the OpenFlow device (i.e OVS) that Floodlight Controller has learned about.
     190
     191Next, ''ping'' Host 2 & Host 3 from Host and then re-run the command. Note that you output details will differ.
    189192
    190193[[Image(GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute:Topology_Details.png, 50%)]]
    191194
    192 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]]
    193 I have highlighted all the important details you need to note down before you start inserting flows. Note down all the highlighted details for each '''Host'''. The Host IP's will be of the form 10.0.0.* for Host *.
     195[[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] Highlighted are all the important details you need to note down before you start manipulating flows. Note down all the highlighted details for each '''Host'''. The Host IP's will be of the form 10.0.0.* for Host *.
    194196
    195197
     
    199201In the above example we ran a very simple learning switch controller. [[BR]]
    200202[[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]]
    201 The power of !OpenFlow comes from the fact that you can decide to forward the packet anyway you want based on the supported !OpenFlow actions. A very simple but powerful modification you can do, is to duplicate all the traffic of the switch out a specific port. This is very useful for application and network analysis. You can imagine that at the port where you duplicate traffic you connect a device that does analysis. For this tutorial we  are going to verify the duplication by doing `tcpdump`  on two ports on the OVS switch.
    202 
    203   1. ''' Insert the flow to Duplicate Traffic '''
     203The power of !OpenFlow comes from the fact that you can decide to forward the packet any way you want based on the supported !OpenFlow actions. A very simple but powerful modification you can do, is to duplicate all the traffic of the switch out a specific port. This is very useful for application and network analysis. You can imagine that at the port where you duplicate traffic you connect a device that does analysis. For this tutorial we  are going to verify the duplication by doing `tcpdump`  on two ports on the OVS switch.
     204
     2051. ''' Insert the flow to Duplicate Traffic '''
    204206    * We are going to duplicate IPv4 traffic from Host 1 destined to Host 2 on Host 3. Open a new ''Controller'' terminal and type the following flow:
     207
    205208{{{
    206209curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-1","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>",  "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=eth_dst-><MAC OF 10.0.0.2>,set_field=ipv4_dst->10.0.0.2,output=<PORT OF 10.0.0.2>,set_field=eth_dst-><MAC OF 10.0.0.3>,output=<PORT OF 10.0.0.3>"}' http://localhost:8080/wm/staticflowpusher/json
    207210}}}
    208211    [[BR]]
     212
    209213[[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]]
     214
    210215Scroll all the way to the right to view the complete flow and get rid of the <> brackets when inserting the flow.
    211216   
    212   To see that duplication is happening, on Host 2 and Host 3 , run: 
     217
     218To see that duplication is happening, on Host 2 and Host 3 , run: 
    213219{{{
    214220sudo tcpdump -i eth1
    215221}}}
    216222
    217   You should see traffic from host1 to host2 showing up in the tcpdump window for host3 as shown below:
     223 
     224You should see traffic from host1 to host2 showing up in the tcpdump window for host3 as shown below:
    218225{{{
    219226pjayant@host3:~$ sudo tcpdump -i eth1
     
