Changes between Version 27 and Version 28 of GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute
- Timestamp:
- 12/16/16 11:23:36 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute
v27 v28 145 145 ==== iii. Use Wireshark to see the OpenFlow messages ==== 146 146 147 Many times it is useful to see the OpenFlow messages being exchanged between your controller and the switch. This will tell you whether the messages that are created by your controller are correct and will allow you to see the details of any errors you might be seeing from the switch. You can use Wireshark on both ends of the connection ,in hardware switches you have to rely only on the controller view.147 Many times it is useful to see the OpenFlow messages being exchanged between your controller and the switch. This will tell you whether the messages that are created by your controller are correct and will allow you to see the details of any errors you might be seeing from the switch. You can use Wireshark on both ends of the connection; in hardware switches you have to rely only on the controller view. 148 148 149 149 The controller host and OVS has the Wireshark application already installed, including the openflow dissector. For more information on Wireshark you can take a look at the [http://wiki.wireshark.org/ Wireshark wiki]. 150 150 151 Here we have a simple case of how to use the OpenFlow dissector for Wireshark. 151 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] 152 To display the Wireshark window on your local host you must ''' ''setup X11 forwarding'' ''', many sites are available that explain how this is done. This is [http://www.seas.upenn.edu/cets/answers/x11-forwarding.html an example] that provides instructions for Windows, Linux and MAC operating systems. 153 154 Here is how to use the OpenFlow dissector for Wireshark on the reserved controller host. 152 155 153 156 If you are on a Linux friendly machine (this includes MACs) open a terminal and ssh to your controller machine using the -Y command line argument, i.e. … … 156 159 }}} 157 160 158 Assuming that the public IP address on the controller is eth0, run Wireshark by typing:161 Assuming that the public IP address on the controller is on eth0, run Wireshark by typing: 159 162 {{{ 160 163 sudo wireshark -i eth0& 161 164 }}} 162 165 163 When the Wireshark window pops up, you might still have to choose eth0 for a live capture. And you will want to use a filter to cut down on the chatter in the Wireshark window. One such filter might be just seeing what shows up on port 6653. To do that type ''tcp.port eq 6653'' in the filter window, assuming that 6653 is the port that the controller is 164 listening on. And once you have lines, you can choose one of the lines and choose "Decode as ...." and choose the ''OFP protocol''. 165 166 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] 167 Make sure that you have a suitable '''X.org''' software component such as [https://www.xquartz.org/ XQuartz] on your local machine for Wireshark to work. 166 When the Wireshark window pops up, you might still have to choose eth0 for a live capture. And you will want to use a filter to cut down on the chatter in the Wireshark window. One such filter might be to see what shows up on port 6653. To do that type ''' ''tcp.port eq 6653'' ''' in the filter window, assuming that 6653 is the port that the controller is listening on. Once messages are captured, you can choose one, right click to "Decode as ...." and then choose ''OFP protocol'' to see its content. 167 168 168 169 169 170 === 4e. Web GUI === … … 186 187 }}} 187 188 188 In the output, we obtain a list of the devices that Floodlight Controller has learned about. Make sure you ''ping'' Host 2 & Host 3 from Host 1 before you issue this command. My output is pasted below. '''YOURS WILL BE DIFFERENT.''' 189 In the output, we obtain a list of the OpenFlow device (i.e OVS) that Floodlight Controller has learned about. 190 191 Next, ''ping'' Host 2 & Host 3 from Host and then re-run the command. Note that you output details will differ. 189 192 190 193 [[Image(GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute:Topology_Details.png, 50%)]] 191 194 192 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] 193 I have highlighted all the important details you need to note down before you start inserting flows. Note down all the highlighted details for each '''Host'''. The Host IP's will be of the form 10.0.0.* for Host *. 195 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] Highlighted are all the important details you need to note down before you start manipulating flows. Note down all the highlighted details for each '''Host'''. The Host IP's will be of the form 10.0.0.* for Host *. 194 196 195 197 … … 199 201 In the above example we ran a very simple learning switch controller. [[BR]] 200 202 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] 201 The power of !OpenFlow comes from the fact that you can decide to forward the packet any way you want based on the supported !OpenFlow actions. A very simple but powerful modification you can do, is to duplicate all the traffic of the switch out a specific port. This is very useful for application and network analysis. You can imagine that at the port where you duplicate traffic you connect a device that does analysis. For this tutorial we are going to verify the duplication by doing `tcpdump` on two ports on the OVS switch.202 203 203 The power of !OpenFlow comes from the fact that you can decide to forward the packet any way you want based on the supported !OpenFlow actions. A very simple but powerful modification you can do, is to duplicate all the traffic of the switch out a specific port. This is very useful for application and network analysis. You can imagine that at the port where you duplicate traffic you connect a device that does analysis. For this tutorial we are going to verify the duplication by doing `tcpdump` on two ports on the OVS switch. 204 205 1. ''' Insert the flow to Duplicate Traffic ''' 204 206 * We are going to duplicate IPv4 traffic from Host 1 destined to Host 2 on Host 3. Open a new ''Controller'' terminal and type the following flow: 207 205 208 {{{ 206 209 curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-1","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>", "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=eth_dst-><MAC OF 10.0.0.2>,set_field=ipv4_dst->10.0.0.2,output=<PORT OF 10.0.0.2>,set_field=eth_dst-><MAC OF 10.0.0.3>,output=<PORT OF 10.0.0.3>"}' http://localhost:8080/wm/staticflowpusher/json 207 210 }}} 208 211 [[BR]] 212 209 213 [[Image(GENIExperimenter/Tutorials/Graphics:4NotesIcon_512x512.png, 5%, nolink)]] 214 210 215 Scroll all the way to the right to view the complete flow and get rid of the <> brackets when inserting the flow. 211 216 212 To see that duplication is happening, on Host 2 and Host 3 , run: 217 218 To see that duplication is happening, on Host 2 and Host 3 , run: 213 219 {{{ 214 220 sudo tcpdump -i eth1 215 221 }}} 216 222 217 You should see traffic from host1 to host2 showing up in the tcpdump window for host3 as shown below: 223 224 You should see traffic from host1 to host2 showing up in the tcpdump window for host3 as shown below: 218 225 {{{ 219 226 pjayant@host3:~$ sudo tcpdump -i eth1 … … 231 238 }}} 232 239 233 === 4g. Run a port forwardController ===240 === 4g. Run a Port Forwarding Controller === 234 241 235 242 Now let's do a slightly more complicated controller. OpenFlow gives you the power to overwrite fields of your packets at the switch, for example the TCP source or destination port and do port forwarding. You can have clients trying to contact a server at port 5000, and the OpenFlow switch can redirect your traffic to a service listening on port 6000. 236 243 237 244 238 1. To test your controller we are going to use netcat. Open two terminals ofhost2. In one terminal run:245 1. To test your controller we are going to use netcat. Open two terminals window on host2. In one terminal run: 239 246 {{{ 240 247 nc -l 5000 241 248 }}} 242 249 243 and in the other terminal run 250 251 and in the other terminal run 244 252 {{{ 245 253 nc -l 6000 246 254 }}} 247 255 248 2. We will check the normal functionality before the flow for a Port Forwarding Controller is inserted. Go to the terminal of host1 and connect to host2 at port 5000: 256 257 2. We will check the normal functionality before the flow for a Port Forwarding Controller is inserted. Go to the terminal of host1 and connect to host2 at port 5000: 249 258 {{{ 250 259 nc 10.0.0.2 5000 251 260 }}} 252 261 253 3. Type something and you should see it at the the terminal of host2 at port 5000. 254 255 4. Now, we insert the flow for a Port Forwarding Controller: 262 263 3. Type something and you should see it in the terminal on host2 at port 5000. 