    231238}}} 
    232239
    233 === 4g. Run a port forward Controller ===
     240=== 4g. Run a Port Forwarding Controller ===
    234241
    235242Now let's do a slightly more complicated controller. OpenFlow gives you the power to overwrite fields of your packets at the switch, for example the TCP source or destination port and do port forwarding. You can have clients trying to contact a server at port 5000, and the OpenFlow switch can redirect your traffic to a service listening on port 6000.
    236243
    237244 
    238   1. To test your controller we are going to use netcat. Open two terminals of host2. In one terminal run:
     2451. To test your controller we are going to use netcat. Open two terminals window on host2. In one terminal run:
    239246{{{
    240247nc -l 5000
    241248}}}
    242249
    243   and in the other terminal run
     250 
     251and in the other terminal run
    244252{{{
    245253nc -l 6000
    246254}}}
    247255
    248   2. We will check the normal functionality before the flow for a Port Forwarding Controller is inserted. Go to the terminal of host1 and connect to host2 at port 5000:
     256 
     2572. We will check the normal functionality before the flow for a Port Forwarding Controller is inserted. Go to the terminal of host1 and connect to host2 at port 5000:
    249258{{{
    250259nc 10.0.0.2 5000
    251260}}}
    252261   
    253   3. Type something and you should see it at the the terminal of host2 at port 5000.
    254 
    255   4. Now, we insert the flow for a Port Forwarding Controller:
     262 
     2633. Type something and you should see it in the terminal on host2 at port 5000.
     264
     265 
     2664. Now, we insert the flow for a Port Forwarding Controller:
    256267{{{
    257268curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-2","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>", "tcp_dst":"5000", "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=tcp_dst->6000,output=<PORT OF 10.0.0.2>"}' http://localhost:8080/wm/staticflowpusher/json
    258269}}}
    259270
    260   5. In the previous step, we inserted a flow to forward TCP traffic  from Host 1 destined to Host 2 at port 5000 to port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 2 Port 6000 for a seamless transition.
     271 
     2725. In the previous step, we inserted a flow to forward TCP traffic  from Host 1 destined to Host 2 at port 5000 to port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 2 Port 6000 for a seamless transition.
    261273{{{
    262274curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-3","priority":"32768","in_port":"<PORT OF 10.0.0.2>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.2>", "eth_dst":"<MAC OF 10.0.0.1>", "tcp_src":"6000", "ipv4_src":"10.0.0.2", "ipv4_dst":"10.0.0.1", "actions":"set_field=tcp_src->5000,output=<PORT OF 10.0.0.1>"}' http://localhost:8080/wm/staticflowpusher/json
    263275}}}
    264276
    265   6. Repeat the netcat scenario described above. Now, your text should appear on the other terminal of host2 which is listening to port 6000.
     277 
     2786. Repeat the netcat scenario described above in step 1 and 2. Now, your text should appear in the other terminal window on host2 that is listening to port 6000.
    266279
    267280
     
    270283As our last exercise, instead of diverting the traffic to a different server running on the same host, we will divert the traffic to a server running on a different host and on a different port.
    271284
    272   1.  On the terminal of `host3` run a netcat server:
     285 
     2861.  On the terminal window of `host3` run a netcat server:
    273287{{{
    274288nc -l 6000
    275289}}}
    276290
    277   3. On the controller host, we will insert a flow to implement a controller that will divert traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverting traffic to a different host.
     291 
     2922. On the controller host, we will insert a flow to implement a controller that will divert traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverting traffic to a different host.
    278293     * Is it enough to just change the IP address?
    279294     * Is it enough to just modify the TCP packets?
    280295 
    281   4. Insert the following flow in the Controller terminal to implement a Server Proxy Controller:
     296 
     2973. Insert the following flow in the Controller terminal to implement a Server Proxy Controller:
    282298{{{
    283299curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-4","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>", "tcp_dst":"5000", "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=eth_dst-><MAC OF 10.0.0.3>,set_field=tcp_dst->6000,set_field=ipv4_dst->10.0.0.3,output=<PORT OF 10.0.0.3>"}' http://localhost:8080/wm/staticflowpusher/json
     
    285301
    286302
    287   5. In the previous step, we inserted a flow to forward TCP traffic  from Host 1 destined to Host 2 at port 5000 to Host 3 at port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 3 Port 6000 for a seamless transition.
     3034. In the previous step, we inserted a flow to forward TCP traffic  from Host 1 destined to Host 2 at port 5000 to Host 3 at port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 3 Port 6000 for a seamless transition.
    288304{{{
    289305curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-5","priority":"32768","in_port":"<PORT OF 10.0.0.3>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.3>", "eth_dst":"<MAC OF 10.0.0.1>", "tcp_src":"6000", "ipv4_src":"10.0.0.3", "ipv4_dst":"10.0.0.1", "actions":"set_field=eth_src-><MAC OF 10.0.0.2>,set_field=ipv4_src->10.0.0.2,set_field=tcp_src->5000,output=<PORT OF 10.0.0.1>"}' http://localhost:8080/wm/staticflowpusher/json
     
    292308
    293309
    294   5. Go back to the terminal of `host1` and try to connect netcat to `host2` port 5000
     3105. Go back to the terminal of `host1` and try to connect netcat to `host2` port 5000
    295311{{{
    296312nc 10.0.0..2 5000
    297313}}}
    298314
    299   6. If your controller works correctly, you should see your text showing up on the terminal of `host3`.
     3156. If your controller works correctly, you should see your text appearing on the terminal window of `host3`.
    300316
    301317=== 4i. Delete your bridge ===
     318
    302319Before moving to the next step make sure you delete the bridge you have created, especially if you are using the same reservation for a different exercise:
    303320{{{