264 265 266 4. Now, we insert the flow for a Port Forwarding Controller: 256 267 {{{ 257 268 curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-2","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>", "tcp_dst":"5000", "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=tcp_dst->6000,output=<PORT OF 10.0.0.2>"}' http://localhost:8080/wm/staticflowpusher/json 258 269 }}} 259 270 260 5. In the previous step, we inserted a flow to forward TCP traffic from Host 1 destined to Host 2 at port 5000 to port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 2 Port 6000 for a seamless transition. 271 272 5. In the previous step, we inserted a flow to forward TCP traffic from Host 1 destined to Host 2 at port 5000 to port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 2 Port 6000 for a seamless transition. 261 273 {{{ 262 274 curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-3","priority":"32768","in_port":"<PORT OF 10.0.0.2>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.2>", "eth_dst":"<MAC OF 10.0.0.1>", "tcp_src":"6000", "ipv4_src":"10.0.0.2", "ipv4_dst":"10.0.0.1", "actions":"set_field=tcp_src->5000,output=<PORT OF 10.0.0.1>"}' http://localhost:8080/wm/staticflowpusher/json 263 275 }}} 264 276 265 6. Repeat the netcat scenario described above. Now, your text should appear on the other terminal of host2 which is listening to port 6000. 277 278 6. Repeat the netcat scenario described above in step 1 and 2. Now, your text should appear in the other terminal window on host2 that is listening to port 6000. 266 279 267 280 … … 270 283 As our last exercise, instead of diverting the traffic to a different server running on the same host, we will divert the traffic to a server running on a different host and on a different port. 271 284 272 1. On the terminal of `host3` run a netcat server: 285 286 1. On the terminal window of `host3` run a netcat server: 273 287 {{{ 274 288 nc -l 6000 275 289 }}} 276 290 277 3. On the controller host, we will insert a flow to implement a controller that will divert traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverting traffic to a different host. 291 292 2. On the controller host, we will insert a flow to implement a controller that will divert traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverting traffic to a different host. 278 293 * Is it enough to just change the IP address? 279 294 * Is it enough to just modify the TCP packets? 280 295 281 4. Insert the following flow in the Controller terminal to implement a Server Proxy Controller: 296 297 3. Insert the following flow in the Controller terminal to implement a Server Proxy Controller: 282 298 {{{ 283 299 curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-4","priority":"32768","in_port":"<PORT OF 10.0.0.1>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.1>", "eth_dst":"<MAC OF 10.0.0.2>", "tcp_dst":"5000", "ipv4_src":"10.0.0.1", "ipv4_dst":"10.0.0.2", "actions":"set_field=eth_dst-><MAC OF 10.0.0.3>,set_field=tcp_dst->6000,set_field=ipv4_dst->10.0.0.3,output=<PORT OF 10.0.0.3>"}' http://localhost:8080/wm/staticflowpusher/json … … 285 301 286 302 287 5. In the previous step, we inserted a flow to forward TCP traffic from Host 1 destined to Host 2 at port 5000 to Host 3 at port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 3 Port 6000 for a seamless transition.303 4. In the previous step, we inserted a flow to forward TCP traffic from Host 1 destined to Host 2 at port 5000 to Host 3 at port 6000. But Host 1 still thinks it is speaking to Host 2 at port 5000. So we need to insert a flow to handle traffic from Host 3 Port 6000 for a seamless transition. 288 304 {{{ 289 305 curl -X POST -d '{"switch":"<DPID OF OPEN vSWITCH>","name":"flow-5","priority":"32768","in_port":"<PORT OF 10.0.0.3>","active":"true", "eth_type":"0x0800", "ip_proto":"0x06", "eth_src":"<MAC OF 10.0.0.3>", "eth_dst":"<MAC OF 10.0.0.1>", "tcp_src":"6000", "ipv4_src":"10.0.0.3", "ipv4_dst":"10.0.0.1", "actions":"set_field=eth_src-><MAC OF 10.0.0.2>,set_field=ipv4_src->10.0.0.2,set_field=tcp_src->5000,output=<PORT OF 10.0.0.1>"}' http://localhost:8080/wm/staticflowpusher/json … … 292 308 293 309 294 310 5. Go back to the terminal of `host1` and try to connect netcat to `host2` port 5000 295 311 {{{ 296 312 nc 10.0.0..2 5000 297 313 }}} 298 314 299 6. If your controller works correctly, you should see your text showing up on the terminalof `host3`.315 6. If your controller works correctly, you should see your text appearing on the terminal window of `host3`. 300 316 301 317 === 4i. Delete your bridge === 318 302 319 Before moving to the next step make sure you delete the bridge you have created, especially if you are using the same reservation for a different exercise: 303 320 {{{